Having used a number of the Windows-based personal firewall products, I can say that in the Windows arena I welcome any new product in the persona firewall area. The only software firewall I have been impressed with at all is Wingate, and even that left a lot to be desired in terms of flexibilty of configuration.
Price will be a determining factor in the appeal of this system. My company, for example, has a lot of telecommuters. If the card's network autodiscovery features work well, the default security is reasonable, and the remote admin software works well... then I will be psyched to recommend that all telecommuters who can move to DSL and this card - allowing us to just use the DSL hardware provided by the ISP and, if reasonably priced, a Firecard for each user. Users would thus have very little to do to set up their system, we have problems with this feature of our current Firewall/VPN product, especially on Windows. If Merilus got it right, and we'll test it and find out, then maybe finally the telecommuter problem is solved for IT organizations.
Regarding the issue of rebooting, what is actually the issue is power-cycling, since the card draws power from the system but does not rely on the host OS to be up and running for the firewall and routing functions to operate. Thus, cold reboots are the issue - any form of warm reboot shouldn't effect the firewall. It does not say how long the card takes for it to boot on a power cycle, but I would suspect it's not very long. So, that "problem" is a red herring, unless Merilus is just lying about this...
Also, especially for home users with machines that are likely both lower down on the CPU chain AND overloaded with fat programs like games and M$ Office, etc., the fact that this system does not put a heavy load on or depend upon the OS (and still does encryption for VPN and routing, hence the Crusoe chip) makes it perfect for the telecommuter situation.
So, while the product may seem useless to you, it won't be for everyone. Telecommuters, SOHO, and probably even branch office users could get some milage out of this product if it lives up to its billing...
What Robert says is partially true - the models for clothing are not yet perfect (same with hair, actually, same with many CG issues - you can generally tell CG smoke and water, for example). Modeling clothing and hair requires modeling both a "solid structure" (the body) beneath, and the "soft structure" on top (hair, actually, requires many structures to be modeled - lots of hairs - clothing requires several complex dynamical structures to be modeled). To accurately physically model the clothing dynamics, there are A LOT of variables, and a lot of constraints.
However, computational power IS a concern in terms of getting realistic hair and clothing into games. Pixar uses a VERY large render farm in making their films, and most of the top quality algorithms are optimized not for speed but for, well, quality. The best of what can be done now requires a lot of computational power. Not until a sufficiently realistic algorithm is completed, though, can one start to optimize it for less powerful computers (and, as with any imaging algorithm, sufficient is subjective - beauty is in the eye of the beholder...)
But, while these technical issues are certainly fascinating, fun to work on, and of great utility to the digital film industry - the question that hasn't been asked about gaming is: is that much realism actually necessary? (With necessary in the industry being defined as: does it make the game more fun, and thus more people will buy it?)
My experience in the gaming industry, and VR industry, indicates that the quality of the story, and of the action, outweighs the "realism" of the images. If the industry put more money into the creation of more compelling stories, more engaging games (including less repetition - which becomes harder to do if you need to cache hard-to-render scenes to use them over and over to save CPU time and/or money in up-front rendering basically cell-animation style), and better integration of network interaction into the game plot structure... I think the results would be more fruitful than better and better algorithms for hair and clothing.
I think researching cool rendering algorithms is fun, and should continue, but the gaming industry could also stand to invest some more money into better interaction design and better writers...
The world better be ready, and if it's not, then those of us who are so "enlightened" must endeavour to do what the lobbying group did: correct these treaties and legislation. "Cyberspace" is here, now, and "cybercrime" WILL be legislated. Governments have not only a right, but a responsibility to their citizens, to protect them. The balance in all legislation (at least for governments built upon the Western European tradition of enlightenment democracy) is to balance people's individual freedoms and rights with the "greater good" of protection from crime, coercion, foreign espionage against national interests, etc.
Thus, governments will engage in such activities - that is their right and duty. It is our right, and duty, as the "class" of society which best understands this technology to help inform this process - not just complain about how they "just don't get it"...
It will be up to those of us in the "cyber community," and the lawyers and politicians who are willing to work with us, to speak up and help define the specifics of these laws and treaties - and precedents. Lawyers and politicians alone won't do a good job, but they will try regardless of the attitude we take.
If you want to help, I suggest that you join and/or write (even if you don't support their whole platform, membership gives you greater voice in their activities):
Regarding election technology...
The question becomes, do we prefer expediency over democracy,
or would we rather have an accurate count of votes and thus
uphold the "will" of the voters? The current discussion puts too high of a premium on expediencey and convenience, too much credence into the self-serving claims of both campaigns, and too little on upholding the principle tenets of democracy.
First of all, expediency is the only reason to connect the
polling stations over the Internet. It is not yet the case
that the Internet is mature enough that all things should
be done using it as the communication medium. The security
holes present in current Internet transactions are too
severe to warrant the risk in order to obtain a benefit,
vote count expediency, which is only somewhat important.
(It is important for foreign relations reasons to maintain
our image of strength and cohesion, but that could easily
be resolved if both campaigns simply stated that they are
in full support of accurate vote counting, are preparing
their transitions strategies, and will work with the other
party to maintain national unity since in a close election
it is clear that neither party has a strong mandate to
power - these issues are human issues, machines can not
fix them.)
Leaving the Internet out of it, things become easier.
First off, the interface:
I suggest a system somewhat similar to the one in
Riverside California.
To maintain privacy, voters should still sign in manually
in front of a polling station worker who will check their
signature against the one from their voter registration
card, and perhaps picture ID (though this is not done in
NY city where I vote unless, I suppose, your signature
has changed too much - though I am not certain... not
checking picture ID does mean that poor people who may
not have any use for a driver's license or passport can
vote more easily, but does increase chances of fraud).
Signing in manually leaves a book of signatures against
which the number of votes can be checked to make sure
there are not more or fewer votes in the system than in
the signature book - to help guard against poll workers
giving multiple votes to people.
The voter should then be given a card with a magnetic
stripe. These cards should be pre-"printed" and contain
no information about the voter. Since there is no way
to know the order in which voters will arrive, you can
trust your card is random if they just pull one off the
top of a stack for each voter. On the card should be
a code which releases the electronic voting station for
use by the voter - and nothing else. The code might
contain an encrypted string on information such as the
county, state, and polling center location, but need
also involve a unique integer which is the differentiator
for which vote is being made. The code should also be
printed on the card, so that humans can later read it if
needed. This would be computed using the public keys
of keypairs held by the state and federal election
commissions.
The pre-printed cards would be produced centrally, by
the state election commission.
(As an aside, to avoid "running out of ballots", there
should be enough cards at each polling station for 100%
voter turnout - and since the cards are reusable, unlike
most ballots, the cost over time should become minimal.)
Insertion of this card should cause it to be read, the
voting machine "unlocked" for use, and the card to be
deposited in a strongbox similar to those used in ATM
machines for money deposits. No card may be reused in
a single election, and the polling station workers
should NOT have the keys to the strongbox (only the
canvassing board memebers who verify votes should have
this access).
Once the card is read, a user interface should appear
which lists the candidates in the following manner:
Party Name Candidate 1 Name(s) Photo
Party Name Candidate 2 Name(s) Photo
...
