Slashdot Mirror


User: Mr.+Slippery

Mr.+Slippery's activity in the archive.

Stories
0
Comments
8,122
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,122

  1. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1

    You solution of one from each interested party and one from a pool just doesn't work, because you won't be guaranteed a unanimous decision.

    If you need a unanimous decision, then nothing can be trusted. Do you think code design, development, and review proceeds in a unanimous manner? If so, then perhaps you've never worked on a software project of significant size?

    Split decisions on counting would only affect a small fraction of ballots. On the other hand, split decisions regarding the design and implementation of voting machines would affect every ballot cast by such machines.

    OK, so you don't know what a backdoor is...Reviewed electronic machines are not. Reviewed electronic machines are also not susceptible to the problem you described.

    No sir, I'm afraid that if you believe that code review is 100% proof against backdoors, then you don't know what a backdoor is. Did you read Thompson's paper? You oughta, it's a classic.

    Reviews are good but are hardly the last word in security. I've worked on trusted system development, a project targeted at the B3 TCSEC level. (This was before the adoption of the Common Criteria.) I've had my code and design reviewed by security experts, as well as in less formal situations. I'm a fan of reviews, but they are not 100% proof against problems, both deliberate compromises and more mundane bugs. (They'll get you up to about EAL 4. There are seven EALs, the highest an operating system has gotten to date is EAL 5. More secure systems need formal proofs, which have not had much success to date.)

    Nowhere in my comments will you find me saying that an electronic voting machine shouldn't produce a paper verification.

    Nor have you suggested such verification, despite ample opportunity to do so.

    Nowhere in any of the articles that you linked will you find somebody advocating that said paper ballots be tallied by hand to obtain the certified result.

    It's implicit in the notion of a paper audit trail. What do you expect to do with the paper records - put them in bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying "Beware of the Leopard"? No. You've got to count them.

    If you're arguing against hand counted paper ballots, you're arguing against paper verification - you have to count the paper verification, or else it's not a verification!

    You are advocating hand counted paper ballots. This is what I'm arguing against with you.

    If we're going to count the paper ballots, then it would be better to have paper without machines than machines without paper. Though I repeat, "I'm not saying we couldn't use touch screen machines to print the marked ballots and give a preliminary count", and I also said "The former problem [ambiguity in the ballot marking] should be very very rare in machine-printed voter receipts". It should be clear that I would prefer paper printed by machine. So, yes, electronic machines with a paper trail fit neatly into my position.

    But paper receipts do not fit into your argument against hand counting. If you're in favor of them, your position is inconsistent and I suggest you consider it further.

  2. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    You might also go with the rule that simply being granted access is not a reasonable basis to assume you're authorized.

    On what basis would you go with a rule that says that if (without resorting to fraud or malfunction) you're given authorization by a computer system to perform certain actions, you can't assume you're authorized to perform said actions? Ladies and gentlemen of this supposed jury, it does not make sense.

    Gee, I might be making unauthorized access to slashdot.org in making this post! You might have just done so too! Being granted posting access is not a reasonable basis to assume we're authorized to post! OMG we're all computer criminals!

    And the proposed bill doesn't even say you have to be authorized - it says you can't know you're unauthorized: "exceed the person's authorized access to wireless internet service with knowledge that the access is unauthorized". That's a very weak standard to meet.

  3. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    Oh, one more thing: did you get CmdrTaco's explicit permission before accessing this website? Did you knock on his door and ask before posting?

  4. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    I'm sorry, the AP device is the owner?

    The AP device is configured by the owner; this configuration is an expression of the owner's will.

    You know, a PERSON you have to talk to.

    Tell me: when you see a store with an open and unlocked door with a sign on it saying "C'mon in!", do you go to the state bureau of records to locate the land owner, and write him or her a letter asking if you are permitted to enter?

    Do you get signed legal documents expressing permission before you go to a party to which you've been sent an invitation?

    If my neighbor puts a keg on the sidewalk in front of her house with a sign that says "Free beer! Help yourself!", and sends out flyers about it, and puts put shiny balloons on it to attract attention, do you expect me to get a sworn affidavit before I draw a pint?

    Inanimate objects can be used to communicate authorization.

    I defy all of you morons that say it's ok to use someone else's network without explicity permission from the OWNER to start knocking on doors and really asking.

    The owner explicitly grants or withholds permission by means of the AP's various systems of permission.

