It not that laughable.
Wireless + NT 4 + unpassworded Access file + no audit trail + CEO who promises "To deliver Ohio to Bush in 2004"
When you take that LAST one into consideration, the first 4 don't seem so accidential and stupid anymore.
I mean what the Hell, when, during a bid for providing voting machines for an election, one of the companies basically says "Choose us and we will give you the 2004 election!" it should set of some pretty damn big warning alarms!
Diebold said "Choose us and we will make sure you win." Arguing about "Oh, Access r teh sux" and "It should be Open Source!" shouldn't matter when compared to that.
Diebold promised Ohio to Bush if only Bush gave them money. That should be the END of the story. All Diebold machines should be destroyed and replaced, and the Diebold executives should be thrown in jail for conspiracy to commit election fraud.
The memos and software show that their machines can be cracked and the votes altered, without any record.
The memos show that they KNOW, but don't want to fix it. Selling the government faulty equiptment is illegal in many states. These memos show they KNOW they are faulty, so they have NO ignorance-of-fact defense.
Finally, the fact that they are saying they will deliver votes to Bush if they win the bid demonstrates intent to abuse these security holes. There is no defense against that promise: If a judge said to the plantiff "Hey Joe, I'm going to find in your favour" the case would be thrown out as a mistrial. No amount of "I was only kidding" or "You misunderstood" on behalf of the judge would prevent that.
All voting machines are certified. But what these memos reveal is that the actual machines were NOT running the same version of the software that was certified. Being open source wouldn't fix that.
While not open to the general public, the voting machines have their source audited by the government. What these leaked memos reveal, among other things, is that the machines are NOT running the same software as was submited.
Some hacker demonstrated that if you fill out an optical scan card correctly, you can overflow the machine. He did it, and when it scanned, the votes went from 0-0 to 0-10,000 from ONE vote. A judge ruled such evidence "inadmisible"
These voting machines DO have an audit trail. It is something Diebold brags about quite a bit. But the thing is, yes, any changes you make to the votes WILL show up in the audit file. But you can change the audit file too.
Shaw Canada e-mailed me saying I was over their 5 GB/month bandwidth limit and I needed to cut down or they would cut me off.
I replied that my signed contract said nothing about a cap, and that their advertisments made a big deal about "unlimited" access. It said I can't cause harm to other users, but downloading a lot isn't really harming other users.
They said that the NEW contract limits me to "reasonable" bandwidth usage.
I said that unilaterally changing a contract without notice is illegal, and I doubted that any fine print that allowed that would hold up in court.
They left me alone. Now @Home has gone bankrupt, and Shaw bought their broadband stuff back. I havn't been using any less bandwidth, and they havn't said anything.
Mind you, this is all download bandwidth. They care a lot more about upstream bandwidth, since cable has less of it to go around. But I don't use much of that;)
If you dumped sugar into your gastank because somebody who said he worked for Ford told you it would make it run better, you are an idiot. I have no idea how to fix a car engine, but I know not to put sugar in the gas tank.
Users shouldn't have to know how a computer works, and all about their configuration settings, and so on. But they SHOULD know not to run an arbitrary program sent to them by e-mail.
Also, it has nothing to do with how secure an OS is. A trojan horse like this would work on any OS. A more secure OS may prevent some of the harsher things it COULD do, but it doesn't prevent an infection. The only thing that WOULD stop it is a firewall, which would prevent it from accessing the internet without permission, or Trusted Computing, where the trojan would not be allowed to run, because it is not signed. And the first one could be gotten around by telling the user that the "patch" needs access to the internet to download all of the needed files, so please say "allow" to any firewall messages they get.