The voter should be able to select a candidate by
touching (using a touch screen) the party name,
candidate name, or photo. A confirmation screen
should then appear saying
"You have selected so-and-so from the such-and-such
party"
With the photo of the candidate(s) below, and
"confirm" and "change my vote" icons to touch.
Confirm commits the vote and moves on to the
choices for the next office up for election, and
"change my vote" should clear the choice and return
to the selections for that office.
This should occur for each election in your district.
At the end of the process, a list should appear as
such:
Your Choices:
------------------------------------------------ ---
Office 1 Party Name Candidate Name(s) Photo
Office 2 Party Name Candidate Name(s) Photo
...
With "confirm" and "change my vote" icons to touch.
Touching "change my vote" will bring up a screen
with the list of offices to touch to change the
vote for that office, and then to bring the voter
back to the "your choices" list after each re-vote.
(An aside on photos, to respond to some cynicism
about this:
Contrary to arrogant belief of cynical intelligentsia,
illiterate people may actually be quite intelligent
otherwise and able to understand the issues involved in
electing a president. Oral communcation can transfer a
lot of information, and many people who can't read can
do a lot of other things. Photos of the candidates at
the polling station are only a benefit, even though
illiteracy to the point of being unable to read even a
name is now rather rare - except among immigrants whose
native languages are not roman alphabet based, and who
may have read about the candidates in their native
language. Finally, if people choose not to vote for a
candidate because they're unattractive - they deserve
the governance they get...)
Touching "confirm" commits all votes. The vote ID
from the card that was inserted is the key into the
DB where the votes are stored. This DB should be
written to more than one disk: either two or more
mirrored servers, or to HD and removable media, or
some combination thereof.
In confirming the votes, public keys corresponding
to private keys held by the state, federal, and
local election commissions should be used to
encrypt a copy of the vote which will be stored
in one or more DBs, one copy for each key, and
one copy superencrypted with all 3 keys.
However, now what should also happen is that, using
a stack of special paper (with a state hologram on
it or whatever one's favorite anti-counterfieting
device is) that is stored inside the ATM-like voting
machine, a "reciept" is printed which contains the
following:
The unique keycode
Human-readable candidate selections
A machine readable (barcode, perhaps) encoding of
this information
Date and Time
One copy of the receipt should go into a lockbox
inside the machine, just like the magnetic stripe
cards. Another could go to the voter, who can
immediately notify the staff if the machine "made
a mistake" and their vote needs to be invalidated
and they must vote again, but this brings up the
possiblity of fraudulent receipts and probably
should not occur. To guard against this, any
action triggered by a voter receipt would have to
start with insertion of the receipt into a reader
which would match the receipt against the ones
stored in the voting machines. This is the most
uncertain aspect of this system, other than the
unavoidable issues of voter coercion, and
unlikely issues like massive conspiracies.
The database of votes could be made public, with
each vote paired with the card number that was
used to make the vote. Privacy is ensured since
no one knows which card number corresponds with
which voter except for each voter knowing their
own number. Any voter could then check his or
her physical receipt against the entry in the
public database online (it would be provided by
copying the DB after the polling stations close,
and moving the drive with the copied info OFF
of the polling LAN to another, online system).
A mismatch would be indication of election
fraud or error. Counterfeit receipts could be
prevented if the encrypted version of the
information printed on the receipt is encrypted
with the 3 public keys corresponding to federal,
state, and local authorities. In this way, a
receipt could only be counterfeited with a
mass-conspiracy involving cooperation of
all three of these entities. Receipts submitted
could then be checked by all 3 entities. The
"public" keys for encrypting vote information
would only be inside the polling machines, and
the private keys only on the secure systems of
the agencies in question.
Now, the first pass of the vote count is quite
simple: count the # votes in the DB for each
candidate. However, there are avenues for
multiple recounts, which is necessary to
maintain a fair system:
count the votes on the backup DB(s)
take the receipts and run them through
a counter based on barcode scanning
manually recount using the information
printed on the receipts
The reporting of results to the central state
agency would occur as follows:
each voting machine would count the
votes in the DB AND confirm against cards and
receipts in its internal lockboxes, so a
triple-verified count is automatic
a report would be printed on special
paper, and encoded on to a magnetic stripe
card, and written to removable media along
with a copy of the original DB - all this
would be sent to the central state voting
office; this would occur on a station set up
just for this process, on the LAN, but also
ATM-like to prevent tampering
All voting machines and tabulators would be
alarmed, with a loud audible alarm, and only
auditors granted access under applicable
state law would have the keys.
For recounts, the state appointed auditors
(presumably under police escort) would go to
the polling stations, open the voting
machines, and retrieve the chambers
containing the cards, the receipts, and all
but one copy of the DB (one copy should
remain on a drive which can not easily be
removed from the machine, the others would
be on HDs in slide-out trays or removable
media disks). Once the auditor unlocked
the door, he or she would insert a special
card into a special reader inside the
machine. The internal computer system of
the polling station would write all it's
state logs to all disks, "print" the auditor
ID on all disks and in an EEPROM, shut-down
to protect the data, seal the slots through
which the cards and receipts drop into their
receptacles, and a light would come on
meaning "ok, take the data now". Only the
auditor's card could restart that station at
this point.
The preferable method of recounting is to
bring the retrieved media to the state
election offices and recount the votes on
a centralized system which performs the DB
counting, and verifies the votes by checking
the count in the DB, receipts, and encrypted
DB - and confirming against the mag cards
in the card cartridges. The state authorities
can also check the magnetic cards against the
entries in the issuance DB to make sure all
the inserted cards were indeed issued by the
state and are thus valid.
Local recounts could be done with a similar
setup locally - but could not check the
cards against the state DB. Of course, a
first recount locally could be just to
re-run the first verification in the
original voting machines, in case a n
on-repeating bug had occurred. A lot of
possible combinations of how to run the
recount exist, but it is best if machines
are used until the last recount to avoid
an extra chance of fraud.
To provide for hand-recounts, it may be that
a change in the process by which the printed
receipts are left in the machines unless
needed for hand-recount locally, is put in
place. This would make the state computers
rely on checking the DB against the encryped
DB, and making sure each key corresponds to
a mag stripe card, meaning only one rather
than two verifications against a physical
object.
To defraud the vote, you would need to do the
following:
change the entry in all copies of the DB
create a new magnetic stripe card with
a corresponding key, which could be difficult if
the keys are generated using a clever enough
algorithm
print a proper receipt
put your receipt and magnetic card into
the lockboxes (or introduce them during a manual
recount)
change the DB which tracks which magnetic
cards have been issued (which could be in a
central, offline, secure location at the state
printing office)
Clearly, trusted workers could defraud any system
with enough cooperation and concerted effort by
people in positions of authority over the process.
But this system is designed to require a lot of
effort to avoid the multiple verifications that
the machines can do before any humans even get
involved in the process. With a federal key for
encrypted votes, even the FEC could check votes.
Tampering with the machines to write votes for
one candidate to another, by altering the
software that controls all these processes, is
the most serious threat to the system. However,
in this way the system is no worse than the
ballot machines used in many states, and indeed
by having the federal and state election
commissions have digitally signed copies of
the system code in their secure storage centers
they can check against such alterations if it
becomes an issue.
