It shouldn't be, at least in the form of DREs like Diebold. There has to be some human verifiable paper trail and tamper-evident recording. Diebold's people are either woefully ignorant about designing secure software or intentionally trying to help rig elections. Either way, what they produce should never be used in a real election. You don't build a secure voting platform on MS Windows and Access. Only a complete idiot would do that.
Just because the majority of the public is too uninformed to understand the nature of the threat doesn't mean it isn't a threat. Those who do understand should not stop fighting it until reforms take place to make the process at least a little bit secure. It would also help if people would withhold opinion on the voting machines if they aren't competent to judge the security and defer to people who do understand these issues. And stop calling the people who are concerned paranoid and kooks.
The stupid thing is that content providers DO pay for the Internet, as does Bell South. Everyone who connects to the Internet pays for it in the form of fees to their upstream ISP. Bell South is just trying to do an endrun around the economic process in which money percolates upwards from the connection points to the people who run the backbones. They aren't content with just providing a local road and getting paid by local residents for it. Instead, they want to also charge everyone who drives into their "neighborhood" of the Internet, and get twice the money. Loose analogy, I know, but this decentralized way is how the Internet is designed to work and be funded.
As I said, I think this is more intended as a way for them to extract tolls from VoIP. They can't stand that they won't be able to charge exorbitant fees for basic phone service anymore, so they are trying to claim that their customers can't access services that don't pay them. It may also be that a couple of Bell South execs saw Google's share price going through the roof and decided that they would try to get a piece of that pie.
Also, I wouldn't count Bell South out on winning this one just yet. The Baby Bells may have the FCC on their side, and the FCC is one of the most corrupt, crony-filled agencies in the entire government. They might be able to buy favorable legislation and regulatory rulings if they can't win in the market.
This is nothing but greed at its worst, and it will ultimately ruin the Internet if it succeeds. I'm guessing they are aiming this primarily at VoIP companies since they are worried about losing their local phone monopoly, but it could affect a lot of other things in a negative way too (by undermining the whole economics of the Internet, and vastly increasing expenses for running a website). I think the best move would be for all the bigger companies (like Google, etc) to just refuse to pay their money. Then it's the ISP that looks like the bad guy if they intentionally downgrade the service for refusal to pay "protection money".
So you feel your neighbor shouldn't have the right to install this stuff on their own property? From what I understand, these power companies are paying people to put these things on their land. How do YOU have the right to tell someone else what they can't do on their own property?
I'm as libertarian as it gets, and I don't think that it's any of my business what my neighbors do on their own property. Like it or not, all energy generation does affect other people. You usage of "traditional" energy generation affects me, because if it's coal/gas/oil, etc then it pumps pollutants into the air. The windmills have a LESSER effect on other people because all they do is "look ugly" (subjective) and make noise (not a problem in a rural area).
One plausible way (depending on a lot of factors like atmosphere, the size of the planet, etc) is that pieces of rock containing microorganisms could be ejected from the planet by a comet or asteroid impacting the surface. Another (more speculative) way would be that they could have hitchhiked on a spacecraft built by a more complex organism (as, in fact, Earth microrganisms have done in escaping Earth's gravity). The microbes could then make their way through space attached to something even if the organisms with the spaceship didn't go with them.
I agree with you on this. The real problem with Ebay in my opinion is simply the secrecy that everything is cloaked in. They can't completely prevent fraud, but they could make it a helluva lot easier for people to make their own judgements about who is and isn't untrustworthy. Unfortunately they have no incentive to do so, as pointed out above, because people still pay their ridiculous fees even with no protection whatsoever.
