I have no idea why someone would gloss over / apologize for half-baked attempts at practical crypto, as Glenn Fleishman appears to have done here ("oh yeah, it's not really secure, did you reeeally need that?"). Does he have a horse in this race?
Very good question (mods; you should be reading at -1). Having looked about a bit it seems that he has been recommending this password software, for example he recommended 1password pro which has multiple problems; doesn't use the keychain; encourages use of a PIN for security and (to quote Elcomsoft):
Thus, very fast password
recovery attack is possible, requiring one MD5 computation and one AES trial
decryption per password.
When you write articles on a topic you likely get advertising revenue from that, so it's possible he's also being attacked on his income. As they say, "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!" (N.B. I am not suggesting concious corruption or something).
Thanks; I do try occasionally. Though I have to say that the signature a bit spoils it in this case.
Or should that be: "WHOOOOOSH. The sound you hear is the sound of the Chinese controlled Minuteman nuclear missile (they are a type of rocket) on it's way over your village to a demonstration point somewhere in the Nevada desert"???!!!???
Whoever modded this troll has a total lack of perspective. That "history is written by the winners" is hardly an original observation but it's very on point. Lots of people are reviled because they lost; Guy Fawkes; The leaders of the Soviet August Coup; etc. etc. Winning is not the only or even a guaranteed way to enter history as a hero but it sure helps.
They invented it, so they ought to have the right to control it.
I agree 100%. A Scotsman called John Logie Baird invented the scanviewing screen. Every single viewing screen in the world (computer monitor; TV; security monitor; infra-red main battle-tank target sighting system; space ship piloting screen etc. etc.) should be routed, at the owner's expense, through a centre in Scotland so that the Scots can ensure their control over what is viewed on those screens.
My only fear is what the Chinese are going to do with their right to control your use of toilet paper.
Compared to "Clean room" implementation, which also results in a new implementation that is binary-compatible, you are adding little new. You will be able to do some trivial copying over of parts of source files directly - e.g. constants for hardware control - at the cost of legal risk (if you make a mistake) and legal work (you have to check each file carefully to avoid the mistake).
I guess you are saying that you have no example where someone actually got a substantial benefit from doing this. Right? That's why you have started trying ad-hominem insults instead. Right?
This doesn't work against hardware encrypted hard disks which is what the "lock it down completely". E.g. if you steal a Thinkpad you will end up having to replace the TPM and the firmware of the hard disk completely. My methods, basically variants of the "Evil Maid" attack will allow you to attack even those systems.
it's very easy to get around the restrictions of the GPL and take any gpl'd code and legally create a closed-source version
Your answer - rewrite it entirely - has nothing to do with your claim - that you can "take any" code.
Nowhere do I say that you have to do a complete rewrite - trying to "win" by putting words in my mouth won't work.
You answered my question with the following:
Busybox is currently being re-implemented by sony in such a fashion, so please try to keep up, mkay?
this was the very first sentence of your reply. I know it seems long ago and asking an internet troll to remember the beginning of their last post is a bit unfair, but there you go.
Can you give an example where a substantial portion of GPLv3 software package sufficient to be clearly subject to copyright has been taken and used as you describe.
Any gplv3 program - just because the package in its entirety is subject to copyright doesn't mean that individual portions of it are, same as a phone book or book of recipes can be, but the individual addresses and phone numbers, or recipes, may not be.
Busybox is currently being re-implemented by sony in such a fashion, so please try to keep up, mkay?
Always suspected you of being a bullshitter. Let's just have a look at your quote again
it's very easy to get around the restrictions of the GPL and take any gpl'd code and legally create a closed-source version
Your answer - rewrite it entirely - has nothing to do with your claim - that you can "take any" code.
If you want other examples, look up the whole "linux headers in android" tempest in a teapot - where it's perfectly fine to copy huge chunks of code residing in files that are licensed GPL2, w/o having to license the result as GPL2. Or were you asleep when the FSF tried to use this to attack Android?
The courts (Feist vs Rural, Goolab vs Nintendo) have consistently held that copying of the non-protectable portions of copyrighted material, copying of "only one way to do it" code, as well as modifying contents in ram, are all just fine. The GPL cannot prevent you from doing any of these, the same as you can make a derivative phone book using the list of names and telephone numbers in a copyrighted phone book and there's nothing that the copyright holder can say about it.
