×
Businesses

How a US Funding Bill Targets Online Sites to Help Stop Retail Theft (apnews.com) 1

This week America passed a $1.7 trillion federal spending bill — and it includes a big win for retailrs reporters the Associated Press. It forces online marketplaces like Amazon and Facebook "to verify high-volume sellers on their platforms amid heightened concerns about retail crime...." The bill, called the INFORM ACT, also seeks to combat sales of counterfeit goods and dangerous products by compelling online marketplaces to verify different types of information — including bank account, tax ID and contact details — for sellers who make at least 200 unique sales and earn a minimum of $5,000 in a given year.

It's difficult to parse out how much money retailers are losing due to organized retail crime — or if the problem has substantially increased. But the issue has received more notice in the past few years as high-profile smash-and-grab retail thefts and mass shoplifting events grabbed national attention. Some retailers have also said in recent weeks they're seeing more items being taken from stores. Target executives said in November the number of thefts has gone up more than 50%, resulting in more than $400 million in losses. Its expected to be more than $600 million for the full fiscal year.... Walgreens, Best Buy and Home Depot have also pointed out similar problems.

The National Retail Federation, the nation's largest retail trade group, said its latest security survey of roughly 60 retailers found that inventory loss — called shrink — clocked in at an average rate of 1.4% last year, representing $94.5 billion in losses [included damaged products and theft by employees] ... It also noted retailers, on average, saw a 26.5% uptick in organized theft incidents last year.

AI

AI Has Changed the Way We Explore Our Solar System (space.com) 7

"Last week at the 2022 American Geophysical Union (AGU) Fall Meeting, planetary scientists and astronomers discussed how new machine-learning techniques are changing the way we learn about our solar system," reports Space.com, "from planning for future mission landings on Jupiter's icy moon Europa to identifying volcanoes on tiny Mercury...." For many tasks in astronomy, it can take humans months, years or even decades of effort to sift through all the necessary data... "You can find up to 10,000, hundreds of thousands of boulders, and it's very time consuming," Nils Prieur, a planetary scientist at Stanford University in California said during his talk at AGU. Prieur's new machine-learning algorithm can detect boulders across the whole moon in only 30 minutes. It's important to know where these large chunks of rock are to make sure new missions can land safely at their destinations. Boulders are also useful for geology, providing clues to how impacts break up the rocks around them to create craters.

Computers can identify a number of other planetary phenomena, too: explosive volcanoes on Mercury, vortexes in Jupiter's thick atmosphere and craters on the moon, to name a few. During the conference, planetary scientist Ethan Duncan, from NASA's Goddard Space Flight Center in Maryland, demonstrated how machine learning can identify not chunks of rock, but chunks of ice on Jupiter's icy moon Europa. The so-called chaos terrain is a messy-looking swath of Europa's surface, with bright ice chunks strewn about a darker background. With its underground ocean, Europa is a prime target for astronomers interested in alien life, and mapping these ice chunks will be key to planning future missions.

Upcoming missions could also incorporate artificial intelligence as part of the team, using this tech to empower probes to make real-time responses to hazards and even land autonomously. Landing is a notorious challenge for spacecraft, and always one of the most dangerous times of a mission.

Books

How Kindle Novelists Are Using ChatGPT's AI (theverge.com) 30

The Verge presents what it's calling "an interview with an AI early adopter," who is currently using ChatGPT not just to generate titles, but also the plots for their mysteries. For example, "I need four murder suspects with information about why they're suspected and how they are cleared. And then tell me who the guilty killer is."

The author says "It will do just that. It will spit that out." Q: You and a few other independent authors were early adopters of these tools. With ChatGPT, it feels like a lot of other people are suddenly grappling with the same questions you were confronting. What's that been like...?

