SoylentNews

SomeGuy writes:

Axios reports: locked up items are driving frustrated consumers to shop online more.

Locking up merchandise at drugstores and discount retailers hasn't curbed retail theft but is driving frustrated consumers to shop online more, retail experts tell Axios. Retail crime is eating into retailers' profits and high theft rates are also leading to a rise in store closures. Secured cases can cause sales to drop 15% to 25%, Joe Budano, CEO of anti-theft technology company Indyme, previously told Axios. Barricading everything from razors to laundry detergent has largely backfired and broken shopping in America, Bloomberg reports.

Aisles full of locked plexiglass cases are common at many CVS and Walgreens stores where consumers have to wait for an employee to unlock them. Target, Walmart, Dollar General and other retailers have also pulled back on self-checkout to deter shoplifting. "Locking up products worsens the shopping experience, and it makes things inconvenient and difficult," GlobalData retail analyst Neil Saunders said, adding it pushes shoppers to other retailers or to move purchases online.

Driving the news: Manmohan Mahajan, Walgreens global chief financial officer, said in a June earnings call that the retailer was experiencing "higher levels of shrink." Amazon CEO Andy Jassy spoke of the "speed and ease" of ordering online versus walking into pharmacies on a call with investors last week. "It's a pretty tough experience with how much is locked behind cabinets, where you have to press a button to get somebody to come out and open the cabinets for you," Jassy said.

Original Submission

upstart writes:

A team of archaeologists says humans may have braced the butt of their weapons against the ground in a way that would impale a charging animal:

How did early humans use sharpened rocks to bring down megafauna 13,000 years ago? Did they throw spears tipped with carefully crafted, razor-sharp rocks called Clovis points? Did they surround and jab mammoths and mastadons? Or did they scavenge wounded animals, using Clovis points as a versatile tool to harvest meat and bones for food and supplies?

UC Berkeley archaeologists say the answer might be none of the above.

Instead, researchers say humans may have braced the butt of their pointed spears against the ground and angled the weapon upward in a way that would impale a charging animal. The force would have driven the spear deeper into the predator's body, unleashing a more damaging blow than even the strongest prehistoric hunters would have been capable of on their own.

Drawing upon multiple sources of writings and artwork, a team of Berkeley archaeologists reviewed historical evidence from around the world about people hunting with planted spears.

They also ran the first experimental study of stone weapons that focused on pike hunting techniques, revealing how spears react to the simulated force of an approaching animal. Once the sharpened rock pierced the flesh and activated its engineered mounting system, they say, the spear tip functioned like a modern day hollow-point bullet and could inflict serious wounds to mastodons, bison and saber-toothed cats.

"This ancient Native American design was an amazing innovation in hunting strategies," said Scott Byram, a research associate with Berkeley's Archeological Research Facility and first-author of a paper on the topic published today in the journal PLOS ONE. "This distinctive Indigenous technology is providing a window into hunting and survival techniques used for millennia throughout much of the world."

upstart writes:

Victory! Grand Jury Finds Sacramento Cops Illegally Shared Driver Data:

For the past year, EFF has been sounding the alarm about police in California illegally sharing drivers' location data with anti-abortion states, putting abortion seekers and providers at risk of prosecution. We thus applaud the Sacramento County Grand Jury for hearing this call and investigating two police agencies that had been unlawfully sharing this data out-of-state.

The grand jury, a body of 19 residents charged with overseeing local government including law enforcement, released their investigative report on Wednesday. In it, they affirmed that the Sacramento County Sheriff's Office and Sacramento Police Department violated state law and "unreasonably risked" aiding the potential prosecution of "women who traveled to California to seek or receive healthcare services."

[...] Since 2016, California law has prohibited sharing ALPR data with out-of-state or federal law enforcement agencies. Despite this, dozens of rogue California police agencies continued sharing this information with other states, even after the state's attorney general issued legal guidance in October "reminding" them to stop.

