The "e-voting" here refers to the use of electronic voting machines (specifically Direct Recording Electronic (DRE) machines, which tabulate votes internally on digital storage). In particular, the "entrenched" DRE systems described in TFA typically offer weak (if any) resistance to tampering with the digital vote tallies, and they usually don't provide any auxiliary non-electronic verifiable record (such as a "voter-verifiable" printed ballot: a piece of paper which you can visually confirm represents your intent, and which you then place in a separate box for tabulation).
Add to this the fact that the software in these voting machines is kept secret from the general public, so it's difficult for outsiders to vouch for the correctness and robustness of the programming inside. In short, a voter has little reason to believe that the vote she thinks she cast on election day was accurately recorded and counted by these systems.
Internet voting is a whole other ball of worms, in part because of exactly what you describe: loss of anonymity and possibility of vote coercion. Anonymity can be preserved in part with strong crypto (reducing the packet-sniffing adversary to knowing that you voted today, but not for whom); vote coercion is very, very hard to avoid (someone can always stand over your shoulder with a blunt object and "encourage" you to log on and vote a certain way). This is why polling places exist: to give voters a safe, private place to cast an anonymous ballot.
1. Open source. We need to be able to trust these systems and how can we do that without being able to examine the code behind them?
Disclosed or open source is critical, but not sufficient, to be able to trust the system. Assuming you've already verified that the disclosed code is totally trustworthy (a big assumption), you need to also convince yourself that the electronic voting machine in the polling place is running that exact code.
"Trusted computing" might be a bad idea for desktop PCs (where the user should have total control of the software running on it), but it might be a really good idea for voting machines (where the entire software stack must be kept under very careful control from the moment the machine is configured and certified right up to election day).
The client and publisher both run on any system with the Sun Java runtime, 1.4.2 or newer. (The networking code in Pastry requires Sun's NIO implementation.) As for the publisher helper scripts, the configurator is Python, and the run control scripts are Bourne shell.
In other words, It Ought To Work(TM) out of the box on FBSD. If not, file a ticket.
Actually, my advisor, Peter Druschel, developed Pastry with Ant Rowstron (of Microsoft Research). Since then, a number of bright researchers from Rice and elsewhere have contributed to the project; their names and publications are listed on the official Pastry website.
There are a number of implementations of the Pastry design; FeedTree uses the Java-based FreePastry package, which is under active development by Rice and the Max Planck Institute for Software Systems and is available under a BSD-like license. Other interpretations include MS Pastry (C#, used in COMP 410 as you point out) and the Bamboo DHT (Java, inspired by Pastry and developed at UC Berkeley).
For Mac users there's Cocoalicious, just such an application (key features: add, edit, search, visit, rate).
Alternatively, if you're just looking for fast local searching, there's delimport, which periodically sucks down your del.icio.us bookmarks and indexes them with Spotlight.
Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog is causing the Lost-In-Space-Robot in my head to wave its arms madly:
Unfortunately, they gained access to site backups. In doing so, your passwords may have been compromised, although they are MD5 encrypted. We would like to you login to the Methlabs forums ([url redacted]) and change your password. We sincerely apologize for this issue.
If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks, and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."
The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.
The trouble with RSS (short answer) is that there are at least three different versions of it invented by different people.
The most complete history I've seen of the many different RSS variants can be found in Mark Pilgrim's essay, The myth of RSS compatibility. As of early 2004, there were (by Mark's count) nine incompatible document formats all calling themselves "RSS" of one version or another.
It's easy to see why developing a robust feed parser is a real challenge (albeit a necessary one, to hide the current standards chaos from users).
Ask, and ye shall receive (by multicast)
on
The Importance of RSS
·
· Score: 3, Interesting
RSS is pretty crappy, as it is a point-to-point protocol. What would be good would be if websites sent out multicasts when an update occured, as then all interested parties could monitor for that and we wouldn't get system overloads.
