An anonymous reader quotes a report from ZDNet: Amazon Web Services (AWS) has announced a fully-managed document database service, building the Amazon DocumentDB (with MongoDB compatibility) to support existing MongoDB workloads. The cloud giant said developers can use the same MongoDB application code, drivers, and tools as they currently do to run, manage, and scale workloads on Amazon DocumentDB. Amazon DocumentDB uses an SSD-based storage layer, with 6x replication across three separate Availability Zones. This means that Amazon DocumentDB can failover from a primary to a replica within 30 seconds, and supports MongoDB replica set emulation so applications can handle failover quickly. Each MongoDB database contains a set of collections -- similar to a relational database table -- with each collection containing a set of documents in BSON format. Amazon DocumentDB is compatible with version 3.6 of MongoDB and storage can be scaled from 10 GB up to 64 TB in increments of 10 GB. The new offering implements the MongoDB 3.6 API that allows customers to use their existing MongoDB drivers and tools with Amazon DocumentDB. In a separate report, TechCrunch's Frederic Lardinois says AWS is "giving open source the middle finger" by "taking the best open-source projects and re-using and re-branding them without always giving back to those communities."

"The wrinkle here is that MongoDB was one of the first companies that aimed to put a stop to this by re-licensing its open-source tools under a new license that explicitly stated that companies that wanted to do this had to buy a commercial license," Frederic writes. "Since then, others have followed."

"Imitation is the sincerest form of flattery, so it's not surprising that Amazon would try to capitalize on the popularity and momentum of MongoDB's document model," MongoDB CEO and president Dev Ittycheria told us. "However, developers are technically savvy enough to distinguish between the real thing and a poor imitation. MongoDB will continue to outperform any impersonations in the market."

hmckee writes: OSNews was offline for a few days for upgrades. It is now back up with a message that indicates they encountered a data breach and considered going offline for good due to maintenance and financial difficulties. "Our best guess is that someone was able to exploit a vulnerability in old, unmaintained code in the site's content management system, and made off with at least some user data, which may be as little as a few user records or, at worst, our entire database," writes Publisher David Adams. "Your email addresses were in there, and the encryption on the passwords wasn't up to modern standards (unsalted SHA1). [...] Other than potential spam, though, we're not aware of any other nefarious use of your data, we don't store much beyond email addresses and passwords..."

David goes on to cite poor advertising revenues and a lack of time for reasons to throw in the towel and go offline permanently.

The Federal Communications Commission will suspend most operations in the middle of the day January 3 if the partial government shutdown continues, the agency has announced [PDF]. In a statement, it said: In the event of a continued partial lapse in federal government funding, the Federal Communications Commission will suspend most operations in the middle of the day on Thursday, January 3. At that time, employees will have up to four hours to complete an orderly shutdown of operations. However, work required for the protection of life and property will continue, as will any work related to spectrum auctions, which is funded by auction proceeds. In addition, the Office of the Inspector General will continue operations until further notice. The Commission on Wednesday will release a Public Notice detailing the effects the suspension of operations will have, including on electronic filing and database systems, filing deadlines, regulatory and application fee payments, transaction shot clocks, and more. The Public Notice will be available on the Commission's website, www.fcc.gov.

Technology giants rely heavily on Wikipedia's extensive database to source information for their platforms. So it's only fair that they show interest in the long-term sustainability of the online encyclopedia. This week, Facebook made its support official. From a report: The Wikimedia Foundation announced late Thursday that Facebook has contributed $1 million to Wikimedia Endowment, a fund to financially support the online encyclopedia and other Wikimedia projects. "We are grateful to Facebook for this support, and hope this marks the beginning of a long-term collaboration to support Wikipedia's future," Wikipedia founder Jimmy Wales said in a statement.

