SoylentNews

takyon writes:

Kohl's, an American department store retail chain, will accept Amazon returns at all of its 1,150 locations starting in July. But what will each company get out of the relationship?

Shoppers don't like returning items in the mail, so services provided by companies like Narvar and Happy Returns have become more popular. For Kohl's, the benefits to joining with Amazon are clear. This deal drives foot traffic through Kohl's doors. And if those shoppers, now with a little more cash in their wallets, see something they like after they drop off their package, Kohl's gets to ring up the sale.

But Amazon gets something out of this also. "Amazon looks to be enticing customers to bring returns to a limited number of known Kohl's addresses, instead of picking up returns at an endless number of home or office addresses," said Pete Madden, a director in the AlixPartners LLP retail practice. "This likely saves Amazon money because customers are absorbing Amazon's transportation cost by doing the driving and Kohl's would be acting as Amazon's consolidator." For example, Kohl's is screening the items and putting them into a single shipment. Kohl's is likely being compensated, Madden said, but at a rate that makes it a win-win for both companies.

Amazon is already spending billions to get items to customers. Amazon's shipping costs in 2018 were $27.7 billion, according to the company's 10-K, up from $21.7 billion the year before. "We seek to mitigate costs of shipping over time in part through achieving higher sales volumes, optimizing our fulfillment network, negotiating better terms with our suppliers, and achieving better efficiencies," the 10-K reads. "We believe that offering low prices to our customers is fundamental to our future success, and one way we offer lower prices is through shipping offers."

Madden also thinks the partnership provides a way for Kohl's and Amazon to keep customers from spending their money with the competition. "Amazon is likely hoping to figure out new ways to keep their common customers with Kohl's away from mutual rivals such as Walmart," he said. "Keeping a customer locked in with you is priceless."

Kohl's press release.

Original Submission

Arthur T Knackerbracket has found the following story:

Canada's oil sands CO2 emissions are significantly higher than indicated by industry data collected using internationally recommended methods, according to a study published Tuesday.

Environment Canada scientists flying over the region took atmospheric measurements and found CO2 emission intensities up to 123 percent higher than current estimates.

Their findings were published in the journal Nature Communications.

"This leads to 64 percent higher annual GHG emissions from surface mining operations, and 30 percent higher overall oil sands GHG emissions (17 Mt) compared to that reported by industry, despite emissions reporting which uses the most up to date and recommended bottom-up approaches," said the study, referring to greenhouse gases.

The current method of calculating emissions uses a combination of ground measurements based on fuel usage and mathematical modelling.

This includes emissions from mining, processing, upgrading and tailings ponds.

Because similar reporting methods are used across the entire oil and gas sector, the scientists concluded that all oil and gas CO2 emissions data "may be more uncertain than previously considered."

Original Submission

Arthur T Knackerbracket has found the following story:

The National Security Agency appears to have done a complete about-face over the controversial electronic spying program that whistleblower Edward Snowden brought to light almost six years ago now, involving the bulk collection of metadata related to Americans’ phone calls and text messages.

The NSA once defended the program — which was secretly launched during the George W. Bush administration without court approval — as vital to US national security interests. The nation was still reeling from the Sept. 11 terrorist attacks, and officials later said tools like this program help the nation’s espionage professionals deal with the new realities of terrorism.

Now? The “logistical and legal burdens of keeping it outweigh its intelligence benefits,” a new Wall Street Journal report quotes unnamed officials as saying about the controversial phone surveillance.

“The National Security Agency has recommended that the White House abandon a U.S. surveillance program that collects information about Americans’ phone calls and text messages,” the Journal reports. It continues: “The latest view is rooted in a growing belief among senior intelligence officials that the spying program provides limited value to national security and has become a logistical headache.”

The report goes on to note that the messy thicket of legal and compliance issues are the reason the agency actually decided to stop relying on the program earlier this year. Its legal authority only extends through December unless Congress decides to re-up it, which is what the agency is recommending here is not needed anymore.

Original Submission

upstart writes:

Submitted via IRC for Bytram

'Catastrophic' breeding failure at one of world's largest emperor penguin colonies

Emperor penguins at the Halley Bay colony in the Weddell Sea have failed to raise chicks for the last three years, scientists have discovered.

