Education for K12 + Citizens ©1996 – ©2025
Meet Rosie the Riveter’s British cousins. NYT
When even the women’s request to keep their uniforms as the only mementos of their services was denied — among other indignities — Lady Gertrude Denman, who had led the Women’s Land Army through two world wars, resigned in disgust. “Blow, blow, thou winter wind,” wrote contributors to Land Girl Magazine, “thou art not so unkind as man’s ingratitude.”
Atheism Is Inconsistent with the Scientific Method
The 2019 Templeton Prize winner does not pull punches on the limits of science, the value of humility and the irrationality of nonbelief.
Place his essay in relationship to Mythology and Science; Or, What Do We Want From Popular Science?
Gregory Schrempp , Contributor Associate Professor, Department of Folklore & Ethnomusicology, Indiana University (Bloomington)
By Izabella Kaminska
Mar 20 2019
<https://ftalphaville.ft.com/2019/03/20/1553085361000/Amazon–sub-Prime-/>
The following is the first in a two-part post about Amazon’s dependence on an obscure process known as commingling, which has become essential to underpinning its instant fulfilment services, especially its Prime offering.
If you work in finance, the concept of commingling and its cost benefits will be instantly recognizable. But so will its risks.
And it’s these sorts of risks that are now creeping into the entire Amazon system due to the online retailer’s open-ended fulfillment structure, which allows any third party to supply inventory into commingled stock.
Not only is commingling becoming a means by which a huge number of sub-par or counterfeited goods are entering the Amazon network, it’s arguably the reason why Amazon is being forced to take increasingly extreme steps to take control of its suppliers.
As it does so, it turns itself back into a conventional vertically-integrated retailer like Tesco or Walmart, losing much of the scaling, and cost advantages, associated with its “Fulfilled by Amazon” model (FBA). This also forces an ever greater “unapproved” seller network to deal in the increasingly cut-throat dynamics of its wider marketplace offering.
The consequences of all this, as we will explain, are glaring.
Unless you make your money from selling stuff on Amazon, chances are you won’t have heard of an FNSKU. The acronym stands for Fulfilment Network Stock Keeping Unit and represents a location identifier for products sitting in Amazon warehouses. This, to all intents and purposes, equates to an Amazon barcode.
If you’re a seller on Amazon’s marketplace who has chosen to be fulfilled by Amazon’s warehouse system (a scenario which sees Amazon dispatching the seller’s products on their behalf from its warehouses) you will always need an FNSKU.
Apart from the times you don’t.
At such times all you need is a manufacturer code. And it’s these instances, sellers tell FT Alphaville, that are introducing a counterfeiting vulnerability into the Amazon system.
Not using an FNSKU is appealing for sellers. It means products sourced from manufacturers do not have to be relabelled, ensuring they can be sent into Amazon’s network directly, saving time and money. Sellers who have chosen to be fulfilled by Amazon otherwise add an additional logistical layer into their operations if they have to relabel the goods independently.
Using manufacture bar codes also means products are more likely to qualify for Amazon Prime classification, pushing them higher up the search rankings.
Sellers tell FT Alphaville that, as it stands, the Amazon system seems to structurally incentivise the use of manufacturer codes over FNSKUs as a result. Indeed, Amazon itself promotes the fact that the process speeds up delivery in its own literature:
If multiple sellers have inventory with the same manufacturer barcode, Amazon may fulfil orders using products with that barcode when those products are closest to the customer.
This happens regardless of which seller actually receives a customer’s order. We use this process to facilitate faster delivery.
But there is an important downside. Not using FNSKUs turns sellers’ products into cold, hard commodities which are treated as fungible with equivalent products sent into the system. This happens because of a process called commingling.
How does commingling work and why is it important to the Amazon Prime model?
If you have ever wondered how it is possible for Amazon Prime to guarantee 24, or 48, hour delivery for a hugely diverse range of products, the answer is commingling.
In its simplest and idealised form, commingling allows sellers to share inventory to the mutual benefit of all, especially with respect to speed of dispatch.