Obviously this system leaves room for a lot of
oversight in a recount, including the fact that
the card keys are stored somewhere not accessible
to most people. And, in very extreme cases,
voters could be asked to bring in THEIR
receipts and votes which did not have a pair of
receipts associated with them could be more
carefully scrutinized in terms of attempting to
detect fraud.
Of course, the system has holes, any system does,
but this is a nice compromise between computer
convenience and accuracy, and oversight and
fairness.
Now, why not let people vote from home or work?
A few reasons:
minimal oversight and protection against
coercion by other people in the home or office
the authentication process could be more
easily compromised technologically, even if the
transmission process is relatively secure, since
users are notorious for bad security practices
like writing down passwords, leaving accounts
which host certificats and keys logged in, etc.
no witnesses if there is a problem, and
no reliable way to allow someone to invalidate
an entire vote if accidentially or through some
malicious attack, they confirm the wrong final
selection list
voting is a public activity, and going
out into public, joining a voting queue, and
casting your vote is a symbol of democracy,
plus you get to see other people supporting this
process and feel included
Of course, there is room for coercion at the
polling station, but this system does nothing
to increase or decrease that - and no technical
fix is available for this issue.
Finally...
Why so complicated? Many might think "hey, this
system is at least as complicated as the current
system, shouldn't it be simpler?" It is simpler
for the voter, actually, but more complex in
terms of ways to verify results because the
governmetn should spare no expense in such an
important issue. Democracy is at stake. At some
point, our society must value SOMETHING over
convenience and frugality. This process is not
intended to be trivially simple, it is intended
to be fair, secure, private, and accurate.
I would hope that our basic principles of fair
democracy are more valuable than convenience,
expediency, cost-cutting, and even the "cool
factor" of the Internet.
Of course, since I just came up with this system
today over lunch, with some input from my friend
Mike, it may have some things we overlooked, but
most major problems with previously proposed
systems seem to be addressed in this.
(This was also posted in reply to Friday's article: http://slashdot.org/article.pl?sid=00/11/10/001123 3)
Regarding election technology...
The question becomes, do we prefer expediency over democracy,
or would we rather have an accurate count of votes and thus
uphold the "will" of the voters?
First of all, expediency is the only reason to connect the
polling stations over the Internet. It is not yet the case
that the Internet is mature enough that all things should
be done using it as the communication medium. The security
holes present in current Internet transactions are too
severe to warrant the risk in order to obtain a benefit,
vote count expediency, which is only somewhat important.
(It is important for foreign relations reasons to maintain
our image of strength and cohesion, but that could easily
be resolved if both campaigns simply stated that they are
in full support of accurate vote counting, are preparing
their transitions strategies, and will work with the other
party to maintain national unity since in a close election
it is clear that neither party has a strong mandate to
power - these issues are human issues, machines can not
fix them.)
Leaving the Internet out of it, things become easier.
First off, the interface:
I suggest a system somewhat similar to the one in
Riverside California.
To maintain privacy, voters should still sign in manually
in front of a polling station worker who will check their
signature against the one from their voter registration
card, and perhaps picture ID (though this is not done in
NY city where I vote unless, I suppose, your signature
has changed too much - though I am not certain... not
checking picture ID does mean that poor people who may
not have any use for a driver's license or passport can
vote more easily, but does increase chances of fraud).
Signing in manually leaves a book of signatures against
which the number of votes can be checked to make sure
there are not more or fewer votes in the system than in
the signature book - to help guard against poll workers
giving multiple votes to people.
The voter should then be given a card with a magnetic
stripe. These cards should be pre-"printed" and contain
no information about the voter. Since there is no way
to know the order in which voters will arrive, you can
trust your card is random if they just pull one off the
top of a stack for each voter. On the card should be
a code which releases the electronic voting station for
use by the voter - and nothing else. The code might
contain an encrypted string on information such as the
county, state, and polling center location, but need
also involve a unique integer which is the differentiator
for which vote is being made. The code should also be
printed on the card, so that humans can later read it if
needed. This would be computed using the public keys
of keypairs held by the state and federal election
commissions.
The pre-printed cards would be produced centrally, by
the state election commission.
(As an aside, to avoid "running out of ballots", there
should be enough cards at each polling station for 100%
voter turnout - and since the cards are reusable, unlike
most ballots, the cost over time should become minimal.)
Insertion of this card should cause it to be read, the
voting machine "unlocked" for use, and the card to be
deposited in a strongbox similar to those used in ATM
machines for money deposits. No card may be reused in
a single election, and the polling station workers
should NOT have the keys to the strongbox (only the
canvassing board memebers who verify votes should have
this access).
Once the card is read, a user interface should appear
which lists the candidates in the following manner:
Party Name Candidate 1 Name(s) Photo
Party Name Candidate 2 Name(s) Photo
...
The voter should be able to select a candidate by
touching (using a touch screen) the party name,
candidate name, or photo. A confirmation screen
should then appear saying
"You have selected so-and-so from the such-and-such
party"
With the photo of the candidate(s) below, and
"confirm" and "change my vote" icons to touch.
Confirm commits the vote and moves on to the
choices for the next office up for election, and
"change my vote" should clear the choice and return
to the selections for that office.
This should occur for each election in your district.
At the end of the process, a list should appear as
such:
Your Choices:
------------------------------------------------ ---
Office 1 Party Name Candidate Name(s) Photo
Office 2 Party Name Candidate Name(s) Photo
...
With "confirm" and "change my vote" icons to touch.
Touching "change my vote" will bring up a screen
with the list of offices to touch to change the
vote for that office, and then to bring the voter
back to the "your choices" list after each re-vote.
(An aside on photos, to respond to some cynicism
about this:
Contrary to arrogant belief of cynical intelligentsia,
illiterate people may actually be quite intelligent
otherwise and able to understand the issues involved in
electing a president. Oral communcation can transfer a
lot of information, and many people who can't read can
do a lot of other things. Photos of the candidates at
the polling station are only a benefit, even though
illiteracy to the point of being unable to read even a
name is now rather rare - except among immigrants whose
native languages are not roman alphabet based, and who
may have read about the candidates in their native
language. Finally, if people choose not to vote for a
candidate because they're unattractive - they deserve
the governance they get...)
Touching "confirm" commits all votes. The vote ID
from the card that was inserted is the key into the
DB where the votes are stored. This DB should be
written to more than one disk: either two or more
mirrored servers, or to HD and removable media, or
some combination thereof.
In confirming the votes, public keys corresponding
to private keys held by the state, federal, and
local election commissions should be used to
encrypt a copy of the vote which will be stored
in one or more DBs, one copy for each key, and
one copy superencrypted with all 3 keys.