Researchers from British Antarctic Survey (BAS) studied very high resolution satellite imagery to reveal the unusual findings, published today (25 April 2019) in the journal Antarctic Science.

Until recently, the Halley Bay colony was the second largest in the world, with the number of breeding pairs varying each year between 14,000—25,000; around 5-9% of the global emperor penguin population.

The failure to raise chicks for three consecutive years is associated with changes in the local sea-ice conditions. Emperor penguins need stable sea-ice on which to breed, and this icy platform must last from April when the birds arrive, until December when their chicks fledge.

For the last 60 years the sea-ice conditions in the Halley Bay site have been stable and reliable. But in 2016, after a period of abnormally stormy weather, the sea-ice broke up in October, well before any emperor chicks would have fledged.

This pattern was repeated in 2017 and again in 2018 and led to the death of almost all the chicks at the site each season.

The colony at Halley Bay colony has now all but disappeared, whilst the nearby Dawson Lambton colony has markedly increased in size, indicating that many of the adult emperors have moved there, seeking better breeding grounds as environmental conditions have changed.

The re-location of many of the birds to a more stable breeding ground is encouraging, as until now it was not known whether the penguins would seek alternative sites in response to significant changes in their local environment.

Journal Reference:
Peter T. Fretwell, Philip N. Trathan. Emperors on thin ice: three years of breeding failure at Halley Bay. Antarctic Science, 2019; 1 DOI: 10.1017/S0954102019000099

[The emperor penguin was the focus of the 2005 documentary film March of the Penguins which covered a colony with breeding grounds near Dumont d'Urville Station. NB: There are only four breeding grounds for the emperor penguin. --martyb]

Original Submission

MostCynical writes:

the Washington Post reports another story about hacked Nest devices.

Hackers, whose voices could be heard faintly in the background, were playing the pornography through the Nest Cam, which had been used for years as a baby monitor in a Novato, California home.

The method used to get access to the intercom feature is one of the oldest tricks on the Internet.

Hackers essentially look for email addresses and passwords that have been dumped online after being stolen from one website or service and then check to see whether the same credentials work on another site. Like the vast majority of Internet users, the family used similar passwords on more than one account. While their Nest account had not been hacked, their password had essentially become public knowledge, thanks to other data breaches.

The article continues:

But Nest's defenses were not good enough to stop several high-profile incidents throughout last year in which hackers used credential stuffing to break into Nest cameras for kicks. Hackers told a family in a San Francisco suburb, using the family's Nest Cam, that there was an imminent missile attack from North Korea. Someone hurled racial epithets at a family in Illinois through a Nest Cam. There were also reports of hackers changing the temperature on Nest thermostats. And while only a handful of hacks became public, other users may not even be aware their cameras are compromised.

The company was forced to respond. "Nest was not breached," it said in a January statement. "These recent reports are based on customers using compromised passwords," it said, urging its customers to use two-factor authentication. Nest started forcing some users to change their passwords.

This was a big step for Nest because it created the kind of friction that technology companies usually try to avoid. "As we saw the threat evolve, we put more explicit measures in place," Sathe said. Nest says only a small percentage of its millions of customers are vulnerable to this type of attack.

So, how much should a company pander to laziness? Can 'good' security be forced on lazy people?
Is anyone going to take responsibility for their own data? (although this is already almost impossible for all but the most paranoid/vigilant types, not re-using passwords shouldn't be this hard...)

Original Submission

Arthur T Knackerbracket has found the following story:

UK comms regulator Ofcom can't be ordered to ignore its legal duties, the High Court has ruled, paving the way for GSM gateway operators to claim compensation after Home Office ministers and mandarins destroyed their businesses.

VIP Communications Ltd won its judicial review against the Home Office last week while the country was closing down for Easter. It successfully argued that a ministerial direction banning cheap call gateways was ultra vires – outside the government's legal powers.

"If a statute is to confer upon a member of the Executive the power to override a duty in other primary legislation," said Mr Justice Morris in his judgment of 17 April, summarising VIP Communications' legal arguments, "then clear and specific words are required." He went on to rule that there were no such words allowing security minister Ben Wallace to ban GSM gateways, as he did in 2017.

