Just to mention, aside from the obvious advantage of our elections in Brazil over the US elections: the TV networks could manage to deliver almost instant voting data for the public, including statistics, pre-voting predictions and so on.
If the USA voters want a clean, fast and effective election, send the people responsible for it to Brazil, put your pride away and admit it works nicely.
I can't sign a paper stating it's unvunerable. I have not created it so I can't swear it's the eighth wonder of the world. What I can say, based on the specs I've seen and the tests, is that it was designed to be very secure. I can tell you that it would get more than 400 hours of a very large cluster to break a single floppy disk. And you would have to know the algorithm. The point here is that it's not pratical to do it, to pay that much money to break a single disk with maybe 300 votes. The next point would be the collector but it does not compute anything. It only reads the disk and transmit the unmodified package to the regional court (TRE). There it gets decrypted and processed (for regional content only). Both TREs and TSE have the keys inserted on the system just before the start of computing of votes. The system receives a VERY secure layer that logs EVERYTHING. Not even the admins or the handful of people that knows the keys can erase logs. The logs are kept in different places simultaneously. And for those that want to argue that a hacker could get in, the Internet connection is isolated to only HTTP serving on isolated machines. I kow there are good hackers, but capable of hacking a disconnected machine I've never seen one.
I can't argue for TSE not openning the code for everyone to look. I have heard pro and con arguments. Both have good and bad points. Since I was only in a technical position, the politics of the solution were left to the bosses.
The problem with the old ones is that they have a natural resistance to using technological devices, not only voting machines. The real problem is not that, not even uneducated people. The real problem is that we have thousands of candidates when we know only some of them can have any chance of being elected. We have some VERY small parties that adds nothing to democracy. It's not possible to make anything more user-friendly to select 700 candidates on a small screen. They have to memorize numbers. This causes more than half of the problems: old ones can't remember 6 multidigit numbers, period; uneducated people doesn't know how to read, so how would they follow the instructions? Yes, there were usability tests, this mode was the least problematic one, not the ideal one.
The disks, if they show CRC erros or something alike, can be redone in the same voting machine. And no, the 1.44 MB floppy disk is NOT the only place it's stored. Data is stored in FLASH inside the machine. The disks are created by a command of the responsible person anytime it's needed.
About printing votes: every party on Brasil, small or big, has the right to inspect the code, just need to do it formally. If the code is really coyrighted, they'll problably need to sign some sort of NDA. But it's available. Printing the vote has been done here in Brasilia. Any party can ask the judge to check the counters. For what I've seen, it's really unprobable that it would give any difference, but...
At last, there is only two occasions where a voter can be identified: if there is only one vote at the machine or everyone voted exactly like the first one, both for obvious reasons:) . Except those 'very unlikely' possibilities there is no way of identifying anyone. There are two separate lists: the voters, to keep tha data of who can vote and who voted; the candidates with their respective vote count. Since the first one has not list of the votes, only who voted, and the second one has no list of who voted on them, how can you correlate the two? (hint: no foreign key = no relation).
I tried to show people that we have the best technology in the world for voting. I have not said it was perfect cause it's not. We have a mix of problems that range from voter problems, voting system problems, voting machine problems. But with all the problems we knew that some governors were elected in less then 6 hours, we knew that it would need a second turn for president election in less than 8 hours, and so on. No country on the world can do it (proportionally by the number of voters). People say we can't trust our own system cause no developed country uses it. Do you really think they want to buy the technology from anyone in the world? They want to SELL the technology. But our technology is more advanced and they are almost recognizing it. Compare it to USA elections...:)
And just for the record: I'm a FORMER TSE employee, don't know what is happening now. I trust the people that I worked with. Since they are the sysadmins, I'm very calm about it all. Nice second turn of voting for us all and happy free work for you.
As long as I know the military are not involved. The institute that developed it is independent of the military forces.