If I were to setup a new auction service from scratch I would want something like this: a) Community-moderated "karma" system. People should be free to leave comments at any time about seller, but there should be moderation performed by trustworthy members of the online community to make sure the system isn't abused too much. This might include give moderators extra tools to look into the identity/history of the people running auctions (ie, IP logs, identity information, etc). It would be great to have some sort of third party moderator with an interest only in protecting the integrity of the community as a whole. The current "feedback" system is WAY too easy to screw with.
b) More authentication of identity. Much more effort should be put into verifying identity information used by individuals on the service. This costs money to do well, of course...
c) More cooperation for gathering evidence to use against bad users. At the very least, the service should help people gather evidence to take to law enforcement much more than Ebay currently does.
d) More neutrality. In disputes, Ebay favors the people who give them money, even if they are the ones in the wrong. This probably requires an altered business model - ie, advertising driven - rather than the fee-based approach which encourages this bias.
e) Linkage with "real-world" traceable services, like Fedex and UPS. This wouldn't elliminate fraud, but since the carriers keep records about who and from where they ship things it should make it easier to track fraud artists down. This should be linked to the auction system and maybe even linked to the release of funds (not full escrow, but at least an acknowledgement that goods have been shipped).
Because it infringes on the freedom of other people who are not liars to require "accountability" in order to catch the liars. A much better solution is just to assume that people should read critically (people should KNOW they cannot trust anonymous authors on Wikipedia). They should be doing that anyway, especially in the media.
This has been touched on elsewhere in this thread, but why should all the responsibility for evaluating the credibility of a statement rest on the speaker? People simply shouldn't be placing much weight on something stated somewhere like Wikipedia. Wikipedia says this, over and over, right on their site. It's not their fault if people refuse to think critically about what they read. Let me put it this way: all undocumented Internet sources, but especially anonymous ones (and anyone could have verified that the comment in question was added by an anonymous source simply by consulting the history) are not believable. People simply have to view them differently from the mainstream press. I put this delicately before when I said "not reasonable", but frankly anyone who simply believes something posted to Wikipedia by an anonymous editor with no sources to back it up is a complete idiot.
As I said, I don't "support" what this anonymous editor did. In fact, I think it was very irresponsible (although it may not actually be libel since it didn't actually say that he was involved in the Kennedy assassination but only that he was rumored to be). I just support the right to anonymous speech. If people are going to be "unmasked" because they committed libel, then there is nothing to stop the "unmasking" of other anonymous speech, even true, non-libelous statements. I simply don't think anonymous libel is a big enough deal to give up this freedom to speak anonymously over.
What I meant was that anonymous libel does not do the same harm as attributed libel, because a reasonable person wouldn't be expected to believe something an anonymous person said. If people DO believe things that anonymous people say without independent confirmation, then they are not reasonable.
I don't support anonymous speech because I want people to be able to commit libel and get away with it; I support it because I think there are very valid reasons why someone might not want to be exposed for revealing something true. For example, it isn't libel for someone to expose government corruption that is actually taking place, but they still might suffer retribution for doing so. Even though the anonymous allegation doesn't necessarily carry much weight, it might prompt other people more able to protect themselves from retribution to look into the matter and publish it in a more credible fashion.
To me, this gain is a vital protection for freedom of speech that completely outweighs the dubious gain from banning anonymous libel. Without anonymous speech, freedom of speech will eventually outlawed as an elaborate system is put in place to indirectly punish people for challenging authority or posting unpopular opinions. Calls for "accountablity" sound to me exactly like calls to ban anonymous speech (and hence all speech eventually).
So are you against all anonymous speech? That seems to be the implication of all this anti-Wikipedia outrage from the media. Of course, they have no problem reporting "facts" obtained from anonymous sources.
In my opinion, people need to understand there is a continuum of credibility attached to any statement. Anonymous statements have very little credibility, and hence are not such a problem if libelous. No one should take them seriously anyway, so the speaker has less responsibility. Statements written under your real name have a lot more credibility (ie, people will be more likely to believe them) precisely because there are consequences attached to publishing lies.
So I would say that people who write under their real name have much more responsibility to be truthful and check their facts than people who write anonymously. The responsibility is a two-way street though: readers, especially on the Internet, need to learn that they shouldn't believe everything they read if it comes from a non-credible source. Wikipedia comments posted anonymously should not be taken as a credible source, and hence carry little weight. If people are unwilling or unable to evaluate the credibility of statements made then we might as well just give up on free speech in general because at that point "the public" can just be fed anything and they will believe it all.
That's why you simply get a dedicated email address for your domain registration that you don't use for anything else.