In an opinion piece published in June, Wikimedia Foundation executive director Katherine Maher urged companies to better support the service. "As companies draw on Wikipedia for knowledge -- and as a bulwark against bad information -- we believe they too have an opportunity to be generous," she wrote. "At Wikimedia, we already love and deeply appreciate the millions of people around the world who make generous charitable contributions because they believe in our values. But we also believe that we deserve lasting, commensurate support from the organisations that derive significant and sustained financial value from our work." Further reading: Wikimedia Endowment Gets New $1 Million Backing From Amazon.

An anonymous reader quotes a report from CNET: There are about 1.47 million individual solar panel installations in the US. That number comes courtesy of an artificial intelligence system developed by researchers at Stanford University. The system is outlined in a study released Wednesday that describes how the AI setup analyzed satellite photos to figure out how widespread solar panel usage is. The report, called "DeepSolar: A Machine Learning Framework to Efficiently Construct a Solar Deployment Database in the United States" and published in the journal Joule, showed there are more solar panels out there than previously thought. The group plans to update the database annually and add other countries and regions in the future, the study says.

London's Metropolitan Police is testing its facial recognition technology in the capital this week. From a report: It's the seventh time the Metropolitan Police, the UK capital's police force, has trialled facial recognition in public. The technology has previously been used at large events, including Notting Hill Carnival in 2016 and 2017, and Remembrance Day services last year. This year, the technology is being used Monday and Tuesday of this week in Soho, Piccadilly Circus, and Leicester Square -- all major shopping areas in the heart of the city.

Cameras are fixed to lampposts or deployed on vans, and use software developed by Japanese firm NEC to measure the structure of passing faces. This scan is then compared to a database of police mugshots. The Met says a match via the software will prompt officers to examine the individual and decide whether or not to stop them. Posters will inform the public they're liable to be scanned while walking in certain areas, and the Met says anyone declining to be scanned "will not be viewed as suspicious."

Amazon may have turned off its Oracle data warehouse in favor of Amazon Web Services database technology, but no one else in their right mind would, Oracle's outspoken co-founder and CTO Larry Ellison says. From a report: "We have a huge technology leadership in database over Amazon," Ellison said on a conference call following the release of Oracle's second quarter financial results. "In terms of technology, there is no way that... any normal person would move from an Oracle database to an Amazon database." During last month's AWS re:Invent conference, AWS CTO Werner Vogels gave an in-the-weeds talk explaining why Amazon turned off its Oracle data warehouse. In a clear jab at Oracle, Vogels wrote off the "90's technology" behind most relational databases. Cloud native databases, he said, are the basis of innovation.

The remarks may have gotten under Ellison's skin. Moving from Oracle databases to AWS "is just incredibly expensive and complicated," he said Monday. "And you've got to be willing to give up tons of reliability, tons of security, tons of performance... Nobody, save maybe Jeff Bezos, gave the command, 'I want to get off the Oracle database." Ellison said that Oracle will not only hold onto its 50 percent relational database market share but will expand it, thanks to the combination of Oracle's new Generation 2 Cloud infrastructure and its autonomoius database technology. "You will see rapid migration of Oracle from on-premise to the Oracle public cloud," he said. "Nobody else is going to go through that forced march to go on to the Amazon database."

An anonymous reader writes from a report via ZDNet: No data encryption, no antivirus programs, no multi-factor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the U.S.' ballistic missile system released on Friday by the U.S. Department of Defense Inspector General (DOD IG). The report [PDF] was put together earlier this year, in April, after DOD IG officials inspected five random locations where the Missile Defense Agency (MDA) had placed ballistic missiles part of the Ballistic Missile Defense System (BMDS) -- a DOD program developed to protect U.S. territories by launching ballistic missiles to intercept enemy nuclear rockets.

Here is a summary of the findings: (1) Multi-factor authentication wasn't used consistently. (2) One base didn't even bother to configure its network to use multifactor authentication. (3) Patches weren't applied consistently. (4) One base didn't patch systems for flaws discovered in 1990. (5) Server racks weren't locked. (6) Security cameras didn't cover the entire base. (7) Door sensors showed doors closed when they were actually open. (8) Base personnel didn't challenge visitors on bases without proper badges, allowing access to secure areas. (9) One base didn't use antivirus or other security software. (10) Data stored on USB thumb drives was not encrypted. (11) IT staff didn't keep a database of who had access to the system and why.