    Tell me, when I'm sitting at the coffee shop and my computer finds six wireless networks nearby, just how am I to know who owns the access points?

  5. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1

    As I said earlier, you can find impartial experts to review impartial software. There is no such thing, however, as an impartial ballot, since somebody has already used it to vote one way or the other.

    "Impartial software?" "Impartial ballot?" That doesn't make sense. The issue is the partiality of people, not of inanimate objects.

    If impartial people (or teams of people with balanced biases) can be found to review software, then impartial people (or teams of people) can be found to review ballots.

    you have two candidates, and representatives for one side raise objections on a ballot that the other side thinks should count as a vote for them... That's way harder to resolve than the similar dispute over a voting machine.

    You need three reviewers for contested ballots. One from Party A, one from Party B, one from a pool of people approved by both parties (unaffiliated voters, or community leaders of unimpeccable honesty).

    Regardless, you could have checks from all the interested parties to at least get consensus [on voting machines]

    You can also get consensus on methods and rules for counting paper ballots ahead of time.

    Multiple recounts typically return an array of unique values.

    Only if there's ambiguity in the ballot marking, or errors in counting. The latter can be eliminated by multiple rounds and by improved methodology - if Las Vegas casinos can count all that cash, we can find ways to count unambiguous ballots. The former problem should be very very rare in machine-printed voter receipts, or indeed in any sensible ballot design.

    They trust ATMs and Credit Card processing machines...

    Which give paper receipts, and whose results I can review and challenge. I've had erroneous or fraudulent charges against ATM cards and credit cards, but I could catch them because the bank sends me statements. I don't get a paper from Baltimore County saying "Here's how we recorded your vote. Call 1-800-SCREWUP if you wish to contest it."

    a "back-door that effects all electronic machines by a manufacturer"...is still exactly equivalent to a mechanical voting machine.

    Not at all. A mechanical voting machine can't do logic like "if (candidate.party == 'GREEN') then (candidate.votes += 100)". (Not unless your mechanical voting machine was designed by Charles Babbage...)

    something like that should be caught in the independent review of the code

    Bugs get through reviewed code. Deliberately obfuscated backdoors could too. Then there's the problem of trusting trust. If Ken Thompson says "You can't trust code that you did not totally create yourself...No amount of source-level verification or scrutiny will protect you from using untrusted code," maybe we ought to listen to him, instead of call him a Luddite.

    Writing trusted systems is much harder than you seem to understand it to be.

    You are taking the traditional luddite position, because you seem to be incapable of understanding how electronic voting could work securely.

    My position is pretty much that of the ACM: "voting systems should enable each voter to inspect a physical (e.g., paper) record to verify that his or her vote has been accurately cast, and to serve as an independent check on the result produced and stored by the system." It's also pretty much the position of computer security experts like Avi Rubin and

  6. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    The bill in question (not yet a statute, so certainly no case law for it exists) says "A person may not intentionally, willfully, and without authorization access, attempt to access, cause to be accessed, or exceed the person's authorized access to wireless internet service with knowledge that the access is unauthorized and prohibited by law."

    It does not define "authorized access". However, if without engaging in any spoofing or fraudulent behavior, you request access and are granted access, there is no way that any rational human being could hold that you have "knowledge that the access is unauthorized".

    (Of course, we are talking possible actions of the Maryland judiciary; just because no rational human being could reach some conclusion, doesn't mean the courts of our fair state won't go there.)

  7. Re:I'm wondering on Would a National Biometric Authentication Scheme Work? · · Score: 2, Insightful

    Something you are (Your retinal scan, your infrared signature given off by your body, your dna, your face from two angles)

    "Something you are" is actually just a convoluted case of "something you have" - do you have something that makes the scanner go "approved"?

    Fingerprint scanner? A xerox of a lifted print. DNA sample? See Gattaca. Body infrared signature? Heaters in the clothes.

    Biometrics are tokens that you can't revoke or replace. They're a generally bad idea.

  8. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    What's needed is an explicit rule about what constitutes authorization, so there won't be this kind of questioning.

    The rules about who or what is authorized to use a network are very simple. If, without engaging in any spoofing or fraudulent behavior, you request access and are granted access, you're authorized.

  9. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    Simple. You ASK the owner of the wireless network.