There needs to be accountability for people running websites, like it or not. Law enforcement does not have the time to go and investigate every single complaint made against a website, nor should they. If you don't like it, simply set up some privacy preserving way to make it so people can still contact you (like a P.O. box). You shouldn't be able to run from responsibility by hiding behind fake contact information. That is how scammers, phishers, spammers, and con artists hide from their victims.
Yes, and security processes should be designed taking human factors into account. I've only recently started to see some of this in the more popular programs, and it's still only at a rudimentary level. A couple of the newer examples are the URL bars that change colors for security status, and the way Firefox forces you to wait a few seconds (and presumably read) before just clicking through the box allowing installation of extensions or themes. The delayed dialog boxes are actually something I think is a really, really good idea since I've seen so many people just click through security warning boxes without stopping to read them at all. This certainly isn't a complete solution, but at least it's a step in the right direction.
I worded my original post poorly/incorrectly. It's true that you can't necessarily determine what is sending information ONLY by looking at the packet contents (although you can determine the protocol). But you could block any connections not passing through an application proxy server. The proxy could then require all applications on the host to authenticate their identity and integrity against the firewall machine, and establish a secure channel between them. This would still require some security on the host machine to protect the application credentials and the integrity of the network sessions, but still seems like an improvement on the situation where all control is on the end hosts.
You're correct that you can't look inside all streams of data just by looking at the packets. Encryption can defeat this as you point out (although in theory it is still possible for non-encrypted data). But then again, you could have a system to ban all encrypted data streams except to specific hosts whitelisted by you. This could be a pain given the number of hosts people often perform encrypted communication with, but still doesn't seem like a completely terrible idea to me given that a user should be aware whenever an authorized piece of software is sending out encrypted data.
That's all true, but unless Windows has a really good way to prevent tampering with drivers and unrelated programs then the software firewall will be vulnerable to being disabled or bypassed by malware. At least when you have a separate machine running your firewall nasty applications can't mess with it.
What we really need is a cheap, standalone appliance with an application-level firewall that can determine what application is sending requests by looking at packet contents (I know this is difficult). This won't solve the problem entirely, but it would help. A way to absolutely prevent unknown programs from loading into the kernel space or "hooking" into applications like this one did would help the existing software be more secure at least. Maybe require a reboot with Windows explicitly asking if it's okay?
People need to figure out that the two parties are essentially two sides of the same coin, and no different. Both are anti-freedom.
People should vote for third parties, but I doubt that's going to happen in large numbers until things get a lot worse given the big two's stranglehold on media coverage. Sadly, most people vote for who "the teevee" tells them to vote for, and don't truly investigate what they stand for. Instead, they just make a decision based on idiotic surface characteristics.
The best we can do in the short term is probably to strongly support moderates in both the big parties.
So you think it's a good idea to hand over the decision-making process over DNS to the companies that make filter products? Wow. You know that "pornography" is subjective, right?
Even the filters are usually user adjustable...but in this case you're saying that they should be "yes/no"...
I understand that. But what I was saying was that the only logical reason for having that law at all is to provide credibility for the claim that the code/device does not have backdoors, etc. If we can't inspect the code directly, then it makes people "feel better" to know that the people working on it are not criminals or party bosses. It's essentially a way to assure the public that tampering is not taking place - although it's probably only of dubious value even in that case given the incompetence and/or corruption of election officials.
What I'm saying is that there is no need to apply such a law to open source software because the credibility of the people working on it is irrelevant. With opensource, anyone can inspect the code directly and KNOW that there are not backdoors or security flaws present. There is no need to "assure" us that this is the case when we can check that ourselves and not need to rely on the testing performed by the election officials, who may not be experts in computer security in any case. Of course, there is always the issue of making sure the same code that is running on the machines is the source provided, and for this, we do need some official, publically transparent procedures by which we can observe the compilation, loading, distribution, and maybe even check digital signatures on the running code.
There's no need if the code is opensource, since anyone can then review it for malicious code.
The logical reason for the requirement that all the programmers be listed is that Diebold is essentially saying "Trust us!" rather than letting people directly review the code.