Every group, every private, behind-the-scenes author group I'm in, there's some kind of discussion going on. Right now, everybody's talking about using it on the peripherals. But there seems to be this moral chasm between: "It does blurbs really well, and I hate doing blurbs, and I have to pay somebody to do blurbs, and blurbs isn't writing, so I'm going to use it for blurbs." Or "Well, I'm going to have it help me tighten up my plot because I hate plotting, but it plots really well, so I'm going to use it for that." Or "Did you know that if you tell it to proofread, it'll make sure that it's grammatically correct?'

Everybody gets closer and closer to using it to write their stuff, and then they stop, and everybody seems to feel like they have to announce when they're talking about this: "But I do not ever use its words to write my books." And I do.... The actual words, just to get them down faster and get it out, I do. So I've found myself in the past couple of weeks wondering, do I engage in this debate? Do I say anything? For the most part, I've said nothing.

Q: What do you think the line is that people are drawing?

It's a concern of plagiarism. Everybody knows that they crawled stuff with permission and without permission. And there's an ethical question.... I have three authors that I've read extensively, indie authors that I'm friends with, and I know they never gave permission for their stuff to be looked at, and I was able to reasonably recreate their style.... That I won't do. That, for me, is an ethical line....

But you could, if you were ethically okay with that, with this technology and what it allows you to do.

AI

Customers React to McDonalds' Almost Fully-Automated Restaurant (cbsnews.com) 109

"The first mostly non-human-run McDonald's is open for business just outside Fort Worth, Texas," reports the Guardian. CNN calls it "an almost fully-automated restaurant," noting there's just one self-service kiosk (with a credit card reader) for ordering food.

McDonalds tells CNN there's "some interaction between customers and the restaurant team" when picking up orders or drinks. But at the special "order ahead" drive-through lane, your app-ordered bag of food is instead delivered to a platform by your car's window using a vertical conveyor belt.

CNN reports that it's targetted to customers on the go. For example, there's dedicated parking spaces outside for curbside pickup orders, while inside there's a room with bags to be picked up by food-delivery couriers (who also get their own designated parking spaces outside). But for regular customers, CBS emphasizes that "ordering is done through kiosks or an app — no humans involved there, either." But not all customers are loving it. "Well there goes millions of jobs," one commenter on a TikTok video said about the new restaurant said.

"Oh no first we have to talk with Siri and Google [and] now we have to talk to another computer," another one opined.

"I'm not giving my money to robots," another commenter wrote. "Raise the minimum wage!"

Other customers had more personal concerns, expressing worries about how they could get their order fixed if it was incorrectly prepared or how to ask for extra condiments. "And if they forget an item. Who you supposed to tell, the robot? It defeats the purpose of using the drive thru if you have to go inside for it," one consumer noted....

To be sure, not everyone had negative views about the concept. Some customers expressed optimism that the automated restaurant could improve service and their experience.

Firefox

Mozilla Just Fixed an 18-Year-Old Firefox Bug (howtogeek.com) 39

Mozilla recently fixed a bug that was first reported 18 years ago in Firebox 1.0, reports How-to Geek: Bug 290125 was first reported on April 12, 2005, only a few days before the release of Firefox 1.0.3, and outlined an issue with how Firefox rendered text with the ::first-letter CSS pseudo-element. The author said, "when floating left a :first-letter (to produce a dropcap), Gecko ignores any declared line-height and inherits the line-height of the parent box. [...] Both Opera 7.5+ and Safari 1.0+ correctly handle this."

The initial problem was that the Mac version of Firefox handled line heights differently than Firefox on other platforms, which was fixed in time for Firefox 3.0 in 2007. The issue was then re-opened in 2014, when it was decided in a CSS Working Group meeting that Firefox's special handling of line heights didn't meet CSS specifications and was causing compatibility problems. It led to some sites with a large first letter in blocks of text, like The Verge and The Guardian, render incorrectly in Firefox compared to other browsers.

The issue was still marked as low priority, so progress continued slowly, until it was finally marked as fixed on December 20, 2022. Firefox 110 should include the updated code, which is expected to roll out to everyone in February 2023.