In Sacramento County, both the Sacramento County Sheriff's Office and the Sacramento Police Department have dismissed calls for them to start obeying the law. Last year, the Sheriff's Office even claimed on Twitter that EFF's concerns were part "a broader agenda to promote lawlessness and prevent criminals from being held accountable." That agency, at least, seems to have had a change of heart: The Sacramento County Grand Jury reports that, after they began investigating police practices, the Sacramento County Sheriff's Office agreed to stop sharing ALPR data with out-of-state law enforcement agencies.

NASA decided Saturday it's too risky to bring two astronauts back to Earth in Boeing's troubled new capsule, and they'll have to wait until next year for a ride home with SpaceX. What should have been a weeklong test flight for the pair will now last more than eight months.

The seasoned pilots have been stuck at the International Space Station since the beginning of June. A cascade of vexing thruster failures and helium leaks in the new capsule marred their trip to the space station, and they ended up in a holding pattern as engineers conducted tests and debated what to do about the flight back.

After almost three months, the decision finally came down from NASA's highest ranks on Saturday. Butch Wilmore and Suni Williams will come back in a SpaceX capsule in February. Their empty Starliner capsule will undock in early September and attempt to return on autopilot with a touchdown in the New Mexico desert.

[...] "A test flight by nature is neither safe nor routine," said NASA Administrator Bill Nelson. The decision "is a result of a commitment to safety."

Nelson said lessons learned from NASA's two space shuttle accidents played a role. This time, he noted, open dialogue was encouraged rather than crushed.

"This has not been an easy decision, but it is absolutely the right one," added Jim Free, NASA's associate administrator.

AnonTechie writes:

Across different cultures and countries, people perceive the wisest people to be logical and reflective as well as able to consider other people's feelings and perceptions.

What makes someone seem wise? People view wisdom through the lens of applying knowledge and thinking logically as well as considering others' feelings and perceptions, finds a new study led by University of Waterloo researchers who looked at perceptions of wisdom across 12 countries and five continents.

Researchers examined the underlying principles guiding who we perceive as wise in political leadership, science, and daily life. Across different cultures, participants' judgements converged on two dimensions: reflective orientation and socio-emotional awareness. Reflective orientation includes characteristics such as thinking logically, emotion control and application of knowledge. Socio-emotional awareness includes characteristics like care for other's feelings and attention to social context.

"To our surprise, the two dimensions emerged across all cultural regions we studied, and both were associated with explicit attribution of wisdom," said Dr. Maksim Rudnev, a postdoctoral research associate in psychology at Waterloo and lead author.

The study suggests how people around the world might judge, support and trust leaders, educators and others in positions of influence. One example is how people view U.S. former president Donald Trump and current president Joe Biden.

[...] The collaboration among 26 research institutions was coordinated by the Geography of Philosophy consortium and included researchers from North and South Americas (Canada, U.S., Ecuador and Peru), Asia (China, India, Japan, and South Korea), Africa (Morocco and South Africa), and Europe (Slovakia).

[Source]: University of Waterloo

[Journal reference]: nature communications

[Also Covered By]: PHYS.ORG

More information: M. Rudnev et al, Dimensions of wisdom perception across twelve countries on five continents, Nature Communications (2024). DOI: 10.1038/s41467-024-50294-0

Do you think that people who exhibit these characteristics are wise ??

Original Submission

Freeman writes:

https://arstechnica.com/cars/2024/08/feds-probe-of-hard-braking-in-cruise-robotaxi-crashes-ends-after-recall/

Following a successful recall, federal safety investigators have concluded an investigation that was sparked after a number of Cruise robotaxis crashed after braking inappropriately when being followed by other cars. It's a spot of good news for the autonomous driving startup, which has been under heavy scrutiny by federal and state regulators lately.

The National Highway Traffic Safety Administration's Office of Defects Investigation opened a preliminary evaluation in December 2022 after reports emerged that Cruise's robotaxis could engage in "inappropriately hard braking" or become immobilized while driving, thus becoming obstacles and potentially causing a crash.

