Unilever to use JD.com to move products across China

BERLIN (Reuters) – Chinese ecommerce firm JD.com has agreed a deal with Unilever to move products like Lipton’s tea and Lux soap between warehouses across China as the consumer goods firm looks to expand sales in more remote parts of the country.

FILE PHOTO – An employee works at a JD.com logistics centre in Langfang, Hebei province, November 10, 2015. REUTERS/Jason Lee/File Photo

The deal is the latest move by an ecommerce company to muscle into the territory of logistics companies by leveraging the expertise and supply chains they have built up for their own retail business to offer those services to others.

JD.com said in a statement that Unilever, which previously worked exclusively with logistics firms such as Deutsche Post’s DHL for its China distribution, will use its network to shift goods destined for stores between warehouses.

The firms gave no financial details.

FILE PHOTO: The company logo for Unilever is displayed on a screen on the floor of the New York Stock Exchange (NYSE) in New York, U.S., February 17, 2017. REUTERS/Brendan McDermid/File Photo

The move comes as many Western brands are pushing to expand sales to consumers beyond Chinese cities, both online and offline. JD.com agreed a similar partnership with the water subsidiary of France’s Danone last year.

“JD will now help us bring our most popular products to the most hard-to-reach communities in China, securely and quickly,” Rohit Jawa, executive vice president of Unilever North Asia, said in the statement.

JD.com has sought to differentiate itself from bigger rival Alibaba by running all its own logistics, operating over 500 warehouses, and fleets of vehicles, promising it can deliver over 90 percent of orders on the same or next day.

“JD.com knows that they need to increase the density of shipments within their network and they know it is a way to create a strategic and competitive advantage,” said supply chain consultant Brittain Ladd.

“Once a brand is available in China and customers are buying their products, the big challenge is replenishment and warehouses.”

Unilever signed a strategic partnership with Alibaba in 2015, including using data from its online marketing unit and its cloud business, to improve its digital advertising strategy and expand its distribution channels for rural consumers.

Reporting by Emma Thomasson; Editing by Mark Potter

Vietnam's Vinfast in deal with Siemens for technology to make electric buses

HANOI (Reuters) – VinFast Trading and Production LLC has signed two contracts with Siemens Vietnam, a unit of Siemens AG, for the supply of technology and components to manufacture electric buses in the Southeast Asian country.

The headquarters of Siemens AG is seen before the company’s annual news conference in Munich, Germany, November 9, 2017. REUTERS/Michael Dalder

VinFast, a unit of Vietnam’s biggest private conglomerate, Vingroup JSC, said on Monday the deals will enable it to launch the first electric bus by the end of 2019.

“Electric buses are an essential element of sustainable urban public transportation systems,” Siemens Vietnam President and CEO Pham Thai Lai said in the statement.

VinFast will also produce electric motorcycles, electric cars and gasoline cars from its $1.5-billion factory being built in Haiphong City, it said.

In June, General Motors Co agreed to transfer its Vietnamese operation to VinFast, which will also exclusively distribute GM’s Chevrolet cars in Vietnam.

Reporting by Khanh Vu; Editing by Himani Sarkar

This Viral Southwest Airlines Flight Attendant's Safety Brief is Hilarious. But There's 1 Big Problem

You’ll crack a smile at least when you watch the Southwest Airlines flight attendant’s safety brief that I’ve embedded below. It’s pretty funny, although she does talk quite fast.

But it’s time to ask a serious question: Would you remember any of what she said in an actual emergency? 

That’s the big debate right now, as airlines do whatever they can think of to make people pay attention to safety videos and briefings. And we’ve reached a point where yes, some of the messages are in fact quite funny.

(The Air New Zealand one with the naked flight attendants for example will make you laugh, and the new Turkish Airlines LEGO Movie one, which you can also see at the end of this article.) 

But while these are entertaining videos and briefings, they’re hiding a giant problem: Passengers often don’t actually remember what they’ve been told to do, in a high-stress, emergency situation. 

Southwest and Delta

In this age of social media and instant video, we see fast proof. Let me give you two quick, recent examples:

  • Southwest flight 1380 last April, the emergency landing in which passenger Jennifer Riordan died. Viral video and photos show that almost all of the passengers wore their oxygen masks wrong. They would have been useless if the pilot hadn’t descended quickly enough to get to breathable air.
  • Delta Air Lines flight 1854 the following month. Flight attendants I heard from were livid, as they watched passengers evacuate a smoke-filled cabin, but stop to get their carry on bags in violation of a major safety rule.