Ahh.. so things which are not subject to copyright are not affected by a copyright license. Gosh.. I... would... never... have... guessed... Please do put your business card in the box by the door as you leave. I am sure to want to consult you and your vast brilliance on legal matters in future.
Another example - Oracle vs Google. The names of the individual java classes, as well as the class hierarchy, while they are part of a copyrighted work, are not protected - they are both "scene a faire" material (there is only one way to make a compatible class structure and that is to use the same class names) and they are not actually executable - they are symbolic names that only allow you to locate the code inside each class to actually execute. You do need to rewrite the contained code, except when there is again "only one way to do it" or "one generally accepted way to do it", in which case you can just copy the "one way" with impunity.
The thing is that the function and class names are not themselves "functional" - they do not compile down to instructions to "do something" - they're just a symbol used to locate the actual code within the function. Changing a function name from add to sub doesn't suddenly make the sub function do anything different from when it was called add. In an API that is meant to implement specific functionality, because the function and class names are not separable from the functionality (changing the function name breaks the API), you don't have a separate interest in copyright in the function and class names. So, the class names become "one way to do it" when implementing, say, a java clone or a clone of an existing GPL program, and you only need to modify the contained code - the code that is actually, pardon the pun, functional.
People keep thinking that fair use is the only way to override copyright, when there are SO many exceptions. For example, you can make and distribute a large-print or audio edition of a "non-dramatic copyright work" without the original copyright holder's permission for use by people with vision problems - something that is going to come more and more into play as the population ages.
Which is more of the same. Copyright is not all encompassing. The fact that you buy software from Microsoft does not mean that they can tell you where to take a dump or when to pick your nose. There was a whole discussion related to multiprecision libraries and cryptography libraries based on them. The final agreed outcome was that, on the basis of US fair use rules, if you used a copyri
I didn't agree with you, but found some difficulty thinking of a specific example on the internet (especially since I wanted it to pre-date the original Mac, if not the Apple II. Eventually however, my web search turned up these gorgeous 1950's pick up arm packages (scroll to the bottom). There has always been a certain class of product which differentiates more by visual design (think Bang and Olufsen) than product features.
What I will give you is that in a desert of bad taste, plastic nick-nacks and eSATA cables that just work awfully, Apple's design is a definite bright spot. I still remember Nokia's pathetic attempts at connecting a headphone set to a mobile phone from near the beginning of the century. In the end, however, nothing is new under the sun. Copying is the way that Apple got where they are and others should be allowed to do the same. Apple needs to keep running to stay ahead and shouldn't just count on the legal system allow them to stop having to work for their daily bread the same as the rest of us.
now that copyright law has been sufficiently clarified by the courts, it's very easy to get around the restrictions of the GPL and take any gpl'd code and legally create a closed-source version
It seems that Barbaras continually mouth off about this on Slashdot, however nobody has seen any evidence it's even vaguely true. Care to give us an actual example where someone has done this against GPLv3 software? Strangely it seems that most of the court cases similar to this have been won by the GPL people. See busybox, for example.
Company cars aren't for leisure time. Use your own car.
Neither you nor the other who replied to you are right. Some company cars are taxed benefits and you have the right to do what you want in them in full privacy. Others are untaxed and you should only be doing work in them.
You can lock down a laptop sufficiently so that even though you've lost physical control of the machine, nothing normal in software short of replacing the hard disk is going to compromise the system. If your employees are doing that just to circumvent IT policy, maybe THEY should be treated as the hostile one, not the laptop.
FTFY;
In other words; no you can't. You can compromise the user interface by putting something between the keyboard and the IO device. With a radio device there you may read passwords on demand or even do live manipulation. For a laptop that counts to me as "compromised". However, if that's not enough you can always put a tap on the bus between the IO devices and the processor. Typically a simple second device on one of the main buses is sufficient. Then you can simply insert your code into a DMA transfer at the appropriate point.
Please note that these attacks completely bypass any protection from disk encryption and are partially effective against many TPM uses.