Youtube

Did YouTube Pay Too Much to Broadcast Sunday Football Games? (yahoo.com) 37

Subscribers to "NFL Sunday Ticket" can watch broadcasts of every Sunday game of American football. But for access next season, "fans will have to Google it..." warns the Associated Press — because Thursday the football league announced plans to distribute their game package on YouTube TV and YouTube Primetime Channels.

Google beat out both Apple and Amazon by offering over $2 billion a year for 7 years — but Yahoo Finance believes it's more about drawing attention to YouTube's streaming TV services. "Don't expect the package to be profitable, one analyst warned." "They're not making money on this — this is a loss leader," Michael Pachter, managing director of equity research at Wedbush, told Yahoo Finance Live, referencing YouTube TV's current price point of $64.99. "I don't think they make a penny at that level...."

"It's an extremely expensive package of content," Tim Nollen, analyst at Macquarie Group, previously told Yahoo Finance Live, noting the Sunday Ticket package was not a profitable service for DirecTV [which since 1994 has held the exclusive broadcast rights in the U.S.]

[...] YouTube TV has more than 5 million subscribers and trial users as of July. "Five million subscribers is just not enough," Pachter stressed. "Even if all 5 million pay the $400 bucks a year...they're going to barely cover their costs." Still, despite the lack of profitability and sky-high price tag, Pachter noted YouTube might be best positioned to take advantage of the package, especially as the demand for live sports escalates. "I think they can be smart about how they carve up the content," Pachter said, suggesting the platform could more easily sell games to bars and restaurants.

Bug

Linux Kernel Security Bug Allows Remote Code Execution for Authenticated Remote Users (zdnet.com) 37

The Zero Day Initiative, a zero-day security research firm, announced a new Linux kernel security bug that allows authenticated remote users to disclose sensitive information and run code on vulnerable Linux kernel versions. ZDNet reports: Originally, the Zero Day Initiative ZDI rated it a perfect 10 on the 0 to 10 common Vulnerability Scoring System scale. Now, the hole's "only" a 9.6....

The problem lies in the Linux 5.15 in-kernel Server Message Block (SMB) server, ksmbd. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the kernel context. This new program, which was introduced to the kernel in 2021, was developed by Samsung. Its point was to deliver speedy SMB3 file-serving performance....

Any distro using the Linux kernel 5.15 or above is potentially vulnerable. This includes Ubuntu 22.04, and its descendants; Deepin Linux 20.3; and Slackware 15.

Windows

Microsoft Employee Accidentally Announces That Notepad is Getting Tabs in Windows 11 (theverge.com) 57

"A Microsoft employee appears to have accidentally announced that Windows 11's Notepad app is getting a tabs feature," reports the Verge: The employee, a senior product manager at Microsoft, posted a photo of a version of Notepad with tabs, enthusiastically announcing "Notepad in Windows 11 now has tabs!" with a loudspeaker emoji.

The tweet was deleted minutes later, but not before Windows Central and several Windows enthusiast Twitter accounts had spotted the mistake. The Notepad screenshot includes a Microsoft internal warning: "Confidential Don't discuss features or take screenshots...."

The addition of tabs in Notepad could signal a shift towards tabs appearing in more built-in Windows apps.

Bug

Patched Windows Bug Was Actually a Dangerous Wormable Code-Execution Vulnerability (arstechnica.com) 12

Ars Technica reports on a dangerously "wormable" Windows vulnerability that allowed attackers to execute malicious code with no authentication required — a vulnerability that was present "in a much broader range of network protocols, giving attackers more flexibility than they had when exploiting the older vulnerability." Microsoft fixed CVE-2022-37958 in September during its monthly Patch Tuesday rollout of security fixes. At the time, however, Microsoft researchers believed the vulnerability allowed only the disclosure of potentially sensitive information. As such, Microsoft gave the vulnerability a designation of "important." In the routine course of analyzing vulnerabilities after they're patched, IBM security researcher Valentina Palmiotti discovered it allowed for remote code execution in much the way EternalBlue did [the flaw used to detonate WannaCry]. Last week, Microsoft revised the designation to critical and gave it a severity rating of 8.1, the same given to EternalBlue....