As Zoe Chance of Yale University explained to the Los Angeles Times recently, the airlines’ funny safety briefings are like the companies that spend millions on Super Bowl ads, only to learn that people loved their ads–but can’t remember what they advertised.

“Just having naked flight attendants doesn’t work if the passengers don’t remember the message,” she said. “They just remember the naked flight attendants.”

S-P-O-R-T-S

So what’s the solution? One idea might be if airlines at least passed some of the safety equipment around on planes occasionally.

It might be helpful, for example, if the first time most passengers ever see an airplane oxygen mask or an under seat flotation device, it’s not during the panic of an actual emergency.

However, some airline pilots and other employees have told me they don’t think that is practical, in this era of shaving seconds off turnaround times in order to meet on-time departure goals.

So barring that, I’d suggest looking to the the U.S. military, which has spent decades learning to teach people to execute complex procedures in highly stressful conditions. 

Quick example: It’s been 15 years since I fired an M16A2 rifle in the Army Reserve, but I remember what to do if one jams in combat, because of the mnemonic they drilled into us: S-P-O-R-T-S: SLAP the magazine, PULL the charging handle, etc.

The military understands that stress makes it really hard to concentrate and remember things. Under intense stress pressure, people will literally forget things like which side of a weapon is the dangerous side (“FRONT TOWARD ENEMY“). 

Same as people will forget, under intense stress, that you’re supposed place the mask “over your nose AND mouth.”

Passenger-proof

Air travel is safer than it’s ever been, so maybe we’ve been lucky, or maybe this is not as big a problem as it might seem. But it would be great if we could figure out memorable, stressed-out-passenger-proof ways to teach these safety instructions. 

That said, I do find a lot of these briefings funny, and I don’t think I’ve ever personally had a bad experience on Southwest Airlines or Delta. And I do want to give credit where it’s due for being entertaining.

So we’ll end with a few of the funnier safety briefings–including the most recent Southwest one to go viral, along with the classic Air New Zealand video, and the brand new Turkish Airlines one.

[embedded content]

[embedded content]

[embedded content]

Cyber Saturday—The War on InfoWars

Good evening, Cyber Saturday readers.

A number of tech companies excised the rantings and ravings of Alex Jones, a pundit known for promulgating deranged conspiracy theories, from their digital repositories this past week.

On his website, InfoWars, Jones has been known to push baseless, detestable claims; for example, that the Sandy Hook massacre was a hoax and the September 11th attacks were orchestrated by the government. Fed up with Jones’ antics, Apple, Facebook, Spotify, and YouTube—with the notable exception of Twitter—corked his megaphone.

Add this confrontation to the longstanding tug-of-war between free speech and censorship on the web. One of my favorite contributions to this dialogue was supplied last year by Matthew Prince, CEO and cofounder of Cloudflare, a startup offering services that improve website performance and security. By policy, Prince’s firm chooses to protect all comers, whether that’s the webpage of an ecommerce startup or a black market site. Cloudflare has long maintained that policing the Internet is a job for, well, the police—not for itself.

Until Prince broke his own rule. As the CEO described it in a blog post, one day he felt a customer crossed the line. The Daily Stormer, a neo-Nazi sympathizing site, said that Prince’s company was a secret supporter of its ideology. That went too far—and to prove the point, Prince gave the site the boot.

“Now, having made that decision, let me explain why it’s so dangerous,” Prince wrote. “Without a clear framework as a guide for content regulation, a small number of companies will largely determine what can and cannot be online.”

Subverting his own decision, Prince continued: “Law enforcement, legislators, and courts have the political legitimacy and predictability to make decisions on what content should be restricted. Companies should not.”

I don’t have an easy answer for these predicaments. But as I considered Facebook’s move, the words of the company’s parting security chief, Alex Stamos, rang in my ears. “We need to be willing to pick sides when there are clear moral or humanitarian issues,” he said in March, part of a letter addressed to Facebook that leaked publicly. “And we need to be open, honest and transparent about our challenges and what we are doing to fix them.”