How about a system where they don't give you an actual receipt but instead they just let you check that your vote was accurately counted later? It could be just a random number assigned to your ballot that you can then go online and check in a downloadable huge list of all the voters in the country. The numbers could be assigned in such a way that there are no duplicates but that there is no way to extract any information about who a voter was from the number.
Then, they don't give you an actual printed receipt. You just have the option of writing your ballot number down on your own piece of paper. Then, if you tried to sell your vote, there is no way for the party machine boss to actually verify how you voted and that you are not lying to them, since they cannot verify that the number you are giving them is actually the number you were given when voting.
There's also the added bonus that if enough people checked their own votes that there is an extra check on the credibility of the official count. If widespread instances of people not finding their vote or having it reported wrong were reported, there would be evidence of fraud. And people could use their own verifed outside algorithm to count the votes.
Of course, there is still the problem of what to do if someone does claim fraud, since there is no way to verify this claim. But that would at least warrant independent investigation. Maybe the goal of our current system (though people don't know it) is simply to make people trust the official count regardless of whether they have any reason to believe it should be trusted (for stability/power reasons). Would it undermine stability and faith in the process if people were able to see all the fraud that DOES go on?
That's true, but the difference is far,far less than the difference between an O(n^3) algorithm and an exponential algorithm. It's kind of like the difference between solving the problem 1 billion times slower and NEVER solving it before the sun burns out.
What if they don't use a passphrase, but instead a smartcard or USB key with the key on it? And then destroy it as the police break down their door? I would think that terrorists would be smart enough to do that if they are smart enough to encrypt their whole harddrive.
So how do you suggest that the courts enforce the law and ensure that schools do not violate students' rights? Like it or not, monetary penalties will cause them to change their behavior. You have a right to be pissed that this money is not going for education, but your complaint should be with the school administrators who caused the lawsuit rather than the victim of their actions. The public outrage at the money is part of the point. It may end up causing these assholes to get fired or voted out of office.
Is it possible for courts to order a school to fire a particular employee such as a principal or teacher?
Slashdot Mirror
It shouldn't be, at least in the form of DREs like Diebold. There has to be some human verifiable paper trail and tamper-evident recording. Diebold's people are either woefully ignorant about designing secure software or intentionally trying to help rig elections. Either way, what they produce should never be used in a real election. You don't build a secure voting platform on MS Windows and Access. Only a complete idiot would do that.
Just because the majority of the public is too uninformed to understand the nature of the threat doesn't mean it isn't a threat. Those who do understand should not stop fighting it until reforms take place to make the process at least a little bit secure. It would also help if people would withhold opinion on the voting machines if they aren't competent to judge the security and defer to people who do understand these issues. And stop calling the people who are concerned paranoid and kooks.
The stupid thing is that content providers DO pay for the Internet, as does Bell South. Everyone who connects to the Internet pays for it in the form of fees to their upstream ISP. Bell South is just trying to do an endrun around the economic process in which money percolates upwards from the connection points to the people who run the backbones. They aren't content with just providing a local road and getting paid by local residents for it. Instead, they want to also charge everyone who drives into their "neighborhood" of the Internet, and get twice the money. Loose analogy, I know, but this decentralized way is how the Internet is designed to work and be funded.
As I said, I think this is more intended as a way for them to extract tolls from VoIP. They can't stand that they won't be able to charge exorbitant fees for basic phone service anymore, so they are trying to claim that their customers can't access services that don't pay them. It may also be that a couple of Bell South execs saw Google's share price going through the roof and decided that they would try to get a piece of that pie.
Also, I wouldn't count Bell South out on winning this one just yet. The Baby Bells may have the FCC on their side, and the FCC is one of the most corrupt, crony-filled agencies in the entire government. They might be able to buy favorable legislation and regulatory rulings if they can't win in the market.
This is nothing but greed at its worst, and it will ultimately ruin the Internet if it succeeds. I'm guessing they are aiming this primarily at VoIP companies since they are worried about losing their local phone monopoly, but it could affect a lot of other things in a negative way too (by undermining the whole economics of the Internet, and vastly increasing expenses for running a website). I think the best move would be for all the bigger companies (like Google, etc) to just refuse to pay their money. Then it's the ISP that looks like the bad guy if they intentionally downgrade the service for refusal to pay "protection money".