One potentially mitigating factor is that a patch for CVE-2022-37958 has been available for three months. EternalBlue, by contrast, was initially exploited by the NSA as a zero-day. The NSA's highly weaponized exploit was then released into the wild by a mysterious group calling itself Shadow Brokers. The leak, one of the worst in the history of the NSA, gave hackers around the world access to a potent nation-state-grade exploit. Palmiotti said there's reason for optimism but also for risk: "While EternalBlue was an 0-Day, luckily this is an N-Day with a 3 month patching lead time," said Palmiotti.

There's still some risk, Palmiotti tells Ars Technica. "As we've seen with other major vulnerabilities over the years, such as MS17-010 which was exploited with EternalBlue, some organizations have been slow deploying patches for several months or lack an accurate inventory of systems exposed to the internet and miss patching systems altogether."

Thanks to Slashdot reader joshuark for sharing the article.
Microsoft

CNET Touts 'Massive' Microsoft Office Deal: 91% Discount on a Lifetime License (cnet.com) 68

Meanwhile, over in the Microsoft ecosystem, CNET reports: You can ditch the subscription (with recurring charges) and snag a lifetime license of access to Microsoft's Word, Excel, PowerPoint, Outlook, Teams, OneNote, Publisher and Access for just $30...

That's back at the lowest price we've ever seen, and a whopping 91% off the usual price of $349.

However, this deal expires in just a few days, so be sure to get your order in soon.The offer, from StackSocial, applies to both the Windows and Mac version of the software.

Now, you can always opt to use the free online version of Microsoft Office (which has far fewer features). But compared to the online Microsoft 365 subscription suite that costs $10 per month or $100 per year, this downloadable version is a phenomenal bargain.

The Mac deal ends today, but the Windows deal extends through December 28th, according to CNET's article. "The two big caveats: You get a single key — which only works on a single computer — and there's no Microsoft OneDrive Cloud Storage included."
Businesses

America's FTC Demands End to Mastercard's 'Illegal' Blocking of Competing Debit Card Payment Networks (ftc.gov) 15

Friday America's Federal Trade Commission issued an announcement on what it called "illegal business tactics that Mastercard has been using to force merchants to route debit card payments through its payment network," saying the FTC is now requiring Mastercard "to stop blocking the use of competing debit payment networks." The popularity of debit cards has been growing especially quickly for purchases consumers make using their personal devices equipped with ewallet applications such as Apple Pay, Google Pay, and Samsung Wallet. Payment card networks play a critical role in those debit card transactions....

Payment card networks compete for the business of banks that issue cards and for the business of merchants that accept card payments. Mastercard, along with Visa, is one of the two leading payment card networks in the United States. The processing fees charged by networks total billions of dollars every year, affecting every purchase made with a debit card, according to the FTC. Most of these fees are paid by the merchants to the card-issuing banks and the payment card networks....

Mastercard was flouting the law by setting policies to block merchants from routing ecommerce transactions using Mastercard-branded debit cards saved in ewallets to alternative payment card networks, including networks that may charge lower fees than Mastercard, the FTC alleged. Specifically, Mastercard used its control over a process called "tokenization" to block the use of competing payment card networks, the agency alleged. Transactions commonly are "tokenized" by replacing the cardholder's primary account number with a different number to protect the account number during some stages of a debit transaction. Tokens are stored in ewallets such as Apple Pay, Google Pay, and Samsung Wallet and serve as a substitute credential to provide additional protection for a cardholder's account number....

