Goals: 1. Confirm your vote is collected correctly. 2. Try to assure the people that no votes were added. 3. Don't hide results. 4. Keep votes anonymous.
Solution: 1. Keep a large public vote database. 2. Be able to Look up votes by voter id, county, polling location and time. 3. Keep large visible clock and voter count at each polling station. Every time a person goes into the voting room, the count goes up. Voter counts can be confirmed online. Maybe even in a graph over time.
The voter should be able to go online and see his own vote. Since every voter can see every vote counted up in every polling location in the country and know that everyone else can, they'll be assured of the results. If they're paranoid, they can watch their local polling station's voter count and confirm the published results don't have added votes.
Note: Maybe instead of voter id's, it should be a random confirmation code thats generated on the spot. That should be even more anonymous.
Problems: Some people actually vote for the wrong person on accident. That's unfortunate, but the solution isn't to hide it from them. If vote online doesn't match your vote, have a dispute process. Keep track of dispute counts over time, for the public to see.
The initial version of IE sucked, but, in the end, they beat the snot out of Netscape.
Why do people actually think that IE "beat" Netscape?! It was just made default and installed on every new computer. You had to use IE to go download Netscape. Ever since then, it's had a majority.
Are we assuming that the packets will be obvious IRC packets or something? It would be suggestive of a botnet if lots of traffic was moving while the computer was idle, but that could always be background programs downloading updates or whatever. If a botnet used any sort of encryption, or even a binary protocol instead of ascii, it could be extremely difficult to tell it's a botnet by just looking at packets.
"Our economy is a disaster. We have two wars going on with no real plan to get out of either."... "And for some reason marijuana is an important issue?"
I hate to point out the obvious here, but current problems are the entire reason it's even being debated right now. Legalizing marijuana would save the government huge amounts of money. Not only would they make money on taxes, but it would take a huge load off of our criminal justice system. We could also finally stop sending money to the powerful drug cartels that fund crime and are causing major violence in our southern border. There are of course plenty of other reasons to legalize marijuana that aren't related to current issues.
I really want a million dollars. I've decided to publicly harass Google to give me a million dollars. Simply ignoring Google won't solve my problem. I will continue until one of two things happens:
1) Google dies and no one gets anything from Google ever again. or 2) Google continues to live and gives me a million dollars.
So basically, you're saying that Google put up a lot of time, effort, money, lawyers, all at a huge risk. And no one else can compete with them because they'd have to to put up the time, effort, money, lawyers at a huge risk just like Google did?
What this slashdot post needs is: 1. A description of the law that was passed. 'three strikes and you're out' isn't very descriptive. I'm assuming it has to do with file sharing and cutting off people's internet connections?
2. How many deputies were supposed to be there? 18? 100? 300?
Should Google start paying for search results? This is idiotic. If they don't want Google to index them, thats what robots.txt is for. They can restrict Google from indexing them, they can lose traffic and everyone can move on.
SWFScan is a free Flash security tool (download here), released by HP Software, which decompiles all versions of Flash and scans them for over 60 security vulnerabilities.
It sounds like SWFScan actually scans flash SWF files, not flash itself like the post suggests.
Yeah, there isn't really an alternative to C for low level things, which is what bothers me. It seems like an alternative language is the obvious solution to huge classes of security problems.
ATS looks interesting, they even have a paper on writing linux device drivers in ATS. Maybe the alternative will turn out to be ATS, or maybe BitC, but it needs to hurry up and people need to start abandoning C/C++.
Am I the only one that thinks it's ridiculous we still have programs crash? It's 2009, why are we still programming in C? It's certainly possible to have the same speed and low level expressiveness and include assurances against crashes and buffer overflows.
F-secure was one of the first people I'm aware of to register some of the domain names that infected machines try to contact. When people were asking this question, this was their response.