    Exactly. And I do that automatically, by using the relevant protocols ask for a connection. The owner of the router programs or configures the router to grant or withhold permission as he or she wishes. It is indeed simple.

    The ssid is not a "sign."

    No, it's a beacon which lets everyone know of the existence of your service. Don't put up spotlights and wacky waving inflatable arm flailing tube men outside a open and unlocked door with a sign on it saying "C'mon in!", then act surprised when people do actually walk in.

    you err on the side of caution and you get my explicit permission.

    You give or withhold explicit permission by how you configure your router.

  10. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    No, it's not granting permission, it's just doing what it's been set at the factory to do. Unless you get explicit permission from the network owner, you should assume you need to stay off the network.

    Computer and networks have systems of permissions. If I am granted "technical permission" by a computer system, I must assume that the operator of that computer system wished me to have "legal permission".

    If I leave my house unlocked, and people are entering it without my knowledge, I would be pretty upset to find out that someone did in fact enter my house.

    This is more like leaving the door of your store open and unlocked with a note on it saying "c'mon in!"

    Why don't we do this as a society? Don't use anything which belongs to someone else without their permission?

    You grant me permission when you configure your router such that I can use it.

    If someone doesn't understand how to use the systems of permissions on their router, and did not mean to communicate to me the message "go ahead and use my network!", that doesn't make me a criminal, that makes them incompetent.

  11. Re:come here, sweetheart on MD Bill Would Criminalize Theft of Wireless Access · · Score: 1

    It is often true that the owner of the access point does not set it up. They plug it in. They give it no orders in any direction.

    Plugging it in is setting it up, with the default set of orders.

    If they don't understand the default set of orders, they need to either educate themselves or hire someone who does understand. (I'm in Maryland and will hack for money, by the way...)

  12. Re:Science of Political Agenda? on How To Communicate Science to a Polarized US Audience · · Score: 3, Informative

    Like how "CO2 causes man-made climate change", when, in fact, CO2, when the ocean...ya know...that 3/4 of the Earth's surface, spews CO2, it cools, not heats the surface air. It's an 'inconvenient truth', but is core to the problems with this, the world's biggest hoax.

    The chemical reactions that lead to the oceans releasing CO2 may (or may not) be endothermic; that has nothing to do with the fact that CO2 is a greenhouse gas.

    Did you never have a science lab where you worked with compressed gases? If you open up a tank of compressed CO2, the tank gets colder, because heat is absorbed in the expansion of the gas. (Safety hint, kids: this is why you never huff nitrous directly from the tank, it'll freeze your lungs.) That has nothing to do with CO2's role as a greenhouse gas.

    The nearly world-class hoax of the ozone hole.

    We put the brakes on ozone depletion before it got really bad; still, there is evidence that ozone loss has increased skin cancer in the most affected regions, and is having an impact on wildlife.

    Doesn't anyone care about freedom anymore? Must we all join the fascists? Any problem that can be solved by sending money to Washington or voting Democrat isn't worth solving.

    Thank you for so completely illustrating the problem. You seem to be so locked into your loathing of "voting Democrat" and your odd notion that "freedom" means that you get to pollute the planet and destroy resources that don't belong to you, that you've created a reality distortion field around yourself.

    Before we can communicate science to people like you, we'd have to cure this pathogenic political condition. I'm not sure it can be done.

  13. Re:Science of Political Agenda? on How To Communicate Science to a Polarized US Audience · · Score: 1

    Science already has a vice grip on humanity, it's not like we're moving into an era dominated by superstition.

    In an Associated Press-AOL News poll taken at the end of 2006, 1 in 4 Americans expected the second coming of Jesus Christ to occur in 2007.

    A 2005 poll by Harris Interactive found that 73 percent of American adults believe in miracles.

  14. Re:Is this really the answer? on Blue Lights To Reset Internal Clocks · · Score: 1

    I live way outside of Vancouver, but I work downtown. I take transit....Shop locally, and walk more. It won't kill you

    But the problem with the car culture is that it's strangled mass transit and local shops.

    I live just outside Baltimore (as, apparently, does the grandparent poster). In this region we have one light rail line, running north-south through the city. We have one subway line, running north-south from the suburbs to the city center. We have buses - which have recently been severely cut back, which would take me an hour to get where I can drive in 20 minutes. There's an "express" bus that might be useful to me - if it ran more than four times a day.