At the time, NHTSA had three reports of Cruise robotaxis braking hard in response to another vehicle or cyclist approaching quickly from behind, resulting in the robotaxi being rear-ended.
[...]
In total, NHTSA identified 10 crashes that were caused by inappropriately hard braking by a Cruise robotaxi, four of which also involved a vulnerable road user and ended in injury.
[...]
Earlier this month, Cruise initiated a safety recall, pushing out new software due to meetings between the AV developer and NHTSA to go over the data from Cruise and its peers. The recall notes that software updates throughout 2023 and until May 2024 reduced the propensity for this problem to occur, thanks to improvements in how the robotaxis perceive, predict, and plan.
[...]
"We are committed to building trust and increasing transparency with respect to autonomous vehicle technology and look forward to our continued work with NHTSA toward that end," a Cruise spokesperson told Ars.

That work will continue in the context of a second safety investigation opened last October after a pedestrian was hit by another car and then dragged down the road underneath the Cruise robotaxi. That incident also resulted in California suspending Cruise's license and the departure of then-CEO Kyle Vogt.

Previously on SoylentNews:
California Suspends Cruise Robotaxis After Car Dragged Pedestrian 20 Feet - 20231027

canopic jug writes:

Ben Hawkes over at Isoceles has a review of the two OpenSSH Backdoor attempts. One, the XZ backdoor, was attempted this year in early 2024. The other, in 2002, was a matter of attempting to trojanize some distribution files.

Inserting an exploitable bug (a "bugdoor"), one that's subtle enough that developers might not even notice during code review, is probably the winning move. However, it's interesting to note that in both 2002 and 2024 we got a backdoor rather than a bugdoor. That's probably because exploits are hard, and server-side exploits are really hard. Given how much work it is to be in a position to change the source code in the first place, it's not entirely surprising that attackers want to go with a reliable option. The counter-argument is that we may just never get to see any bugdoors because they never get caught (or if they do, they don't get flagged as subterfuge), so we're biased towards the events that we can actually detect.

There are other similarities. Both the 2002 and 2024 events targeted the build system, for example. This also makes sense, because build systems are a perfect mix of inscrutability and expressiveness. There's really no constraints on what you can do with most build systems. They have to be like this in order to make everything work everywhere that it's supposed to. Making something compile on Linux, MacOS, and Windows simultaneously is no easy feat. Add in support for multiple architectures and legacy versions, and well... you see where I'm going with this. The guiding design principle for build systems has been "just make it work", and so they end up being a complicated mess of directives, rules, variables, and command invocations. As long as they're working correctly, I suspect very few people are paying close attention to the contents of their build scripts, and that includes the developers/maintainers themselves. It's the ideal place to insert the first hook for a backdoor, hiding in plain sight.

Most bugs have not been added intentionally.

Previously:
(2024) The Mystery of 'Jia Tan,' the XZ Backdoor Mastermind
(2024) xz: Upstream Repository and the xz Tarballs Have Been Backdoored

Original Submission

Arthur T Knackerbracket has processed the following story:

Google has reached a deal with California lawmakers to fund local news in the state after previously protesting a proposed law that would have required it to pay media outlets. Under the terms of the deal, Google will commit tens of millions of dollars to a fund supporting local news as well as an AI “accelerator program” in the state.

The agreement ends a months-long dispute between lawmakers and Google over the California Journalism Preservation Act, a bill that would have required Google, Meta and other large platforms to pay California publishers in exchange for linking to their websites. Google strongly opposed the measure, which was similar to laws passed in Canada and Australia.

[...] Now, under the new agreement, Google will direct “at least $55 million” to “a nonprofit public charity housed at UC Berkeley’s journalism school,” Politico reports. The university will distribute the fund, which also includes “at least $70 million” from the state of California. Google will also “commit $50 million over five years to unspecified ‘existing journalism programs.’”

The agreement also includes funding for a “National AI Innovation Accelerator.” Details of that program are unclear, but Cal Matters reports that Google will dedicate “at least $17.5 million” to the effort, which will fund AI experiments for local businesses and other organizations, including newsrooms. That aspect of the deal, which is so far unique to Google's agreement in California, could end up being more controversial as it could exacerbate existing tensions between publishers and AI companies.