The Home Office's lawyers argued before the Administrative Court that Ofcom, as the regulator in charge of the technical aspects of GSM gateways, "is also under a duty to act in accordance with directions given by the Secretary of State." Mr Justice Morris ruled that section 5 of the Communications Act 2003 could not, in this case, be read as overriding Ofcom's duties under section 8(4) of the Wireless Telegraphy Act 2006.

The full judgment, 100 paragraphs of dense legalese and interpretation, is here.

Original Submission

upstart writes:

Submitted via IRC for Bytram

NIST tool enables more comprehensive tests on high-risk software

We entrust our lives to software every time we step aboard a high-tech aircraft or modern car. A long-term research effort guided by two researchers at the National Institute of Standards and Technology (NIST) and their collaborators has developed new tools to make this type of safety-critical software even safer.

Augmenting an existing software toolkit, the research team's new creation can strengthen the safety tests that software companies conduct on the programs that help control our vehicles, operate our power plants and manage other demanding technology. While these tests are often costly and time-consuming, they reduce the likelihood this complex code will glitch because it received some unexpected combination of input data. This source of trouble can plague any sophisticated software package that must reliably monitor and respond to multiple streams of data flowing in from sensors and human operators at every moment.

With the research toolkit called Automated Combinatorial Testing for Software, or ACTS, software companies can make sure that there are no simultaneous input combinations that might inadvertently cause a dangerous error. As a rough parallel, think of a keyboard shortcut, such as pressing CTRL-ALT-DELETE to reset a system intentionally. The risk with safety-critical software is that combinations that create unintentional consequences might exist.

[...] The peer-reviewed findings of the research team appear in two papers the team will present on April 23 at the 2019 IEEE International Conference on Software Testing, Verification and Validation in Xi'an, China. The research includes collaborators from the University of Texas at Arlington, Adobe Systems Inc. and Austria's SBA Research.

NIST mathematician Raghu Kacker said that CCM represents a substantial improvement to the ACTS toolkit since its last major addition in 2015.

"Before we revised CCM, it was difficult to test software that handled thousands of variables thoroughly," Kacker said. "That limitation is a problem for complex modern software of the sort that is used in passenger airliners and nuclear power plants, because it's not just highly configurable, it's also life critical. People's lives and health are depending on it."

Original Submission

Arthur T Knackerbracket has found the following story:

Last summer, Adrian Bednarek was mulling over ways to steal the cryptocurrency Ethereum. He's a security consultant; at the time, he was working for a client in the theft-plagued cryptocurrency industry. Bednarek had been drawn to Ethereum, in particular, because of its notorious complexity and the potential security vulnerabilities those moving parts might create. But he started instead with the simplest of questions: What if an Ethereum owner stored their digital money with a private key—the unguessable, 78-digit string of numbers that protects the currency stashed at a certain address—that had a value of 1?

To Bednarek's surprise, he found that dead-simple key had in fact once held currency, according to the blockchain that records all Ethereum transactions. But the cash had already been taken out of the Ethereum wallet that used it—almost certainly by a thief who had thought to guess a private key of 1 long before Bednarek had. After all, as with Bitcoin and other cryptocurrencies, if anyone knows an Ethereum private key, they can use it to derive the associated public address that the key unlocks. The private key then allows them to transfer the money at that address as though they were its rightful owner.

That initial discovery piqued Bednarek's curiosity. So he tried a few more consecutive keys: 2, 3, 4, and then a couple dozen more, all of which had been similarly emptied. So he and his colleagues at the security consultancy Independent Security Evaluators wrote some code, fired up some cloud servers, and tried a few dozen billion more.

"You have a thief here that amassed this fortune and then lost it all when the market crashed.

In the process, and as detailed in a paper they published Tuesday, the researchers not only found that cryptocurrency users have in the last few years stored their crypto treasure with hundreds of easily guessable private keys, but also uncovered what they call a "blockchain bandit." A single Ethereum account seems to have siphoned off a fortune of 45,000 ether—worth at one point more than $50 million—using those same key-guessing tricks.