    So, anyone who has any means, scrapes together the money to get a car. Which means that only the poorest people ride the bus, which makes it less attractive and makes upkeep and expansion less of a priority for local government, which means that only the poorest people ride the bus...you see where that's going.

    And since "everyone who matters has a car", zoning and development are planned around this. There are few small markets - you have to go to a supermarket to shop, or pay massively inflated prices at corner stores or convenience shops. It's the same trend that's given us Wal*Mart - don't shop locally, drive to the central shop.

    We have to improve mass transit to change the car culture; changing the car culture will lead us to different development practices, which will lead us to increased utility for mass transit.

  15. Re:Buses do not run on Sundays or holidays on Blue Lights To Reset Internal Clocks · · Score: 1

    Where I live, mass transit isn't convenient.

    Mass transit isn't convenient where I live either - it's just about non-existent, which is why I wrote that "I can't take safe, cheap, and convenient mass transit to work". Whenever I come back from a trip to a city with working public transportation, I weep for Baltimore.

    And the reason mass transit sucks in much of the the U.S. is because of the car culture - we've build our society around roads and car ownership, from development and zoning laws to automobile industry bail-outs to a foreign policy based on keeping the oil flowing.

  16. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1

    You get experts to verify every aspect of the engineering "at the factory".

    Whose experts? Getting back to the start of this thread, if we can't find "even a single impartial ballot counter", where do impartial experts come from???

    There are tens of millions of voters in this country. The task of counting all the ballots in a reasonable timeframe is unfathomable to the majority of people.

    There are tens of millions of voters nationwide, but not in any one county. So long as we keep the Electoral College, we don't have any national races, it's all state level at most. If Canada can manage hand-counted paper ballots, so could we - Ontario has twelve million people, California is only three times that.

    (And I'm not saying we couldn't use touch screen machines to print the marked ballots and give a preliminary count, though that preliminary count shouldn't be reported or considered official - it's just a check.)

    Other nations manage quite well with paper ballots largely because they understand that "a reasonable timeframe" doesn't mean that you have to have instant results. (It was the "instant" results that got people mistakenly believing that Bush won the popular vote in Florida in 2000, after all.)

    Check your ballot count twice, check it against a preliminary count from the machines, ask every single election official if they witnessed any oddities, resolve and discrepancies, check the count one more time, then release the results.

    Lastly, it will be no difficult for the average person to understand and trust electronic voting than it was for them to understand and trust mechanical voting

    I don't think so. The average person is hit weekly with news of insecurity in computer systems; it's then natural to wonder about insecurity in the computer systems used for voting. How many stories about insecurity of mechanical tallying systems (adding machines, old school cash registers) did one hear back in their heyday? You could only hack lever machines one at a time, whereas one software backdoor could effect all electronic machines by a manufacturer. And mechanical hacking skills were never widespread, whereas everyone who reads the papers knows that there are just hoards of computer hackers out there.

  17. Re:Is this really the answer? on Blue Lights To Reset Internal Clocks · · Score: 1

    Or, to flip these around:

    • I can't take safe, cheap, and convenient mass transit to work, but instead must own and maintain my own vehicle, pay for insurance, and drive it myself. No napping or catching up on reading on the way to work. Not to mention my greatly increased risk of dying on my commute.
    • Rather than keeping development in well-maintained cities, we let suburbs and exurbs spraw, eliminating forest and farmland, while we let the cities rot.
    • Rather than having a small market close by where I can purchase fresh food frequently, I have to plan a trip to a centralized mega-mart and load up on less healthful prepared and frozen food.
    • Resources are spend building roads instead of convenient and efficient passenger rail service. (Half a day to go 60 miles? WTF? It's only a couple hours from Baltimore to New York City by train - are you waiting half a day for a connection somewhere?)

    I spent three months in Japan last year and didn't miss not having a car, because they've done rail service right (the shinkansen is the only truly civilized way to travel), and they've made their cities bicycle and pedestrian friendly.

    You don't have to want to give up your car completely to realize that planning our civilization around car ownership and frequent use is a bad idea.

  18. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1

    Machines *can* be designed in such a way that tampering is obvious, and that code updates are either impossible, or impossible to do with out breaking the same types of protections that are used on traditional ballot boxes.

    But detecting tampering after the fact doesn't help detect problems built-in at the factory.

    It should be trivial (given an open system and process, which is impossible with the current vendor(s)) to verify that all the systems are running the same code that they were running at certification time by non-skilled or even generally oblivious people.