Right on.
We're working on exactly that here at Rice. FeedTree (paper) is a newsfeed distribution system, built atop the self-organizing Pastry overlay and the Scribe multicast algorithm. Scribe is self-organizing and low-maintenance; everyone shares the load of distributing new bits of news (i.e. no polling stress at the publisher), and it all happens in a timely fashion (i.e. no polling delay at the client).
We're working on a public (open-source) beta. Check back soon.
It wasn't performed in real time. From the Winnoise FAQ:
No, I didn't reprogram sound recorder to be able to play by itself. It is not a screen-captured movie of something that actually happenned on my computer. It is a fictional depiction of one way the soundtrack could have been generated (but wasnt).
Not that you'll shutter P-A anytime soon, of course; I have no doubt that Penny-Arcade will go on undaunted for centuries. (That is, long after the world has destroyed itself with nuclear weapons, leaving the only surviving creatures---cockroaches---to continue writing and drawing the strip, which they will rename "Metamorphosis".)
But you guys are too talented to be confined to just one creative outlet. I'm glad to see Gabe scanning his sketchbooks, and we've seen a few short comic-book-style tie-ins with various videogame releases (for which we are all grateful, because we know it pays the bills). But, you see, these are crumbs, scraps, minutiae, errata... compared to the Next Big Thing From Jerry And Mike.
Which is... what, exactly? (Is it Automata?) Maybe you don't have it all planned out yet... but what would you LIKE to be doing with your irrepressible talent (and your pioneering webcomix careers)?
[Oh, and if you're looking to revisit the glory days of CW anytime soon, my friends and I have a standing weekly Quake 1 lagfest; you're welcome to join in. Q1 is a classic. Just shoot me an email.:) ]
Some observations I've made since I've discovered my fascination with fountain pens:
You might be more inclined to use it. My pens are fun and interesting to write with and maintain; I find myself taking more notes in meetings and jotting down more important information in my notebooks, just to have an excuse to use the pen.
You might be less inclined to lose it.
I misplaced my Pilot and Uniball rollergel pens all the time, because everyone has them, and because I didn't really have any attachment to each of them. A fountain pen is likely to be unique enough to distinguish it (and you!) from your coworkers', and the investment places additional cognitive load on the owner (so you're more likely to notice if you came into a room with it, but don't have it in your pocket when you leave).
If you lose it, it's still no big deal. You can get quality refillable models from known manufacturers for $10 or $15, so it won't break the bank to get started. (Note that there is no upper bound on fountain pen prices, especially if you get into vintage models.)
Might actually improve your handwriting. The shape of the nib encourages certain orientations and attitudes of the pen; over time, this has informed my penmanship, helping to repair some of the damage done by keyboards and ballpoints.
Another cool machine to understand and geek out over. Fountain pens are simple devices, yet they are subtle in construction and style.
Personally, I was originally pretty put off by the fat, ornate fountain
pens I'd seen in stores, but there are plenty of sleek, modern designs
(Rotring comes to mind; Pelikan have some lovely models as well) and
deco-styled throwbacks (my friend has a Namiki Vanishing Point,
which is a mechanical marvel as well as a deco homage; I myself am
currently writing and drawing with a gorgeous black '329' from the
Shanghai Hero Pen Company).
[I was recently introduced to the world of fountain pens by my friend Chris, who has written up a wonderfuloverview of his fascination with pens. Lots of great links to manufacturers, online retailers, and customizers.]
there wasn't a single coffee machine... do they really expect a programmer to work without coffee ?
Damn, you're right. Now that you mention it, a whole bunch of things are missing from that office:
Front door. How do people get in? Not very productive.
Bathroom. Seriously, not one commode in any of those photos. Less of a problem if there's no coffee machine, I guess.
Air. I didn't see any air molecules in the photographs, either. Coding without breathing is hard! (Although sometimes necessary; see pair programming.)