For the places that would be too distant to have a collector (a computer that gets the voting machine disk and transmitting it) connected to a phone line, there is a satellite transmitter. This far places are group by micro-regions and every micro-region has a transmitter. Not only Amazonas, Acre, Roraima and Rondonia have it. Every very distant place uses the same mechanism.
I worked for TSE (higher election court), responsible for the elections. I've seen the development of the computer ballot system.
I can tell you all, brazilians and everyone, else that the system is very good. Aside from some failing hardware which accounts for up to 3% of total computer ballots, we have a very highly reliable system.
The most vulnerable part of the system is still the voters. In some places people really trade votes for shoes, money, promises, glasses, food. It's a shame. Our politicians diguised their ruling through ignorance on a "democratic" talk of opening the system for everyone, including completely uneducated people. They are the most influenciable ones cause they also are the poorest. The politicians knows it and keeps them uneducated so they can't escape this vicious cycle. This is our most shameful problem.
But with all this problems we still have one of the most efficient voting systems. Counting starts almost immediately after the end of voting. No one cam manipulate the votes. There is a high degree of cryptography applied in the system. No single party or group knows the algorithm and the keys at the same time. Only a handful of people know the keys, to be precise.
Perhaps the best assurance of the reliability of the results are that the TSE needs to have a perfectly clean and fast system. This happens cause the work this court does, aside from preparing the elections, could be done by other courts. Judgement of election problems could easily be done by normal justice channels. But the very good levels of satisfaction with the work done by TSE (and all lower level election courts) makes them immune to the constant attacks on its existence. Make a bad move and say goobye to all that power and visibility that a position there can get.
After this somewhat extensive reply I would like to say that people from other countries cannot imagine the real dimensions of our elections: 115 million voters, 6 president candidates, thousands of candidates for other positions (we are voting for 6 positions in total). It's like 5 or 6 elections in one. And we do not want to have the really shameful example of the USA where two president candidates admited frauding the elections. Our system make it impossible here. And for those that do not trust anything, we are introducing a printed paper copy of the voting, obviously not revealing the voter. Anytime you can go there and verify if the printed votes represent exactly what the computer ballot system says. And the voter look at the printed copy, can confirm it's what it was inputed and, if all ok, just press Confirm and the printed vote is kept at the ballot automatically, with the electronic one computed. For the paranoid, the software used, including the sources, was seen by computer experts hired by the political parties. Let's say that all the precautions were taken in account.
For all us brazilians, good voting. For the others keep looking, we are doing a good job here.
Do you think Free Market can handle the big guys? I really hope so, but the rethoric and the actions are somewhat different when the big developed countries enter the game.
Just to exemplify: I live in Brazil and USA are imposing us ALCA as a form of "Free Market" alternative, as long as we drop all our (supposed) barriers. But then USA comes with some iron barriers, orange jucie barries, shoes barriers, all sort of barriers. Free Market? Come on, "do what a say, not what I do" is the big guys motto.
This introduces my real argument: wherever faced with competition, the big companies, like the big countries, always get the protectionism path. They say they are 100% on capitalism, but when faced with competition from better technologically equiped guys, they go crying to get laws to ban competition! But competition IS the essence of capitalism. Monopolies/Oligopolies are the essence of COMMUNISM. Aren't the american (just for example, apply the same to any big developed country) companies strong enough to compete? If they're not, DIE. The americans were the first to say it, they throw it down our throats all the time but when they face their own evils then it's time to lock competition, protect fading industries and put americans to pay for it (and the rest of the world too). Apply the same to the internal american market and look at the same picture: fading industries trying to withold their claws even on the same americans that believe on the capitalist rethoric spelled by their own leaders.
I would really love to be there but I can't. But if someone will go there I have a suggestion:
1 - Beat them in their own game: Ask about Palladium, spend some time gaining the trust of the people there as you are "really" interested in.NET and Palladium, ask if you have the source of a.NET program and compile it with VB.NET, will it be able to run? If not, how will.NET programs developed in-house will run on your own computer you bought? If they answer it'll be signed automatically cause some technology always trust.NET ask them if you can do the same with a C program create in Linux would work on the same machine. I can bet they will be somewhat perplex and will have to pause for some time to think and will be very shameful to not answer and will say he will need to ask his manager.