However, now what should also happen is that, using
a stack of special paper (with a state hologram on
it or whatever one's favorite anti-counterfieting
device is) that is stored inside the ATM-like voting
machine, a "reciept" is printed which contains the
following:
The unique keycode
Human-readable candidate selections
A machine readable (barcode, perhaps) encoding of
this information
Date and Time
One copy of the receipt should go into a lockbox
inside the machine, just like the magnetic stripe
cards. Another could go to the voter, who can
immediately notify the staff if the machine "made
a mistake" and their vote needs to be invalidated
and they must vote again, but this brings up the
possiblity of fraudulent receipts and probably
should not occur. To guard against this, any
action triggered by a voter receipt would have to
start with insertion of the receipt into a reader
which would match the receipt against the ones
stored in the voting machines. This is the most
uncertain aspect of this system, other than the
unavoidable issues of voter coercion, and
unlikely issues like massive conspiracies.
The database of votes could be made public, with
each vote paired with the card number that was
used to make the vote. Privacy is ensured since
no one knows which card number corresponds with
which voter except for each voter knowing their
own number. Any voter could then check his or
her physical receipt against the entry in the
public database online (it would be provided by
copying the DB after the polling stations close,
and moving the drive with the copied info OFF
of the polling LAN to another, online system).
A mismatch would be indication of election
fraud or error. Counterfeit receipts could be
prevented if the encrypted version of the
information printed on the receipt is encrypted
with the 3 public keys corresponding to federal,
state, and local authorities. In this way, a
receipt could only be counterfeited with a
mass-conspiracy involving cooperation of
all three of these entities. Receipts submitted
could then be checked by all 3 entities. The
"public" keys for encrypting vote information
would only be inside the polling machines, and
the private keys only on the secure systems of
the agencies in question.
Now, the first pass of the vote count is quite
simple: count the # votes in the DB for each
candidate. However, there are avenues for
multiple recounts, which is necessary to
maintain a fair system:
count the votes on the backup DB(s)
take the receipts and run them through
a counter based on barcode scanning
manually recount using the information
printed on the receipts
The reporting of results to the central state
agency would occur as follows:
each voting machine would count the
votes in the DB AND confirm against cards and
receipts in its internal lockboxes, so a
triple-verified count is automatic
a report would be printed on special
paper, and encoded on to a magnetic stripe
card, and written to removable media along
with a copy of the original DB - all this
would be sent to the central state voting
office; this would occur on a station set up
just for this process, on the LAN, but also
ATM-like to prevent tampering
All voting machines and tabulators would be
alarmed, with a loud audible alarm, and only
auditors granted access under applicable
state law would have the keys.
For recounts, the state appointed auditors
(presumably under police escort) would go to
the polling stations, open the voting
machines, and retrieve the chambers
containing the cards, the receipts, and all
but one copy of the DB (one copy should
remain on a drive which can not easily be
removed from the machine, the others would
be on HDs in slide-out trays or removable
media disks). Once the auditor unlocked
the door, he or she would insert a special
card into a special reader inside the
machine. The internal computer system of
the polling station would write all it's
state logs to all disks, "print" the auditor
ID on all disks and in an EEPROM, shut-down
to protect the data, seal the slots through
which the cards and receipts drop into their
receptacles, and a light would come on
meaning "ok, take the data now". Only the
auditor's card could restart that station at
this point.
The preferable method of recounting is to
bring the retrieved media to the state
election offices and recount the votes on
a centralized system which performs the DB
counting, and verifies the votes by checking
the count in the DB, receipts, and encrypted
DB - and confirming against the mag cards
in the card cartridges. The state authorities
can also check the magnetic cards against the
entries in the issuance DB to make sure all
the inserted cards were indeed issued by the
state and are thus valid.
Local recounts could be done with a similar
setup locally - but could not check the
cards against the state DB. Of course, a
first recount locally could be just to
re-run the first verification in the
original voting machines, in case a n
on-repeating bug had occurred. A lot of
possible combinations of how to run the
recount exist, but it is best if machines
are used until the last recount to avoid
an extra chance of fraud.
To provide for hand-recounts, it may be that
a change in the process by which the printed
receipts are left in the machines unless
needed for hand-recount locally, is put in
place. This would make the state computers
rely on checking the DB against the encryped
DB, and making sure each key corresponds to
a mag stripe card, meaning only one rather
than two verifications against a physical
object.
To defraud the vote, you would need to do the
following:
change the entry in all copies of the DB
create a new magnetic stripe card with
a corresponding key, which could be difficult if
the keys are generated using a clever enough
algorithm
print a proper receipt
put your receipt and magnetic card into
the lockboxes (or introduce them during a manual
recount)
change the DB which tracks which magnetic
cards have been issued (which could be in a
central, offline, secure location at the state
printing office)
Clearly, trusted workers could defraud any system
with enough cooperation and concerted effort by
people in positions of authority over the process.
But this system is designed to require a lot of
effort to avoid the multiple verifications that
the machines can do before any humans even get
involved in the process. With a federal key for
encrypted votes, even the FEC could check votes.
Tampering with the machines to write votes for
one candidate to another, by altering the
software that controls all these processes, is
the most serious threat to the system. However,
in this way the system is no worse than the
ballot machines used in many states, and indeed
by having the federal and state election
commissions have digitally signed copies of
the system code in their secure storage centers
they can check against such alterations if it
becomes an issue.
Obviously this system leaves room for a lot of
oversight in a recount, including the fact that
the card keys are stored somewhere not accessible
to most people. And, in very extreme cases,
voters could be asked to bring in THEIR
receipts and votes which did not have a pair of
receipts associated with them could be more
carefully scrutinized in terms of attempting to
detect fraud.
Of course, the system has holes, any system does,
but this is a nice compromise between computer
convenience and accuracy, and oversight and
fairness.
Now, why not let people vote from home or work?
A few reasons:
minimal oversight and protection against
coercion by other people in the home or office
the authentication process could be more
easily compromised technologically, even if the
transmission process is relatively secure, since
users are notorious for bad security practices
like writing down passwords, leaving accounts
which host certificats and keys logged in, etc.
no witnesses if there is a problem, and
no reliable way to allow someone to invalidate
an entire vote if accidentially or through some
malicious attack, they confirm the wrong final
selection list
voting is a public activity, and going
out into public, joining a voting queue, and
casting your vote is a symbol of democracy,
plus you get to see other people supporting this
process and feel included
Of course, there is room for coercion at the
polling station, but this system does nothing
to increase or decrease that - and no technical
fix is available for this issue.
Finally...
Why so complicated? Many might think "hey, this
system is at least as complicated as the current
system, shouldn't it be simpler?" It is simpler
for the voter, actually, but more complex in
terms of ways to verify results because the
governmetn should spare no expense in such an
important issue. Democracy is at stake. At some
point, our society must value SOMETHING over
convenience and frugality. This process is not
intended to be trivially simple, it is intended
to be fair, secure, private, and accurate.
I would hope that our basic principles of fair
democracy are more valuable than convenience,
expediency, cost-cutting, and even the "cool
factor" of the Internet.
Of course, since I just came up with this system
today over lunch, with some input from my friend
Mike, it may have some things we overlooked, but
most major problems with previously proposed
systems seem to be addressed in this.
While some people may wish to believe the Chinese government has no plans for e-warfare, it is already happening, and has been for some time, among hackers and their targets. This includes electronic warfare between corporate organizations, and even already among governments (such as the US and Iraq).