Amen to that. What do you make of this debate, dear reader? I would like to hear from you. What is the right course of action for these companies? Is Twitter CEO Jack Dorsey in the right for keeping Jones afloat, or not?

Do write. I welcome your thoughts.

Have a great weekend.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

At DefCon, the Biggest Election Threat Is Lack of Funding

Now in its second year, the Voting Machine Hacking Village at the DefCon security conference in Las Vegas features a new set of voting machines—all of which will actually be used in the 2018 midterm elections—for attendees to analyze and attack. But as eager attendees get to work familiarizing themselves with the devices and revealing their weaknesses, another call has emerged from the Village as well: Finding bugs is great. But you also need the money to fix them.

Election officials can’t act on findings about voting machine and voting infrastructure vulnerabilities, DefCon speakers noted on Friday, if they don’t have the money to replace obsolete equipment, invest in network improvements, launch post-election audit programs, and hire cybersecurity staff. Some progress has come, but not enough, and too slowly.

“While I thank the United States Congress for appropriating $340 million last month, let me be abundantly clear, we need more resources,” said Alex Padilla, the secretary of state of California and the state’s top election official. “All the things that we know we have to do, all the things that I’m going to learn and observe when I go down to the Village after this panel, to implement and act on all of these findings, recommendations, and discoveries we need official resources.”

After all, it took nearly two decades for Congress to appropriate that recent election security windfall; it came from the 2002 Help America Vote Act. “That’s butterfly ballot hanging chad money, not cyberthreats 2016, 2018, 2020 money,” Padilla says. In recent months, Congress has failed to pass various bills that would fund election security and infrastructure improvements ahead of the midterms. And though the bipartisan Secure Elections Act has been steadily gaining momentum in the Senate—and was introduced through a companion bill in the House on Friday—it is likely still months away from potentially becoming law.

After months of silence on the topic, the Trump Administration said at the end of July that it would “continue to provide the support necessary to the owners of elections systems—state and local governments—to secure their elections.” Department of Homeland Security top cybersecurity official Jeanette Manfra echoed that sentiment at DefCon on Friday, noting that election officials “do a lot with not a lot of resources, and now they’re on the front lines trying to deal with a lot of these issues. They can’t do it alone.”

Jake Braun, a co-organizer of the Voting Village and a former White House and public liaison for DHS, pointed out on Friday that even a project like the DefCon research workshop is costly and would be out of reach for many organizations. “This is a volunteer operation,” he said. “None of us make a dime off of this; we actually lose money.”

The findings that come out of the Voting Village this weekend, and those from researchers more broadly, continue to provide crucial information, as security advocates work to raise the bar of voting machine defense around the US and shape guidelines for vendors. But knowledge can only go so far without the resources required to act on it.

“Most election officials have one or two people in their office,” says Noah Praetz, the director of elections for Cook County, Illinois, who also attended the Voting Village last year. “They outsource most of the work they do, and it’s really difficult” to keep up with the constant stream of election system-related vulnerability advisories.

Voting infrastructure desperately needs vetting from hackers. But now that that idea has more widespread support, the next item on the punch list is funding.


More Great WIRED Stories

Bugs in Mobile Credit Card Readers Could Expose Buyers

The tiny, portable credit card readers you use to pay at farmer’s markets, bake sales, and smoothie shops are convenient for consumers and merchants alike. But while more and more transactions are passing through them, devices sold by four of the leading companies in the space—Square, SumUp, iZettle, and PayPal—turn out to have a variety of concerning security flaws.

Leigh-Anne Galloway and Tim Yunusov from the security firm Positive Technologies looked at seven mobile point of sale devices in all. What they found wasn’t pretty: bugs that allowed them to manipulate commands using Bluetooth or mobile apps, modify payment amounts in magstripe swipe transactions, and even gain full remote control of a point of sale device.

“The very simple question that we had was how much security can be embedded in a device that costs less than $50?” Galloway says. “With that in mind we started off quite small by looking at two vendors and two card readers, but it quickly grew to become a much bigger project.”

All four manufacturers are addressing the issue, and not all models were vulnerable to all of the bugs. In the case of Square and PayPal, the vulnerabilities were found in third-party hardware made by a company called Miura. The researchers are presenting their findings Thursday at the Black Hat security conference.