But the real tragedy... [is] about the millions of people who could have benefited from Be's amazing and innovative software...
Those benefits may still be realized, albeit a bit indirectly. The innovations in BeOS weren't sent to Earth by aliens; the ideas came from brilliant people, and those people are still around -- thinking up even better ideas, and putting them into practice allovertheplace. Consider also the many developers and users who have been inspired over the years by their Be experiences. I'd be willing to bet that conceptual descendants of the designs and decisions that shaped BeOS and BeIA will probably have a non-trivial impact on computing for some time to come.
1996 - Palm introduces the PalmPilot 1000 and 5000 organizers.
1997 - 3Com purchases U.S. Robotics
1998 - Hawkins, Dubinsky and Colligan leave Palm to create Handspring
2000 - Palm executes an Initial Public Offering, separating from 3Com
2001 - Palm begins building separate businesses
* Todd Bradley named Palm Solutions executive vice president and chief operating officer (June 1)
* Palm announces plans to create OS subsidiary (July 27)
* Palm OS subsidiary acquires assets and talent from Be, Inc. (Aug. 16)
* David Nagel is named Palm OS subsidiary president and chief executive officer (Aug. 27)
2002 - Palm further builds on two businesses
* OS subsidiary creation completed (Jan. 1)
* Bradley promoted to president and chief operating officer of Palm Solutions (May 2)
* OS subsidiary named PalmSource
* PalmSource names founding board of directors (June 24)
* Bradley named Palm Solutions chief executive officer (June 25)
* Palm Solutions and PalmSource move to separate campuses (August)
* Sony invests $20 million in PalmSource, marking first outside investment (Oct. 8)
* PalmSource adds four new licensees in year
* IRS approves the spin-off as tax-free for U.S. citizens' federal income-tax purposes (December)
Agreed wholeheartedly. And yet, for what it's worth, Marathon was perhaps the best "5 billion demons" game of its time. The guys at Bungie obviously had a real sensitivity toward story, atmosphere, and gameplay mechanics (the Holy Trinity of FPS games).
The 2.5-d environment (you could look up and down) helped hone my mouselook skills early (forever cementing my flying-attack deathmatch tendencies). The weapons were fun (being cribbed from Aliens didn't reduce the effectiveness of the grenade/machine gun -- and you just gotta love the splash damage on the SPNKR). The story was intriguing, and creepy, and complex. The levels were, uh, intriguing, and creepy, and complex.
And the burning-BOB sound-effect will stay with me forever. "Yaaarrrrghhhh!"
Slashdot Mirror
Add to this the fact that the software in these voting machines is kept secret from the general public, so it's difficult for outsiders to vouch for the correctness and robustness of the programming inside. In short, a voter has little reason to believe that the vote she thinks she cast on election day was accurately recorded and counted by these systems.
Internet voting is a whole other ball of worms, in part because of exactly what you describe: loss of anonymity and possibility of vote coercion. Anonymity can be preserved in part with strong crypto (reducing the packet-sniffing adversary to knowing that you voted today, but not for whom); vote coercion is very, very hard to avoid (someone can always stand over your shoulder with a blunt object and "encourage" you to log on and vote a certain way). This is why polling places exist: to give voters a safe, private place to cast an anonymous ballot.
"Trusted computing" might be a bad idea for desktop PCs (where the user should have total control of the software running on it), but it might be a really good idea for voting machines (where the entire software stack must be kept under very careful control from the moment the machine is configured and certified right up to election day).
The client and publisher both run on any system with the Sun Java runtime, 1.4.2 or newer. (The networking code in Pastry requires Sun's NIO implementation.) As for the publisher helper scripts, the configurator is Python, and the run control scripts are Bourne shell.
In other words, It Ought To Work(TM) out of the box on FBSD. If not, file a ticket.
Actually, my advisor, Peter Druschel, developed Pastry with Ant Rowstron (of Microsoft Research). Since then, a number of bright researchers from Rice and elsewhere have contributed to the project; their names and publications are listed on the official Pastry website.
