"Anyone can access portions of a web portal used by law enforcement to request customer data from Amazon," reports TechCrunch, "even though the portal is supposed to require a verified email address and password..." Only time sensitive emergency requests can be submitted without an account, but this requires the user to "declare and acknowledge" that they are an authorized law enforcement officer before they can submit a request. The portal does not display customer data or allow access to existing law enforcement requests. But parts of the website still load without needing to log in, including its dashboard and the "standard" request form used by law enforcement to request customer data... Assuming this was a bug, we sent Amazon several emails prior to publication but did not hear back... Motherboard reported a similar issue earlier this month that allowed anyone with an email address to access law enforcement portals set up by Facebook and WhatsApp.

Read more of this story at Slashdot.

Most of Microsoft's money now comes from its cloud service Azure, points out open-source advocate Eric S. Raymond. Now he posits a future where Windows development will "inevitably" become a drag on Microsoft's business: So, you're a Microsoft corporate strategist. What's the profit-maximizing path forward given all these factors? It's this: Microsoft Windows becomes a Proton-like emulation layer over a Linux kernel, with the layer getting thinner over time as more of the support lands in the mainline kernel sources. The economic motive is that Microsoft sheds an ever-larger fraction of its development costs as less and less has to be done in-house. If you think this is fantasy, think again. The best evidence that it's already the plan is that Microsoft has already ported Edge to run under Linux. There is only one way that makes any sense, and that is as a trial run for freeing the rest of the Windows utility suite from depending on any emulation layer. So, the end state this all points at is: New Windows is mostly a Linux kernel, there's an old-Windows emulation over it, but Edge and the rest of the Windows user-land utilities don't use the emulation. The emulation layer is there for games and other legacy third-party software. Economic pressure will be on Microsoft to deprecate the emulation layer... Every increment of Windows/Linux convergence helps with that — reduces administration and the expected volume of support traffic. Eventually, Microsoft announces upcoming end-of-life on the Windows emulation. The OS itself , and its userland tools, has for some time already been Linux underneath a carefully preserved old-Windows UI. Third-party software providers stop shipping Windows binaries in favor of ELF binaries with a pure Linux API... ...and Linux finally wins the desktop wars, not by displacing Windows but by co-opting it. Perhaps this is always how it had to be.

Read more of this story at Slashdot.

"Singapore will be the first country in the world to use facial verification in its national identity scheme," reports the BBC: The biometric check will give Singaporeans secure access to both private and government services. The government's technology agency says it will be "fundamental" to the country's digital economy. It has been trialled with a bank and is now being rolled out nationwide. It not only identifies a person but ensures they are genuinely present. "You have to make sure that the person is genuinely present when they authenticate, that you're not looking at a photograph or a video or a replayed recording or a deepfake," said Andrew Bud, founder and chief executive of iProov, the UK company that is providing the technology... "Face recognition has all sorts of social implications. Face verification is extremely benign," said Mr Bud. Privacy advocates, however, contend that consent is a low threshold when dealing with sensitive biometric data. "Consent does not work when there is an imbalance of power between controllers and data subjects, such as the one observed in citizen-state relationships," said Ioannis Kouvakas, legal officer with London-based Privacy International.... GovTech Singapore thinks the technology will be good for businesses, because they can use it without having to build the infrastructure themselves. Additionally, Kwok Quek Sin, senior director of national digital identity at GovTech Singapore, said it is better for privacy because companies won't need to collect any biometric data. In fact, they would only see a score indicating how close the scan is to the image the government has on file. In 1993 William Gibson called Singapore "Disneyland with the death penalty... a relentlessly G-rated experience, micromanaged by a state that has the look and feel of a very large corporation. If IBM had ever bothered to actually possess a physical country, that country might have had a lot in common with Singapore."

Read more of this story at Slashdot.