So you feel your neighbor shouldn't have the right to install this stuff on their own property? From what I understand, these power companies are paying people to put these things on their land. How do YOU have the right to tell someone else what they can't do on their own property?
I'm as libertarian as it gets, and I don't think that it's any of my business what my neighbors do on their own property. Like it or not, all energy generation does affect other people. You usage of "traditional" energy generation affects me, because if it's coal/gas/oil, etc then it pumps pollutants into the air. The windmills have a LESSER effect on other people because all they do is "look ugly" (subjective) and make noise (not a problem in a rural area).
One plausible way (depending on a lot of factors like atmosphere, the size of the planet, etc) is that pieces of rock containing microorganisms could be ejected from the planet by a comet or asteroid impacting the surface. Another (more speculative) way would be that they could have hitchhiked on a spacecraft built by a more complex organism (as, in fact, Earth microrganisms have done in escaping Earth's gravity). The microbes could then make their way through space attached to something even if the organisms with the spaceship didn't go with them.
I agree with you on this. The real problem with Ebay in my opinion is simply the secrecy that everything is cloaked in. They can't completely prevent fraud, but they could make it a helluva lot easier for people to make their own judgements about who is and isn't untrustworthy. Unfortunately they have no incentive to do so, as pointed out above, because people still pay their ridiculous fees even with no protection whatsoever.
If I were to setup a new auction service from scratch I would want something like this:
a) Community-moderated "karma" system. People should be free to leave comments at any time about seller, but there should be moderation performed by trustworthy members of the online community to make sure the system isn't abused too much. This might include give moderators extra tools to look into the identity/history of the people running auctions (ie, IP logs, identity information, etc). It would be great to have some sort of third party moderator with an interest only in protecting the integrity of the community as a whole. The current "feedback" system is WAY too easy to screw with.
b) More authentication of identity. Much more effort should be put into verifying identity information used by individuals on the service. This costs money to do well, of course...
c) More cooperation for gathering evidence to use against bad users. At the very least, the service should help people gather evidence to take to law enforcement much more than Ebay currently does.
d) More neutrality. In disputes, Ebay favors the people who give them money, even if they are the ones in the wrong. This probably requires an altered business model - ie, advertising driven - rather than the fee-based approach which encourages this bias.
e) Linkage with "real-world" traceable services, like Fedex and UPS. This wouldn't elliminate fraud, but since the carriers keep records about who and from where they ship things it should make it easier to track fraud artists down. This should be linked to the auction system and maybe even linked to the release of funds (not full escrow, but at least an acknowledgement that goods have been shipped).
Because it infringes on the freedom of other people who are not liars to require "accountability" in order to catch the liars. A much better solution is just to assume that people should read critically (people should KNOW they cannot trust anonymous authors on Wikipedia). They should be doing that anyway, especially in the media.
This has been touched on elsewhere in this thread, but why should all the responsibility for evaluating the credibility of a statement rest on the speaker? People simply shouldn't be placing much weight on something stated somewhere like Wikipedia. Wikipedia says this, over and over, right on their site. It's not their fault if people refuse to think critically about what they read. Let me put it this way: all undocumented Internet sources, but especially anonymous ones (and anyone could have verified that the comment in question was added by an anonymous source simply by consulting the history) are not believable. People simply have to view them differently from the mainstream press. I put this delicately before when I said "not reasonable", but frankly anyone who simply believes something posted to Wikipedia by an anonymous editor with no sources to back it up is a complete idiot.
As I said, I don't "support" what this anonymous editor did. In fact, I think it was very irresponsible (although it may not actually be libel since it didn't actually say that he was involved in the Kennedy assassination but only that he was rumored to be). I just support the right to anonymous speech. If people are going to be "unmasked" because they committed libel, then there is nothing to stop the "unmasking" of other anonymous speech, even true, non-libelous statements. I simply don't think anonymous libel is a big enough deal to give up this freedom to speak anonymously over.