Virii, whether intended to be amusing or destructive, can cost companies or countries millions of dollars when they strike networks. This is an obvious form of electronic "munition", and intentional or not, virii have damaged a number of corporations economically. Most companies have recovered from these virus attacks, but it is clear that virii and other threats are still quite a problem.
It's amusing that this story and the China story came so near each other. Maybe it's the Chinese;-P
By the time this gets out of appeals, RedHat will have put Microsoft out of business;-)
Seriously...
It would be nice if Microsoft could have been defeated in the marketplace rather than in the courts. However, that doesn't seem to be happening. What about a counterattack by Microsoft's competitors by actually offering competitive pricing for superior products? What about working with software vendors to make it profitable for them to develop for alternate platforms?
I think Microsoft has competed unfairly in the marketplace, but on the other hand, I also think a lot of their competitors have competed stupidly in the marketplace... the two combined gave M$ a doubly unfair advantage, but it was only half their fault...
I'm all for antitrust action against M$, but that doesn't mean that I don't consider many of their competitors to have done a lousy job of trying to win away their customers...
The company I am IT Director for has spent exactly $0 and 0 hours of time confirming our Y2K compliance, and I'm sure we'll be just fine. Anything that breaks then, we'll fix it, or replace it. We're lucky enough not to have any time-dependent critical systems, unlike, say, a bank...
In terms of Y2K issues, I'm much more concerned with humans than machines. It is much more likely that some stupid religious zealot from some doomsday cult will nerve gas Times Square (the city of NY has been running poison gas assault drills in conjunction with FEMA, from what I've read in the print media) than that mass chaos will erupt due to some computers breaking. When disasters (such as hurricanes here on the east coast of the USA) hit major metro areas and wipe out power systems (and therefore all computer systems in the area) human response teams manage the crisis rather well. I think any Y2K related crashes (say a power grid goes down, or a traffic grid, or whatever) will be handled with similar efficiency by the emergency teams.
What is more difficult to respond to is a situation in which panicky humans are making a bad situation worse, and the Y2K hype essentially guarantees this - and if the problems are human-initiated rather than systemic, this will make the situation even worse. Also, humans are more likely to unleash NBC attacks on population centers than faulty systems, so they're much more likely to cause the real damage.
Don't worry so much about the stupid computers, worry about the stupid humans...
Personally, I plan to be out in the countryside with no emergency rations but far away from potential sites of stupid human antics...
What really will balkanize Linux is software which is made binary incompatible amongst Linux systems. In the BSD and SysV world, as with Linux, there is plenty of software that can be recompiled cross-platform, but it's software that was locked into releasing only on proprietary binary formats that fueled the competition between systems like IRIX, Solaris, HPUX, SCO, and OSF.
People use computers to perform various tasks other than running an OS. If software is not available for an OS, no matter how good the OS is is, it wanes in popularity and possibly dies. If companies only support RedHat with software, then no matter how good Linuxen like SUSE and Debian may be, they're going to eventually decline in favor of RedHat, because people need software to do work.
Also, many people can't handle recompiling software, so if they've got a Linux variant with a nice installer, and they can get commercial software in proprietary binary formats that have nice installers, then they are using a computing paradigm that is familiar to them...
Linuxen that have nice, easy installers and are supported by commercial software with nice, easy installers will be the ones that have the best chance of combating Microsoft... but they'll also fuel the "balkanization" of Linux...
Software vendors that don't commit to releasing cross-linux software are basically just pushing Linux towards the same situation that arose with other OSes... the difference is that it's easier with Linux to make cross-builds, so that a commercial package could be released on RedHat, SUSE, Debian, and perhaps others without as much effort as, say, a cross-build between Solaris and IRIX, and certainly more easily than a Windows and Mac cross-release...
It's up to the users to demand such things, by contacting commercial software vendors and requesting it, letting them know there is money in it for them... they're not going to do it out of the kindness of their hearts, they're in business to make a living, not prevent Linux balkanization...
However, I think most Linux vendors would be willing to support several Linux variants if they knew the customers were there, and the best way for them to find out that is the case is for the customers to let them know directly...
I realize there was a shortage of systems, but Apple has not handled communication with customers very well. I ordered a system over a month ago, and would like to be using it by now, but instead I'm wondering if I'll ever see it, and if so, when. I've got some software I'd like to be developing and testing on the Mac, but if the machine never arrives, we'll sooner drop the Mac version of the product than waste a lot of time trying to figure out what is going on with the Mac order...
Also, since I placed the order on Amex, I have no idea whether they're going to charge me full price from a month ago, or an adjusted price, and the only way I'll find out seems to be when the statement comes in - because Apple has said nothing about it.
This G4 was my first Macintosh since the 8100 series, and it seems that Apple still can't get it together to make me a happy customer - even from the start. I've had more problems with "friendly" Apple than any other vendor I've had to deal with... it's too bad, their hardware is great (their OS is just ok these days), but they just seem to be destined to make stupid mistakes and annoy a lot of customers...
What they need more than anything is a new commitment to actually handling customer (and developer!) relations issues in a sufficient manner... cool hardware and cool TV commercials are not enough...
Yes, Linux would survive, and so would NetBSD, FreeBSD, etc. Solaris is a great OS on SPARC systems, and if it were free it would reduce the cost of SPARC boxes with their best OS a bit (Linux is not the best OS on SPARC), but Solaris on x86 is pretty bad. My friends from Sun agree, and they probably ought to know...
Linux and the free BSD variants have taken pains to specifically to address the quirks of running a UNIX variant on lower-end hardware, and Solaris has not. Solaris is perfect for people running 64bit SPARC architectures, and there's not much guesswork needed as to why...
As at least one person has already pointed out, Solaris uses too much AT&T SysV code to be made completely open source by Sun, but they could give it away to end users for free as a closed source OS without violating their AT&T license. However, the user community would still be dependent upon Sun to support their hardware, and Sun has shown a remarkable lack of interest in making OSes for non-SPARC hardware...
Sather is an interesting language, but the resultant portable C code is, according to the testimonials on the Sather pages themselves, only as fast as the equivalent code written in C++.
Object Orientation is a relatively new paradigm, and work is still being done in making OO code run faster - in general. It is the OO heirarchy that slows down C++ compared to C, it is what helps make Java slower even though the JVM is a relatively efficient interpreter/VM, and it is what "crippled" languages like Smalltalk and Eiffel in the eyes of "real" developers. However, the ease of design and maintainability of OO code has inspired a lot of research into trying to speed up OO languages so they can compete with their functional counterparts.
The advantage of Sather isn't speed (not yet, maybe someday), but, according to the authors, ease of maintainability. This, however, might be a reason to make the choice to use this language. As C++ is fairly broken in some places due to the ad-hoc OO/C integration, it can be very quirky to work with, and it's easy to write bad C++. I'd need to study Sather in detail to say it is actually more elegant and maintainable than C++, but I rarely doubt claims that something is more elegant than C++;-)
Unfortunately, though, to port the Perl source to Sather one would first need to port the Sather compiler to Windows, as Berkely hasn't bothered doing so... and the Perl6 team will obviously need to support Perl on Windows as that's been in the core Perl for a bit of time now...
