There are multiple copyrights in a piece of music.
The tune in itself is copyrighted, and the words (if there are any) exist under a separate copyright of their own. So you could, for instance, sing Hal David's words to a tune of your own invention and not owe Burt Bacharach anything. There was a fad in the 1980s to set new words to the tunes of advertising jingles, turning them into crappy love songs. And at least one record has had to be re-released with the words sung to a different tune; it was some sort of dance thing from the early 1990s that, as was the fashion of the time, borrowed an existing tune.
So that's potentially two copyrights. When a song is published as sheet music, it is eligible for another copyright because there is a creative step: that of expressing it in musical notation in such a way that it can actually be played on an instrument. (OK, you might not think it's particularly creative, but this is what the courts have decided over the years. Given a sufficiently persuasive argument, the courts might change their minds.) Bear in mind that some instruments have a limited compass, and even certain sequences of the available notes may not be physically possible due to mechanical constraints (e.g. on the harmonica, some notes are played by exhaling and some by inhaling. You can't repeat DFAF -- the notes of a Dm chord, and all "draw" notes - indefinitely). So there is arguably some skill in arranging a tune to "fit" an instrument.
Musical notation is, to all intents and purposes, a programming language (though not computationally complete according to Church and Turing). While there's no IP in a mathematical operation, a program which performs that mathematical operation is copyrightable. If someone re-implemented all the functionality of Microsoft Office in Python+GTK, they wouldn't be violating any copyright, because Microsoft's copyright only covers the original VisualBASIC (an educated guess; I'm not sure what language it was actually written in, but you know what I mean) source code and its compiled analogue.
So there are potentially three separate copyrights in a piece of music, before anyone even performs it..... and when they do, any recording of the performance will be subject to a fourth copyright!
Yeah, your vote is displayed for you to see. However, there's still an absolute shedload of votes that you cannot check. Here's a hypothetical result:
DY001 LABOUR DY002 LABOUR DY003 CONSERVATIVE DY004 GREEN DY005 CONSERVATIVE DY006 LABOUR DY007 OPEN SOURCE PARTY DY008 LABOUR
I know one of those votes is mine because my ID DY007 is in there and the party against it is the party I voted for. But I don't know anyone else's ID, or who any of them voted for. As far as I know, all the Labour votes could be fake. And nobody is ever going to know because abstainers don't check that they didn't vote. (Don't suggest making voting compulsory. An abstention is a valid vote. Plus, if you make voting compulsory, you're going to get people voting for the tallest candidate / the one with the best haircut / the black one / the woman / the one who used to be on TV / the one they think most likely to win..... not necessarily the best person for the job. Parties are already aware of this when fielding candidates.)
And it gets worse. If they know who your friends, neighbours and family are, democracy is dead and buried. All they have to do is create a different, personalised version of the list for every voter; showing their own vote, and those of their close friends and family, rendered correctly. My blue-rinsed aunt voted conservative..... check. My grandfather, a former coal miner, voted labour..... check. The dippy tart down the street with the blue hair voted green..... totally believable. Strangers' votes can be altered any way they like because you have no way to verify them. They could use DRM technology to make sure the lists were not printable, and make it a serious offence even to try (since it looks like election fraud / voter coercion; a quick flash of something on a screen isn't as bad as a stack of papers searchable at leisure).
There's just no way to check a vote after the event. Any method you try can be subverted and the stakes are high enough that somebody will want to try. Better to try to make sure there is no need to check.
Yeah, vote selling, vote buying, poll taxes, outright exclusion for being an unfavorable race/ethnic group/religion and other forms of coercion, both subtile and gross, NEVER existed before electronic balloting.
Electronic voting, in and of itself, doesn't do anything to prevent any of those problems. It does, however, introduce additional problems of its own. Not the least of which is that whilst any school leaver can understand the whole process of writing a set of numbers against a list of names, putting the papers in a box, and sorting out all the papers according to which name has a number "1" written next to it, an electronic device requires a more advanced level of education to understand. This severely limits the number of potential election scrutineers, since it creates a whole new way to cheat: by doing something that an observer who does not fully understand the operation of the machinery will not recognise as cheating. Pencil and paper and hand-counting has the advantage of universally comprehensibility.
