Slashdot Mirror

← Back to Domains

Domain: freedom-to-tinker.com

Stories and comments across the archive that link to freedom-to-tinker.com.

Comments · 239

  1. Apparently there are no dependable guarantees. by Futurepower(R) · · Score: 0 · on Sequoia To Publish Source Code For Voting Machines

    Even if they release source code, it is possible that the code they actually use in their voting machines is different than the code they release. It's entirely their choice which software is run on any given day, is that correct? They can do updates whenever they want. Their are apparently no dependable guarantees.

    In the past, Sequoia Voting has not seemed especially knowledgeable: Sequoia e-voting machines disturbingly easy to hack. Quote: "Researchers from the Princeton University Center for Information Technology Policy ... were able to trivially circumvent the machine's physical security mechanisms and plant a hacked ROM that undetectably doctored the voting results."

    See this article, also, about a Sequoia AVC Advantage voting machine: Evidence of New Jersey Election Discrepancies.

    Off topic: Be skeptical about flu reports. The reports about flu were so flawed I took the time to write my own, using information from The Atlantic magazine and CBS News, among other sources.

  2. Paper ballots are not immune to software problems by ComputerInsultant · · Score: 1 · on Sequoia Voting Systems Source Code Released
    Optical scan machines have software bugs too!

    Humboldt County, California has an innovative program to put on the Internet scanned images of all the optical-scan ballots cast in the county. In the online archive, citizens found 197 ballots that were not included in the official results of the November election. Investigation revealed that the ballots disappeared from the official count due to a programming error in central tabulation software

    http://www.freedom-to-tinker.com/blog/felten/election-transparency-project-finds-ballot-counting-bug

  3. Re:Not a Bug by aschran · · Score: 2, Interesting · on Voting Machine Attacks Proven To Be Practical

    If you think it's impossible to get a few private minutes with one of these voting machines you are crazy. I am not sure how you have been an election worker and still managed to come to that conclusion. In fact, you can easily get a few private HOURS with them. Ed Felten (one of the writers of this paper) annually takes photos of himself with unattended voting machines the night before Election Day.

    http://www.freedom-to-tinker.com/blog/felten/unattended-voting-machines-usual

  4. Re:How hard is it for a computer to do addition? by TurboNed · · Score: 1 · on Software Bug Adds 5K Votes To Election

    The generally accepted stance on voter security (as I understand it from reading Bruce Schneier's blog and Ed Felten's blog is that what is important is that a vote get recorded accurately, that a user can verify (at the time of casting but not after) that the vote they're casting is the vote they intended to cast, and that we be able to ensure a one-to-one correspondence between votes and voters. That doesn't mean that we can map votes to voters later. Such a capability may be useful, but the security concerns (voter coercion, mostly) would outweigh the auditing benefits.

    Think of the paper ballot example. Assuming users actually use the ballots correctly (obviously a huge assumption and one that doesn't play out in practice, but work with me here), you have an accurate, auditable record (a recount is meaningful because it has the potential to discover mistakes of the original count) of the voter's decision. At the time of casting the ballot, the voter can verify (if they so choose) that the ballot accurately reflects their choices. We have one-to-one correspondence because other measures were taken to ensure that each voter received one ballot. When the voter casts their ballot, their vote is recorded, but there will never be any way to trace back the choices that the voter made back to the voter. The voter isn't subject to coercion from, say, a shady employer who threatens to fire any employee who doesn't vote for Candidate A. Employees can lie to their employer about who they voted for and (this is important) nobody has the ability to retrieve the voter's vote to prove/disprove the voter's claim.

    As I see it (though IANAExpert), the proper way to do an electronic vote is to tally votes electronically in a moderately secure environment ("absolute" security would be counter productive, IMO), but to print out a physical record of votes recorded by a machine which is verified by the user and dropped in a ballot box. If there's dispute with the machine tally, you have an auditable record to check the dispute against. If you ask a machine to do a recount of the 4,328,512 votes that it took (which seems like a strange number of votes to record in a precinct with 715,386 eligible voters), it's going to give you the same numbers. Sure, you may know fraud happened - but there's nothing you can do about it.