Creating a formal language base to bootstrap a framework into C through LISP is a great idea... but according to Larry Wall, PERL can not be formally specified in such a manner, and therefore I believe that this tactic would not work in this case, though I have not really studied the possibility in any great detail.
The suggestion of rewriting Perl in Python is a bit silly... why not rewrite Perl in Scheme, TCL or Java... or Perl? Talk about speed not being an advantage... While Python is pretty fast, Java with a good compiler (such as Jikes) and a good JVM (such as Java2 with HotSpot) is faster, at least on our tests on WindowsNT and Linux.
If raw speed at the expense of maintainability (and therefore the possibility of speed lost to bad programming rather than a "bad language") is one's goal, C is still the language to use (or assembler if you're both wed to one chipset and a total maniac). Otherwise, there are a lot of choices, including C++.
I think C++ was chosen because porting from C to C++ isn't that difficult to do (at least to do very badly), and can be done incrementally. I think the efficiency of Perl in C vs C++ will depend entirely on the programmers and how they use the language. As one person already pointed out, if they use C++ for some added maintainability but with an eye towards speed (that is, use the parts that don't slow the program to a crawl), they'll do just fine on the speed front...
My workstation is a Pentium III, but it's only a 450mhz. Still, it crashes pretty much daily. That must be the real reason for BSODs! It's not Microsoft, it's Intel;-)
As for the article... um... where was the content?
Guess what, until Open Source wins, people still have other work to do! Show me open source tools that perform their tasks *as well as or better than* their closed source counterparts and I'll choose the open source tools every time...
Otherwise, if we can't get our jobs done with the tools, open source loses...
Whether or not video and audio are a simulation does indeed get to the fine points of the definition of simulation, however I am unaware of any English word which fits the the phenomena between direct perception (by the mechanisms that are part of a human, your nervous system analogy does not work, the probe is not part of the human) and simulation... maybe translation or the phrase indirect perception.
Incidentally, image and audio manipulation technology have shown empircally that indirectly perceived information can be unreliable. This gets down to the philosophical questions about how we can trust our perceptions, and why humans rely on analogy and logical reasoning to attempt to understand what they perceive with respects to a known baseline we like to call reality.
The interpretation of previously imperceptable actual phenomenon through mechanical / electronic sensors into something humans can perceive always runs the risk of adding or deleting information which may skew the perception of the event. This reality of machine mediated perception must be accounted for by humans when reasoning about such phenomena.
This is a great announcement. Borland's tools are great, and in a cross-platform development house like ours, it'll be great to eventually have people on multiple platforms using at least some of the same tools (if only we could get Solaris versions). People here who are familiar with Windows environments only may be convinced to move over to Linux as more tools *they are already familiar with* get ported to Linux. This is a Good Thing (tm).
If we could move 50% or more of our developers to Linux or Solaris, I'd be very happy. I'd like to see managers like myself be able to make the transition also. Such a transition, though, would require the availability of necessary evil tools such as project management software available on UNIX/Linux (and with the same level of functionality as, say, Microsoft Project and Rational Requisite Pro).
Whether or not these tools are open source is irrelevant to my bosses, who are making business decisions, not community outreach decisions. Our technical department actually does support Open Source software, but we also know that when a job needs to be done, if the best tool is not open source, then get the closed source tool...
What really matters is not the licensing model of the tools, but their availability on the platform. Businesses are used to having to decide whether or not to accept stupid licensing terms, but they like to have the right tools to choose from. Lots of developers use Delphi on Windows, and if they use it on Linux, also, that is good for Linux, whether or not their software is open source.
It would be nice if all software could be open source, but that is not the reality of our current marketplace, and so if Linux wants to continue to expand its user base, this is indeed good news.
Maybe Borland/Inprise will even change some of their licensing to allow free software developers to redistribute Borland runtimes libraries with freely redistributable software, and to allow open source distribution of code generated using their code generation tools. Incidentally, Frameworks generated by, say, C++ builder, should already be open sourcable since a developer will add and modify it enough to create most programs to make the copyright their own - though I haven't looked into the fine print on the Borland/Inprise licenses in the last 5 years...
This sort of thing is the kind of pop-science which drives wedges between members of society. This kind of "thinking" is what reinforces the stereotypes that leads "geeks" to believe that they are some kind of uebermenchen, and everyone else to believe "we" are arrogant technocrats who have little concern for other humans.
Like any priesthood, the technocrats wish to justify their reified position and protect them/us from the "unwashed masses". This kind of psychobabble is being supported by a resurgent popularity in the pseudosciences of eugenics and biometric racism/classism, all in an effort (spoken or unspoken, conscious or unconscious) to justify the disparity in wealth and privledge which has emerged in the supposedly egalitarian, meritocratic, and democratic Western European style socioeconomic systems.
This sort of nonsense is a prelude to the sort of society, envisioned by such astute thinkers as Aldous Huxley, George Orwell, Philip K. Dick, and others in their various speculative fiction works, in which biological justifications are given for various forms of social manipulation, and social justifications are given for various forms of biological manipulation.
Go back and read some historical accounts of early 20th century biological racism (the book _The Legacy of Malthus_ is a good start), in the United States, Europe, and Japan, and see the parallels between these early works and current treatises such as _The Bell Curve_ and articles such as the one mentioned which put forth scientifically unsound theories on why one group or another is biologically predisposed to some superior status.
Shrouding high intelligence in a cloak of psychological mystery by portraying it as a disorder is an old trick (ask any artist), and it helps reinforce the distinction between the "normal" and the "abnormal" which helps keep intelligence in-check when necessary, and also helps keep "normals" resigned to stupid labors because they believe themselves to be biologically inferior.
At the highest levels of power, the tables are turned again on the intelligentsia, and claims are made that one must have "innate leadership ability" and "emotional intelligence" in order to be a true leader, and this is something which the highly intelligent are declared to have a biological predisposition *against*. Thus, the intelligentsia are wedged in-between the "normals" and the "true leaders" as a biological glass ceiling and handy store of scapegoats.
The scientific age has replaced the divine right of kings with a pseudoscientific justification of class heirarchy based on translating biostatistics directly into a blueprint for predicting individual behavior. We can then say that meritocracy exists, and works just fine, but that most of you are too stupid to take advantage of it...
An amplified (or dampened) representation of a physical measurement, presented to a human sensory organ, is a form of simulation...
The virus pushes back on the probe with X=0.0000...Klbs of force, but the human is not actually able to feel X=0.00000...Klbs of force, the human is not the probe, the human is not really "feeling" the virus, the human is being presented a simulated experience based on measurements taken by an instrument.
One of the drawbacks, though, of any tech which adds a new dimension of perceptability to an existing system through artificial means is that humans run the risk of confusing the simulation with the actual object. This is a well-known phenomenon which is studied philosophically and which fluid physicists, telesurgeons, mathematicians, and others who deal often with modeled realities that are becoming increasingly realistic need to take into account in their studies.
By translating the actual physical phenomenon to another scale and/or another dimension, it is required that one always keep in mind that what they are experiencing is an interpretation. For example, a virus doesn't really "push-back" at you with Xlbs of force, that is just a simulation of the effect of your teleoperated manipulator coming into contact with the surface membrane. Similar problems exist in visualization, audization, and other simulation and modeling disciplines.