    If you don't have significant computer security skills, I don't see how it could possibly be trivial to perform such a verification. And, perhaps more importantly, how can "non-skilled or even generally oblivious people" understand or trust someone else's verification?

    It's very easy to understand, and thus trust, a system of inventory and access control of paper ballots. Until everbody's grandmother is a Perl hacker, that will never be the case for electronic voting.

  19. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1

    Presumably you design the equipment well before you know what it will be used to tally.

    I don't understand. How you you propose to make a voting machine without those involved knowing that they're going to be tallying votes for Republicans, Democrats, Libertarians, and Greens?

    it's easier to do it for a handful of designs than for tens of millions of ballots.

    But not just the design, but the implementation, distribution, installation, and configuration of the systems would have to be protected. Every line of code must be scrutinized by experts, and every installed voting machine must be check by a different sort of expert. But pretty much any doofus can monitor the collection of ballot boxes or look over the shoulder of someone counting physical ballots. That makes it easier to verify the use of paper ballots than electronic ones.

  20. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1

    Why do you think we have the electoral college and a representational democracy in the first place?

    To protect the privileged classes.

    The vast majority of idiots out there shouldn't vote.

    Anyone who thinks they - or anyone - can reliably and unbiasedly tell who the idiots are who shouldn't be allowed to vote, is exactly the sort of idiot who shouldn't be allowed to vote.

    Wait. Shoot. That doesn't work. Ok, votes for everybody.

  21. Re:Check, Meet Balance on Sequoia Threatens Over Voting Machine Evaluation · · Score: 2, Insightful

    The problem is the lack of even a single impartial ballot counter. Whereas an expertly designed and reviewed machine can be reasonably guaranteed to be bias-free.

    If impartial ballot counter can't be found, how do you expect to find impartial software/hardware designers and reviewers?

    At least ballot counters and monitors can be relatively unskilled. You can get a bunch of them with different biases and divide them up into teams to provide checks and balances. Harder to find a whole bunch of designers and reviewers and have them check on each other.

  22. Re:The ambiguity is a dead giveaway. on Sequoia Threatens Over Voting Machine Evaluation · · Score: 1, Informative

    where the last Democrat Governor...

    DemocratIC. "Democrat" is a noun. "Democratic" is an adjective or adverb.

  23. Re:Interrogation... on Talk to This Year's Quirkiest Senatorial Candidate · · Score: 2, Insightful

    how do you propose - in a positive light - to add to the national defense against militant Islamists, who have proven both time and again - in peace and war - that they want to attack the US?

    Most of these people want to attack the U.S. because the U.S.'s policy in the Middle East has been brutal and stupid. Iran hates us because we overthrew a democratic government and installed the Shah. Bin Laden got people on his side because many were upset with a U.S. military presence in Saudi Arabia. The U.S. invasion of Iraq has been an Al Qaeda recruiter's wet dream.

    If you want to defend against "militant Islamists", stop helping them recruit followers - reform foreign policy. Get troops out, make support of Israel contingent on human right improvements, stop backing dictators. Oh, and stop torturing people, that'd help a lot.

  24. Re:Slashdot's Hive's Net Neutrality View on Talk to This Year's Quirkiest Senatorial Candidate · · Score: 2, Informative

    The government controls too much of our lives right now, why let them control the internet with a facade of "net neutrality?" It's just another form of restricting the market to evolve naturally, why would we want that?

    (Recogizing that you've playing devil's advocate, you may already agree with the following.)

    The nation's telecommunications infrastructure is in no way a "free market". Telecom companies were granted rights-of-way and extensive subsidies to lay cable; it's not like an mom-and-pop shop can start stringing copper from the telephone poles and start competing.

  25. Re:Universal Health Care on Talk to This Year's Quirkiest Senatorial Candidate · · Score: 2, Funny

    Going to the emergency room regularly when all you need is some 'tussin.

    Because, you know, going to the emergency room is so much fun that you have to charge a cover to keep it from getting too crowded. Nothing I love more than getting sick or injured so I can go sit and wait in line with a bunch of other sick or injured people.

    Yes, you get the occasional edge case who really does enjoy it. You'll spend more time, money, and trouble trying to create a system to keep him out than you would spend if you let him in, gave him a bottle of cough syrup, patted him on the head, and sent him on his way.