There are a number of implementations of the Pastry design; FeedTree uses the Java-based FreePastry package, which is under active development by Rice and the Max Planck Institute for Software Systems and is available under a BSD-like license. Other interpretations include MS Pastry (C#, used in COMP 410 as you point out) and the Bamboo DHT (Java, inspired by Pastry and developed at UC Berkeley).
Alternatively, if you're just looking for fast local searching, there's delimport, which periodically sucks down your del.icio.us bookmarks and indexes them with Spotlight.
If you see the numbers "4 8 15 16 23 42" written on the entrance hatch, probably best not to buy it.
Without knowing any details, it's hard to know which party in this situation is the malicious one (possibly both). But this message on the methlabs.org blog is causing the Lost-In-Space-Robot in my head to wave its arms madly:
If the webmaster is telling the truth, this is an innocuous request. [Of course, sufficiently strong passwords will survive precomputed hash attacks, and it's still pretty hard to brute-force MD5 hashes (even given recent weaknesses).] However, if the webmaster is malicious, this is no different than a PayPal phishing scam: "Come visit our website (the legitimacy of which is, at best, in doubt) and enter your old password on a Web form. Go ahead, enter a new one, too. Thanks."
The right thing to do in this case, where you have multiple parties which may all be malicious and some of which may have your passwords, in plaintext or hashed format, is probably to stop using those passwords immediately. If you use that forum password elsewhere, change it elsewhere. As for methlabs.org, the safest course of action is probably to wait and see who the good guys are before typing any passwords in, old or new.
Longhorn Team RSS Blog: Longhorn (hearts) Atom, too.
It's easy to see why developing a robust feed parser is a real challenge (albeit a necessary one, to hide the current standards chaos from users).
We're working on exactly that here at Rice. FeedTree (paper) is a newsfeed distribution system, built atop the self-organizing Pastry overlay and the Scribe multicast algorithm. Scribe is self-organizing and low-maintenance; everyone shares the load of distributing new bits of news (i.e. no polling stress at the publisher), and it all happens in a timely fashion (i.e. no polling delay at the client).
We're working on a public (open-source) beta. Check back soon.
Not that you'll shutter P-A anytime soon, of course; I have no doubt that Penny-Arcade will go on undaunted for centuries. (That is, long after the world has destroyed itself with nuclear weapons, leaving the only surviving creatures---cockroaches---to continue writing and drawing the strip, which they will rename "Metamorphosis".)
But you guys are too talented to be confined to just one creative outlet. I'm glad to see Gabe scanning his sketchbooks, and we've seen a few short comic-book-style tie-ins with various videogame releases (for which we are all grateful, because we know it pays the bills). But, you see, these are crumbs, scraps, minutiae, errata ... compared to the Next Big Thing From Jerry And Mike.
Which is ... what, exactly? (Is it Automata?) Maybe you don't have it all planned out yet ... but what would you LIKE to be doing with your irrepressible talent (and your pioneering webcomix careers)?
[Oh, and if you're looking to revisit the glory days of CW anytime soon, my friends and I have a standing weekly Quake 1 lagfest; you're welcome to join in. Q1 is a classic. Just shoot me an email. :) ]
Glad to see the nerds finally getting some closure.
Agreed--it's really AskingForTrouble.
- You might be more inclined to use it. My pens are fun and interesting to write with and maintain; I find myself taking more notes in meetings and jotting down more important information in my notebooks, just to have an excuse to use the pen.
- You might be less inclined to lose it.
I misplaced my Pilot and Uniball rollergel pens all the time, because everyone has them, and because I didn't really have any attachment to each of them. A fountain pen is likely to be unique enough to distinguish it (and you!) from your coworkers', and the investment places additional cognitive load on the owner (so you're more likely to notice if you came into a room with it, but don't have it in your pocket when you leave).