Hehe, you are assuming it actually looks at the pictures. My guess, it searches the metadata, where you must manually enter "Joe is in this. There are Mountains in the background";)
I can think of a very good reason to connect an office suite with a PIM. You can tie meetings and e-mails (Sent and received) into different projects, and tie in all of the files (Spreadsheets, reports, memos, presentations, etc.) as well. Of course, Office doesn't DO this, but it WOULD be a good reason for it;)
Bah, when they do bust kiddy porn rings, pedophile rings, child sex slave rings, nobody gets in trouble. Because there are too many big names on their client list. There was a big bust in Denmark, I believe. Guy had two girls, 10 and 12, starving to death in his basement, who had been repeatedly sexually abused. There were the remains of several other children in his back yard. And he had a big list of names, including a lot of politicians and judges and police officers and foreign officials. Of course, this list of names proves nothing, so it was disgarded. And the guy got a year. Soon as he was out, girls started disappearing again. There was a big protest, most of the country walked off the job. But in the end, what can you do? Armed revolution?
Yes indeed. A good example of its use in the past is the "Enabling Act" that gave Hitler his power. The full name was (Translated, obviously) "Law in order to remedy the misery of the people and the Reich."
Who would vote against THAT? Clearly only people who wanted Germany and its people to suffer.
Yes. Their main business is making vaults and other storage devices. They also make ATMs and Voting Machines that are networked and run Windows. From some of the stuff that was leaked, as reported in the story you linked, they don't password or encrypt their stuff, and when made aware of exploits, blame the user. The software that was leaked makes it clear that you can easily hack into their system and change votes without a trace, and their internal memos show they KNOW IT.
I admit this sounds like a conspiracy theory "Oh look, voting machines run windows NT 4.0 and any 13 year old script kiddy can hack them and change votes, and they can't be audited!" But, Diebold didn't ignore it, or say "This is false, they are trying to discredit us by leaking false e-mails and software!" they said "We own the copyright on that software and on those e-mails. Take them down or we will sue you for copyright infringment." No matter how far fetched it SOUNDS, they FULLY ADMIT that it is all true.
Just like having voting machines running windows and on a wireless network is a bad idea? And storing the votes in an unpassworded, unencrypted Access database is a bad idea? And storing the audit log, which is meant to make attempts to modify the vote database obvious, in another unpassworded, unencrypted Access database is a bad idea?
Still, I suppose that money is a lot more important than democracy, so they probably would be careful.
Hehe, Lawyer World, from Sliders.
"I'll just have some fries, please."
"Sure thing sir, I'll just need some ID and a notarized note from your doctor indicating a healthy cholesterol level"
People say "I don't care if it is free, they sell my information to advertisers and the NSA and the Aliens!" Who says you have to give them valid information?
It's great fun to see what restrictions they put on your date of birth. Can I be born yesterday? How about tomorrow? Can I be born in the 1600's? I believe New York Times will not let you enter a birth day any earlier than 1800. My NTY user is a 182 year old Female Iraqi Nuclear Weapons Engineer.
No, just copying a CD. I don't think it allows you to download music. There is an argument that if you burn it immediatly, and delete it from the HD, then it is OK, but I'm not sure it that is a sound argument. This will change if they start charging piracy taxes on ISP's, however. THEN, P2P would be entierly legal, because you are already paying for it.
Designed isn't a requirement. Read it closely, it says "Designed or has the capibility..."
Gasoline has the capibility of killing somebody. Drink it, or bathe in it and light a match.
Actually, almost everything is a chemical weapon of mass destruction. Sword fish: Could stab you in the eye, and it contains mercury, which is a toxic chemical. A bullet can kill if you get shot, and lead is a toxic chemical. A rechargable battery: If heated, they can explode and cause serious injury. They contain cadmium, which is a toxic heavy metal with no known chelator for treatment. A computer! If you drop one on somebody, it could kill them, and the chips and boards contain toxic chemicals!
Bring laptop with wireless card near master voting machine.
Crack master voting machine (It runs NT 4)
Use Microsoft Access to open the results table and enter whatever you want.
Use Microsoft Access to open the audit log and erase the record of you changing the results table
Or, if you are Diebold, you can skip steps 1 and 2 because you have direct access to the machines already. If you are an Election official, you can skip step 2 because you already know the password.
Slashdot Mirror
I knew somebody who worked at a telemarketing firm. At each pay period, if they were under 20 sales, they were fired.