AmiMoJo shares a report: Taylor Swift used facial recognition technology at her live performances so that technicians running the system could then check those face scans against a private database of her stalkers. There is now big demand for serious security at live events the size of a Taylor Swift concert. There have been so many bombings and mass shootings at music concerts over the past year to even remember without Googling. Fear of being killed at a music concert is something people factor in to the decision to buy tickets and go to live events. The demand for security is real.

Louisiana is rolling out a new digital driver's license app, called LA Wallet, that will let retailers digitally verify the age of their customers, if required. "According to IEEE Spectrum, Louisiana's Office of Alcohol and Tobacco Control is expected to announce that bars, restaurants, grocery stores and other retails are allowed to accept LA Wallet as proof of age, according to the app's developer, Envoc." From the report: The Baton Rouge-based company launched LA Wallet in June, after two years of collaboration with state officials. But so far only law enforcement officers making routine traffic stops are required to accept the digital driver's license. Next week's announcement would greatly broaden the scope of the app's use. About 71,000 people have downloaded LA Wallet so far, says Calvin Fabre, founder and president of Envoc. The app costs $5.99 in the Google Play and Apple App stores. Users buy it, create an account with some basic information from their physical driver's license, and create a password. That's it. No biometric security -- like iris scans or facial recognition -- required. The app links back to Louisiana's Office of Motor Vehicles database, which completes the digital license with the user's photo and additional information. Any changes to the license, like a suspension or renewal, are updated immediately in the app with a wireless network connection.

To present the license -- say, to a cop during a traffic stop -- the driver (hoping his phone battery isn't dead) opens the app with a password, shows the cop the digital license image, and authenticates it by pressing and holding the screen to reveal a security seal. The license can be flipped over to show a scannable bar code on the back. There's also a handy security feature that allows anyone with the LA Wallet app to authenticate another person's Louisiana digital driver's license. It allows the bar patron to select which information she would like to reveal to the bartender -- in this case, simply the fact that she is over 21. That information is displayed on the phone with a photo and embedded QR code. The bartender scans the code with her app, which tells her that the woman seated on the other side of the bar is indeed over 21. None of the customer's personal information, such as her name, birth date, or address, is displayed or stored on the bartender's phone.

The popular narrative around artificial intelligence research is that it's mainly a war between China and the United States. Not so fast, says Europe. From a report: New data released today (Dec. 12; PDF file) by the AI Index, a project to track the advancement of artificial intelligence, shows a trend of Europe releasing more papers than either the US or China. The data was assembled from Scopus, a citation database owned by scientific publishing company Elsevier. If the current trend continues, China will soon overtake Europe in the number of papers published. The number of papers out of China grew 17% in 2017, compared to a 13% increase in the US, and 8% in Europe.

Europe boasts top universities doing work in AI, such as Oxford, University College London, and ETH Zurich, in addition to being home to branches of tech companies like Google, Microsoft, and Amazon. Alphabet's DeepMind operates out of London, and French president Emmanuel Macron has been particularly bullish on AI in Europe. Since being elected in 2017, he has already laid out initiatives to bolster the amount of research and corporate AI stationed in France. [...] The AI Index report credits the huge 70% increase in Chinese AI papers in 2008 to a government program promoting long-term research in artificial intelligence through 2020.

An anonymous reader quotes a report from CNET: A Chinese intelligence-gathering effort was behind the massive Marriott hotels data breach that exposed the personal information for up to 500 million people, the New York Times reported Tuesday. The hackers are believed to have been working for China's Ministry of State Security, the Times reported citing sources who had been briefed on the investigation's preliminary results. The revelation emerges as the U.S. Justice Department is preparing to announce new indictments against Chinese hackers working for the intelligence and military services, the Times reported.