I hope that scientists will find ways to understand these interpretive obstacles and teach them to their students, so that good science will not be hindered by errors in translation...
This is a useful tool which, if it works, will mean no more making lame hacks around poorly implemented elements of various browsers to create effects which one's clients often want implemented, against the best advise of their Web developer...
Also, such middleware for multiple deployability will allow those who are delivering fat content with thin design to do so very easily by coding the content in XML and then transponding...
Recently I was travelling in California on business and wanted to set up an account with a no-brainer ISP so that I could check my e-mail (and Slashdot;->) easily and without long-distance phone charges. I looked at all the majors with national POPs and they all had great deals for $20/mo +/- a few bucks, and places like Sprint and MCI also had options for ISP/Long Distance packages similar to the Qwest deal.
In most of these cases even the $20+/- mo ISP deals required the use of proprietary software (or customized versions of common software) a'la the Qwest deal in order to be able to sign up. After about 2-3 hours of searching for the right deal, I finally decided on an acceptable deal from MindSpring which was *primarily* based on the fact that they had a client which supported NT (I've got NT on my laptop, as well as Linux) and also happened to publish their networking info so you could hand-configure a client as well.
I was pretty annoyed that all the "great" deals required that you use Windows 95/98. Not only is this a reinforcement of the Microsoft monopoly (are they paying ISPs to do this?), but it requires one to use an OS with no security and poor stability regardless of whether or not you are a user of greater technical sophistication and higher requirements.
Essentially, people who know what they are doing are being require to pay a premium for service that will support them, even if their service needs (simple e-mail and connectivity) happen to match up with the lower level users. Why should I have to pay more for the SAME service just because I want to use Linux, or even NT?
The problem with back-slapping oneself about such developments is that there is always the question "What happens if we miss?" What happens is that millions of people die. Better to not have nuclear weapons launched at you in the first place, therefore tons of money would be better spent on diplomatic and humanitarian missions to further understanding and co-development with the USA and countries who might otherwise be our enemies. But, no, a technocracy calls for quick technological fixes to all problems. Better we think of ways to beat our enemies than actually talk to some other humans and try to reduce the number of enemies we have. However, such diplomacy often is counter to the interests of multinational corporations (and major campaign donors to American politicos), especially the armaments and aerospace industries and their strong allied industries (oil, steel, and other raw materials). Maybe this weapon actually works well... so what? It's much better if there's never any reason to use it! We can sleep a few extra minutes of sound sleep knowing that America may be protected by a fairly reliable ABMS, but I'd sleep even better knowing that there were also a lot of my tax dollars going into making the world a better place for humans instead of just for multinational corporations...
How hard is it to negotiate a decent recording contract? Very hard. Have most artists been screwed by their labels in the past and wish to screw them back, selling direct to the fans and pocketing as much of the proceeds as possible? Yep.
Direct sales of MP3s (if any cheap 'Net wankers would pay for them rather than pirate everything...), images, etc. would make it easier for musicians, artists, etc. to actually make a living at their first-choice profession of making beautiful and/or interesting works for public consumption. It could help the artists break free of a fairly repressive media system which rewards only a few superstars with mega-wealth for their efforts, and lets the rest languish in both obscurity and relative poverty. Very few performers get rich off their talents, direct Internet distribution COULD help more artists earn at least enough money to keep making their work, IF people were willing to pay rather than expect that everything be free.
Many programmers who release their software for free make money off of consulting or supporting the software, or have other programming jobs. There are much fewer similar options for musicians and artists...
However, the Internet public seems to be showing that they're almost as willing to screw the artist as the major media conglomerates... which is too bad.
Gee, well, that's nice for Linus and all, and I'm happy for him. It doesn't entitle him to call himself Dr. Torvalds, but who cares? He's a smart guy, did great work for the open source community, and deserves to be rewarded for it. What this really means to his life and work, though, is probably nothing...
Incidentally, how come other major contributors to UNIX and Linux development (Rob Pike immediately comes to mind, as he only has a B.S. yet is a full research MTS at Bell Labs) haven't been conferred such honors? Why? Publicity. Hype. Lobbying. That's about it.
Linux is a good OS, but it's not the end-all and be-all of UNIXen and UNIX-like variant OSes (sorry, but I pick OSes by their strengths for a particular job, and I will go to NetBSD, Solaris, and Irix as much as Linux... and NT on those rare occasions where it makes sense...), but the one thing it has over all others is good PR (and impeccable (Internet) timing)...
Slashdot Mirror
Having used a number of the Windows-based personal firewall products, I can say that in the Windows arena I welcome any new product in the persona firewall area. The only software firewall I have been impressed with at all is Wingate, and even that left a lot to be desired in terms of flexibilty of configuration.
Price will be a determining factor in the appeal of this system. My company, for example, has a lot of telecommuters. If the card's network autodiscovery features work well, the default security is reasonable, and the remote admin software works well... then I will be psyched to recommend that all telecommuters who can move to DSL and this card - allowing us to just use the DSL hardware provided by the ISP and, if reasonably priced, a Firecard for each user. Users would thus have very little to do to set up their system, we have problems with this feature of our current Firewall/VPN product, especially on Windows. If Merilus got it right, and we'll test it and find out, then maybe finally the telecommuter problem is solved for IT organizations.
Regarding the issue of rebooting, what is actually the issue is power-cycling, since the card draws power from the system but does not rely on the host OS to be up and running for the firewall and routing functions to operate. Thus, cold reboots are the issue - any form of warm reboot shouldn't effect the firewall. It does not say how long the card takes for it to boot on a power cycle, but I would suspect it's not very long. So, that "problem" is a red herring, unless Merilus is just lying about this...
Also, especially for home users with machines that are likely both lower down on the CPU chain AND overloaded with fat programs like games and M$ Office, etc., the fact that this system does not put a heavy load on or depend upon the OS (and still does encryption for VPN and routing, hence the Crusoe chip) makes it perfect for the telecommuter situation.
So, while the product may seem useless to you, it won't be for everyone. Telecommuters, SOHO, and probably even branch office users could get some milage out of this product if it lives up to its billing...
What Robert says is partially true - the models for clothing are not yet perfect (same with hair, actually, same with many CG issues - you can generally tell CG smoke and water, for example). Modeling clothing and hair requires modeling both a "solid structure" (the body) beneath, and the "soft structure" on top (hair, actually, requires many structures to be modeled - lots of hairs - clothing requires several complex dynamical structures to be modeled). To accurately physically model the clothing dynamics, there are A LOT of variables, and a lot of constraints.
However, computational power IS a concern in terms of getting realistic hair and clothing into games. Pixar uses a VERY large render farm in making their films, and most of the top quality algorithms are optimized not for speed but for, well, quality. The best of what can be done now requires a lot of computational power. Not until a sufficiently realistic algorithm is completed, though, can one start to optimize it for less powerful computers (and, as with any imaging algorithm, sufficient is subjective - beauty is in the eye of the beholder...)