That corporations regard their internal secrets as more important than the due processes of democracy is a travesty, but it isn't an inherent problem of electronic voting: a sane and non-corrupt government would have insisted for complete blueprints, schematics and firmware listings to be published in order for them to be analysed by everyone capable of doing so, sufficiently far in advance of their adoption.
Back in the Bad Old Days, you could assume any (dot matrix) printer was an Epson RX80F/T (if you owned a Beeb) or an IBM ProPrinter (if you owned an IBM-compatible). Any that wasn't, mostly used the same control codes anyway. Come to think of it, the IBM was similar to an earlier version of the Epson; except the IBM has a full 256 character set where the Epson used characters 160-255 as italicised versions of 32-127. I never owned a daisy wheel printer but, since they were generally less capable machines, I suspect they didn't have much in the way of control codes.
But I digress. Of course you're right, in a way. The Unix world sort of beat you to it and standardised on PostScript as a page description language. Now, any application for Apple Mac, BSD, Linux or Solaris generates Postscript; and any "printer driver" for such an operating system is a PostScript interpreter. All that's needed now is an extensible standard for describing features like paper trays, duplex &c.
Unfortunately, I don't think manufacturers are likely to want to co-operate. Having different, conflicting standards benefits them. All printers available today (except industrial ones) are crap, designed down to a price -- and often that price is £0, because the manufacturer plans to make the money back by selling ink. The time has come for a manufacturer to enter the marketplace with an industrial-built printer, running from bulk ink (i.e. you fill it from recyclable glass bottles holding a litre each), just as people are twigging onto how awful printers are. This could have all your fancy features. It would have one interface: ethernet. It would use DHCP to try to get an IP address. It would implement a print server on port 9100 and a web server on port 80. The features would be described by an XML document (therefore, human- as well as machine-parseable). It would have a 16-digit LCD and some buttons for a rudimentary user interface in case all else fails.
But in order to access your files, a malicious interloper needs one of four things: (1) the file to have group or world read permission set; (2) your user password; (3) the machine's root password; or (4) for you to leave a login active. You can control (1), (2) and (4), and if it's your own machine then you can control (3). Well-written software will chmod files for you and/or warn you of dangerous permissions. Treat your user password with the same reverence reserved for your root password. If you're root, create a new user if anybody wants to borrow your machine. Make sure your screensaver is set to require a password, and never leave text mode consoles logged in while the machine is unattended -- especially not as root. (You don't need to be root to view logs; put your ordinary user account into the group which owns the logfile. Or you can use an inittab entry to have the syslog, or whatever you're interested in, scrolling continuously up a spare console.)
If you have people looking over your shoulder as you're editing files then you probably shouldn't be storing passwords, encrypted or not. What makes you sure that the person looking over your shoulder won't be able to mentally decrypt the passwords they are seeing -- especially if it's done with a weak scheme such as ROT-13? You know which file they're kept in, so just don't edit it while anybody is watching, and flick to a different screen if someone comes by once you've started! After all, you have to start an editor in order to bring it up on screen. That's as big a step as Firefox uses.
it could use a keypair stored somewhere more securely so that even if someone compromises the security of your home directory and gets your Gaim config file but doesn't get your keypair they still can't decrypt it
False. Gaim, which runs as you, has access to the keypair. This means anyone who has your password has access to the keypair.
The encrypted passwords stored in/etc/shadow or/etc/passwd never need to be decrypted (in fact, to all intents and purposes, they can't). All you have to do to check that the right password was entered is encrypt what the user typed using the same method, and see if you get the same answer. But that only works because the machine they are stored on is the machine you are logging into, and the passwords don't need to be sent anywhere else; we are only interested to compare the stored and typed passwords.
There's no point encrypting the passwords. Think about it for a minute..... Gaim has to be able to decrypt them in order to send them to the messaging server. So anybody who wanted to decrypt the stored passwords would just need to download Gaim, extract and compile the portion of the code which decrypted the passwords, and save that as their "Gaim password cracking utility". Meanwhile, anyone who didn't know just how easy it is to do this might make the mistake of thinking their passwords were secure because they were encrypted.