In a statement, Alphabet’s President of Global Affairs, Kent Walker, credited the “thoughtful leadership” of California Governor Gavin Newsom and other state officials in reaching the agreement. “California lawmakers have worked with the tech and news sectors to develop a collaborative framework to accelerate AI innovation and support local and national businesses and nonprofit organizations,” he said. “This public-private partnership builds on our long history of working with journalism and the local news ecosystem in our home state, while developing a national center of excellence on AI policy.”

Original Submission

Arthur T Knackerbracket has processed the following story:

An unusually bright burst of radio waves—dubbed the Wow! signal—discovered in the 1970s has baffled astronomers ever since, given the tantalizing possibility that it just might be from an alien civilization trying to communicate with us. A team of astronomers think they might have a better explanation, according to a preprint posted to the physics arXiv: clouds of atomic hydrogen that essentially act like a naturally occurring galactic maser, emitting a beam of intense microwave radiation when zapped by a flare from a passing magnetar.

As previously reported, the Wow! signal was detected on August 18, 1977, by The Ohio State University Radio Observatory, known as “Big Ear.” Astronomy professor Jerry Ehman was analyzing Big Ear data in the form of printouts that, to the untrained eye, looked like someone had simply smashed the number row of a typewriter with a preference for lower digits. Numbers and letters in the Big Ear data indicated, essentially, the intensity of the electromagnetic signal picked up by the telescope over time, starting at ones and moving up to letters in the double digits (A was 10, B was 11, and so on). Most of the page was covered in ones and twos, with a stray six or seven sprinkled in.

But that day, Ehman found an anomaly: 6EQUJ5 (sometimes misinterpreted as a message encoded in the radio signal). This signal had started out at an intensity of six—already an outlier on the page—climbed to E, then Q, peaked at U—the highest power signal Big Ear had ever seen—then decreased again. Ehman circled the sequence in red pen and wrote “Wow!” next to it. The signal appeared to be coming from the direction of the Sagittarius constellation, and the entire signal lasted for about 72 seconds. Alas, SETI researchers have never been able to detect the so-called “Wow! Signal” again, despite many tries with radio telescopes around the world.

[...] Astrobiologist Abel Mendez of the University of Puerto Rico at Arecibo and his co-authors think they have the strongest astrophysical explanation to date with their cosmic maser hypothesis. The team was actually hunting for habitable exoplanets using signals from red dwarf stars. In some of the last archival data collected at the Arecibo radio telescope (which collapsed in 2020), they noticed several signals that were remarkably similar to the Wow! signal in terms of frequency—just much less intense (bright).

Arthur T Knackerbracket has processed the following story:

In a new letter, OpenAI chief strategy officer Jason Kwon insists that AI regulations should be left to the federal government. As reported previously by Bloomberg, Kwon says that a new AI safety bill under consideration in California could slow progress and cause companies to leave the state.

[...] The letter is addressed to California State Senator Scott Wiener, who originally introduced SB 1047, also known as the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act.

According to proponents like Wiener, it establishes standards ahead of the development of more powerful AI models, requires precautions like pre-deployment safety testing and other safeguards, adds whistleblower protections for employees of AI labs, gives California’s Attorney General power to take legal action if AI models cause harm, and calls for establishing a “public cloud computer cluster” called CalCompute.

In a response to the letter published Wednesday evening, Wiener points out that the proposed requirements apply to any company doing business in California, whether they are headquartered in the state or not, so the argument “makes no sense.” He also writes that OpenAI “...doesn’t criticize a single provision of the bill” and closes by saying, “SB 1047 is a highly reasonable bill that asks large AI labs to do what they’ve already committed to doing, namely, test their large models for catastrophic safety risk.”

Following concerns from politicians like Zoe Lofgren and Nancy Pelosi, companies like Anthropic, and organizations such as California’s Chamber of Commerce, the bill passed out of committee with a number of amendments that included tweaks like replacing criminal penalties for perjury with civil penalties and narrowing pre-harm enforcement abilities for the Attorney General.

The bill is currently awaiting its final vote before going to Governor Gavin Newsom’s desk.