I would pay a lot just to see it. Obviously, be prepared to answer politely but also do it in front of A LOT of suits so they can become scared of the answers.
2 - Another linux guy would do FUD: Wherever a person ask any interested question for MS product or technology one of our guys "appears" and ask if MS can give him a CD with the latest service pack or hotfix that fixes the problem with Windows XXX (choose 2000 or XP) that permits a hacker to read all that personal files, including credit card info, lover name and phone, industrial secret, or that failure in Outlook that permits the new virus that signs you automatically in all p0rn sites in the Internet and sends a copy to the papers... (you got the idea, just do not force too much as I exemplified, it was just educational:) ). FUD on its best form:) Again, it could be categorized as Beat Them In Their Own Game. Would be hilarious to see each and every suit hearing this, hilarious at best.
Ok people, it was just too long for a post but these are just anecdotal pieces of a fighting strategy Linux people will have to prepare. Believe when I say MS will be prepared to fight. Read some Sun Tzu (know about the enemy and yourself and you will never lose).
Good luck and please report back the most hilarious pieces:)
As long as I know double taxing is a forbidden practice in almost any countries' law doctrines. It hurts the production so much that the State begins to feel a reduction in the tax amount. Or a little more clearly, they shoot their own foot.
Not that RIAA may have a clue on it but we are watching the "Rise and Fall of the Record Industry". Their actions are making people angry, the artists are the same and (let's call flames) Britney Spears, for example, is not a very "talented" artist (that depends on where you look, but I was really talking about singing:) ).
Let's talk about 4.2 billion. Wow, after that really awfull day 11 I thought USA would really get a submersion on the seas of recession. But that patetic industry could keep the last year figures even when almost all other business falled in sales. 11 billion for a 3 quarters effective year seems nice to me. But let's see some nice statistics in action: we buy a Big Mac and only I eat it. Statistically (using mean) we both ate half a Big Mac, but you keep hungry. It remembers me of a sage teacher who said: Lie is just a statistic badly calculated.
It's only me or it's blocking free speech (if free speech still exists in USA, anyway)? At the majority of the countries deemed "democratic" free speech is guaranteed by constitution. I really can't care more of the vendor's image, I care about my own: if my site get robbed because someone's software for which I paid I would be VERY upset cause my customers would be at risk because of me. If I get it free, it's my decision, I assume the risk since I paid nothing.
So I could happilly accept the proposed standard if the vendor has to pay for damages ocurred because of its software in a proportion of what you paid (this releases free software from any problem). Say you paid $1,000.00 for a Web Server, someone informed the Vendor of a vulnerability and after 30 days they did nothing and your site got hacked, they would pay you 100 times the value ($100,000.00). Believe me when I say they would be much more "responsive".
Back on the free speech. Imagine a serial killer that only kills white male men wearing blue shirts at midnight in a city. If you live there, would you wait until police captures the killer to publish the story? I, as a male man wearing blue shirt living in that city would be VERY gratefull to know it and, at least, avoid using the shirt or beeing at the streets at midnight.
At least what they said. No one have a single proff of it besides their word. I'm not saying they didn't it, but scientifically speaking, it was not audited and could not be reproductible so it's not science, it's speculation. Santos Dumont flight was seen by hundreds of people, have photographs, film and so on, was reproduced lots of times and was the real base for the comercial aviation as we all know.
I agree that other technologies came first (balloons, dirigibles, etc), but Santos Dumont was the real thing to be consistently called a powered flying machine. But they all add their insights to the work of one man, Leonardo da Vinci, the real genius behind lots of our inventions: Parachute, Helicopter, Delta Wing, etc.