Your passwords are stored in the clear, but they are also in your own home directory. So, just set the permissions on the file to 600. Now nobody else can read them, unless they know either your user password or the root password. In either case, you've almost certainly got drier lentils to soak than a few poxy internet messenger passwords.
If you are still paranoid, just don't store the passwords.
The problem with microkernels is that you're putting the "fence" where it looks pretty -- not where it's practical. The appropriate place for the fence is where the minimum amount of data has to cross it, and that's not necessarily where it contains the minimum amount of code.
Device drivers must, at some level, have a kernel component; because nothing in userland is allowed to talk to I/O ports. Only the kernel can do that. At the very least there must be a kernel component which accepts an instruction to read or write an I/O address and returns a result, via some method which is available to userland software. Of course, if you have a totally generic kernel driver which allows any userland program arbitrary access to any I/O ports without checking, then you have just knocked down the fence altogether. So a kernel driver needs to have at least some sanity-checking built into it.
Printers should not require kernel mode, nor should video cameras etc.
A printer connects to one of the peripheral buses (simple I/O or USB, which ultimately is talked to through simple I/O ports). It needs kernel mode in order to do that. In the minimal case, you have a very simple kernel mode program which blindly passes unchecked data to the physical port (which is shut off from user mode programs) from some virtual port (to which user mode applications are allowed to talk, and which may look like a writable file). In the maximal case, you have an entire PostScript interpreter running in kernel mode.
What did they do anyway that was so illegal or wrong?
AFAICT, Lik Sang bought goods in one place, thereby invoking "Exhaustion of Rights" -- i.e., the law which says that once you have sold something that used to have been your property once to somebody else, whatever the hell they do with it next is none of your bloody business -- and sold the same goods in another place. What's so terrible about that? For crying out loud, there are laws in place that protect your right to do exactly that! For instance, on the European Mainland, DVD players must be multi-region; because it has been ruled by the European courts that preventing a movie sold in one country from being watched in another is anti-competitive behaviour. How is this not the case with video games? Or is this another bit of the Maastricht Treaty that John Major opted us out of while he was Prime Minister?
An IEEE standard compliant DVD encrypts the video content with a symmetric key system (CSS), and then hides the key on a non-writable section of the disc. Breaking this encryption violates patent and/or contract law.
Except that, at least in the limited case where you are the rightful owner of the DVD, the encrypted message which it contains is specifically not a secret from you. It may be a secret from anyone who hasn't paid for the DVD, but you -- by virtue of ownership -- are "in" on the secret. And, therefore, because you own the DVD, you have a right -- under common law -- to view that encrypted content to which you are privy. This implies a right to perform any necessary act in the course of viewing it.
The DVD Copy Control Association might like for this not to be so, but it is. The patents they hold are unenforcible in many jurisdictions in any case.
The copyright holder has always been free to try to stop you by other means (contracts, technological means, etc).
And you have always been free to stomp all over those methods and exercise your statutory rights. If the Law of the Land gives you a right to do something, you retain that right -- and if you signed a contract promising somebody that you wouldn't, then that contract is worthless. That's the definition of an inalienable right.
You can usually see enough of a person's hand to see what they are doing -- either they will use one finger in a hunt-and-peck fashion, or dedicate a finger to each column. Stand and watch a few people. Most are unbelievably careless.
Next time you're standing behind someone entering their PIN, don't watch the fingers -- watch the arm all the way up to the shoulder. It's the tendons you need to pick up on. If they're wearing short sleeves, it's very easy. Give it a go sometime. After enough attempts, the number will just scream out at you.
Note that all this is only possible because the keypad is static. A keypad with displays in each button that could be randomly re-arranged for each user would combat this. Also, if the till software were designed so that the "scanning" phase of one transaction could be started while another shopper is completing the "payment" phase of theirs, little to no time would be wasted (assuming the majority of transactions proceed without intervention and are accepted by the bank).
Does anyone know if it would be possible to patent being robbed by the above methods? Patenting the actual robbery from the thief's point of view might be a bit of a problem because it's illegal, any royalties you were due might be considered proceeds of crime, and you would actually have to catch the perpetrator to stand a chance of getting paid. But if the robbery victim infringes upon the patent by the simple act of being robbed -- which is not necessarily illegal, depending on what is stolen -- you already have the victim right there telling the story of how they did the very same thing you own a patent on. And they're probably insured too.