On a regular day, our sinkhole sees around 1.5M-2M unique IP addresses that are infected with a various catering of malware: viruses, trojans, bots, worms and so on. Downadup.B is responsible for about 1M-1.3M of those IP addresses. So let me explain what we do with the data first: We try to contact the ISP's where the infected IP addresses are coming from and try to get them to notify the customers to take down the infected systems. We also notify various CERT organisations in the countries where the infections are and work with them to get the infected machines offline. We also share some the data with Law Enforcement organizations in those cases where the author of the malware is known. This allows the police to get their hands on real, raw, data on the amount of infections. That data can later be used in court as evidence to get reasonable convictions.
Now, why won't we automatically disinfect the machines? The reason is simple: we would be knowingly, and with intent, be accessing the infected computer and giving it commands without having a prior permission from the owner. In most countries that equals to unlawful access which gets you an appointment in court. Some laws do weigh things by judging "a greater good", but in this case it does not help. Imagine the world being a huge porcelain store, inside a black box with only two holes for your hands allowing access. You can put your hands in the box but can't see what you're doing. Now, try to remove all the dust without breaking anything...
There are several things that might go wrong and the consequences could be severe. Imagine if we, while disinfecting, would knock out life support systems in hospitals. Or radar systems in major airfields. Or traffic lights in a major city. Or any other of imaginable and unimaginable scenarios that would be bound to happen taking into consideration the scale of this thing.
And it doesn't matter where we offered the disinfection from. We are a corporation with presence in various countries. The disinfected victims would be in those countries, suing us there. The place where we caused the damage from does not matter, its the place where the damage happened.
To make automatic, remote, unwilling disinfection ever possible there is a need for an international treaty. And an internation body of authority that will decide what to disinfect, who to disinfect and when to disinfect. And unfortunately I don't see that one coming in near future. I wouldn't bet foreign militaries or intelligence organizations being too happy about anyone tampering with their systems, regardless of the intent.
We've had long talks about remotely disinfecting machines and everyone in here is in unanimous vote on not doing it for the above reasons. And don't think it's a happy moment seeing hundreds of thousands, or millions, of machines being infected. Still, we do our best to get them fixed.
Seriously! And what's the worst that can happen? Some people won't be able to watch TV for a while? Maybe they'll miss American Idol! Who cares?! It would probably be the best thing to happen to them. Television sucks anyway.
The government isn't actually concerned about these people. I'm sure it's more along the lines that the media companies are worried about missing advertising dollars from slightly lower ratings.
Can anyone educate me on why a mandated cutting analog is a requirement of DTV?
The spectrum that analog TV uses was sold off so that companies like Verizon could use it for a new wireless network service. Can't really do that while analog TV broadcasts are still using the spectrum.
That doesn't really answer his question at all, does it?
Like I've said here before, knowing about warrants wasn't really my job. I have no clue if they ever had proper warrants.
I probably shouldn't say what company it was, but they had over 20,000 servers when I left. They've grown much more since then. I bet it's the same at any major hosting company. If you have that many servers, you're bound to have some involved in heavy financial crimes or terrorist websites.
Making sure they had the proper warrants wasn't my job. That part was all over my head. My boss would just tell me when someone was coming over to get a drive.
I used to work as a sysadmin for a major datacenter. There was no room as far as I knew. If there was, it was pretty hidden from everyone.
We did have people from the FBI or Secret Service come in every once in a while and ask for a hard drive out of a server. We'd tell the customer he had hardware problems as we mirrored the drive.
Also, it seems obvious that if the government wanted to spy on traffic, they wouldn't do it at endpoints like datacenters. They would do it at major routers.
Re:I really want a copy of this...
on
Clean Code
·
· Score: 1
I used to think perl was great. I used to think you could totally write maintainable code in perl. The thing is, you CAN! It's just that with a project with several people, it tends to not happen.
"I really want this feature. I've heard of this program that's made for exactly the feature that I want, but I'm unfamiliar with it. HELP ME SLASHDOT YOU'RE MY ONLY HOPE!!1!"
First she wants server logs given to the RIAA and now this? What the hell is wrong with this judge Jacqueline Chooljian?! She needs to be barred from dealing with any technical decisions from now on. What can we do to stop her?