Slashdot Mirror
Just to mention, aside from the obvious advantage of our elections in Brazil over the US elections: the TV networks could manage to deliver almost instant voting data for the public, including statistics, pre-voting predictions and so on.
If the USA voters want a clean, fast and effective election, send the people responsible for it to Brazil, put your pride away and admit it works nicely.
I can't sign a paper stating it's unvunerable. I have not created it so I can't swear it's the eighth wonder of the world. What I can say, based on the specs I've seen and the tests, is that it was designed to be very secure. I can tell you that it would get more than 400 hours of a very large cluster to break a single floppy disk. And you would have to know the algorithm. The point here is that it's not pratical to do it, to pay that much money to break a single disk with maybe 300 votes. The next point would be the collector but it does not compute anything. It only reads the disk and transmit the unmodified package to the regional court (TRE). There it gets decrypted and processed (for regional content only). Both TREs and TSE have the keys inserted on the system just before the start of computing of votes. The system receives a VERY secure layer that logs EVERYTHING. Not even the admins or the handful of people that knows the keys can erase logs. The logs are kept in different places simultaneously. And for those that want to argue that a hacker could get in, the Internet connection is isolated to only HTTP serving on isolated machines. I kow there are good hackers, but capable of hacking a disconnected machine I've never seen one.
...
:) . Except those 'very unlikely' possibilities there is no way of identifying anyone. There are two separate lists: the voters, to keep tha data of who can vote and who voted; the candidates with their respective vote count. Since the first one has not list of the votes, only who voted, and the second one has no list of who voted on them, how can you correlate the two? (hint: no foreign key = no relation).
... :)
I can't argue for TSE not openning the code for everyone to look. I have heard pro and con arguments. Both have good and bad points. Since I was only in a technical position, the politics of the solution were left to the bosses.
The problem with the old ones is that they have a natural resistance to using technological devices, not only voting machines. The real problem is not that, not even uneducated people. The real problem is that we have thousands of candidates when we know only some of them can have any chance of being elected. We have some VERY small parties that adds nothing to democracy. It's not possible to make anything more user-friendly to select 700 candidates on a small screen. They have to memorize numbers. This causes more than half of the problems: old ones can't remember 6 multidigit numbers, period; uneducated people doesn't know how to read, so how would they follow the instructions? Yes, there were usability tests, this mode was the least problematic one, not the ideal one.
The disks, if they show CRC erros or something alike, can be redone in the same voting machine. And no, the 1.44 MB floppy disk is NOT the only place it's stored. Data is stored in FLASH inside the machine. The disks are created by a command of the responsible person anytime it's needed.
About printing votes: every party on Brasil, small or big, has the right to inspect the code, just need to do it formally. If the code is really coyrighted, they'll problably need to sign some sort of NDA. But it's available. Printing the vote has been done here in Brasilia. Any party can ask the judge to check the counters. For what I've seen, it's really unprobable that it would give any difference, but
At last, there is only two occasions where a voter can be identified: if there is only one vote at the machine or everyone voted exactly like the first one, both for obvious reasons
I tried to show people that we have the best technology in the world for voting. I have not said it was perfect cause it's not. We have a mix of problems that range from voter problems, voting system problems, voting machine problems. But with all the problems we knew that some governors were elected in less then 6 hours, we knew that it would need a second turn for president election in less than 8 hours, and so on. No country on the world can do it (proportionally by the number of voters). People say we can't trust our own system cause no developed country uses it. Do you really think they want to buy the technology from anyone in the world? They want to SELL the technology. But our technology is more advanced and they are almost recognizing it. Compare it to USA elections
And just for the record: I'm a FORMER TSE employee, don't know what is happening now. I trust the people that I worked with. Since they are the sysadmins, I'm very calm about it all. Nice second turn of voting for us all and happy free work for you.
As long as I know the military are not involved. The institute that developed it is independent of the military forces.