  5. A comment on 3 strikes: by tenco · · Score: 0, Offtopic · on What Can I Do About Book Pirates?

    http://www.freedom-to-tinker.com/blog/felten/modest-proposal-three-strikes-print

  6. Re:Huh? by OeLeWaPpErKe · · Score: 0, Flamebait · on A Secure OS For the Dalai Lama?

    And open source has not been proven incompetent ? It's worse : open source contributors have been proven malevolent. Not that that's so problematic, after all, Microsoft has had at least 2 employees that got caught doing the same. Several malicious code submissions were approved and "downstreamed" into distributions before being discovered (versus microsoft caught both attempts).

    In several instances the individuals involved not only were not prosecuted (obviously microsoft did prosecute them), but weren't even kicked from the project they backdoored, and none were kicked from other projects.

    Do you seriously think they only introduced one problematic piece of code ?

    http://www.freedom-to-tinker.com/blog/felten/linux-backdoor-attempt-thwarted

    What we don't know is how often this sort of thing happens in proprietary software development. There must be some attempts to insert malicious code, given the amount of money at stake and the sheer number of people who have the opportunity to try inserting a backdoor. But we don't know how many people try, or how quickly they are caught.

    [Technogeek readers: The offending code is below. Can you spot the problem?

    if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
                    retval = -EINVAL;
    ]

    The problem is we don't know IF they are caught, and common sense would tell anyone that they're simply ... not caught at all.

    The problem with this news (and all security related news) is that it's merely news of incompetents failing. News of successful incursions will, for obvious reasons, not be released until untold damage is done (and that's if you're lucky and the incursion was by some government that's concerned with historical record. Russian criminals don't, neither does, it seems, anyone outside what is generally called "the west". Otherwise, a denial is the very best you could hope for).

  7. Re:NOT "companies". Anybody. by nick_davison · · Score: 1 · on Court Reinstates Proof-of-Age Requirement For Nude Ads

    First shot of a set, point your camera at their driver's license.

    Takes about 30 seconds.

    If it's for personal use, you're going to be keeping the whole set together and will always have that first image with the date stamped files.

    There was an interesting article, a while back, about all of the cunning defenses that geeks think of (YANAL). As the writer pointed out, being able to win in court is not the same thing as not being dragged through hell in the process.

    2257 formalizes something that was already around - child pornography is illegal. Whether it does or doesn't exist, if the cops believe you have images of child porn, they'll still destroy your life in the investigation.

    Whether 2257 exists or not, the whole first shot at a driver's license makes sense regardless. That being the case, as bad a law as 2257 is, it doesn't really change much for personal use... You either risk hell and assume it won't happen or you don't. 2257 adds little.

  8. Re:Retarded by DustyShadow · · Score: 1 · on Don't Like EULAs? Get Your Cat To Agree To Them

    See my above comment and the one below mine and there's more if you scroll down. I'll add this one too: http://www.freedom-to-tinker.com/blog/felten/dmca-ruling-bnetd-case

  9. Re:Retarded by DustyShadow · · Score: 2, Informative · on Don't Like EULAs? Get Your Cat To Agree To Them

    Your original post said a click wrap agreement doesn't provide a meeting of the minds. Then you just said clicking "I agree" has been held to be a valid consent. Those two statements contradict each other. And just so you know, "meeting of the minds" is a different issue than a provision that waives a right that cannot be waived.

    And by the way, if you are referring to waiving your right to fair use/reverse engineer, well good luck getting that part thrown out. IAALStudent

  10. Re:I hate this mentality by ais523 · · Score: 2, Informative · on Cuba Launches Own Linux Variation

    name me one case of a trojan being detected via open source.

    http://www.freedom-to-tinker.com/blog/felten/linux-backdoor-attempt-thwarted (admittedly, that's giving a URL not naming, but I think it was defeated so quickly it wasn't even given a name).

    Now, name me one case of a trojan that wasn't created because the source code was closed.