"He was doing the same things we were doing, but he went above and beyond," Bednarek says. "Whoever this guy or these guys are, they're spending a lot of computing time sniffing for new wallets, watching every transaction, and seeing if they have the key to them."

Original Submission

DannyB writes:

Hacker Can Monitor Cars And Kill Their Engines After Breaking Into GPS Tracking Apps

"I can absolutely make a big traffic problem all over the world," the hacker said.

[. . . . ] The hacker, who goes by the name L&M, told Motherboard he hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that companies use monitor and manage fleets of vehicles through GPS tracking devices. The hacker was able to track vehicles in a handful of countries around the world, including South Africa, Morocco, India, and the Philippines. On some cars, the software has the capability of remotely turning off the engines of vehicles that are stopped or are traveling 12 miles per hour or slower [ . . . . ]

By reverse engineering ProTrack and iTrack's Android apps, L&M said he realized that all customers are given a default password of 123456 when they sign up. [ . . . ] At that point, the hacker said he brute-forced "millions of usernames" via the apps' API. Then, he said he wrote a script to attempt to login using those usernames and the default password.

[ . . . ] the hacker has scraped a treasure trove of information from ProTrack and iTrack customers, including: name and model of the GPS tracking devices they use, the devices' unique ID numbers (technically known as an IMEI number); usernames, real names, phone numbers, email addresses, and physical addresses.

[ . . . . ] ProTrack denied the data breach via email, but confirmed that its prompting users to change passwords. [ . . . ] "Our system is working very well and change password is normal way for account security like other systems, any problem?" a company representative said.

That default password should have been ROT13 encrypted.

Original Submission

An Anonymous Coward writes:

For a long time airlines has estimated the weight of passengers to determine how much fuel is required for a flight. Now a bunch of boffins have come up with a way to weigh passengers discreetly so airplane fuel can be tailored to the flight. This system would of course keep this data confidential.

I wonder if they'll add an autocharge to the passenger's credit card if they are overweight or a refund if they are under the average weight.

Original Submission

An Anonymous Coward writes:

This interview by Technology Review https://www.technologyreview.com/s/613399/the-three-challenges-keeping-cars-from-being-fully-autonomous/ appears to be reasoned and sensible, unlike most of the hype of autonomous-cars-revolutionizing-transportation that has been common the last several years.

[...] In the US, the current car fatality rate is about one death per 1 million hours of driving. Without drunk driving or texting, the rate probably decreases by a factor of 10. Effectively that means a self-driving car's perception system should fail, at an absolute maximum, once in every 10 million hours of driving. But currently the best driving assistance systems incorrectly perceive something in their environment once every tens of thousands of hours, Shashua says. "We're talking about a three-orders-of-magnitude gap." ...

The second challenge is to build a system that can make reasonable decisions, such as how fast to drive and when to change lanes. But defining what constitutes "reasonable" is less a technical challenge than a regulatory one,... it has to make a trade-off between safety and usefulness. "I can be completely safe if I don't drive or if I drive very slowly," he says, "but then I'm not useful, and society will not want those vehicles on the road."

The last challenge is to create a cost-effective car.... with the technology still at tens of thousands of dollars, only a ride-hailing business will be financially sustainable. ... But individual consumers would probably not pay a premium over a few thousand dollars for the technology.

I've made the case here on SoylentNews that unimpaired human drivers should be the safety target for self-driving cars. Turns out that looking at it this way agrees with my gut feelings, humans aren't all that bad. Nice to have some rough numbers to think about.

[20190425_134924 UTC added byline noting story was submitted by an Anonymous Coward. --martyb]

Original Submission

An Anonymous Coward writes:

Netflix (NFLX) is working its way through a series of price increases in several markets, including the United States and parts of Europe. At the start of the year, for instance, Netflix reviewed its prices for US customers. The price of its most popular plan jumped 18% to $13 per month from $11 per month.

A survey from Diffusion Group came out shortly after Netflix announced the price hike and was cited by USA Today said that as many as 16% of Netflix customers could cancel their subscriptions because of the price increase. In an apparent attempt to capitalize on the expected fallout from the Netflix price hike, Hulu dropped prices for its on-demand video plans, and Dish Network (DISH) launched a discount promotion for its Sling TV service. Hulu is owned 60% by Walt Disney (DIS) and 30% by Comcast (CMCSA).