America's dreaded tax-collecting agency is sending "a strong warning to millions of crypto holders who aren't complying with the law that they must file required forms," reports the Wall Street Journal. The front page of this year's tax forms — just below "Name" and "Address" — will ask filers to declare whether they've received or exchanged any virtual currencies. The Journal calls it "setting a trap for cryptocurrency tax cheats." "This placement is unprecedented and will make it easier for the IRS to win cases against taxpayers who check 'No' when they should check 'Yes, '" says Ed Zollars, a CPA with Kaplan Financial Education who updates tax professionals on legal developments... The change to the crypto question and other recent actions show the IRS is taking cryptocurrencies seriously as a threat to the tax system, whether the noncompliance is by enthusiasts who owe little or by sophisticated international criminals. In two recent nontax criminal cases — one involving theft by North Korea and the other involving the sale of child pornography by a Dutch national — the IRS has provided key assistance because of its growing expertise in cryptocurrencies.... For their part, many crypto users are angry with the IRS's guidance, which treats bitcoin, ether and their kin as property rather than currency. So if a crypto holder uses it to buy something or exchanges one cryptocurrency for another, there's usually a capital gain or loss to report on the tax return. "Buying a sandwich with cryptocurrency shouldn't be a taxable event," says Sean Cover, a New York City cryptocurrency holder who works in finance for a nonprofit group. He says that in 2017 he had more than 500 transactions on several platforms, and it took him 10 hours to prepare his crypto tax forms even though he paid for special software. Like some members of Congress, Mr. Cover supports a $200 threshold before crypto transactions would need to be reported. The IRS says it's up to Congress to change the law.... Meanwhile, the IRS is forging ahead with other crypto compliance measures. Earlier this month, it offered rewards up to $625,000 to code-breakers who can crack so-called privacy coins like Monero that attract illicit activity because they claim to be untraceable... The IRS is also sending a new round of letters to crypto holders who may not have complied with the tax rules, expanding on last year's mailing of about 10,000 letters. Tax specialists say the recipients are often customers of Coinbase, which was ordered by a federal court to turn over information on some accounts to the IRS.

Read more of this story at Slashdot.

"It looks like Elon Musk is increasingly unhappy with OpenAI, the AI research firm he helped found five years ago," reports Business Insider: Microsoft announced on Tuesday that it was exclusively licensing GPT-3, a natural language AI-powered tool made by OpenAI. The announcement was met with some dismay on Twitter from users who had thought OpenAI's mission statement was to make technologies like GPT-3 widely available. Elon Musk, who cofounded the company in 2015 as a non-profit AI research body, was among those who criticized the deal. "This does seem like the opposite of open. OpenAI is essentially captured by Microsoft," he said... Exactly how much exclusivity this license gives Microsoft is also unclear. In his blog post, Microsoft CTO Kevin Scott said OpenAI will continue to offer access to GPT-3 via its API. OpenAI reiterated this in its own blog post, saying "the deal has no impact on continued access to the GPT-3 model through OpenAI's API, and existing and future users of it will continue building applications with our API as usual." A Microsoft spokesperson told The Verge the deal gives Microsoft exclusive access to GPT-3's underlying code. GeekWire rounded up reactions from other AI pundits, noting that MIT's Technology Review complained OpenAI was "supposed to benefit humanity," and now "it's simply benefiting one of the richest companies in the world." And Oren Etzioni, CEO of the Allen Institute for Artificial Intelligence, said "OpenAI should be renamed ClosedAI — for all intents and purposes they are a for-profit company. But he added that GPT-3 "has remarkable capabilities and will lead to numerous applications and an even more vigorous mine-is-bigger-than-yours model arms race. I can't wait to see how Google and Amazon respond, and don't forget China."

Read more of this story at Slashdot.

Must-listen NYT podcast about climate-crisis migration in the US.

There's some good news about Covid-19 that you don't see in the news -- eventually it will become less deadly. Most viruses in that family do, the virus mutates, and a strain that kills fewer victims comes to dominate, and that process repeats. The virus spreads out to find new victims and over time it weakens. The 1918 pandemic ended after two years, with no vaccine, but the virus didn't go away, it became seasonal. It still pops up, to this day, but it's nowhere near the problem it was in 1918. That will probably happen with Covid-19 too.