  11. Re:how to argue that closed source is secure? by rtfa-troll · · Score: 5, Informative · on How To Argue That Open Source Software Is Secure?

    You seem to be a bit trolling, but you're an interesting troll, so lets go ahead :-)

    It's very clear that different parts of open source have different standards of review. Whilst the Debian SSL situation is bad to terrible (I had just installed my home web server on Debian for an experiment; I was not pleased!), however it was discovered only due to the source being open. It's known that actual deliberate attempts to put back doors into the Linux Kernel have been thwarted. By choosing properly supported stable well audited parts of Linux there can really be a benefit. Personally I would strongly recomment RedHat. I was impressed that ther distribution wasn't actually compromised during the recent attacks on their signing infrastructure. It showed a real commitment to defense in depth to a level which surprised me.

    Even the compiler attack you mention has now been countered (see also Schneier's interesting discussion of double compilation). I'm surprised you don't mention it when discussing a 1980's paper (which is why I wonder about the trolling bit). This means that it really is possible to leverage the benefit of "open source" for better security.

    I'd take a slightly different moral; you should have layered trust. More for Linux; less for Apache; little for Open Office very little for random Linux games; none for closed source software. Use SELinux to partition your software (if your OS doesn't support SELinux then change it :-). If you care about security then insist on source and actually pay for some parts of source level audits.

    A key "talking point" in this discussion would be why the Chinese insisted on having Windows source whilst commercial customers don't get it. Discuss whether your company has any Chinese competitors. Seriously consider switching off a system which gives those competitors a benefit you don't have (sometimes Chinese competitors seem indistinguishable from the government). If they insist on source then so should you.

  12. Re:The flavour lasts forever. by TheLink · · Score: 1 · on New Memristor Makes Low-Cost, High-Density Memory

    "You might think you turned your computer off and destroyed RAM contents"

    Even for conventional RAM, most of the contents stay for quite a while after power loss. And the colder the chips are the longer the duration.

    Try turning off your computer and then immediately booting something that lets you peek into the RAM.

    See: http://www.freedom-to-tinker.com/blog/felten/new-research-result-cold-boot-attacks-disk-encryption

  13. Re:C'mon guys, read TFA to the end... by yuna49 · · Score: 1 · on Who Protects the Internet?

    My candidate for national CTO is Ed Felten of Princeton. Of course such an appointment would hardly be looked upon with favor in places like Hollywood or Redmond.

  14. Re:This is microsoft trying to help kill open sour by Bruce+Perens · · Score: 5, Insightful · on Microsoft Treating "Windows-Only" As Open Source
    One of the plus points of open source as I'm led to understand is that others can review the code to increase trust in that code, many eyes and all that.

    We need more than you think for something to be open even by your over-restrictive definition of "open". Consider that the report on the security of Sequoia voting machines has been supressed by the court. In that case, the software was trade secret and all rights reserved. But what if it had been source code that was disclosed but still "all rights reserved"? Since that prohibits compilation and use, it would be difficult for security testers to legally do their work at all. Since it prevents derivative works and redistribution, we'd be unable to include code snippets in any report. We would be legally unable to modify the software for the purpose of testing bug fixes. And we'd be unable to distribute fixes.

    The rights are a lot more important than you think. Even to have a kind of code that is disclosed mainly for the purpose of increasing trust, we'd have to design a license to convey significant rights, if the examiners were not to be placed at legal risk.

    Bruce

  15. Re:Author just another Dem Activist by Geoffrey.landis · · Score: 1 · on Judge Suppresses Report On Voting Systems

    I agree. Completely! So if we all agree why the hell does every discussion about voting machines end up blaming Republicans for yet another Vast Right Wing Conspiracy (VRWC (tm))? Why, when a clearly biased and self-interested plaintiff bitches on a blog about what is very possibly his political manifesto get gagged by the court that ordered an independent review, does slashdot whip itself into a frenzy of moral outrage.

    If, as you claim, the court gagged him because he was a biased and self-interested plaintiff with a "political manifesto," moral outrage is appropriate. If that were true, then the judge had forsworn his oath to uphold the constitution-- which incorporates a first amendment right to free speech-- and the judge should be reprimanded strongly and removed from the bench.