The larger the geographic area, the more effective commingling becomes. In the US, for example, a seller who supplies an Amazon warehouse in Florida can — thanks to commingling — fullfil a customer living in Minnesota as easily as customers in their home state.
To explain, consider that the time it might ordinarily take to deliver to a Minnesotan from Florida is bound by the physical limitations of travel. In other words, there’s no way a parcel can arrive more quickly than via a plane. That’s its effective speed of light limit.
However, if the buyer’s parcel can be dispatched from an equivalent commingled stock just around the corner, this theoretical speed of light limit can be broken.
<SNIP>
<If you label your commingle units by printing labels from your inventory page, and ship them with labels where you said to commingle, Amazon will likely delay your items being received and provide a warning to you about shipping items with labels when you said you want to commingle your inventory.>
<There are some inherent risks involved with using the stickerless commingled inventory option. The main risk is the loss of control of the item that the end customer receives. In addition to this there is the risk that there are counterfeit products that were sent in by other sellers, or sellers that are trying to pass off items as new that should be listed as used. The problems arise when one of these counterfeit items or less than new items are sent to a customer that orders from you.>
<august 12, 2017
I ordered the top-rated eclipse glasses on Amazon a few months ago and they were counterfeit. If you put them on during daytime you can see indirect sunlight and even my kitchen light. They were shipped from China despite having “Made in the USA” markings and all the proper ISO certification fine print. I haven’t received any communication from Amazon, so people who haven’t heard from them should not assume their glasses are safe (contrary to Amazon’s statement). I contacted Amazon support and they were quick to initiate a refund. For some reason Amazon rejected my review warning that items from third party sellers may be counterfeit and explaining how to tell.
Here are a couple photos of the counterfeits>
https://www.edu-cyberpg.com/Technology/vote.html
The fact that information is stored unencrypted on hard drives simply makes no sense in the current threat environment. That they can be left on devices, unencrypted, that are then sold on the open market is malpractice.
Since these machines are for sale online, individuals, precincts, or adversaries could buy them, modify them, and put them back online for sale. Envision a scenario in which foreign actors purchased these voting machines. By reverse engineering the machine like I did to exploit its weaknesses, they could compromise a small number of ballot boxes in a particular precinct. That’s the greatest fear of election security researchers: not wholesale flipping of millions of votes, which would be easy to detect, but a small, public breach of security that would sow massive distrust throughout the entire election ecosystem.
AUTHOR: BRIAN VARNERBRIAN
IN 2016, I bought two voting machines online for less than $100 apiece. I didn’t even have to search the dark web. I found them on eBay. Surely, I thought, these machines would have strict guidelines for lifecycle control like other sensitive equipment, like medical devices. I was wrong. I was able to purchase a pair of direct-recording electronic voting machines and have them delivered to my home in just a few days. I did this again just a few months ago. Alarmingly, they are still available to buy online.
reverse-engineered the machines to understand how they could be manipulated. After removing the internal hard drive, I was able to access the file structure and operating system. Since the machines were not wiped after they were used in the 2012 presidential election, I got a great deal of insight into how the machines store the votes that were cast on them. Within hours, I was able to change the candidates’ names to be that of anyone I wanted. When the machine printed out the official record for the votes that were cast, it showed that the candidate’s name I invented had received the most votes on that particular machine.
This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines—those that were used in the 2016 election—are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as “next generation,” and still in use today, are worse than they were before—dispersed, disorganized, and susceptible to manipulation.
A recent in-depth report on voting machine vulnerabilities concluded that a perpetrator would need physical access to the voting machine to exploit it. I concur with that assessment. When I reverse-engineered voting machines in 2016, I noticed that they were using a smart card as a means of authenticating a user and allowing them to vote. There are many documented liabilities in certain types of smart cards that are used, from Satellite receiver cards to bank chip cards. By using a $15 palm-sized device, my team was able to exploit a smart chip card, allowing us to vote multiple times.