According to the FTC, Mastercard refuses to provide conversion services to competing networks for remote ewallet debit transactions...thereby making it impossible for merchants to route their ewallet transactions on a network other than Mastercard.

Programming

Stack Overflow Survey Finds More Developers Now Use Linux Than MacOS (justingarrison.com) 122

Justin Garrison works at Amazon Web Services on the Kubernetes team (and was senior systems engineer on several animated films).

This week he spotted a new milestone for Linux in the 2022 StackOverflow developer survey: [Among the developers surveyed] Linux as a primary operating system had been steadily climbing for the past 5 years. 2018 through 2021 saw steady growth with 23.2%, 25.6%, 26.6%, 25.3%, and finally in 2022 the usage was 40.23%. Linux usage was more than macOS in 2021, but only by a small margin. 2022 it is now 9% more than macOS.
Their final stats for "professional use" operating system:
  • Windows: 48.82%
  • Linux-based: 39.89%
  • MacOs: 32.97%

But Garrison's blog post notes that that doesn't include the million-plus people all the Linux-based cloud development environments (like GitHub Workspaces) — not to mention the 15% of WSL users on Windows and all the users of Docker (which uses a Linux VM).

"It's safe to say more people use Linux as part of their development workflow than any other operating system."


Math

Donald Knuth's 2022 'Christmas Tree' Lecture Is About Trees (thenewstack.io) 8

Like a visit from an old friend, it's Donald Knuth's annual Christmas tree lecture for 2022. "Because of the pandemic, it's been three years since Knuth has been able to honor this tradition," notes The New Stack: 2022 marks the 60th anniversary of that fateful day in 1962 when a 24-year-old Donald Knuth started writing " The Art of Computer Programming." Now approaching his 85th birthday, Knuth has become almost a legend in the world of computer programming — and he's still writing additional volumes for his massive analysis of algorithms. But every year, right around Christmas time, there's another tradition. Knuth gives a special lecture "pitched at non-specialists" for a small audience at Stanford University (where Knuth is a professor emeritus) and a larger audience online...

Hunched over a notepad (which was projected onto a screen behind him), Knuth began the 26th annual Christmas lecture by pointing out that the evening's topic had been hiding in plain sight for two decades. For the first 20 years, they'd called them the "Christmas tree" lectures, since "trees are one of the most important things to a computer scientist. And every year I learned at least two new cool things about trees..."

About five years ago they'd changed the name to just "Christmas lectures" — but the problem wasn't that trees stopped being interesting. "I still learn cool things about trees every year. But they're getting harder and harder to explain to a general audience!"

So this year's triumphant "homecoming" lecture would indeed include trees — specifically a phenomenon Knuth describes as "twintrees," along with Baxter permutations, and Floorplans. Knuth noted they're all topics touched on in the latest volume of The Art of Computer Programming, before jokingly reminding the audience that his book makes an excellent Christmas present.

By the end of the lecture, Knuth had written algorithms for all three mathematical concepts — then connected all three algorithms with Linux pipes to show what happens when you convert one kind of sequence into the other and then into the other.

"I get back, of course, the one I started with!"
Christmas Cheer

How One Man Proved No Snowflakes Are Alike (cnn.com) 39

CNN shares the historic close-up snowflake photos of Wilson Bentley, the first person to capture the details of the individual "snow crystal" ice that makes up snowflakes.

It was 1885, just 69 years after the invention of the camera, and after years of trial and error, "He went on to photograph more than 5,000 of these "ice flowers" during his lifetime — never finding any duplicates — and the images still mesmerize to this day." Every snow crystal shares a common six-sided or six-pointed structure — it's how frozen water molecules arrange themselves — but they will always vary from one another because each falls from the sky in its own unique way and experiences slightly different atmospheric conditions on its travel down to earth. Some of their arms may look long and skinny. Others may appear short and flat or somewhere in between. The possibilities are endless and fascinating....