The hotel chain revealed last month that it had discovered that hackers had compromised the guest reservation database of its Starwood division, whose brands include Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis. Marriott said some of the stolen information also included payment card numbers and expiration dates. Private investigators involved in a probe into the breach had previously discovered hacking tools, techniques and procedures that were used in earlier cyberattacks that have been linked to Chinese hackers.

After investigating claims that its employees are taking bribes to sell internal data to merchants to help them increase their sales on the site, Amazon has reportedly fired several employees involved in the scams. The Wall Street Journal reports that Amazon let go of several workers in the U.S. and India who allegedly inappropriately accessed company data that disreputable merchants had misused. The Hill reports: Amazon is focusing its internal bribery investigation on India, a person familiar with the effort told the paper. Some employees in India and China working as customer support have said that their access to an internal database that allows them to find data about specific product performance or trending keywords has been dramatically limited. Amazon has also deleted thousand of suspect reviews, restricted sellers' access to customer data on its platform, and quashed some methods to force the site to bring up certain products higher in search results, the people told the Journal. "We have strict policies and a Code of Business Conduct & Ethics in place for our employees. We implement sophisticated systems to restrict and audit access to information," the company wrote. "We hold our employees to a high ethical standard and anyone in violation of our Code faces discipline, including termination and potential legal and criminal penalties."

"In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them, including terminating their selling accounts, deleting reviews, withholding funds, and taking legal action," Amazon added.

Dozens of companies use smartphone locations to help advertisers and even hedge funds. They say it's anonymous, but the data shows how personal it is. From a report: The millions of dots on the map trace highways, side streets and bike trails -- each one following the path of an anonymous cellphone user. One path tracks someone from a home outside Newark to a nearby Planned Parenthood, remaining there for more than an hour. Another represents a person who travels with the mayor of New York during the day and returns to Long Island at night. [...] An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds, according to a database of more than a million phones in the New York area that was reviewed by The New York Times.

At least 75 companies receive anonymous, precise location data from apps whose users enable location services to get local news and weather or other information, The Times found. Several of those businesses claim to track up to 200 million mobile devices in the United States -- about half those in use last year. The database reviewed by The Times -- a sample of information gathered in 2017 and held by one company -- reveals people's travels in startling detail, accurate to within a few yards and in some cases updated more than 14,000 times a day.

The Secret Service is planning to test facial recognition surveillance around the White House, "with the goal of identifying 'subjects of interest' who might pose a threat to the president," reports The Verge. The document with the plans was published by the American Civil Liberties Union, describing "a test that would compare closed circuit video footage of public White House spaces against a database of images -- in this case, featuring employees who volunteered to be tracked." From the report: The test was scheduled to begin on November 19th and to end on August 30th, 2019. While it's running, film footage with a facial match will be saved, then confirmed by human evaluators and eventually deleted. The document acknowledges that running facial recognition technology on unaware visitors could be invasive, but it notes that the White House complex is already a "highly monitored area" and people can choose to avoid visiting. We don't know whether the test is actually in operation, however. "For operational security purposes we do not comment on the means and methods of how we conduct our protective operations," a spokesperson told The Verge.

The ACLU says that the current test seems appropriately narrow, but that it "crosses an important line by opening the door to the mass, suspicionless scrutiny of Americans on public sidewalks" -- like the road outside the White House. (The program's technology is supposed to analyze faces up to 20 yards from the camera.) "Face recognition is one of the most dangerous biometrics from a privacy standpoint because it can so easily be expanded and abused -- including by being deployed on a mass scale without people's knowledge or permission."

An anonymous reader quotes a report from TechCrunch: Last Friday, Marriott sent out millions of emails warning of a massive data breach -- some 500 million guest reservations had been stolen from its Starwood database. One problem: the email sender's domain didn't look like it came from Marriott at all. Marriott sent its notification email from "email-marriott.com," which is registered to a third party firm, CSC, on behalf of the hotel chain giant. But there was little else to suggest the email was at all legitimate -- the domain doesn't load or have an identifying HTTPS certificate. In fact, there's no easy way to check that the domain is real, except a buried note on Marriott's data breach notification site that confirms the domain as legitimate. But what makes matters worse is that the email is easily spoofable.