    In America, courts do not have the right to put gag orders on political manifestos.

    However, I actually did read the original article, and first, he's not the plaintiff; he's the expert witness; and second, nowhere in the article are Republicans blamed (nor even mentioned), nor is a "Vast Right Wind Conspiracy" discussed (or even mentioned), and third, the judge very likely did not order the gag order because it's a "political manifesto," but much more likely because the vendor is claiming that the report contains information that the vendor claims is trade secret. (Knowing a little bit about what corporations want to keep secret, this "trade secret" is most likely the fact that the code is filled with bugs and with poorly-worked-out patches.)

    So, frankly, I'm at a loss to understand what you're commenting about.

    Nevertheless, oddly enough, we both seem to agree on the basics; that voting machines should be accurate and verifiable. So I will quit bitching at this point, and say "yes, I agree with that, as well."

  16. Social engineering vs captchas by gmuslera · · Score: 1 · on Spammers Targeting Microsoft's Revised CAPTCHA
    Even if developed a clever image captcha that can't be solved by computers but yes for humans, spammers can use social engineering to make humans solve that captchas for them (i.e. bulk paying or showing porn).

    Captchas alone don't solve the problem, but maybe combined with some kind of behaviour blocking, or add more human/machine detection (i.e. sometimes require an answer to be able to send the Nth email) after the account was created could make things a bit less profitable for spammers.. Or other kind of solution.

  17. Re:Does this actually say anything? by lysergic.acid · · Score: 1 · on CSRF Flaws Found On Major Websites, Including a Bank

    that has nothing to do with CSRF. if the other article is unclear, try reading the Freedom to Tinker article.

  18. Not a trend? by symbolset · · Score: 1 · on Microsoft's "Mojave Experiment" Teaser Site Goes Live

    It's too early to say there's a trend.

    Microsoft isn't investing $500,000,000 in a disinformation campaign because there's no trend. There's a trend and they want to turn it.

    I think the quality of Vista is only part of the story.

    You nailed that one. There's also partner apathy, application and infrastructure architecture incompatibilities, and the utter lack of compelling features to make the effort worthwhile.

    But there is a window here of opportunity for corporate and open source competitors, if they can get their shit together and not blow it like IBM did with OS/2 in 1993-94.

    IBM's error was partnering with Microsoft. Microsoft "knifed the baby." Everybody knows now that partnering with Microsoft is not the way to achieve dominance in the market because they always knife the baby.

    It seems you've attracted the anonymous coward defenders of Redmond. You're getting painfully close to the truth.

  19. feeds by diamondmagic · · Score: 1 · on What RSS Feeds Do You Use?

    Tech:
    I, Cringley http://www.pbs.org/cringely/pulpit/rss2.xml
    Freedom to Tinker http://www.freedom-to-tinker.com/?feed=rss2
    Freenode staffblog http://blog.freenode.net/?feed=rss2
    Gentoo Monthly Newsletter http://www.gentoo.org/news/en/gwn/rss.xml
    Xaprb (MySQL) http://www.xaprb.com/blog/feed/atom/

    Games:
    Cruise Elroy ("Intelligent discussion of video games") http://cruiseelroy.net/feed/
    Jonathan Drain's D20 Source http://d20.jonnydigital.com/feed
    Socratic Design http://socratesrpg.blogspot.com/feeds/posts/default
    Stephen's Weblog (NDS homebrew) http://blog.akkit.org/feed/
    StupidRanger http://feeds.feedburner.com/Stupidrangercom
    Zero Punctuation http://www.escapistmagazine.com/rss/articles/editorials/zeropunctuation
    Zelda Reorchestrated http://www.zreomusic.com/feed/
    Used to read The Escapist, quite enjoying the magazine format, but seven or so articles all on the same day each week became too much (once a month please!). The format has changed since then, it just isn't the same.