The PIN protected chip is tantamount to useless, since no signature is required. It takes about an hour to learn to forge a signature convincingly. But a person can be persuaded to disclose a four-digit number in a matter of seconds, with suitable application of blade to throat. If there are two of you, one can hold the victim while the other carries out a transaction in a nearby store to verify that the PIN worked. Alternatively, you can obtain a PIN non-intrusively by watching a person entering it on a keypad -- they are still unlikely to twig that anyone else knows their PIN. (For obvious reasons, this is easiest in the Summer months.) Then you can lift their card subtly. You might even be able to replace the card before they suspect a thing.
From the point of view of the banks, chip and PIN is excellent because it eliminates a human decision (is that signature correct?). If money went out of your account, it must have been because somebody used your PIN -- but as far as the bank are concerned, only you know your PIN, so it must have been you.
Delegation of rights is what it comes down to; and it really ought to be called Freedom Number Four. And this is an issue for all competent programmers; because, by not opening up their software, the likes of Microsoft are denying us the opportunity to make a living out of fixing their cock-ups.
And G W Bush has added the following to the US constitution: "6 rolls 2-ply luxury bathroom tissue. 100% recycled paper. Average 240 sheets per roll. Sheet size 110 x 125mm. Total area 13.2m2."
Actually, I can see exactly how a government-mandated system would work. Basically, the Ministry for Information Technology would need to be empowered (1) to annul copyrights and patents, (2) to block the sale of software products and (3) to block the sale of hardware products. Every software vendor would be required to guarantee the performance of their software and lodge a copy of their Source Code with the Ministry for IT -- unless the Source Code was made available to the User, thus allowing the User to make their own decision. Every hardware vendor would be required to guarantee the performance of their hardware, lodge full programming details of their hardware with the Ministry, and to supply said details (which are not secret but form part of the operating instructions for the device) gratis on demand to rightful owners of an example of said hardware (unless they were included in the retail package). nVidia, ATI, this means you! The Ministry for IT would additionally have the right to use its knowledge of the Source Code of software for the purpose of evaluating it for Government use -- and for development of any tools necessary for interoperability and/or migration purposes.
In the event of vendor non-compliance, sales of the non-compliant item would be banned; any copyrights and/or patents relating to the non-compliant item would be annulled and any details supplied to the Ministry for IT would be made public. Thus permitting the Community At Large to take responsibility where vendors have let Users down.
Receipts and audit trails in voting systems are solving the wrong problem.
If you have a leaky roof, the correct solution is not to install a drainage trough in the floor. If you go down the floor drain route you will eventually end up installing an alarm system to detect blockages, a plug-in air freshener to deal with the smell when the blockage alarm fails to go off and the drain gets blocked, joss sticks for use during power failures when neither the alarm nor the plug-in air freshener work, and you'll still have a leaky roof.
If there is any way for the person who cast a vote to be able to identify it as theirs, then there is also a way for someone else to do identify who cast a vote. Which creates the opportunity for corruption. If voters are issued with a receipt for the transaction, which they remove, then a failure mode is introduced where the receipt does not match the ballot. Also, unless receipts are readily falsifiable, an opportunity for corruption is created (imagine a boss allowing workers time off to vote as long as they shew their receipt, showing a vote for the local Tory candidate and the boss's cousin, on returning to the factory). And if receipts are readily falsifiable then they are of questionable value. If there is a separate audit log stored within the machine, there is still the failure mode where the log does not match the ballot.
Much better would be to ensure that procedures are in place such that it is as difficult as possible for the result to be interfered with after a ballot is cast. The easiest and best way of doing this is still pencil-and-paper, one race per ballot, one box per race (with different coloured and/or sized papers, so that a ballot in the wrong box can quickly be identified and moved to the right pile) and manual counting in the polling station, under the scrutiny of representatives of all candidates. Disabled voters should be allowed to bring a carer whom they trust to help them use the same system as everybody else.
Slashdot Mirror
Did you remember to set CONFIG_SMP=y?
There are multiple copyrights in a piece of music.