Once you have physical access pretty much all bets are off. Even military systems deal only with time delay and / or data destruction in the case of physical control.
When you look at it, yes, it does seem at first glance that Samsung is copying Apple. What's crucial about this claim is the idea that Apple's packaging was original and different. However, if you look at it; Apple's supposedly original unboxing experience (from June 2007) and compare it with Nokia's N97 unboxing experience from march of the same year using the comparison table in the article you linked to then we see
a rectangular box - match
with minimal metalic silver lettering - match
and a large front view picture of the product prominently on the top surface of the box - no match, but compare Nokia E90 communicator launched in February
a two piece box wherein the bottom piece is nested completely within the top piece - match
use of a tray which cradles the products to make them completely visible on opening the box - match
The match between Apple and Nokia is much better than the match between Samsung and Apple. Who is ripping off who? Basically this kind of "copying" is nothing more than a type of fashion and Apple is outrageous to try to get competitor's products banned for things that they do themselves many times over.
The GPL poisons commercial code -- intentionally -- and that keeps GPL'd software from ever bringing mainstream software [...] Those big packages everyone wants, [..] simply can't afford to mix in with that kind of licensing.
Yes, that's so right. Look at how Oracle became free software straight after they ported it to Linux. Bankrupted the company too.
Ok, I know, here comes the mod-bombing, lol.:)
I know I know. The mods here; so damn biased. What next? Discrimination against Goatse posters?? I think you both have an equally valid reason to demand to be modded up. In fact I'm surprised that the BSA hasn't managed to put through legislation to guarantee that for you.
Well; "spot it" kind of implies it's hidden. I don't know if you have Read The Fine Article, but even looking at the summary above you will see that the FSF is straight up and clearly involved. In Caos Theory article there is absolutely no declaration of Microsoft's involvement whatsoever. It seems a bit foolish to bring attention to something like this.
it restricts you from editing the source code, because you become liable to all sorts of legal responsibilities if you do so.''''
No it doesn't. You can edit privately and use the software internally in your company and never even have to touch the terms of the GPL. On the other hand, if you never edit the software, but you distribute the software then you normally need to follow the terms of the GPL even if you have never edited it.
Interestingly enough, some of the largest IT companies, like IBM, Oracle, RedHat, Ubuntu and even Microsoft disagree with you and happily work with and distribute GPL software.
You left out the part where the pro-GPL study comes from the authors and advocates of the GPL.
Thanks for the hint (its astounding the way that accusations from shills so often point you in the direction of what they themselves are doing). You left out the fact that the original data came from a Microsoft partner involved in Codeplex. Immediately I saw your post I thought to search for that.
And doesn't Debian actually actively work for make sure the packages it distributes are GPL?
Not at all. They just tend to make selections of the projects which actually work rather than the hundreds of projects that never go anywhere. The Debian Free Software Guidelines mean that main distribution software has to be free, but basically anyone who has motivation and acceptable software can get their package in.
Simply put, if a package isn't in Debian then it mostly very specialised, quite new or isn't worth touching. If there are several Debian packages and you don't know which to go for, then go for the one which is in Red Hat since that will be the most professionally maintained package.
The first survey may have been representative of packages which people start developing, but this is more representative of packages which are actually useful.
Your system is trivially defeated by someone who has control of the code on the system. The program given to the computer is approximately the following (with tuning for the actual procedures)
if the machine has not been used recently this is a double blind test; do not alter ballots; record date of test
if the machine has been used recently this may be an election;record date of test; prepare to alter ballots
if there are less than 100 ballots cast then do not alter the ballots.
if the machine has been running less than three hours do not alter ballots.
add 5% of total ballots to the count for supported candidate
subtract (0.05 * total ballots * ballots given to candidate / total ballots for opposed candidates) to the count for each other candidate
(specific parameters might need tuning for a given election procedure; but a generic system should be pretty easy). Alternatively; if we can get a legitimate voter working for us in each area we want to adjust votes.
if someone comes in; activates the touch screen but then presses top left ; middle right; top left ; bottom left; middle left; top right
then alter outcome as above
otherwise do nothing
Neither system will trigger in a double blind test; The code for this is pretty easy to hide from an audit. The very fact that you think that your testing would reveal insecurities shows exactly why electronic voting should not be allowed.