    And the Comics:
    xkcd comic & blag
    Penny Arcade
    and no feed, but 8-bit Theater

    And a number of various personal feeds

    Slashdot I just check every few hours, I can be assured there is going to be a new article to read

  20. Enlist the RIAA! by dr2chase · · Score: 1 · on Storm and the Future of Social Engineering

    According to this article it is possible to "frame" IP addresses using the bittorrent protocol, and convince the RIAA that a non-infringing IP address (for example, a networked printer) is hosting their precious music.

    If worm-compromised hosts can be automatically identified (say, the originator of every piece of spam that I get), why not frame them, and then RIAA will send take-down notices to their ISPs? Either this forces the RIAA to work a little harder before harrassing people, or a bunch of worm hosts get knocked offline (or both).

    Step 3: PROFIT!

  21. Wrong forum? by IWannaBeAnAC · · Score: 1 · on How To Spot E-Vote Tampering?

    I wouldn't ask this question here, maybe you will get some good responses but you will also get a bunch of seemingly good (but on deeper thought, not so much) responses from more-or-less clueless people that don't actually have any experience at election security. I would try instead Ed Felten at http://www.freedom-to-tinker.com/, or even Bruce Schneier. Both these people are experts in the field, and both have discussed these issues extensively on their blogs.

  22. Nope. by Mr2001 · · Score: 1 · on Why BitTorrent Causes Latency and How To Fix It

    If you want a laugh, go through Freedom to Tinker's archives and look for the BitTorrent threads George Ou has posted on. For example, this one. Every time he opens his virtual mouth, he flushes a little more credibility down the toilet.

  23. Nope. by Mr2001 · · Score: 1 · on Why BitTorrent Causes Latency and How To Fix It

    If you want a laugh, go through Freedom to Tinker's archives and look for the BitTorrent threads George Ou has posted on. For example, this one. Every time he opens his virtual mouth, he flushes a little more credibility down the toilet.

  24. Here is the real smoking gun... by bgspence · · Score: 3, Interesting · on Hard Evidence of Voting Machine Addition Errors

    Sequoia's Explanation, and Why It's Not the Whole Story
    http://www.freedom-to-tinker.com/?p=1267 ...
    "Let's assume the Democrat party is assigned option switch 6 while the Republican Party is assigned options switch 12. If a Democrat voter arrives, the poll worker presses the "6 button followed by the green "Activate" button. The Democrat contests are activated and the voter votes the ballot. " ...

    Then the following comment nails it:

    "Rich Kulawiec Says:
    March 20th, 2008 at 2:59 pm
    I'm working through this explanation with a paper-and-pencil mockup, but meanwhile I'll note Sequoia's use of the right-wing code phrase "Democrat Party" instead of "Democratic Party". It seems to have become fashionable of late among some to use this term as a thinly-veiled insult, then deny that it's intentional. Given how carefully [at least some portions of] this explanation seem to be worded, I don't for a moment believe this is a mistake."

  25. Re:So? by MrAtoz · · Score: 1 · on Diebold Admits ATMs Are More Robust Than Voting Machines

    Yes, the ATM cost argument is totally bogus. As Ed Felten notes on his blog:

    ATMs are expensive because they have a safe full of cash inside. It's important that you can't steal the cash, even if you've got time and tools at your disposal. Voting systems (at least anywhere I'll ever be likely to vote) don't dispense money. Building a reliable printer doesn't need to be expensive.
  26. Here's the link that should have been in summary by langelgjm · · Score: 4, Informative · on New Jersey E-Voting Problems Worse Than Originally Suspected

    Here's the link that should have been in the summary, to the post in Ed Felten's blog, Freedom to Tinker, complete with images of the paper tape in question.

  27. Re:Count from Zero by Ioldanach · · Score: 1 · on Sequoia Vote Machine Can't Do Simple Arithmetic?

    Incidentally, while the article is slashdotted, the tiff is still up.

  28. this says it all really by Anonymous Coward · · Score: -1 · on Sequoia Threatens Over Voting Machine Evaluation

    http://www.freedom-to-tinker.com/?p=1265#comment-383248
    "I think a policy like that should make the use of said machine a no go in any election at any level."