For the places that would be too distant to have a collector (a computer that gets the voting machine disk and transmitting it) connected to a phone line, there is a satellite transmitter. This far places are group by micro-regions and every micro-region has a transmitter. Not only Amazonas, Acre, Roraima and Rondonia have it. Every very distant place uses the same mechanism.
I worked for TSE (higher election court), responsible for the elections. I've seen the development of the computer ballot system.
I can tell you all, brazilians and everyone, else that the system is very good. Aside from some failing hardware which accounts for up to 3% of total computer ballots, we have a very highly reliable system.
The most vulnerable part of the system is still the voters. In some places people really trade votes for shoes, money, promises, glasses, food. It's a shame. Our politicians diguised their ruling through ignorance on a "democratic" talk of opening the system for everyone, including completely uneducated people. They are the most influenciable ones cause they also are the poorest. The politicians knows it and keeps them uneducated so they can't escape this vicious cycle. This is our most shameful problem.
But with all this problems we still have one of the most efficient voting systems. Counting starts almost immediately after the end of voting. No one cam manipulate the votes. There is a high degree of cryptography applied in the system. No single party or group knows the algorithm and the keys at the same time. Only a handful of people know the keys, to be precise.
Perhaps the best assurance of the reliability of the results are that the TSE needs to have a perfectly clean and fast system. This happens cause the work this court does, aside from preparing the elections, could be done by other courts. Judgement of election problems could easily be done by normal justice channels. But the very good levels of satisfaction with the work done by TSE (and all lower level election courts) makes them immune to the constant attacks on its existence. Make a bad move and say goobye to all that power and visibility that a position there can get.
After this somewhat extensive reply I would like to say that people from other countries cannot imagine the real dimensions of our elections: 115 million voters, 6 president candidates, thousands of candidates for other positions (we are voting for 6 positions in total). It's like 5 or 6 elections in one. And we do not want to have the really shameful example of the USA where two president candidates admited frauding the elections. Our system make it impossible here. And for those that do not trust anything, we are introducing a printed paper copy of the voting, obviously not revealing the voter. Anytime you can go there and verify if the printed votes represent exactly what the computer ballot system says. And the voter look at the printed copy, can confirm it's what it was inputed and, if all ok, just press Confirm and the printed vote is kept at the ballot automatically, with the electronic one computed. For the paranoid, the software used, including the sources, was seen by computer experts hired by the political parties. Let's say that all the precautions were taken in account.
For all us brazilians, good voting. For the others keep looking, we are doing a good job here.
Do you think Free Market can handle the big guys? I really hope so, but the rethoric and the actions are somewhat different when the big developed countries enter the game.
...
Just to exemplify: I live in Brazil and USA are imposing us ALCA as a form of "Free Market" alternative, as long as we drop all our (supposed) barriers. But then USA comes with some iron barriers, orange jucie barries, shoes barriers, all sort of barriers. Free Market? Come on, "do what a say, not what I do" is the big guys motto.
This introduces my real argument: wherever faced with competition, the big companies, like the big countries, always get the protectionism path. They say they are 100% on capitalism, but when faced with competition from better technologically equiped guys, they go crying to get laws to ban competition! But competition IS the essence of capitalism. Monopolies/Oligopolies are the essence of COMMUNISM. Aren't the american (just for example, apply the same to any big developed country) companies strong enough to compete? If they're not, DIE. The americans were the first to say it, they throw it down our throats all the time but when they face their own evils then it's time to lock competition, protect fading industries and put americans to pay for it (and the rest of the world too). Apply the same to the internal american market and look at the same picture: fading industries trying to withold their claws even on the same americans that believe on the capitalist rethoric spelled by their own leaders.
Strange time it is
I would really love to be there but I can't. But if someone will go there I have a suggestion:
.NET and Palladium, ask if you have the source of a .NET program and compile it with VB.NET, will it be able to run? If not, how will .NET programs developed in-house will run on your own computer you bought? If they answer it'll be signed automatically cause some technology always trust .NET ask them if you can do the same with a C program create in Linux would work on the same machine. I can bet they will be somewhat perplex and will have to pause for some time to think and will be very shameful to not answer and will say he will need to ask his manager.