But Netflix actually added 1.7 million paying subscribers in the United States in the first quarter.

[...] That Netflix continues to add new customers even after hiking prices suggests a company with customers who are not only highly loyal but also supportive of its business strategy. Netflix has been borrowing to bankroll its expensive content budget, but it wants to rely on its customers to foot the programming bills. The company has been asking customers to pay more for the service to allow it to raise funds to spend on more content production.

https://articles.marketrealist.com/2019/04/netflix-customers-arent-only-loyal-theyre-supportive-too/

Original Submission

An Anonymous Coward writes:

Billions of dollars' worth of gold is being smuggled out of Africa every year through the United Arab Emirates in the Middle East – a gateway to markets in Europe, the United States and beyond – a Reuters analysis has found.

Customs data shows that the UAE imported $15.1 billion worth of gold from Africa in 2016, more than any other country and up from $1.3 billion in 2006. The total weight was 446 tonnes, in varying degrees of purity – up from 67 tonnes in 2006.

Much of the gold was not recorded in the exports of African states. Five trade economists interviewed by Reuters said this indicates large amounts of gold are leaving Africa with no taxes being paid to the states that produce them.

Previous reports and studies have highlighted the black-market trade in gold mined by people, including children, who have no ties to big business, and dig or pan for it with little official oversight. No-one can put an exact figure on the total value that is leaving Africa. But the Reuters analysis gives an estimate of the scale.

Reuters assessed the volume of the illicit trade by comparing total imports into the UAE with the exports declared by African states. Industrial mining firms in Africa told Reuters they did not send their gold to the UAE – indicating that its gold imports from Africa come from other, informal sources.

https://www.reuters.com/article/us-gold-africa-smuggling-exclusive/exclusive-gold-worth-billions-smuggled-out-of-africa-idUSKCN1S00IT

Original Submission

An Anonymous Coward writes:

Combining a new production process with a high-volume new processor architecture is a bit of a gamble, but it looks like it might be paying off with the upcoming AMD Ryzen 3000 series CPUs as early yields are looking good. An anonymous source is stating that AMD's 7nm processor yields are sitting around the 70% mark, and at this stage in production that's actually a pretty good figure.

The chip yield is one of the most important metrics in terms of silicon production. If your manufacturing process is delivering high yields that means a greater percentage of the chips on an individual wafer are deemed functional. There will always be defects in such precise manufacturing, so some of the chips on any given wafer will be dead on arrival, but however much you cut that down increases your profitability.

[...]

The reported 70% yield comes from a previously reliable, but unnamed, source talking to Bitsandchips in Italy (via Guru3D). It also goes on to point out that Intel's current 28-core 14nm CPU yield is hovering around the 35% mark and, given that AMD's design is working from eight-core chiplets, it's a lot easier to manufacture eight chiplets than a single, monolithic 64-core die.

So 35% yield versus 70% yield on both Intel and AMD's most expensive professional server parts respectively. Guess who's going to be just printing dollars with those numbers...

https://www.pcgamesn.com/amd/zen-2-ryzen-3000-cpu-yield-70-percent

Original Submission

Arthur T Knackerbracket has found the following story:

The depths of the ocean have an otherworldly, alien quality to them, showcasing remarkable beauty like that seen in upside-down mirror pools and the terrifying visions of transparent Eldritch horrors.

The latest discovery, by a team of scientists and explorers currently charting the ocean's five deepest points, falls somewhere in between. 

Exploring the 4.5-mile-deep Java Trench in the Indian Ocean for the first time, Alan Jamieson, chief scientist of the Five Deeps Expedition, ran into this never-before-seen species of sea squirt, casually floating along the ocean floor. The jelly-like creature sailed along in front of the Five Deeps team's deep-sea submarine, in perfect view of the camera, displaying a blue and white balloon-like floater.

Jamieson describes it as a "stalked Ascidean," a type of sea squirt, albeit one we have never laid eyes on before.

"It is not often we see something that is so extraordinary that it leaves us speechless," Jamieson said in a statement. 

Original Submission