- If you lose it, it's still no big deal. You can get quality refillable models from known manufacturers for $10 or $15, so it won't break the bank to get started. (Note that there is no upper bound on fountain pen prices, especially if you get into vintage models.)
- Might actually improve your handwriting. The shape of the nib encourages certain orientations and attitudes of the pen; over time, this has informed my penmanship, helping to repair some of the damage done by keyboards and ballpoints.
- Another cool machine to understand and geek out over. Fountain pens are simple devices, yet they are subtle in construction and style.
Personally, I was originally pretty put off by the fat, ornate fountain pens I'd seen in stores, but there are plenty of sleek, modern designs (Rotring comes to mind; Pelikan have some lovely models as well) and deco-styled throwbacks (my friend has a Namiki Vanishing Point, which is a mechanical marvel as well as a deco homage; I myself am currently writing and drawing with a gorgeous black '329' from the Shanghai Hero Pen Company).[I was recently introduced to the world of fountain pens by my friend Chris, who has written up a wonderful overview of his fascination with pens. Lots of great links to manufacturers, online retailers, and customizers.]
- Front door. How do people get in? Not very productive.
- Bathroom. Seriously, not one commode in any of those photos. Less of a problem if there's no coffee machine, I guess.
- Air. I didn't see any air molecules in the photographs, either. Coding without breathing is hard! (Although sometimes necessary; see pair programming.)
</smartass>Those benefits may still be realized, albeit a bit indirectly. The innovations in BeOS weren't sent to Earth by aliens; the ideas came from brilliant people, and those people are still around -- thinking up even better ideas, and putting them into practice all over the place. Consider also the many developers and users who have been inspired over the years by their Be experiences. I'd be willing to bet that conceptual descendants of the designs and decisions that shaped BeOS and BeIA will probably have a non-trivial impact on computing for some time to come.
Huh? There's a new Games color scheme? Let's see wh-- oh, crap.
blush
Actually, the official press release contains a nice summary timeline:
1995 - U.S. Robotics purchases Palm, Inc.
1996 - Palm introduces the PalmPilot 1000 and 5000 organizers.
1997 - 3Com purchases U.S. Robotics
1998 - Hawkins, Dubinsky and Colligan leave Palm to create Handspring
2000 - Palm executes an Initial Public Offering, separating from 3Com
2001 - Palm begins building separate businesses
* Todd Bradley named Palm Solutions executive vice president and chief operating officer (June 1)
* Palm announces plans to create OS subsidiary (July 27)
* Palm OS subsidiary acquires assets and talent from Be, Inc. (Aug. 16)
* David Nagel is named Palm OS subsidiary president and chief executive officer (Aug. 27)
2002 - Palm further builds on two businesses
* OS subsidiary creation completed (Jan. 1)
* Bradley promoted to president and chief operating officer of Palm Solutions (May 2)
* OS subsidiary named PalmSource
* PalmSource names founding board of directors (June 24)
* Bradley named Palm Solutions chief executive officer (June 25)
* Palm Solutions and PalmSource move to separate campuses (August)
* Sony invests $20 million in PalmSource, marking first outside investment (Oct. 8)
* PalmSource adds four new licensees in year
* IRS approves the spin-off as tax-free for U.S. citizens' federal income-tax purposes (December)
2003 - Palm announces plans to acquire Handspring
The 2.5-d environment (you could look up and down) helped hone my mouselook skills early (forever cementing my flying-attack deathmatch tendencies). The weapons were fun (being cribbed from Aliens didn't reduce the effectiveness of the grenade/machine gun -- and you just gotta love the splash damage on the SPNKR). The story was intriguing, and creepy, and complex. The levels were, uh, intriguing, and creepy, and complex.
And the burning-BOB sound-effect will stay with me forever. "Yaaarrrrghhhh!"
"Give up the ham. Powerful words." (?)
Also, check out Top Gun SSH for Palm OS.