Original Submission

Arthur T Knackerbracket has processed the following story:

Apple device users recently discovered a minor bug that causes the Settings screen and home screen to crash. While no serious issues have been reported so far, a fix in a future firmware update would not be surprising.

Swiping right on the iOS home screen until the app library appears, and then typing the characters "::" into the search bar, causes Springboard – the software that handles the main menu – to crash. A black screen with a loading icon briefly appears before the device returns to the lock screen.

Additionally, entering the same characters into the search bar at the top of the Settings menu crashes the app, immediately sending users back to the home screen. However, the bug can be triggered by variations of this character combination as well.

Security researchers have found that nearly any combination involving two quotation marks, one colon, and any other character can trigger the same effect. For example, typing "X":X also causes the issue. TechSpot confirmed that the bug occurs on iPhones and iPads running firmware version 17.6.1, but Macs remain unaffected.

Researchers told TechCrunch that the issue doesn't pose a security threat. However, the bug may raise some concerns because it resembles more serious incidents from the past.

[...] Fortunately, the recent iOS bug can only be triggered by someone physically using the device, so the potential risk remains limited.

Original Submission

Arthur T Knackerbracket has processed the following story:

Networking giant Cisco has suggested the United Nations' first-ever convention against cyber crime is dangerously flawed and should be revised before being put to a formal vote.

The document that Cisco dislikes is the United Nations convention against cyber crime [PDF]. The convention took five years to create and was drafted by a body called the Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal Purposes.^*

The purpose of the Convention is to "enhance international cooperation, law enforcement efforts, technical assistance, and capacity-building relating to cyber crime," in recognition that digital technology has become a big enabler of transnational mischief.

As The Register theregister.com reported after the Committee agreed on a draft text, Russia was a big driver of the document, and human rights groups don't like it.

Human Rights Watch, for example, criticized the Convention as overly broad, while the Electronic Frontier Foundation has labelled the Convention "too flawed to adopt."

Those two orgs, and others, worry that the Convention doesn't offer a narrow definition of cyber crime, and could give signatory nations legal cover to target citizens who share views they dislike. They also worry about secrecy provisions in the document that would allow nations to demand info from service providers, without the individuals targeted by such requests being informed or having recourse.

British human rights org Article 19 has also warned the Convention's broad language could stymie legitimate infosec research, by creating a legal environment in which cyber-boffins don't feel safe to ply their trade for fear of being labelled crims.

Arthur T Knackerbracket has processed the following story:

On Sept. 26th, 2022, NASA's Double Asteroids Redirect Test (DART) collided with Dimorphos, the small moonlet orbiting the larger asteroid Didymos. In so doing, the mission successfully demonstrated a proposed strategy for deflecting potentially hazardous asteroids (PHAs)—the kinetic impact method.

By October 2026, the ESA's Hera mission will rendezvous with the double-asteroid system and perform a detailed post-impact survey of Dimorphos to ensure that this method of planetary defense can be repeated in the future.

However, while the kinetic method could successfully deflect asteroids so they don't threaten Earth, it could also create debris that might reach Earth and other celestial bodies.

In a recent study, an international team of scientists explored how this impact test also presents an opportunity to observe how this debris could someday reach Earth and Mars as meteors. After conducting a series of dynamic simulations, they concluded that the asteroid ejecta could reach Mars and the Earth-Moon system within a decade.

[...] The paper that details their findings appears online on the arXiv preprint server and has been accepted for publication by The Planetary Science Journal.

For their study, Peña-Asensio and his colleagues relied on data obtained by the Light Italian CubeSat for Imaging of Asteroids (LICIACube), which accompanied the DART mission and witnessed the kinetic impact test.

[...] "LICIACube provided crucial data on the shape and direction of the ejecta cone immediately following the collision. In our simulation, the particles ranged in size from 10 centimeters to 30 micrometers, with the lower range representing the smallest sizes capable of producing observable meteors on Earth with current technology. The upper range was limited by the fact that only ejected centimeter-sized fragments were observed."