..... and when they do, any recording of the performance will be subject to a fourth copyright!
The tune in itself is copyrighted, and the words (if there are any) exist under a separate copyright of their own. So you could, for instance, sing Hal David's words to a tune of your own invention and not owe Burt Bacharach anything. There was a fad in the 1980s to set new words to the tunes of advertising jingles, turning them into crappy love songs. And at least one record has had to be re-released with the words sung to a different tune; it was some sort of dance thing from the early 1990s that, as was the fashion of the time, borrowed an existing tune.
So that's potentially two copyrights. When a song is published as sheet music, it is eligible for another copyright because there is a creative step: that of expressing it in musical notation in such a way that it can actually be played on an instrument. (OK, you might not think it's particularly creative, but this is what the courts have decided over the years. Given a sufficiently persuasive argument, the courts might change their minds.) Bear in mind that some instruments have a limited compass, and even certain sequences of the available notes may not be physically possible due to mechanical constraints (e.g. on the harmonica, some notes are played by exhaling and some by inhaling. You can't repeat DFAF -- the notes of a Dm chord, and all "draw" notes - indefinitely). So there is arguably some skill in arranging a tune to "fit" an instrument.
Musical notation is, to all intents and purposes, a programming language (though not computationally complete according to Church and Turing). While there's no IP in a mathematical operation, a program which performs that mathematical operation is copyrightable. If someone re-implemented all the functionality of Microsoft Office in Python+GTK, they wouldn't be violating any copyright, because Microsoft's copyright only covers the original VisualBASIC (an educated guess; I'm not sure what language it was actually written in, but you know what I mean) source code and its compiled analogue.
So there are potentially three separate copyrights in a piece of music, before anyone even performs it
And it gets worse. If they know who your friends, neighbours and family are, democracy is dead and buried. All they have to do is create a different, personalised version of the list for every voter; showing their own vote, and those of their close friends and family, rendered correctly. My blue-rinsed aunt voted conservative
There's just no way to check a vote after the event. Any method you try can be subverted and the stakes are high enough that somebody will want to try. Better to try to make sure there is no need to check.
That corporations regard their internal secrets as more important than the due processes of democracy is a travesty, but it isn't an inherent problem of electronic voting: a sane and non-corrupt government would have insisted for complete blueprints, schematics and firmware listings to be published in order for them to be analysed by everyone capable of doing so, sufficiently far in advance of their adoption.
Back in the Bad Old Days, you could assume any (dot matrix) printer was an Epson RX80F/T (if you owned a Beeb) or an IBM ProPrinter (if you owned an IBM-compatible). Any that wasn't, mostly used the same control codes anyway. Come to think of it, the IBM was similar to an earlier version of the Epson; except the IBM has a full 256 character set where the Epson used characters 160-255 as italicised versions of 32-127. I never owned a daisy wheel printer but, since they were generally less capable machines, I suspect they didn't have much in the way of control codes.
But I digress. Of course you're right, in a way. The Unix world sort of beat you to it and standardised on PostScript as a page description language. Now, any application for Apple Mac, BSD, Linux or Solaris generates Postscript; and any "printer driver" for such an operating system is a PostScript interpreter. All that's needed now is an extensible standard for describing features like paper trays, duplex &c.
Unfortunately, I don't think manufacturers are likely to want to co-operate. Having different, conflicting standards benefits them. All printers available today (except industrial ones) are crap, designed down to a price -- and often that price is £0, because the manufacturer plans to make the money back by selling ink. The time has come for a manufacturer to enter the marketplace with an industrial-built printer, running from bulk ink (i.e. you fill it from recyclable glass bottles holding a litre each), just as people are twigging onto how awful printers are. This could have all your fancy features. It would have one interface: ethernet. It would use DHCP to try to get an IP address. It would implement a print server on port 9100 and a web server on port 80. The features would be described by an XML document (therefore, human- as well as machine-parseable). It would have a 16-digit LCD and some buttons for a rudimentary user interface in case all else fails.