  29. Re:Why would it? by Stormwatch · · Score: 2, Interesting · on A Congressman Who Can Code Assembly

    Cut him some slack, will ya? The "tubes" analogy does make sense.
    - http://www.freedom-to-tinker.com/?p=1042

  30. Dupe... by vidarlo · · Score: 0, Redundant · on Master Diebold Key Copied From Web Site

    http://digg.com/politics/Diebold_Posts_Image_of_Master_Key_to_Website_Hackers_Make_Real_Master_Key http://www.freedom-to-tinker.com/?p=1113 It's about one year old. And I'm sure that I've seen it on slashdot quite a while ago.

  31. Déjà vu? by daveschroeder · · Score: 5, Informative · on Master Diebold Key Copied From Web Site

    Hmm, I seem to recall this story from somewhere...it sounds somehow strangely familiar...almost as if this exact thing had occurred before...

    Oh, that's right, this story was covered -- right here on slashdot, no less -- a year ago, complete with a link to the very same now-year-old blog post, which was significantly updated at the time, and caused Diebold to remove the photo in question! (A very generic key form was used.) Might want to update this post...

    Archives - January 2007 should be a clue. Or at least one would hope.

    While you guys are at it, can you fix your patently incorrect story about Iran being "offline", when it clearly and provably isn't, thereby negating the main premise of the story? You know, since no one seems to care about anything sent to the on-duty editor email.

    Slashdot is really on fire today!

  32. Re:what it is by bhima · · Score: 1 · on There's No Such Thing as 'Wireless HDMI'

    Ed Felten reviewed the HDCP system when it first came out. His conclusion: "A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits".

    http://www.freedom-to-tinker.com/?p=1004
    http://www.freedom-to-tinker.com/?p=1005
    http://www.freedom-to-tinker.com/?p=1006
    http://www.freedom-to-tinker.com/?p=1007

  33. Re:what it is by bhima · · Score: 1 · on There's No Such Thing as 'Wireless HDMI'

    Ed Felten reviewed the HDCP system when it first came out. His conclusion: "A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits".

    http://www.freedom-to-tinker.com/?p=1004
    http://www.freedom-to-tinker.com/?p=1005
    http://www.freedom-to-tinker.com/?p=1006
    http://www.freedom-to-tinker.com/?p=1007

  34. Re:what it is by bhima · · Score: 1 · on There's No Such Thing as 'Wireless HDMI'

    Ed Felten reviewed the HDCP system when it first came out. His conclusion: "A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits".

    http://www.freedom-to-tinker.com/?p=1004
    http://www.freedom-to-tinker.com/?p=1005
    http://www.freedom-to-tinker.com/?p=1006
    http://www.freedom-to-tinker.com/?p=1007

  35. Re:what it is by bhima · · Score: 1 · on There's No Such Thing as 'Wireless HDMI'

    Ed Felten reviewed the HDCP system when it first came out. His conclusion: "A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits".

    http://www.freedom-to-tinker.com/?p=1004
    http://www.freedom-to-tinker.com/?p=1005
    http://www.freedom-to-tinker.com/?p=1006
    http://www.freedom-to-tinker.com/?p=1007

  36. Another Kid's Review by richg74 · · Score: 5, Informative · on A Child's View of the OLPC

    On his blog, Freedom to Tinker , Prof. Ed Felten at Princeton has two more reviews of early versions of the XO laptop, the B2 and the B4, both (very well) written by a 12-year-old neighbor.

  37. Another Kid's Review by richg74 · · Score: 5, Informative · on A Child's View of the OLPC

    On his blog, Freedom to Tinker , Prof. Ed Felten at Princeton has two more reviews of early versions of the XO laptop, the B2 and the B4, both (very well) written by a 12-year-old neighbor.

  38. Another Kid's Review by richg74 · · Score: 5, Informative · on A Child's View of the OLPC

    On his blog, Freedom to Tinker , Prof. Ed Felten at Princeton has two more reviews of early versions of the XO laptop, the B2 and the B4, both (very well) written by a 12-year-old neighbor.