... (you got the idea, just do not force too much as I exemplified, it was just educational :) ). FUD on its best form :) Again, it could be categorized as Beat Them In Their Own Game. Would be hilarious to see each and every suit hearing this, hilarious at best.
:)
1 - Beat them in their own game: Ask about Palladium, spend some time gaining the trust of the people there as you are "really" interested in
I would pay a lot just to see it. Obviously, be prepared to answer politely but also do it in front of A LOT of suits so they can become scared of the answers.
2 - Another linux guy would do FUD: Wherever a person ask any interested question for MS product or technology one of our guys "appears" and ask if MS can give him a CD with the latest service pack or hotfix that fixes the problem with Windows XXX (choose 2000 or XP) that permits a hacker to read all that personal files, including credit card info, lover name and phone, industrial secret, or that failure in Outlook that permits the new virus that signs you automatically in all p0rn sites in the Internet and sends a copy to the papers
Ok people, it was just too long for a post but these are just anecdotal pieces of a fighting strategy Linux people will have to prepare. Believe when I say MS will be prepared to fight. Read some Sun Tzu (know about the enemy and yourself and you will never lose).
Good luck and please report back the most hilarious pieces
As long as I know double taxing is a forbidden practice in almost any countries' law doctrines. It hurts the production so much that the State begins to feel a reduction in the tax amount. Or a little more clearly, they shoot their own foot.
:) ).
...
Not that RIAA may have a clue on it but we are watching the "Rise and Fall of the Record Industry". Their actions are making people angry, the artists are the same and (let's call flames) Britney Spears, for example, is not a very "talented" artist (that depends on where you look, but I was really talking about singing
Let's talk about 4.2 billion. Wow, after that really awfull day 11 I thought USA would really get a submersion on the seas of recession. But that patetic industry could keep the last year figures even when almost all other business falled in sales. 11 billion for a 3 quarters effective year seems nice to me.
But let's see some nice statistics in action: we buy a Big Mac and only I eat it. Statistically (using mean) we both ate half a Big Mac, but you keep hungry. It remembers me of a sage teacher who said: Lie is just a statistic badly calculated.
Just my thoughts
It's only me or it's blocking free speech (if free speech still exists in USA, anyway)? At the majority of the countries deemed "democratic" free speech is guaranteed by constitution. I really can't care more of the vendor's image, I care about my own: if my site get robbed because someone's software for which I paid I would be VERY upset cause my customers would be at risk because of me. If I get it free, it's my decision, I assume the risk since I paid nothing.
So I could happilly accept the proposed standard if the vendor has to pay for damages ocurred because of its software in a proportion of what you paid (this releases free software from any problem).
Say you paid $1,000.00 for a Web Server, someone informed the Vendor of a vulnerability and after 30 days they did nothing and your site got hacked, they would pay you 100 times the value ($100,000.00). Believe me when I say they would be much more "responsive".
Back on the free speech. Imagine a serial killer that only kills white male men wearing blue shirts at midnight in a city. If you live there, would you wait until police captures the killer to publish the story? I, as a male man wearing blue shirt living in that city would be VERY gratefull to know it and, at least, avoid using the shirt or beeing at the streets at midnight.
Just my 2 cents
At least what they said. No one have a single proff of it besides their word. I'm not saying they didn't it, but scientifically speaking, it was not audited and could not be reproductible so it's not science, it's speculation. Santos Dumont flight was seen by hundreds of people, have photographs, film and so on, was reproduced lots of times and was the real base for the comercial aviation as we all know. I agree that other technologies came first (balloons, dirigibles, etc), but Santos Dumont was the real thing to be consistently called a powered flying machine. But they all add their insights to the work of one man, Leonardo da Vinci, the real genius behind lots of our inventions: Parachute, Helicopter, Delta Wing, etc.