But in order to access your files, a malicious interloper needs one of four things: (1) the file to have group or world read permission set; (2) your user password; (3) the machine's root password; or (4) for you to leave a login active. You can control (1), (2) and (4), and if it's your own machine then you can control (3). Well-written software will chmod files for you and/or warn you of dangerous permissions. Treat your user password with the same reverence reserved for your root password. If you're root, create a new user if anybody wants to borrow your machine. Make sure your screensaver is set to require a password, and never leave text mode consoles logged in while the machine is unattended -- especially not as root. (You don't need to be root to view logs; put your ordinary user account into the group which owns the logfile. Or you can use an inittab entry to have the syslog, or whatever you're interested in, scrolling continuously up a spare console.)
The encrypted passwords stored in
There's no point encrypting the passwords. Think about it for a minute ..... Gaim has to be able to decrypt them in order to send them to the messaging server. So anybody who wanted to decrypt the stored passwords would just need to download Gaim, extract and compile the portion of the code which decrypted the passwords, and save that as their "Gaim password cracking utility". Meanwhile, anyone who didn't know just how easy it is to do this might make the mistake of thinking their passwords were secure because they were encrypted.
Your passwords are stored in the clear, but they are also in your own home directory. So, just set the permissions on the file to 600. Now nobody else can read them, unless they know either your user password or the root password. In either case, you've almost certainly got drier lentils to soak than a few poxy internet messenger passwords.
If you are still paranoid, just don't store the passwords.
Oh, the horror! Imagine if any Theo, Dick or Linus could modify the precious kernel!
The problem with microkernels is that you're putting the "fence" where it looks pretty -- not where it's practical. The appropriate place for the fence is where the minimum amount of data has to cross it, and that's not necessarily where it contains the minimum amount of code.
Device drivers must, at some level, have a kernel component; because nothing in userland is allowed to talk to I/O ports. Only the kernel can do that. At the very least there must be a kernel component which accepts an instruction to read or write an I/O address and returns a result, via some method which is available to userland software. Of course, if you have a totally generic kernel driver which allows any userland program arbitrary access to any I/O ports without checking, then you have just knocked down the fence altogether. So a kernel driver needs to have at least some sanity-checking built into it.
When you're editing someone else's badly-built web pages right there on the server using busybox vi, you'll be glad of capitalised HTML tags.
What did they do anyway that was so illegal or wrong?
AFAICT, Lik Sang bought goods in one place, thereby invoking "Exhaustion of Rights" -- i.e., the law which says that once you have sold something that used to have been your property once to somebody else, whatever the hell they do with it next is none of your bloody business -- and sold the same goods in another place. What's so terrible about that? For crying out loud, there are laws in place that protect your right to do exactly that! For instance, on the European Mainland, DVD players must be multi-region; because it has been ruled by the European courts that preventing a movie sold in one country from being watched in another is anti-competitive behaviour. How is this not the case with video games? Or is this another bit of the Maastricht Treaty that John Major opted us out of while he was Prime Minister?
Then download and build xPDF (or kPDF or gPDF). There's a patch you can apply which disables the disabling of copying and pasting.
The DVD Copy Control Association might like for this not to be so, but it is. The patents they hold are unenforcible in many jurisdictions in any case.
You can usually see enough of a person's hand to see what they are doing -- either they will use one finger in a hunt-and-peck fashion, or dedicate a finger to each column. Stand and watch a few people. Most are unbelievably careless.
Next time you're standing behind someone entering their PIN, don't watch the fingers -- watch the arm all the way up to the shoulder. It's the tendons you need to pick up on. If they're wearing short sleeves, it's very easy. Give it a go sometime. After enough attempts, the number will just scream out at you.
Note that all this is only possible because the keypad is static. A keypad with displays in each button that could be randomly re-arranged for each user would combat this. Also, if the till software were designed so that the "scanning" phase of one transaction could be started while another shopper is completing the "payment" phase of theirs, little to no time would be wasted (assuming the majority of transactions proceed without intervention and are accepted by the bank).
Precisely.
Does anyone know if it would be possible to patent being robbed by the above methods? Patenting the actual robbery from the thief's point of view might be a bit of a problem because it's illegal, any royalties you were due might be considered proceeds of crime, and you would actually have to catch the perpetrator to stand a chance of getting paid. But if the robbery victim infringes upon the patent by the simple act of being robbed -- which is not necessarily illegal, depending on what is stolen -- you already have the victim right there telling the story of how they did the very same thing you own a patent on. And they're probably insured too.