Everyone I talk to that doesn't like e-voting doesn't like it on principle, and any hypothetical where it was 100% secure in their definition was still objected to.
I do not object to "paper verified electronic voting" were the paper votes are done right. If you look at verifiedvoting.org you will find that my position is not that rare. The protocol is more or less the same as the paper ballot protocol shown above by AC. It has steps added as follows:
the voter creates a vote paper
the voter puts the vote into the ballot box
after the vote is put into the ballot box the machine counts the vote*
random locations are count verified against the machine, and in case of discrepancies the entire election is recounted by hand
any candidate in any circumstances can demand a hand recount of whichever areas they wish to have recounted.
the votes are stored for at least several months and may be stored longer in case of questions
I am opposed to electronic voting from the home. You might call this "on principle" but it's for simple practical reasons:
it's almost impossible to secure people's computers so their vote may be remotely observed and possibly modified, depending on the system (e.g. drop a percentage of your opponent's votes whilst making voters think they voted successfully)
it's almost impossible to ensure that people vote privately at home and that enables vote buying
I am opposed to paperless electronic voting. You might call this "on principle" but it's for simple practical reasons:
lack of physical records makes forensic analysis of computer failures much more difficult than paper voting
practical secure computing systems are a research subject which has not given fruit to available commercial devices; this becomes doubly so when you start to invoke networking
Please note, that I also oppose current systems for paper based postal voting for similar reasons to those that I'm opposed to current electronic voting proposals. Remote voting should be done in secured facilities such as consulates abroad with a process very similar to a normal polling station.
] If you want a secure e-voting system then be prepared to dish out a lot of cash to security expert....
Do you have any example where this has been achieved (as demonstrated by standing up to serious peer review with full access to the code and system design) or are you just auditioning for a job as a security consulting salesman.
N.B. For the humor impaired who can't read my signature that was a somewhat sarcastic / bitchy joke.
This protocol is simple enough that no expertise is necessary to memorize it, understand why it works, and verify that it is followed correctly.
This can't be stated strongly enough. If there is any part of this that can't be understood by retired clerk without higher education and with no real interest in mathematics and/or computing then you are getting rid of some of the most important volunteers who can ensure that the voting goes correctly.
They also appear not to have hired an independent security review group to scan the code and review the implementation, or if they did hire one, they hired one that was no good.
It's explicitly stated in the summary, let alone the article that this was a good system with a clean Ruby set up. That is more or less "state of the art security". If we take the lesson that this was a "bad" team and that most others would do better we would be deeply wrong. There were IDSis systems and filters in place. That a considerably higher level of protection and a sign of a higher level of security awareness than most competing systems.
The main message is that the currernt state of the art doesn't come close to providing decent security. Even key military systems have been showing a bunch of failures such as the Windows based battleship propulsion system. That shows that people who know how to build secure systems don't know how to build reasonable sized / commercial systems and are losing in competitive battles to cowboys using completely unsuitable technologies.
MS currently licence 2,300 patents relating to H.264 for 2 cents per unit. Google/Motorola want $22.50 for the remaining 50 patents it hold
Or in other words, Microsoft is engaging in predatory pricing in order to push their own standard forward. This is not something that should be held in Microsoft's benefit. Almost any other company would end up with their employees in jail.
Slashdot Mirror
I have no idea why someone would gloss over / apologize for half-baked attempts at practical crypto, as Glenn Fleishman appears to have done here ("oh yeah, it's not really secure, did you reeeally need that?"). Does he have a horse in this race?
Very good question (mods; you should be reading at -1). Having looked about a bit it seems that he has been recommending this password software, for example he recommended 1password pro which has multiple problems; doesn't use the keychain; encourages use of a PIN for security and (to quote Elcomsoft):
When you write articles on a topic you likely get advertising revenue from that, so it's possible he's also being attacked on his income. As they say, "It is difficult to get a man to understand something, when his salary depends upon his not understanding it!" (N.B. I am not suggesting concious corruption or something).
In the end I guess I had better put it in an obXKCD which puts this better than I could.
Thanks; I do try occasionally. Though I have to say that the signature a bit spoils it in this case.