3.14? I always knew pi had something to do with weight gain, but I though that was only if you ate it.
It not that laughable.
Wireless + NT 4 + unpassworded Access file + no audit trail + CEO who promises "To deliver Ohio to Bush in 2004"
When you take that LAST one into consideration, the first 4 don't seem so accidential and stupid anymore.
I mean what the Hell, when, during a bid for providing voting machines for an election, one of the companies basically says "Choose us and we will give you the 2004 election!" it should set of some pretty damn big warning alarms!
Diebold said "Choose us and we will make sure you win." Arguing about "Oh, Access r teh sux" and "It should be Open Source!" shouldn't matter when compared to that.
Diebold promised Ohio to Bush if only Bush gave them money. That should be the END of the story. All Diebold machines should be destroyed and replaced, and the Diebold executives should be thrown in jail for conspiracy to commit election fraud.
The memos and software show that their machines can be cracked and the votes altered, without any record.
The memos show that they KNOW, but don't want to fix it. Selling the government faulty equiptment is illegal in many states. These memos show they KNOW they are faulty, so they have NO ignorance-of-fact defense.
Finally, the fact that they are saying they will deliver votes to Bush if they win the bid demonstrates intent to abuse these security holes. There is no defense against that promise: If a judge said to the plantiff "Hey Joe, I'm going to find in your favour" the case would be thrown out as a mistrial. No amount of "I was only kidding" or "You misunderstood" on behalf of the judge would prevent that.
All voting machines are certified. But what these memos reveal is that the actual machines were NOT running the same version of the software that was certified. Being open source wouldn't fix that.
While not open to the general public, the voting machines have their source audited by the government. What these leaked memos reveal, among other things, is that the machines are NOT running the same software as was submited.
Some hacker demonstrated that if you fill out an optical scan card correctly, you can overflow the machine. He did it, and when it scanned, the votes went from 0-0 to 0-10,000 from ONE vote. A judge ruled such evidence "inadmisible"
These voting machines DO have an audit trail. It is something Diebold brags about quite a bit. But the thing is, yes, any changes you make to the votes WILL show up in the audit file. But you can change the audit file too.
Shaw Canada e-mailed me saying I was over their 5 GB/month bandwidth limit and I needed to cut down or they would cut me off.
I replied that my signed contract said nothing about a cap, and that their advertisments made a big deal about "unlimited" access. It said I can't cause harm to other users, but downloading a lot isn't really harming other users.
They said that the NEW contract limits me to "reasonable" bandwidth usage.
I said that unilaterally changing a contract without notice is illegal, and I doubted that any fine print that allowed that would hold up in court.
They left me alone. Now @Home has gone bankrupt, and Shaw bought their broadband stuff back. I havn't been using any less bandwidth, and they havn't said anything.
Mind you, this is all download bandwidth. They care a lot more about upstream bandwidth, since cable has less of it to go around. But I don't use much of that ;)
If you dumped sugar into your gastank because somebody who said he worked for Ford told you it would make it run better, you are an idiot. I have no idea how to fix a car engine, but I know not to put sugar in the gas tank.
Users shouldn't have to know how a computer works, and all about their configuration settings, and so on. But they SHOULD know not to run an arbitrary program sent to them by e-mail.
Also, it has nothing to do with how secure an OS is. A trojan horse like this would work on any OS. A more secure OS may prevent some of the harsher things it COULD do, but it doesn't prevent an infection. The only thing that WOULD stop it is a firewall, which would prevent it from accessing the internet without permission, or Trusted Computing, where the trojan would not be allowed to run, because it is not signed. And the first one could be gotten around by telling the user that the "patch" needs access to the internet to download all of the needed files, so please say "allow" to any firewall messages they get.