What I meant was that anonymous libel does not do the same harm as attributed libel, because a reasonable person wouldn't be expected to believe something an anonymous person said. If people DO believe things that anonymous people say without independent confirmation, then they are not reasonable.
I don't support anonymous speech because I want people to be able to commit libel and get away with it; I support it because I think there are very valid reasons why someone might not want to be exposed for revealing something true. For example, it isn't libel for someone to expose government corruption that is actually taking place, but they still might suffer retribution for doing so. Even though the anonymous allegation doesn't necessarily carry much weight, it might prompt other people more able to protect themselves from retribution to look into the matter and publish it in a more credible fashion.
To me, this gain is a vital protection for freedom of speech that completely outweighs the dubious gain from banning anonymous libel. Without anonymous speech, freedom of speech will eventually outlawed as an elaborate system is put in place to indirectly punish people for challenging authority or posting unpopular opinions. Calls for "accountablity" sound to me exactly like calls to ban anonymous speech (and hence all speech eventually).
So are you against all anonymous speech? That seems to be the implication of all this anti-Wikipedia outrage from the media. Of course, they have no problem reporting "facts" obtained from anonymous sources.
In my opinion, people need to understand there is a continuum of credibility attached to any statement. Anonymous statements have very little credibility, and hence are not such a problem if libelous. No one should take them seriously anyway, so the speaker has less responsibility. Statements written under your real name have a lot more credibility (ie, people will be more likely to believe them) precisely because there are consequences attached to publishing lies.
So I would say that people who write under their real name have much more responsibility to be truthful and check their facts than people who write anonymously. The responsibility is a two-way street though: readers, especially on the Internet, need to learn that they shouldn't believe everything they read if it comes from a non-credible source. Wikipedia comments posted anonymously should not be taken as a credible source, and hence carry little weight. If people are unwilling or unable to evaluate the credibility of statements made then we might as well just give up on free speech in general because at that point "the public" can just be fed anything and they will believe it all.
That's why you simply get a dedicated email address for your domain registration that you don't use for anything else.
There needs to be accountability for people running websites, like it or not. Law enforcement does not have the time to go and investigate every single complaint made against a website, nor should they. If you don't like it, simply set up some privacy preserving way to make it so people can still contact you (like a P.O. box). You shouldn't be able to run from responsibility by hiding behind fake contact information. That is how scammers, phishers, spammers, and con artists hide from their victims.
Yes, and security processes should be designed taking human factors into account. I've only recently started to see some of this in the more popular programs, and it's still only at a rudimentary level. A couple of the newer examples are the URL bars that change colors for security status, and the way Firefox forces you to wait a few seconds (and presumably read) before just clicking through the box allowing installation of extensions or themes. The delayed dialog boxes are actually something I think is a really, really good idea since I've seen so many people just click through security warning boxes without stopping to read them at all. This certainly isn't a complete solution, but at least it's a step in the right direction.
I worded my original post poorly/incorrectly. It's true that you can't necessarily determine what is sending information ONLY by looking at the packet contents (although you can determine the protocol). But you could block any connections not passing through an application proxy server. The proxy could then require all applications on the host to authenticate their identity and integrity against the firewall machine, and establish a secure channel between them. This would still require some security on the host machine to protect the application credentials and the integrity of the network sessions, but still seems like an improvement on the situation where all control is on the end hosts.
You're correct that you can't look inside all streams of data just by looking at the packets. Encryption can defeat this as you point out (although in theory it is still possible for non-encrypted data). But then again, you could have a system to ban all encrypted data streams except to specific hosts whitelisted by you. This could be a pain given the number of hosts people often perform encrypted communication with, but still doesn't seem like a completely terrible idea to me given that a user should be aware whenever an authorized piece of software is sending out encrypted data.
That's all true, but unless Windows has a really good way to prevent tampering with drivers and unrelated programs then the software firewall will be vulnerable to being disabled or bypassed by malware. At least when you have a separate machine running your firewall nasty applications can't mess with it.
What we really need is a cheap, standalone appliance with an application-level firewall that can determine what application is sending requests by looking at packet contents (I know this is difficult). This won't solve the problem entirely, but it would help. A way to absolutely prevent unknown programs from loading into the kernel space or "hooking" into applications like this one did would help the existing software be more secure at least. Maybe require a reboot with Windows explicitly asking if it's okay?