Or should that be: "WHOOOOOSH. The sound you hear is the sound of the Chinese controlled Minuteman nuclear missile (they are a type of rocket) on it's way over your village to a demonstration point somewhere in the Nevada desert"???!!!???
The grandparent wasn't replying to a post about "teh lulz"; he was replying to a much more general point.
Whoever modded this troll has a total lack of perspective. That "history is written by the winners" is hardly an original observation but it's very on point. Lots of people are reviled because they lost; Guy Fawkes; The leaders of the Soviet August Coup; etc. etc. Winning is not the only or even a guaranteed way to enter history as a hero but it sure helps.
They invented it, so they ought to have the right to control it.
I agree 100%. A Scotsman called John Logie Baird invented the scanviewing screen. Every single viewing screen in the world (computer monitor; TV; security monitor; infra-red main battle-tank target sighting system; space ship piloting screen etc. etc.) should be routed, at the owner's expense, through a centre in Scotland so that the Scots can ensure their control over what is viewed on those screens.
My only fear is what the Chinese are going to do with their right to control your use of toilet paper.
Compared to "Clean room" implementation, which also results in a new implementation that is binary-compatible, you are adding little new. You will be able to do some trivial copying over of parts of source files directly - e.g. constants for hardware control - at the cost of legal risk (if you make a mistake) and legal work (you have to check each file carefully to avoid the mistake).
I guess you are saying that you have no example where someone actually got a substantial benefit from doing this. Right? That's why you have started trying ad-hominem insults instead. Right?
This doesn't work against hardware encrypted hard disks which is what the "lock it down completely". E.g. if you steal a Thinkpad you will end up having to replace the TPM and the firmware of the hard disk completely. My methods, basically variants of the "Evil Maid" attack will allow you to attack even those systems.
Nowhere do I say that you have to do a complete rewrite - trying to "win" by putting words in my mouth won't work.
You answered my question with the following:
this was the very first sentence of your reply. I know it seems long ago and asking an internet troll to remember the beginning of their last post is a bit unfair, but there you go.
Any gplv3 program - just because the package in its entirety is subject to copyright doesn't mean that individual portions of it are, same as a phone book or book of recipes can be, but the individual addresses and phone numbers, or recipes, may not be.
has been
Busybox is currently being re-implemented by sony in such a fashion, so please try to keep up, mkay?
Always suspected you of being a bullshitter. Let's just have a look at your quote again
Your answer - rewrite it entirely - has nothing to do with your claim - that you can "take any" code.
If you want other examples, look up the whole "linux headers in android" tempest in a teapot - where it's perfectly fine to copy huge chunks of code residing in files that are licensed GPL2, w/o having to license the result as GPL2. Or were you asleep when the FSF tried to use this to attack Android?
The courts (Feist vs Rural, Goolab vs Nintendo) have consistently held that copying of the non-protectable portions of copyrighted material, copying of "only one way to do it" code, as well as modifying contents in ram, are all just fine. The GPL cannot prevent you from doing any of these, the same as you can make a derivative phone book using the list of names and telephone numbers in a copyrighted phone book and there's nothing that the copyright holder can say about it.
Ahh.. so things which are not subject to copyright are not affected by a copyright license. Gosh.. I ... would ... never ... have ... guessed ... Please do put your business card in the box by the door as you leave. I am sure to want to consult you and your vast brilliance on legal matters in future.
Another example - Oracle vs Google. The names of the individual java classes, as well as the class hierarchy, while they are part of a copyrighted work, are not protected - they are both "scene a faire" material (there is only one way to make a compatible class structure and that is to use the same class names) and they are not actually executable - they are symbolic names that only allow you to locate the code inside each class to actually execute. You do need to rewrite the contained code, except when there is again "only one way to do it" or "one generally accepted way to do it", in which case you can just copy the "one way" with impunity.
The thing is that the function and class names are not themselves "functional" - they do not compile down to instructions to "do something" - they're just a symbol used to locate the actual code within the function. Changing a function name from add to sub doesn't suddenly make the sub function do anything different from when it was called add. In an API that is meant to implement specific functionality, because the function and class names are not separable from the functionality (changing the function name breaks the API), you don't have a separate interest in copyright in the function and class names. So, the class names become "one way to do it" when implementing, say, a java clone or a clone of an existing GPL program, and you only need to modify the contained code - the code that is actually, pardon the pun, functional.