The researchers found that they could exploit bugs in Bluetooth and mobile app connectivity to the devices to intercept transactions or modify commands. The flaws could allow an attacker to disable chip-based transactions, forcing customers to use a less secure magstrip swipe, and making it easier to steal data and clone customer cards.

Alternatively, a rogue merchant could make the mPOS device appear to decline a transaction to get a user to repeat it multiple times, or to change the total of a magstripe transaction up to the $50,000 limit. By intercepting the traffic and clandestinely modifying the value of the payment, an attacker could get a customer to approve a normal-looking transaction that is really worth much more. In these types of frauds, customers rely on their banks and credit card issuers to insure their losses, but magstripe is a deprecated protocol, and businesses who continue to use it now hold the liability.

The researchers also reported issues with firmware validation and downgrading that could allow an attacker to install old or tainted firmware versions, further exposing the devices.

The researchers found that in the Miura M010 Reader, which Square and Paypal formerly sold as a third-party device, they could exploit connectivity flaws to gain full remote code execution and file system access in the reader. Galloway notes that a third-party attacker might particularly want to use this control to change the mode of a PIN pad from encrypted to plaintext, known as “command mode,” to observe and collect customer PIN numbers.

The researchers evaluated accounts and devices used in the US and European regions, since they’re configured differently in each place. And while all of the terminals the researchers tested contained at least some vulnerabilities, the worst of it was limited to just a few of them.

“The Miura M010 Reader is a third-party credit card chip reader that we initially offered as a stopgap and today is used by only a few hundred Square sellers. As soon as we became aware of a vulnerability affecting the Miura Reader, we accelerated existing plans to drop support for the M010 Reader,” a Square spokesperson told WIRED. “Today it is no longer possible to use the Miura Reader on the Square ecosystem.”

“SumUp can confirm that there has never been any fraud attempted through its terminals using the magnetic stripe-based method outlined in this report,” said a SumUp spokesperson. “All the same, as soon as the researchers contacted us, our team successfully removed any possibility of such an attempt at fraud in the future.”

“We recognize the important role that researchers and our user community play in helping to keep PayPal secure,” a spokesperson said in a statement. “PayPal’s systems were not impacted and our teams have remediated the issues.”

iZettle did not return a request from WIRED for comment, but the researchers say that the company is remediating its bugs as well.

Galloway and Yunusov were happy with the proactive response from vendors. They hope, though, that their findings will raise awareness about the broader issue of making security a development priority for low cost embedded devices.

“The kind of issues we see with this market base you can see applying more broadly to IoT,” Galloway says. “With something like a card reader you would have an expectation of a certain level of security as a consumer or a business owner. But many of these companies haven’t been around for that long and the products themselves aren’t very mature. Security isn’t necessarily going to be embedded into the development process.”


More Great WIRED Stories

Qualcomm settles with Taiwan antitrust regulator for T$2.73 billion

TAIPEI (Reuters) – Mobile chipmaker Qualcomm Inc is settling an antitrust case brought against it by Taiwan regulators by paying T$2.73 billion ($89 million), the island’s Fair Trade Commission said on Friday.

FILE PHOTO: Visitors are seen by a booth of Qualcomm Inc at the China International Big Data Industry Expo in Guiyang, Guizhou province, China May 27, 2018.   REUTERS/Stringer

The commission said Qualcomm also agreed to bargain in good faith with other chip and phone makers in patent-licensing deals.

In 2017, the commission fined Qualcomm $778 million for refusing to sell chips to mobile handset makers that wouldn’t agree to its patent-licensing terms and for cutting iPhone maker Apple Inc a royalty discount in exchange for the exclusive use of Qualcomm’s modem chips in the past.

Reporting By Yimou Lee in TAIPEI and Stephen Nellis in SAN FRANCISCO; Editing by Muralikumar Anantharaman

Dun & Bradstreet to go private for $5.38 billion

(Reuters) – Data and analytics company Dun & Bradstreet Corp said on Wednesday it would be acquired by a group of investors led by CC Capital, Cannae Holdings and funds affiliated with Thomas H. Lee Partners LP, for $5.38 billion in cash.

Dun & Bradstreet shareholders will receive $145 in cash for each common share, the company said.

The price represents a premium of 18 percent to the stock’s Wednesday close. The deal value is based on 37.1 million shares outstanding, according to Thomson Reuters data.