Karl Auerbach
Date: March 18, 2019
Well more than a decade ago, but after the disastrous Gore vs Bush election the Open Voting Consortium bought a used Diebold DRE (touchscreen) voting machine that had become unclaimed freight. An interesting aspect is that the laws regarding unclaimed freight can potentially extinguish or diminish things like license limitations – or non-disclosures – that might have applied to those taking the items in a normal chain of transfers.
The machine was as heavy as a Diebold vault, but that’s where the security ended. It had a cheap lock that could, and was, picked in just a few seconds. It ran MS Windows CE off of a compact flash. It even still had the votes from the last election in which it was used (in Ohio.)
Subsequently I was part of a team on a project to build a reference implementation of voting systems for the state of California (and anyone else) – from precinct and canvassing (counting) center hardware to vote capture machines to vote counting machines to all of the surrounding procedures. We had buy in for all of the various parts – UCLA and UC Berkeley law on procedures, UC Merced on hardware, UC Santa Cruz on software, etc.
We did not find “open source” to be necessary. Rather we felt that the public would be best served by systems that could be inspected by anyone (including inspection of code), full testing by any interested party (of all components), and open publication of test results. We did not feel that it was necessary to take the step to require free distribution (or re-distribution) of parts: we wanted to encourage private vendors to produce this stuff and we had to leave them some incentive to do so.
The key element was that all of the devices would be totally open for inspection and testing – and that at the precinct all inter-machine APIs would be in the form of paper that could be reliably read by both humans (with normal eyesight) and machines.
Some precinct machines would gather voter intent – with different machines for different kinds of human frailties ranging from bad eyesight to inability to accurately use a finger on a touch screen. All would produce that paper ballot. Separate machines would record those ballots.
Most people have tended to forget that often the easiest place to steal an election is in the transfer of ballots/tallies from precincts to the counting/canvassing center or at the counting center itself, especially as we move towards instant runoff style ballots. So we designed all of that stuff, and procedures, as well.
One surprising obstacle was from county clerks: they are tasked with the very difficult jobs of delivering a believable election on a small budget. They have to deal with all of the practical things like warehousing voting machines and training precinct workers. They have a real concern about the costs of storing paper ballots; they are not equipped to become local versions of Iron Mountain.
In addition various states have old laws that have to be rewritten. For example, California has very strict limits on how long voting materials – such as cast ballots – can be retained after an election.
Unfortunately the project died before it was launched due to a sex (I think) scandal involving the California Secretary of State that broke on the day he was to sign the papers to launch the project.)
I think that it is a project that deserves to be resurrected.
Exactis, as the source of a leak of the personal records of nearly everyone in the United States.
The result is a cautionary tale about the liability that a massive dataset can create for a tiny company like Exactis. It also hints at just how easy it’s become for small firms to wield massive, leak-prone databases of personal information—without necessarily having the resources or know-how to secure them.
https://www.wired.com/story/exactis-data-leak-fallout/
WIRED had revealed that Exactis exposed a database of 340 million records on the open internet, as first spotted by an independent security researcher named Vinny Troia.
Using the scanning tool Shodan, Troia identified a misconfigured Amazon ElasticSearch server that contained the database, and then downloaded it. There he found 230 million personal records and another 110 million related to businesses—more than two terabytes of information in total. Those files didn’t include credit card information, passwords, or Social Security numbers. But each one enumerated hundreds of details on individuals, ranging from the value of people’s mortgages to the age of their children, as well as other personal information like email addresses, home addresses, and phone numbers.
Exactis licensed that information to marketing and sales customers, so that they could integrate it with their existing databases to build more comprehensive profiles. But privacy advocates have warned that those same details, left open to the public, could just as easily allow spammers or scammers to profile targets.
the most painful breaches, like the Office of Personnel Management or Anthem health insurance incidents that involved stolen Social Security numbers and other hard-to-change personal data, are naturally the most valuable targets for attackers. Don’t forget the massive credit reporting agency Equifax to that list.