I started using this backup software by R1Soft. It can take consistent point-in-time snapshots of an ext2/3 file system similar to Microsoft's volume shadow copy. It even has a whole system that tracks changes to hard drive blocks and can send changed blocks to a remote backup server. So these tools do exist for Linux.
It's that they have too much control. It's actually hard to buy a PC without giving Microsoft money. And they can pretty much charge whatever they want because they have such a strangle hold on everything to do with computers. It's like asking "Why do people hate the gas companies?" It pisses people off when they're so addicted to gasoline that they feel forced to pay the $3.00/gallon while they realize they're getting screwed.
And to make things worse, there is a whole software market that runs on top of their system. This gives them even more control and the ability to take over and force out any software running on their system. This leads to more control and forced addictions in certain software markets.
I think this is the basic reason the casual consumer hates Microsoft. Most of the other reasons people hate Microsoft only matter to geeks.
Slashdot Mirror
Here is the solution to all voting problems.
Goals:
1. Confirm your vote is collected correctly.
2. Try to assure the people that no votes were added.
3. Don't hide results.
4. Keep votes anonymous.
Solution:
1. Keep a large public vote database.
2. Be able to Look up votes by voter id, county, polling location and time.
3. Keep large visible clock and voter count at each polling station. Every time a person goes into the voting room, the count goes up. Voter counts can be confirmed online. Maybe even in a graph over time.
The voter should be able to go online and see his own vote. Since every voter can see every vote counted up in every polling location in the country and know that everyone else can, they'll be assured of the results. If they're paranoid, they can watch their local polling station's voter count and confirm the published results don't have added votes.
Note: Maybe instead of voter id's, it should be a random confirmation code thats generated on the spot. That should be even more anonymous.
Problems: Some people actually vote for the wrong person on accident. That's unfortunate, but the solution isn't to hide it from them.
If vote online doesn't match your vote, have a dispute process. Keep track of dispute counts over time, for the public to see.
The initial version of IE sucked, but, in the end, they beat the snot out of Netscape.
Why do people actually think that IE "beat" Netscape?! It was just made default and installed on every new computer. You had to use IE to go download Netscape. Ever since then, it's had a majority.
Are we assuming that the packets will be obvious IRC packets or something? It would be suggestive of a botnet if lots of traffic was moving while the computer was idle, but that could always be background programs downloading updates or whatever. If a botnet used any sort of encryption, or even a binary protocol instead of ascii, it could be extremely difficult to tell it's a botnet by just looking at packets.
"Our economy is a disaster. We have two wars going on with no real plan to get out of either." ...
"And for some reason marijuana is an important issue?"
I hate to point out the obvious here, but current problems are the entire reason it's even being debated right now. Legalizing marijuana would save the government huge amounts of money. Not only would they make money on taxes, but it would take a huge load off of our criminal justice system. We could also finally stop sending money to the powerful drug cartels that fund crime and are causing major violence in our southern border. There are of course plenty of other reasons to legalize marijuana that aren't related to current issues.
P.S. I don't smoke weed. I hate it.
Its implications, though startling, have gone almost un-reported. So I decided to change that.
DUUUUUUPE
http://tech.slashdot.org/article.pl?sid=09/04/09/2044205
I really want a million dollars. I've decided to publicly harass Google to give me a million dollars. Simply ignoring Google won't solve my problem. I will continue until one of two things happens:
1) Google dies and no one gets anything from Google ever again.
or
2) Google continues to live and gives me a million dollars.
So basically, you're saying that Google put up a lot of time, effort, money, lawyers, all at a huge risk. And no one else can compete with them because they'd have to to put up the time, effort, money, lawyers at a huge risk just like Google did?
What this slashdot post needs is:
1. A description of the law that was passed. 'three strikes and you're out' isn't very descriptive. I'm assuming it has to do with file sharing and cutting off people's internet connections?