Reuters reports: Thailand launched legal action on Thursday against tech giants Facebook and Twitter for ignoring requests to take down content, in its first such move against major internet firms... "Unless the companies send their representatives to negotiate, police can bring criminal cases against them," the Ministry of Digital Economy and Society, Puttipong Punnakanta, told reporters. "But if they do, and acknowledge the wrongdoing, we can settle on fines...." The complaints were against the U.S. parent companies and not their Thai subsidiaries, Puttipong said. Cybercrime police at a news conference said they would need to look at existing laws to determine whether they had jurisdiction to take up cases against firms based outside of Thailand. Emilie Pradichit, executive director of Manushya Foundation, a digital freedom advocate, said the complaints were "a tactic to scare these companies...." Thailand has a tough lese majeste law prohibiting insulting the monarchy and a Computer Crime Act that outlaws information that is false or affects national security has also been used to prosecute criticism of the royal family.

Read more of this story at Slashdot.

I haven't been in Clubhouse in a couple of weeks. I've been lurking a bit the last few hours. People talk like they're in therapy, and they're the therapist. Or like they're in the United Nations and they're from a small country, afraid they're going to start a war. Everyone is very cautions, non-committal.

Google's cloud-based service platform for developing and hosting web apps "can be abused to deliver phishing and malware while remaining undetected by leading enterprise security products," reports Bleeping Computer, citing a startling discovery by security researcher Marcel Afrahim: A Google App Engine subdomain does not only represent an app, it represents an app's version, the service name, project ID, and region ID fields. But the most important point to note here is, if any of those fields are incorrect, Google App Engine won't show a 404 Not Found page, but instead show the app's "default" page (a concept referred to as soft routing)... Essentially, this means there are a lot of permutations of subdomains to get to the attacker's malicious app. As long as every subdomain has a valid "project_ID" field, invalid variations of other fields can be used at the attacker's discretion to generate a long list of subdomains, which all lead to the same app... The fact that a single malicious app is now represented by multiple permutations of its subdomains makes it hard for sysadmins and security professionals to block malicious activity. But further, to a technologically unsavvy user, all of these subdomains would appear to be a "secure site." After all, the appspot.com domain and all its subdomains come with the seal of "Google Trust Services" in their SSL certificates. Even further, most enterprise security solutions such as Symantec WebPulse web filter automatically allow traffic to trusted category sites. And Google's appspot.com domain, due to its reputation and legitimate corporate use cases, earns an "Office/Business Applications" tag, skipping the scrutiny of web proxies.

Read more of this story at Slashdot.

It’s the bottom of the ninth. Other team is up. Two out. You have a one run lead. Bases loaded. The only runner that matters is the one on third. The guy on first is trying to get you to pick him off. Don’t fall for it.

I don’t understand why people say this Supreme Court nomination is the end of everything. The Repubs now have a 5-3 advantage. Is 6-3 so different? Our big immediate crisis is how we turn the corner on the Nov 3 election, coupled with the ongoing Covid catastrophe.

I just gave $25 to Jaime Harrison because Lindsey Graham is a kook.

Slashdot reader the_newsbeagle writes: At the beginning of the pandemic, modelers pulled out everything they had to predict the spread of the virus. This article explains the three main types of models used: 1) compartmental models that sort people into categories of exposure and recovery, 2) data-driven models that often use neural networks to make predictions, and 3) agent-based models that are something like a Sim Pandemic. "Researchers say they've learned a lot of lessons modeling this pandemic, lessons that will carry over to the next..." the article points out: Finally, researchers emphasize the need for agility. Jarad Niemi, an associate professor of statistics at Iowa State University who helps run the forecast hub used by the CDC, says software packages have made it easier to build models quickly, and the code-sharing site GitHub lets people share and compare their models. COVID-19 is giving modelers a chance to try out all their newest tools, says biologist Lauren Ancel Meyers, the head of the COVID-19 Modeling Consortium at the University of Texas at Austin. "The pace of innovation, the pace of development, is unlike ever before," she says. "There are new statistical methods, new kinds of data, new model structures." "If we want to beat this virus," says Mikhail Prokopenko, a computer scientist at the University of Sydney, "we have to be as adaptive as it is."

Read more of this story at Slashdot.