Their results indicated that some of these particles would reach Earth and Mars within a decade or more, depending on how fast they traveled after the impact.

looorg writes:

https://github.blog/news-insights/research/survey-ai-wave-grows/

Githubs "AI in software development 2024 survey" is here. A compilation of wishful thinking and overly optimistic interpretations of survey data. It generates more questions then answers. Mostly the survey and the report wants to sing the praise of the AI as some kind of development savior, as it will literally improve everything and there doesn't appear to be any negative aspects associated with it at all. Or at least they don't ask about such things. The survey and the responses generates more questions then it answer. After all it doesn't really answer any questions.

Our survey data showed that nearly all of the survey participants reported using AI coding tools both outside of work or at work at some point. However, 17-27% of respondents indicated that they've only used AI tools at work, challenging the assumption that all developers are using AI outside of work.

Almost everyone is using AI for development, at work. But not for private projects. It's good enough for work things but not for your private projects? Why is it good enough for work but not for coding at home, or outside work whatever that is? Or do developers/programmers not code at home anymore? No explanation. No dwelling into that. Just more happy AI-shilling.

More than 97% of respondents reported having used AI coding tools at work at some point, a finding consistent across all four countries. However, a smaller percentage said their companies actively encourage AI tool adoption or allow the use of AI tools, varying by region. The U.S. leads with 88% of respondents indicating at least some company support for AI use, while Germany is lowest at 59%. This highlights an opportunity for organizations to better support their developers' interest in AI tools, considering local regulations.

That is one interpretation of the data. Another is that the Germans are seeing something the Americans are not. A risk of some kind perhaps? Also it's just filled with vague statements such as "at some point", which isn't the same as they use it all the time or even anymore. I tried something once, at some point. Not the same as it was good, or that I kept using it.

upstart writes:

Federal Appeals Court Finds Geofence Warrants Are "Categorically" Unconstitutional:

In a major decision on Friday, the federal Fifth Circuit Court of Appeals held that geofence warrants are "categorically prohibited by the Fourth Amendment." Closely following arguments EFF has made in a numberofcases, the court found that geofence warrants constitute the sort of "general, exploratory rummaging" that the drafters of the Fourth Amendment intended to outlaw. EFF applauds this decision because it is essential that every person feels like they can simply take their cell phone out into the world without the fear that they might end up a criminal suspect because their location data was swept up in open-ended digital dragnet.

The new Fifth Circuit case, United States v. Smith, involved an armed robbery and assault of a US Postal Service worker at a post office in Mississippi in 2018. After several months of investigation, police had no identifiable suspects, so they obtained a geofence warrant covering a large geographic area around the post office for the hour surrounding the crime. Google responded to the warrant with information on several devices, ultimately leading police to the two defendants.

On appeal, the Fifth Circuit reached several important holdings.

First, it determined that under the Supreme Court's landmark ruling in Carpenter v. United States, individuals have a reasonable expectation of privacy in the location data implicated by geofence warrants. As a result, the court broke from the Fourth Circuit's deeply flawed decision last month in United States v. Chatrie, noting that although geofence warrants can be more "limited temporally" than the data sought in Carpenter, geofence location data is still highly invasive because it can expose sensitive information about a person's associations and allow police to "follow" them into private spaces.

Second, the court found that even though investigators seek warrants for geofence location data, these searches are inherently unconstitutional. As the court noted, geofence warrants require a provider, almost always Google, to search "the entirety" of its reserve of location data "while law enforcement officials have no idea who they are looking for, or whether the search will even turn up a result." Therefore, "the quintessential problem with these warrants is that they never include a specific user to be identified, only a temporal and geographic location where any given user may turn up post-search. That is constitutionally insufficient."

Unsurprisingly, however, the court found that in 2018, police could have relied on such a warrant in "good faith," because geofence technology was novel, and police reached out to other agencies with more experience for guidance. This means that the evidence they obtained will not be suppressed in this case.

Nevertheless, it is gratifying to see an appeals court recognize the fundamental invasions of privacy created by these warrants and uphold our constitutional tradition prohibiting general searches. Police around the country have increasingly relied on geofence warrants and other reverse warrants, and this opinion should act as a warning against narrow applications of Fourth Amendment precedent in these cases.

Original Submission