People need to figure out that the two parties are essentially two sides of the same coin, and no different. Both are anti-freedom.
People should vote for third parties, but I doubt that's going to happen in large numbers until things get a lot worse given the big two's stranglehold on media coverage. Sadly, most people vote for who "the teevee" tells them to vote for, and don't truly investigate what they stand for. Instead, they just make a decision based on idiotic surface characteristics.
The best we can do in the short term is probably to strongly support moderates in both the big parties.
So you think it's a good idea to hand over the decision-making process over DNS to the companies that make filter products? Wow. You know that "pornography" is subjective, right?
Even the filters are usually user adjustable...but in this case you're saying that they should be "yes/no"...
I understand that. But what I was saying was that the only logical reason for having that law at all is to provide credibility for the claim that the code/device does not have backdoors, etc. If we can't inspect the code directly, then it makes people "feel better" to know that the people working on it are not criminals or party bosses. It's essentially a way to assure the public that tampering is not taking place - although it's probably only of dubious value even in that case given the incompetence and/or corruption of election officials.
What I'm saying is that there is no need to apply such a law to open source software because the credibility of the people working on it is irrelevant. With opensource, anyone can inspect the code directly and KNOW that there are not backdoors or security flaws present. There is no need to "assure" us that this is the case when we can check that ourselves and not need to rely on the testing performed by the election officials, who may not be experts in computer security in any case. Of course, there is always the issue of making sure the same code that is running on the machines is the source provided, and for this, we do need some official, publically transparent procedures by which we can observe the compilation, loading, distribution, and maybe even check digital signatures on the running code.
There's no need if the code is opensource, since anyone can then review it for malicious code.
The logical reason for the requirement that all the programmers be listed is that Diebold is essentially saying "Trust us!" rather than letting people directly review the code.
Practically, it is, at the present. It just might not be for much longer.
How about a system where they don't give you an actual receipt but instead they just let you check that your vote was accurately counted later? It could be just a random number assigned to your ballot that you can then go online and check in a downloadable huge list of all the voters in the country. The numbers could be assigned in such a way that there are no duplicates but that there is no way to extract any information about who a voter was from the number.
Then, they don't give you an actual printed receipt. You just have the option of writing your ballot number down on your own piece of paper. Then, if you tried to sell your vote, there is no way for the party machine boss to actually verify how you voted and that you are not lying to them, since they cannot verify that the number you are giving them is actually the number you were given when voting.
There's also the added bonus that if enough people checked their own votes that there is an extra check on the credibility of the official count. If widespread instances of people not finding their vote or having it reported wrong were reported, there would be evidence of fraud. And people could use their own verifed outside algorithm to count the votes.
Of course, there is still the problem of what to do if someone does claim fraud, since there is no way to verify this claim. But that would at least warrant independent investigation. Maybe the goal of our current system (though people don't know it) is simply to make people trust the official count regardless of whether they have any reason to believe it should be trusted (for stability/power reasons). Would it undermine stability and faith in the process if people were able to see all the fraud that DOES go on?
That's true, but the difference is far,far less than the difference between an O(n^3) algorithm and an exponential algorithm. It's kind of like the difference between solving the problem 1 billion times slower and NEVER solving it before the sun burns out.
What if they don't use a passphrase, but instead a smartcard or USB key with the key on it? And then destroy it as the police break down their door? I would think that terrorists would be smart enough to do that if they are smart enough to encrypt their whole harddrive.
So how do you suggest that the courts enforce the law and ensure that schools do not violate students' rights? Like it or not, monetary penalties will cause them to change their behavior. You have a right to be pissed that this money is not going for education, but your complaint should be with the school administrators who caused the lawsuit rather than the victim of their actions. The public outrage at the money is part of the point. It may end up causing these assholes to get fired or voted out of office.
Is it possible for courts to order a school to fire a particular employee such as a principal or teacher?
Then you (or Sun, more likely) rewrite only the VM rather than all of your programs.