  39. 31337 h4x0r by martinX · · Score: 3, Funny · on Privacy Breach In Canadian Passport Application Site

    That's some leet hakking going on there...

    http://www.freedom-to-tinker.com/index.php?p=780
    http://www.tjmcintyre.com/2005/06/morris-tribunal-learns-pitfalls-of.html
    http://blogs.zdnet.com/threatchaos/?p=464

  40. Re:umm by bhima · · Score: 1 · on New NSA-Approved Encryption Standard May Contain Backdoor

    Works for HDCP: http://www.freedom-to-tinker.com/?p=1007

  41. Sounds like Ed Felten's iPod ... by Kiaser+Zohsay · · Score: 1 · on Hitachi Promises 4-TB Hard Drives By 2011
    Ed blogged about a related phenomenon last week.

    The panel's title referred to an interesting fact: sometime in the next decade, we'll see a $100 device that fits in your pocket and holds all of the music ever recorded by humanity. It sounds like the industry is right on schedule.
  42. Re:Shame on... by Jtheletter · · Score: 1 · on Judge Voids Un-Auditable California Election

    And they can build voting machines that way too, if their customers ask for them. Again, that's a policy and procurement issue at the election board level.
    I agree 100% with that statement. Your original post, however, seemed to imply that the only possible way Diebold could achieve such a request was through a rediculous amount of manhours and attending every single council meeting, which is false.

    And when the equipment vendor is the one telling election boards what their policies should be, how do you address all of the shrill people who scream that Diebold is running the elections?
    There is a HUGE difference between making a feature available and dictating election procedures to election boards. While it is not Diebold's responsibility to make such a feature on their own dime and without a request, it hardly implies that they would be dictating its use.

    Diebold is not blameless in the electronic voting security arena either, lest we forget, they have dragged their feet repeatedly in implementing even basic security for these machines. Basic security for a voting machine is something that shouldn't have to be defined by every election board. Diebold is well aware these machines are to be used in state and national elections, that should demand a certain level of confidence in security measures without being told explicitly. Again, these machines are less secure than even the ATMs they produce.
  43. Current cell phone DMCA exemption by Anonymous Coward · · Score: 2, Informative · on iPhone Freed From AT&T, Twice

    The DMCA currently has an explicit exemption surrounding cellular phones locked to a specific provider (at least until November 2009). For more, see Ars Technica or Freedom To Tinker.

    There may be other legal avenues they can pursue, but DMCA appears to be out of the running.

  44. Re:It IS a "make it suck" flag by Jeremy+Erwin · · Score: 5, Informative · on High-Quality HD Content Can't Easily Be Played by Vista

    The difference between plain DVI and encrypted DVI (a.k.a., HDMI) is largely one created by the DMCA:


    You're muddling things again.

    DVI-D: A digital interface that may or not be encrypted with HDCP. I once owned a HDTV tuner/scalar that encrypted the output of the scalar. On the other hand, my DVD player doesn't encrypt its DVD output.

    HDCP: an encryption scheme that prevents people from hooking up bog standard computer displays to a device that uses HDCP. The video output tends to look like digital snow when viewed on such a monitor. Hook up an HDCP compliant monitor, and it works. The encryption algorithm is breakable, see ed felton's blog

    HDMI: A digital interface that combines video and audio. Must support HDCP, though unencrypted signals can be sent. A simple dongle is used to convert a DVI port into an video only HDMI port.

    BTW, a number of devices, including the PS3 and the lower end HD-DVD players now expect their users to have both receivers and and televisions with HDMI ports-- those devices lack "5.1" RCA jacks.

  45. Re:Another great slashdot edit... by makomk · · Score: 1 · on Google Video Store Shutting Down

    I suggest you read the Wikipedia page. Google's special player apparently uses a AVI variant for non-paid content, and that can be read by other software. However, the for-pay content is DRMed and cannot be played in external software. It also apparently requires an Internet connection to play - even if the video is stored locally, it needs to connect to obtain the key. Even Larry Page called it DRM.