Including debt of $1.5 billion, the deal is valued at $6.9 billion.

The deal will be financed through a combination of committed equity financing provided by the investor group, as well as debt financing, the company said.

J.P. Morgan is serving as financial adviser to Dun & Bradstreet, and Cleary Gottlieb Steen & Hamilton LLP is serving as its legal counsel.

Reporting by Shubham Kalia in Bengaluru; Editing by Gopakumar Warrier

These 5 Simple Strategies Helped This CEO Grow His Startup Into a Multibillion-Dollar Company

Plenty of tech companies these days are able to go public without being profitable. That’s because investors keep driving up their shares due to their ability to grow faster than expected.

Needless to say, the strategy of investing in fast-growing, money-losing companies works well until investors are gripped by the fear that such companies will bleed out.

Avoiding this danger is what’s behind my four-stage scaling model:

One of the possible flaws in the market for financing startups is that some companies can go public despite losing buckets of money. In my way of looking at things, they skip the second stage in my scaling model — which is to lower a company’s costs to sell and provide service to a customers as it gets bigger — and investors are happy to let them get away with being unprofitable as long as they grow quickly.

A good example of this is San Jose, Calif.-based data storage supplier Nutanix which has enjoyed expectations-beating revenue growth but has never managed to make a profit. However, this has not stopped its stock from rising from $16 at its September 2016 IPO to about $52 on August 6th, 2018. 

Co-founder and CEO Dheeraj Pandey helped illustrate five lessons that can help you achieve greater startup success.

1. Set investor’s expectations on your own terms.

Most public companies operate on the premise that they should beat analyst’s revenue and earnings targets and raise their expectations every quarter. But CEOs of private companies are usually more focused on rapid revenue growth and less on profits.

A CEO who succeeds in taking a company public and runs it successfully thereafter ought not to be too shackled by the beat and raise mentality. Instead, such CEOs should offer investors a different way to think about this tradeoff. Nutanix does this.

As Pandey told me, “We believe that the right balance between the two is measured by the rule of 40: our revenue growth rate plus free cash flow as a percent of revenue should be at least 40 — ours is 49.”

2. Focus on your employees and customers.

I believe that if a company hires people who want to give customers great products and excellent service, the customers will keep buying from the company and shareholders will benefit.

Pandey agrees. As he said, “When you have to stay connected to [your customers], you have to be humble, you have to be hungry and you have to be paranoid, and be very honest about things. Because [your customer base] doesn’t give a hoot about what your stock price is.”

3. Redefine your job every year.

Very few get to take their companies public and keep running them. These rare CEOs I called marathoners in my book, Startup Cities. Such CEOs usually start off as product innovators and morph into organization builders. Founders who can’t do that get replaced by CEOs who do.

Pandey has changed his role over the years. “In year one, I wrote 20,000 lines of code to get the product out the door. In year two, I was acting as the VP of engineering and writing code, and in year three, I was acting more like a CEO — as a generalist. Even today part of my role is as a product manager and architect.”

4. Think of every day as if it were the first.

As I wrote in my book, Value Leadership, companies must fight complacency by thinking about every day as if it was the first and putting talented people with entrepreneurial potential in charge of a key parts of the business.

Pandey says he does this. As he said, “The paradox of growth is that growth creates complexity which kills growth. We always think of it being day one — we keep our scrappiness.”

5. Build a culture that keeps you in everyone’s mind.

Culture is important because the CEO can’t make all the decisions. It’s the values that a CEO believes are essential to the company’s success and the actions it expects people to take without having to ask permission.

Nutanix has a culture. “We are launching the 12 cultural principles and putting them in the hallways and meeting rooms. Even though I cannot physically be in every room, with these principles I will be there mentally,” said Pandey.

If you are not following these five principles now, doing so could make you more successful.

Salesforce appoints Keith Block as co-CEO

(Reuters) – U.S. sales and marketing software company Salesforce.com Inc (CRM.N) on Tuesday said its board appointed Chief Operating Officer Keith Block as its co-chief executive officer.

Block served as the company’s vice chairman, president and a director since joining Salesforce in June 2013. He has been the company’s COO since February 2016.

Salesforce also appointed its co-founder and Chief Technology Officer Parker Harris to the board, it said in a separate statement.

Reporting by Shubham Kalia in Bengaluru; Editing by Sandra Maler