Yes, but tin foil can be considered drug paraphernalia.
If my name was H. Brown and I lived in SW17, I wouldn't want to be seen carrying the stuff!
The PIN protected chip is tantamount to useless, since no signature is required. It takes about an hour to learn to forge a signature convincingly. But a person can be persuaded to disclose a four-digit number in a matter of seconds, with suitable application of blade to throat. If there are two of you, one can hold the victim while the other carries out a transaction in a nearby store to verify that the PIN worked. Alternatively, you can obtain a PIN non-intrusively by watching a person entering it on a keypad -- they are still unlikely to twig that anyone else knows their PIN. (For obvious reasons, this is easiest in the Summer months.) Then you can lift their card subtly. You might even be able to replace the card before they suspect a thing.
From the point of view of the banks, chip and PIN is excellent because it eliminates a human decision (is that signature correct?). If money went out of your account, it must have been because somebody used your PIN -- but as far as the bank are concerned, only you know your PIN, so it must have been you.
EXACTLY!
Delegation of rights is what it comes down to; and it really ought to be called Freedom Number Four. And this is an issue for all competent programmers; because, by not opening up their software, the likes of Microsoft are denying us the opportunity to make a living out of fixing their cock-ups.
And G W Bush has added the following to the US constitution: "6 rolls 2-ply luxury bathroom tissue. 100% recycled paper. Average 240 sheets per roll. Sheet size 110 x 125mm. Total area 13.2m2."
Actually, I can see exactly how a government-mandated system would work. Basically, the Ministry for Information Technology would need to be empowered (1) to annul copyrights and patents, (2) to block the sale of software products and (3) to block the sale of hardware products. Every software vendor would be required to guarantee the performance of their software and lodge a copy of their Source Code with the Ministry for IT -- unless the Source Code was made available to the User, thus allowing the User to make their own decision. Every hardware vendor would be required to guarantee the performance of their hardware, lodge full programming details of their hardware with the Ministry, and to supply said details (which are not secret but form part of the operating instructions for the device) gratis on demand to rightful owners of an example of said hardware (unless they were included in the retail package). nVidia, ATI, this means you! The Ministry for IT would additionally have the right to use its knowledge of the Source Code of software for the purpose of evaluating it for Government use -- and for development of any tools necessary for interoperability and/or migration purposes.
In the event of vendor non-compliance, sales of the non-compliant item would be banned; any copyrights and/or patents relating to the non-compliant item would be annulled and any details supplied to the Ministry for IT would be made public. Thus permitting the Community At Large to take responsibility where vendors have let Users down.
Receipts and audit trails in voting systems are solving the wrong problem.
If you have a leaky roof, the correct solution is not to install a drainage trough in the floor. If you go down the floor drain route you will eventually end up installing an alarm system to detect blockages, a plug-in air freshener to deal with the smell when the blockage alarm fails to go off and the drain gets blocked, joss sticks for use during power failures when neither the alarm nor the plug-in air freshener work, and you'll still have a leaky roof.
If there is any way for the person who cast a vote to be able to identify it as theirs, then there is also a way for someone else to do identify who cast a vote. Which creates the opportunity for corruption. If voters are issued with a receipt for the transaction, which they remove, then a failure mode is introduced where the receipt does not match the ballot. Also, unless receipts are readily falsifiable, an opportunity for corruption is created (imagine a boss allowing workers time off to vote as long as they shew their receipt, showing a vote for the local Tory candidate and the boss's cousin, on returning to the factory). And if receipts are readily falsifiable then they are of questionable value. If there is a separate audit log stored within the machine, there is still the failure mode where the log does not match the ballot.
Much better would be to ensure that procedures are in place such that it is as difficult as possible for the result to be interfered with after a ballot is cast. The easiest and best way of doing this is still pencil-and-paper, one race per ballot, one box per race (with different coloured and/or sized papers, so that a ballot in the wrong box can quickly be identified and moved to the right pile) and manual counting in the polling station, under the scrutiny of representatives of all candidates. Disabled voters should be allowed to bring a carer whom they trust to help them use the same system as everybody else.