  46. it gets worse by dotpavan · · Score: 1 · on Diebold Voting Machines Vulnerable to Virus Attack

    it gets worse, the current version still uses at least two hard-coded passwords -- one is "diebold" and another is the eight-byte sequence 1,2,3,4,5,6,7,8 .

  47. Preventing competition by bitspotter · · Score: 2, Interesting · on The DRM Scorecard

    Ed Felten took a whack at this question a while back that stuck with me in the context of HDCP DRM.

    First: Why is the weak system worth spending 10,000 gates for? The answer doesn't lie in platitudes about speedbumps or raising the bar -- any technical bumps or bars will be obliterated when the master secrets are published. ...

    So temporary piracy prevention doesn't seem like a good explanation.

    A much more plausible answer is that HDCP encryption exists only as a hook on which to hang lawsuits. For example, if somebody makes unlicensed displays or format converters, copyright owners could try to sue them under the DMCA for circumventing the encryption."

    Because if there's anything a tech mogul hates worse than his own customers, it's his competition.

    DRM in a Nutshell:

    An encryption system is a way to deliver information securely, even through the hands of the thieves.

    A DRM system is a way to cut out the middleman, and deliver information securely into the hands of thieves directly.

    See the problem?

    Confusing the thief for the customer is why DRM can never work.
    Confusing the customer for the thief is why DRM can never sell.

  48. HDCP is good for one reason by StandardCell · · Score: 2, Informative · on Samsung Develops First LCD Panel Using DisplayPort

    It's easily cracked. For some mysterious reason *COUGH*Intel*COUGH*, DisplayPort's original copy protection (the far better AES-128) had the kaibosh put on it. That's fine - 40 exposed keys cracks the whole system, as my link says.

  49. Re:Is this a surprise to anyone? by internic · · Score: 1 · on A Flawed US Election Reform Bill

    The GP complained about the lack of engineers and technical know-how in relation to the bill. I simply pointed out that the bill's author, Holt, has a Ph.D. in Physics, so he does have technical knowledge. It is semi-relevant in this discussion, since we're talking about reforms related to electronic voting machines. The bill doesn't tell anyone to use electronic voting machines (it leaves that issue aside entirely), but it says that if you are going to use them you have to meet certain minimum requirements (though states are free to do even more).

    If you're not impressed by Holt's credentials, I might point out that this bill implements things suggested by a NIST study on the subject (that's a bunch of other technical people), and has been endorsed by many e-voting activists and computer security experts, like Prof. Ed Felten and Prof. Avi Rubin. So the idea that this bill is the result of lack of technical knowledge or forethought is baseless.

    I am aware that getting SOMETHING done is often seen as necessary. However, I have a prejudice in favour of getting something done RIGHT. If more of our lawmakers worked on the assumption that a bad bill is worse than no bill, we'd all be better off.

    Supporters of this bill believe that it will get something good done. At the risk of repeating myself: When you vote on a DRE today your vote is going into a black box. There is no way to know whether the vote that is recorded inside the machine is for the person you selected on the screen. There is no meaningful way to audit the machines, and certainly no attempt is made. This bill mandates that there is a voter-verified paper record of your vote, and it requires audits of the electronic tally in a certain percentage of randomly selected precincts to ensure (statistically) that the electronic tally actually matches the paper one. This clearly is a vital improvement, and it is one that should be made as soon as possible.

    Perhaps you would like to see more? Passing this bill does not preclude further reform. Passing a good, but perhaps imperfect, bill now is better than passing nothing at all. If your prejudice is for waiting for a perfect bill, then it will result in nothing getting done at all, which leaves us all much worse off.

    There are many examples in Congress of passing a bill simple for the sake of having passes something, but this is not one of them. This bill makes actual improvements.

  50. Let's Drop the Straw Man by internic · · Score: 3, Informative · on A Flawed US Election Reform Bill

    Some of the objections given at the beginning of the article seem to be worth considering. The straw man debate that follows is just idiotic, however. It might be useful to look at what some actual supporters have to say, supporters like the EFF, Prof. Ed Felten, Ars Technica, the Brennan Center for Justice, People of the American Way, TrueVoteMD, and Prof. Avi Rubin to name a few.