Hehe, you are assuming it actually looks at the pictures. My guess, it searches the metadata, where you must manually enter "Joe is in this. There are Mountains in the background" ;)
I can think of a very good reason to connect an office suite with a PIM. You can tie meetings and e-mails (Sent and received) into different projects, and tie in all of the files (Spreadsheets, reports, memos, presentations, etc.) as well. Of course, Office doesn't DO this, but it WOULD be a good reason for it ;)
Bah, when they do bust kiddy porn rings, pedophile rings, child sex slave rings, nobody gets in trouble. Because there are too many big names on their client list. There was a big bust in Denmark, I believe. Guy had two girls, 10 and 12, starving to death in his basement, who had been repeatedly sexually abused. There were the remains of several other children in his back yard. And he had a big list of names, including a lot of politicians and judges and police officers and foreign officials. Of course, this list of names proves nothing, so it was disgarded. And the guy got a year. Soon as he was out, girls started disappearing again. There was a big protest, most of the country walked off the job. But in the end, what can you do? Armed revolution?
Yes indeed. A good example of its use in the past is the "Enabling Act" that gave Hitler his power. The full name was (Translated, obviously) "Law in order to remedy the misery of the people and the Reich."
Who would vote against THAT? Clearly only people who wanted Germany and its people to suffer.
Three was only available in Japan, so they skip a number.
Yes. Their main business is making vaults and other storage devices. They also make ATMs and Voting Machines that are networked and run Windows. From some of the stuff that was leaked, as reported in the story you linked, they don't password or encrypt their stuff, and when made aware of exploits, blame the user. The software that was leaked makes it clear that you can easily hack into their system and change votes without a trace, and their internal memos show they KNOW IT.
I admit this sounds like a conspiracy theory "Oh look, voting machines run windows NT 4.0 and any 13 year old script kiddy can hack them and change votes, and they can't be audited!" But, Diebold didn't ignore it, or say "This is false, they are trying to discredit us by leaking false e-mails and software!" they said "We own the copyright on that software and on those e-mails. Take them down or we will sue you for copyright infringment." No matter how far fetched it SOUNDS, they FULLY ADMIT that it is all true.
Just like having voting machines running windows and on a wireless network is a bad idea? And storing the votes in an unpassworded, unencrypted Access database is a bad idea? And storing the audit log, which is meant to make attempts to modify the vote database obvious, in another unpassworded, unencrypted Access database is a bad idea?
Still, I suppose that money is a lot more important than democracy, so they probably would be careful.
Hehe, Lawyer World, from Sliders.
"I'll just have some fries, please."
"Sure thing sir, I'll just need some ID and a notarized note from your doctor indicating a healthy cholesterol level"
Scientists have built PLENTY that work. But they do not produce more energy than it takes to maintain the reaction. This one does not, either.
It is 19.60 at the moment. Every time they make an announcment, it leaps by at least 5%. Sometimes up to 20%.
People say "I don't care if it is free, they sell my information to advertisers and the NSA and the Aliens!" Who says you have to give them valid information?
It's great fun to see what restrictions they put on your date of birth. Can I be born yesterday? How about tomorrow? Can I be born in the 1600's? I believe New York Times will not let you enter a birth day any earlier than 1800.
My NTY user is a 182 year old Female Iraqi Nuclear Weapons Engineer.
No, just copying a CD. I don't think it allows you to download music. There is an argument that if you burn it immediatly, and delete it from the HD, then it is OK, but I'm not sure it that is a sound argument. This will change if they start charging piracy taxes on ISP's, however. THEN, P2P would be entierly legal, because you are already paying for it.
Designed isn't a requirement. Read it closely, it says "Designed or has the capibility..." Gasoline has the capibility of killing somebody. Drink it, or bathe in it and light a match.
Actually, almost everything is a chemical weapon of mass destruction. Sword fish: Could stab you in the eye, and it contains mercury, which is a toxic chemical. A bullet can kill if you get shot, and lead is a toxic chemical. A rechargable battery: If heated, they can explode and cause serious injury. They contain cadmium, which is a toxic heavy metal with no known chelator for treatment. A computer! If you drop one on somebody, it could kill them, and the chips and boards contain toxic chemicals!
Or, if you are Diebold, you can skip steps 1 and 2 because you have direct access to the machines already. If you are an Election official, you can skip step 2 because you already know the password.
Bears are omnivores
</nitpick>