People keep thinking that fair use is the only way to override copyright, when there are SO many exceptions. For example, you can make and distribute a large-print or audio edition of a "non-dramatic copyright work" without the original copyright holder's permission for use by people with vision problems - something that is going to come more and more into play as the population ages.
Which is more of the same. Copyright is not all encompassing. The fact that you buy software from Microsoft does not mean that they can tell you where to take a dump or when to pick your nose. There was a whole discussion related to multiprecision libraries and cryptography libraries based on them. The final agreed outcome was that, on the basis of US fair use rules, if you used a copyri
I didn't agree with you, but found some difficulty thinking of a specific example on the internet (especially since I wanted it to pre-date the original Mac, if not the Apple II. Eventually however, my web search turned up these gorgeous 1950's pick up arm packages (scroll to the bottom). There has always been a certain class of product which differentiates more by visual design (think Bang and Olufsen) than product features.
What I will give you is that in a desert of bad taste, plastic nick-nacks and eSATA cables that just work awfully, Apple's design is a definite bright spot. I still remember Nokia's pathetic attempts at connecting a headphone set to a mobile phone from near the beginning of the century. In the end, however, nothing is new under the sun. Copying is the way that Apple got where they are and others should be allowed to do the same. Apple needs to keep running to stay ahead and shouldn't just count on the legal system allow them to stop having to work for their daily bread the same as the rest of us.
now that copyright law has been sufficiently clarified by the courts, it's very easy to get around the restrictions of the GPL and take any gpl'd code and legally create a closed-source version
It seems that Barbaras continually mouth off about this on Slashdot, however nobody has seen any evidence it's even vaguely true. Care to give us an actual example where someone has done this against GPLv3 software? Strangely it seems that most of the court cases similar to this have been won by the GPL people. See busybox, for example.
Company cars aren't for leisure time. Use your own car.
Neither you nor the other who replied to you are right. Some company cars are taxed benefits and you have the right to do what you want in them in full privacy. Others are untaxed and you should only be doing work in them.
You can lock down a laptop sufficiently so that even though you've lost physical control of the machine, nothing normal in software short of replacing the hard disk is going to compromise the system. If your employees are doing that just to circumvent IT policy, maybe THEY should be treated as the hostile one, not the laptop.
FTFY;
In other words; no you can't. You can compromise the user interface by putting something between the keyboard and the IO device. With a radio device there you may read passwords on demand or even do live manipulation. For a laptop that counts to me as "compromised". However, if that's not enough you can always put a tap on the bus between the IO devices and the processor. Typically a simple second device on one of the main buses is sufficient. Then you can simply insert your code into a DMA transfer at the appropriate point.
Please note that these attacks completely bypass any protection from disk encryption and are partially effective against many TPM uses.
Once you have physical access pretty much all bets are off. Even military systems deal only with time delay and / or data destruction in the case of physical control.
The match between Apple and Nokia is much better than the match between Samsung and Apple. Who is ripping off who? Basically this kind of "copying" is nothing more than a type of fashion and Apple is outrageous to try to get competitor's products banned for things that they do themselves many times over.
The GPL poisons commercial code -- intentionally -- and that keeps GPL'd software from ever bringing mainstream software [...] Those big packages everyone wants, [..] simply can't afford to mix in with that kind of licensing.
Yes, that's so right. Look at how Oracle became free software straight after they ported it to Linux. Bankrupted the company too.
Ok, I know, here comes the mod-bombing, lol. :)
I know I know. The mods here; so damn biased. What next? Discrimination against Goatse posters?? I think you both have an equally valid reason to demand to be modded up. In fact I'm surprised that the BSA hasn't managed to put through legislation to guarantee that for you.
Well; "spot it" kind of implies it's hidden. I don't know if you have Read The Fine Article, but even looking at the summary above you will see that the FSF is straight up and clearly involved. In Caos Theory article there is absolutely no declaration of Microsoft's involvement whatsoever. It seems a bit foolish to bring attention to something like this.
it restricts you from editing the source code, because you become liable to all sorts of legal responsibilities if you do so.''''