"He had the mind of a scientist and the soul of a poet, and you can see that in his writings," said Sue Richardson, Bentley's great-grandniece who is vice president of the board for the Jericho Historical Society. "He wrote many, many articles over the years for scientific publications and for other magazines like Harper's Bazaar and National Geographic. "He also kept very detailed weather records and very detailed journals of every photograph that he took of a snow crystal — the temperature, the humidity, what part of the storm it came from. He kept very detailed information, and then these weather records that he kept and the theories that he developed about how snow crystals formed in the atmosphere, those were proven true...."

It wasn't easy, however, to get those snow crystals on camera. It took almost three years, Richardson said, for Bentley to figure out how to successfully photograph one — which he did just a month shy of his 20th birthday. The first obstacle was figuring out how to attach the microscope to the camera. And then there was the challenge of getting each crystal photographed before it could melt away. "He worked in an unheated woodshed at the back of the house. He had to," Richardson said. "And the microscope slides, everything, had to be an ambient temperature or they'd melt" the crystal....

A children's book about him won the Caldecott Medal in 1999.

Bentley never had formal education, according to his grandniece (who grew up hearing stories about this famous ancestor). One says that when Wilson Bentley was given an old microscope at age 15, "The first time he looked at a snow crystal under it, he was hooked. Just the beauty, the intricate detail. He was totally hooked."
Advertising

A Startup Wants To Pay You To Share Your Data For Advertising (wsj.com) 43

®Yahoo co-founder Jerry Yang (through his AME Cloud Ventures) contributed to $6 million in seed funding in November for startup Caden, which plans to pay users to share their personal data -- including what they buy or watch on mobile apps.

The Wall Street Journal reports: The startup, Caden Inc., operates an app by the same name that helps users download their data from apps and servicesâ"whether thatâ(TM)s Amazon.com Inc. or Airbnb Inc. â"into a personal âoevault.â Users who consent to share that data for advertising purposes can earn a cut of the revenue that the app generates from it. They also can access personal analytics based on that data....

Caden, which has been testing with a limited group of users, plans to begin a public beta test of 10,000 users early next year.... One option in the public beta test will anonymize and pool the data before sharing it with outside parties in exchange for $5 to $20 a month, according to Caden founder and Chief Executive John Roa. The amount of compensation will be determined by a âoedata scoreâ reflecting factors such as whether consumers answer demographic survey questions and which apps and servicesâ(TM) data consumers are sharing. Consumers will eventually be given the option to share more specific information for more tailored advertising. A marketer could then form audience segments and tailor their ad targeting and messaging to those groups. For instance, a user could consent to sharing his ride-share history so advertisers could create segments of people who ride a certain amount. That would eventually pay consumers up to $50 a month, Caden said.

A third option would let advertisers take a direct action based on the data that Caden understands about a specific user. If a consumer were part of a department storeâ(TM)s loyalty program, for example, the store might reward her for sharing her individual Amazon shopping history and use it to provide more personalized offers.ÂThat could generate thousands of dollars a year for participating users, the company said.

 Caden also hopes that the data it can aggregate will be compelling for consumers. Users could search for restaurants theyâ(TM)ve eaten at in a certain city, for instance, or how much they spent in certain categories across different apps, executives said. âoeItâ(TM)s like Spotify Wrapped for your whole life,â said Amarachi Miller, Cadenâ(TM)s head of product, referring to the streaming music serviceâ(TM)s year-end distillation of each userâ(TM)s listening....

Caden said it will initially sell only anonymized and aggregated data that doesnâ(TM)t tie back to individuals. As it starts to let brands do more personal promotions for users, it said it will let users see which brands and partners itâ(TM)s working with, and will let users control which brands can access their information.

The digital ad industry has been seeking new marketing-guiding data, the article points out, especially since Apple began require apps to ask for permission before tracking users.

Thanks to Slashdot reader guest reader for sharing the article.

Slashdot Top Deals