Many others have sounded the alarm on Marriott's lackluster data breach response. Security expert Troy Hunt, who founded data breach notification site Have I Been Pwned, posted a long tweet thread on the hotel chain giant's use of the problematic domain. As it happens, the domain dates back at least to the start of this year when Marriott used the domain to ask its users to update their passwords. Williams isn't the only one who's resorted to defending Marriott customers from cybercriminals. Nick Carr, who works at security giant FireEye, registered the similarly named "email-mariott.com" on the day of the Marriott breach. "Please watch where you click," he wrote on the site. "Hopefully this is one less site used to confuse victims." Had Marriott just sent the email from its own domain, it wouldn't be an issue.

An anonymous reader writes: Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach. The hotel and resorts giant said in a statement filed with U.S. regulators that the "unauthorized access" to its guest database was detected on or before September 10 -- but may have dated back as far as 2014. "Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014," said the statement. "Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it."

Specific details of the breach remain unknown. We've contacted Starwood for more and will update when we hear back. The company said hat it obtained and decrypted the database on November 19 and "determined that the contents were from the Starwood guest reservation database." Some 327 million records contained a guest's name, postal address, phone number, date of birth, gender, email address, passport number, Starwood's rewards information (including points and balance), arrival and departure information, reservation date, and their communication preferences.

Amazon Web Services CEO Andy Jassy said in an interview on Wednesday that almost all of Amazon's databases that ran on Oracle will be on an Amazon database instead. "We're virtually done moving away from Oracle on the database side," Jassy said. "And I think by the end of 2019 or mid-2019 we'll be done." CNBC reports: Amazon is reducing its reliance on Oracle for its data needs and is instead using its own services. Jassy said 88 percent of Amazon databases that were running on Oracle will be on Amazon DynamoDB or Amazon Aurora by January. He added that 97 percent of "mission critical databases" will run on DynamoDB or Aurora by the end of the year. On Nov. 1, Amazon moved its data warehouse from Oracle to its own service, Redshift, Jassy said.

Amazon.com is jumping on the blockchain wave with new cloud services that help customers build the technology needed to record transactions. From a report: Amazon Web Services Chief Executive Officer Andy Jassy on Wednesday announced Amazon Managed Blockchain, a new service underpinning blockchain networks that record millions of transactions. The company spent the past year studying the needs of customers interested in blockchain solutions before creating the new products, Jassy said.

The service can be used to manage peer-to-peer payments, process loans and help businesses transact with distributors and suppliers, Jassy said. AWS announced a string of other new or updated cloud offerings, seeking to maintain its lead in the market for internet-based computing. The company also announced a new service called Amazon Quantum Ledger Database or QLDB, which is a fully managed ledger database with a central trusted authority. The service, which is launching into preview today, offers an append-only, immutable journal that tracks the history of all changes, Amazon said. And all the changes are cryptographically chained and verifiable.

An anonymous reader shares a report from TechCrunch: Urban Massage, a popular massage startup that bills itself as providing "wellness that comes to you," has leaked its entire customer database. The London, U.K.-based startup -- now known as just Urban -- left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database. It's not known how long the database was exposed or if anyone else had accessed or obtained the database before it was pulled. It's believed that the database was exposed for at least a few weeks.

Urban pulled the database offline after TechCrunch reached out. Among the records included thousands of complaints from workers about their clients. The records included specific complaints -- from account blocks for fraudulent behavior, abuse of the referral system and persistent cancelers. But, many records also included allegations of sexual misconduct by clients -- such as asking for "massage in genital area" and requesting "sexual services from therapist." Others were marked as "dangerous," while others were blocked due to "police enquiries." Each complaint included a customer's personally identifiable information -- including their name, address and postcode and phone number.