No it doesn't. You can edit privately and use the software internally in your company and never even have to touch the terms of the GPL. On the other hand, if you never edit the software, but you distribute the software then you normally need to follow the terms of the GPL even if you have never edited it.
Interestingly enough, some of the largest IT companies, like IBM, Oracle, RedHat, Ubuntu and even Microsoft disagree with you and happily work with and distribute GPL software.
You left out the part where the pro-GPL study comes from the authors and advocates of the GPL.
Thanks for the hint (its astounding the way that accusations from shills so often point you in the direction of what they themselves are doing). You left out the fact that the original data came from a Microsoft partner involved in Codeplex. Immediately I saw your post I thought to search for that.
And doesn't Debian actually actively work for make sure the packages it distributes are GPL?
Not at all. They just tend to make selections of the projects which actually work rather than the hundreds of projects that never go anywhere. The Debian Free Software Guidelines mean that main distribution software has to be free, but basically anyone who has motivation and acceptable software can get their package in.
Simply put, if a package isn't in Debian then it mostly very specialised, quite new or isn't worth touching. If there are several Debian packages and you don't know which to go for, then go for the one which is in Red Hat since that will be the most professionally maintained package.
The first survey may have been representative of packages which people start developing, but this is more representative of packages which are actually useful.
(specific parameters might need tuning for a given election procedure; but a generic system should be pretty easy). Alternatively; if we can get a legitimate voter working for us in each area we want to adjust votes.
Neither system will trigger in a double blind test; The code for this is pretty easy to hide from an audit. The very fact that you think that your testing would reveal insecurities shows exactly why electronic voting should not be allowed.
Everyone I talk to that doesn't like e-voting doesn't like it on principle, and any hypothetical where it was 100% secure in their definition was still objected to.
I do not object to "paper verified electronic voting" were the paper votes are done right. If you look at verifiedvoting.org you will find that my position is not that rare. The protocol is more or less the same as the paper ballot protocol shown above by AC. It has steps added as follows:
I am opposed to electronic voting from the home. You might call this "on principle" but it's for simple practical reasons:
I am opposed to paperless electronic voting. You might call this "on principle" but it's for simple practical reasons:
Please note, that I also oppose current systems for paper based postal voting for similar reasons to those that I'm opposed to current electronic voting proposals. Remote voting should be done in secured facilities such as consulates abroad with a process very similar to a normal polling station.
] If you want a secure e-voting system then be prepared to dish out a lot of cash to security expert....
Do you have any example where this has been achieved (as demonstrated by standing up to serious peer review with full access to the code and system design) or are you just auditioning for a job as a security consulting salesman.
N.B. For the humor impaired who can't read my signature that was a somewhat sarcastic / bitchy joke.
This protocol is simple enough that no expertise is necessary to memorize it, understand why it works, and verify that it is followed correctly.
This can't be stated strongly enough. If there is any part of this that can't be understood by retired clerk without higher education and with no real interest in mathematics and/or computing then you are getting rid of some of the most important volunteers who can ensure that the voting goes correctly.
They also appear not to have hired an independent security review group to scan the code and review the implementation, or if they did hire one, they hired one that was no good.
It's explicitly stated in the summary, let alone the article that this was a good system with a clean Ruby set up. That is more or less "state of the art security". If we take the lesson that this was a "bad" team and that most others would do better we would be deeply wrong. There were IDSis systems and filters in place. That a considerably higher level of protection and a sign of a higher level of security awareness than most competing systems.
The main message is that the currernt state of the art doesn't come close to providing decent security. Even key military systems have been showing a bunch of failures such as the Windows based battleship propulsion system. That shows that people who know how to build secure systems don't know how to build reasonable sized / commercial systems and are losing in competitive battles to cowboys using completely unsuitable technologies.
MS currently licence 2,300 patents relating to H.264 for 2 cents per unit. Google/Motorola want $22.50 for the remaining 50 patents it hold
Or in other words, Microsoft is engaging in predatory pricing in order to push their own standard forward. This is not something that should be held in Microsoft's benefit. Almost any other company would end up with their employees in jail.