2. How many deputies were supposed to be there? 18? 100? 300?
Should Google start paying for search results? This is idiotic. If they don't want Google to index them, thats what robots.txt is for. They can restrict Google from indexing them, they can lose traffic and everyone can move on.
It sounds like SWFScan actually scans flash SWF files, not flash itself like the post suggests.
Yeah, there isn't really an alternative to C for low level things, which is what bothers me. It seems like an alternative language is the obvious solution to huge classes of security problems.
ATS looks interesting, they even have a paper on writing linux device drivers in ATS. Maybe the alternative will turn out to be ATS, or maybe BitC, but it needs to hurry up and people need to start abandoning C/C++.
Am I the only one that thinks it's ridiculous we still have programs crash? It's 2009, why are we still programming in C? It's certainly possible to have the same speed and low level expressiveness and include assurances against crashes and buffer overflows.
F-secure was one of the first people I'm aware of to register some of the domain names that infected machines try to contact. When people were asking this question, this was their response.
So what's the difference between a private defendant and a public defendant? One is just a person and the other is backed by a company?
Are we creating rules that don't apply to companies?
Seriously! And what's the worst that can happen? Some people won't be able to watch TV for a while? Maybe they'll miss American Idol! Who cares?! It would probably be the best thing to happen to them. Television sucks anyway.
The government isn't actually concerned about these people. I'm sure it's more along the lines that the media companies are worried about missing advertising dollars from slightly lower ratings.
Can anyone educate me on why a mandated cutting analog is a requirement of DTV?
The spectrum that analog TV uses was sold off so that companies like Verizon could use it for a new wireless network service. Can't really do that while analog TV broadcasts are still using the spectrum.
That doesn't really answer his question at all, does it?
grep --color
For some reason, many people are greatly surprised when they figure out that grep will highlight matches for them.
Like I've said here before, knowing about warrants wasn't really my job. I have no clue if they ever had proper warrants.
I probably shouldn't say what company it was, but they had over 20,000 servers when I left. They've grown much more since then. I bet it's the same at any major hosting company. If you have that many servers, you're bound to have some involved in heavy financial crimes or terrorist websites.
Making sure they had the proper warrants wasn't my job. That part was all over my head. My boss would just tell me when someone was coming over to get a drive.
I used to work as a sysadmin for a major datacenter. There was no room as far as I knew. If there was, it was pretty hidden from everyone.
We did have people from the FBI or Secret Service come in every once in a while and ask for a hard drive out of a server. We'd tell the customer he had hardware problems as we mirrored the drive.
Also, it seems obvious that if the government wanted to spy on traffic, they wouldn't do it at endpoints like datacenters. They would do it at major routers.
I used to think perl was great. I used to think you could totally write maintainable code in perl. The thing is, you CAN! It's just that with a project with several people, it tends to not happen.
"I really want this feature. I've heard of this program that's made for exactly the feature that I want, but I'm unfamiliar with it. HELP ME SLASHDOT YOU'RE MY ONLY HOPE!!1!"
First she wants server logs given to the RIAA and now this? What the hell is wrong with this judge Jacqueline Chooljian?! She needs to be barred from dealing with any technical decisions from now on. What can we do to stop her?
I started using this backup software by R1Soft. It can take consistent point-in-time snapshots of an ext2/3 file system similar to Microsoft's volume shadow copy. It even has a whole system that tracks changes to hard drive blocks and can send changed blocks to a remote backup server. So these tools do exist for Linux.
It's that they have too much control. It's actually hard to buy a PC without giving Microsoft money. And they can pretty much charge whatever they want because they have such a strangle hold on everything to do with computers. It's like asking "Why do people hate the gas companies?" It pisses people off when they're so addicted to gasoline that they feel forced to pay the $3.00/gallon while they realize they're getting screwed.
And to make things worse, there is a whole software market that runs on top of their system. This gives them even more control and the ability to take over and force out any software running on their system. This leads to more control and forced addictions in certain software markets.
I think this is the basic reason the casual consumer hates Microsoft. Most of the other reasons people hate Microsoft only matter to geeks.