But, while these technical issues are certainly fascinating, fun to work on, and of great utility to the digital film industry - the question that hasn't been asked about gaming is: is that much realism actually necessary? (With necessary in the industry being defined as: does it make the game more fun, and thus more people will buy it?)
My experience in the gaming industry, and VR industry, indicates that the quality of the story, and of the action, outweighs the "realism" of the images. If the industry put more money into the creation of more compelling stories, more engaging games (including less repetition - which becomes harder to do if you need to cache hard-to-render scenes to use them over and over to save CPU time and/or money in up-front rendering basically cell-animation style), and better integration of network interaction into the game plot structure... I think the results would be more fruitful than better and better algorithms for hair and clothing.
I think researching cool rendering algorithms is fun, and should continue, but the gaming industry could also stand to invest some more money into better interaction design and better writers...
The world better be ready, and if it's not, then those of us who are so "enlightened" must endeavour to do what the lobbying group did: correct these treaties and legislation. "Cyberspace" is here, now, and "cybercrime" WILL be legislated. Governments have not only a right, but a responsibility to their citizens, to protect them. The balance in all legislation (at least for governments built upon the Western European tradition of enlightenment democracy) is to balance people's individual freedoms and rights with the "greater good" of protection from crime, coercion, foreign espionage against national interests, etc.
:-)
Thus, governments will engage in such activities - that is their right and duty. It is our right, and duty, as the "class" of society which best understands this technology to help inform this process - not just complain about how they "just don't get it"...
It will be up to those of us in the "cyber community," and the lawyers and politicians who are willing to work with us, to speak up and help define the specifics of these laws and treaties - and precedents. Lawyers and politicians alone won't do a good job, but they will try regardless of the attitude we take.
If you want to help, I suggest that you join and/or write (even if you don't support their whole platform, membership gives you greater voice in their activities):
http://www.aclu.org
http://www.eff.org
http://www.cpsr.org
http://www.cyber-rights.org/
And support efforts like:
http://petition.eurolinux.org/
http://zgp.org/~dmarti/dmca/
And keep yourself informed so you can contribute to the discussion...
http://www.cyberlawcentre.org.uk/
http://cyber.law.harvard.edu/
http://cyber.lp.findlaw.com/
(Please post more in all 3 areas if you know of them...)
And, of course, keep posting about these issues to Slashdot
Regarding election technology...
- ---
3 3)
The question becomes, do we prefer expediency over democracy,
or would we rather have an accurate count of votes and thus
uphold the "will" of the voters? The current discussion puts too high of a premium on expediencey and convenience, too much credence into the self-serving claims of both campaigns, and too little on upholding the principle tenets of democracy.
First of all, expediency is the only reason to connect the
polling stations over the Internet. It is not yet the case
that the Internet is mature enough that all things should
be done using it as the communication medium. The security
holes present in current Internet transactions are too
severe to warrant the risk in order to obtain a benefit,
vote count expediency, which is only somewhat important.
(It is important for foreign relations reasons to maintain
our image of strength and cohesion, but that could easily
be resolved if both campaigns simply stated that they are
in full support of accurate vote counting, are preparing
their transitions strategies, and will work with the other
party to maintain national unity since in a close election
it is clear that neither party has a strong mandate to
power - these issues are human issues, machines can not
fix them.)
Leaving the Internet out of it, things become easier.
First off, the interface:
I suggest a system somewhat similar to the one in
Riverside California.
To maintain privacy, voters should still sign in manually
in front of a polling station worker who will check their
signature against the one from their voter registration
card, and perhaps picture ID (though this is not done in
NY city where I vote unless, I suppose, your signature
has changed too much - though I am not certain... not
checking picture ID does mean that poor people who may
not have any use for a driver's license or passport can
vote more easily, but does increase chances of fraud).
Signing in manually leaves a book of signatures against
which the number of votes can be checked to make sure
there are not more or fewer votes in the system than in
the signature book - to help guard against poll workers
giving multiple votes to people.
The voter should then be given a card with a magnetic
stripe. These cards should be pre-"printed" and contain
no information about the voter. Since there is no way
to know the order in which voters will arrive, you can
trust your card is random if they just pull one off the
top of a stack for each voter. On the card should be
a code which releases the electronic voting station for
use by the voter - and nothing else. The code might
contain an encrypted string on information such as the
county, state, and polling center location, but need
also involve a unique integer which is the differentiator
for which vote is being made. The code should also be
printed on the card, so that humans can later read it if
needed. This would be computed using the public keys
of keypairs held by the state and federal election
commissions.
The pre-printed cards would be produced centrally, by
the state election commission.
(As an aside, to avoid "running out of ballots", there
should be enough cards at each polling station for 100%
voter turnout - and since the cards are reusable, unlike
most ballots, the cost over time should become minimal.)
Insertion of this card should cause it to be read, the
voting machine "unlocked" for use, and the card to be
deposited in a strongbox similar to those used in ATM
machines for money deposits. No card may be reused in
a single election, and the polling station workers
should NOT have the keys to the strongbox (only the
canvassing board memebers who verify votes should have
this access).
Once the card is read, a user interface should appear
which lists the candidates in the following manner:
Party Name Candidate 1 Name(s) Photo
Party Name Candidate 2 Name(s) Photo
...
The voter should be able to select a candidate by
touching (using a touch screen) the party name,
candidate name, or photo. A confirmation screen
should then appear saying
"You have selected so-and-so from the such-and-such
party"
With the photo of the candidate(s) below, and
"confirm" and "change my vote" icons to touch.
Confirm commits the vote and moves on to the
choices for the next office up for election, and
"change my vote" should clear the choice and return
to the selections for that office.
This should occur for each election in your district.
At the end of the process, a list should appear as
such:
Your Choices:
-----------------------------------------------
Office 1 Party Name Candidate Name(s) Photo
Office 2 Party Name Candidate Name(s) Photo
...
With "confirm" and "change my vote" icons to touch.
Touching "change my vote" will bring up a screen
with the list of offices to touch to change the
vote for that office, and then to bring the voter
back to the "your choices" list after each re-vote.
(An aside on photos, to respond to some cynicism
about this:
Contrary to arrogant belief of cynical intelligentsia,
illiterate people may actually be quite intelligent
otherwise and able to understand the issues involved in
electing a president. Oral communcation can transfer a
lot of information, and many people who can't read can
do a lot of other things. Photos of the candidates at
the polling station are only a benefit, even though
illiteracy to the point of being unable to read even a
name is now rather rare - except among immigrants whose
native languages are not roman alphabet based, and who
may have read about the candidates in their native
language. Finally, if people choose not to vote for a
candidate because they're unattractive - they deserve
the governance they get...)
Touching "confirm" commits all votes. The vote ID
from the card that was inserted is the key into the
DB where the votes are stored. This DB should be
written to more than one disk: either two or more
mirrored servers, or to HD and removable media, or
some combination thereof.
In confirming the votes, public keys corresponding
to private keys held by the state, federal, and
local election commissions should be used to
encrypt a copy of the vote which will be stored
in one or more DBs, one copy for each key, and
one copy superencrypted with all 3 keys.
However, now what should also happen is that, using
a stack of special paper (with a state hologram on
it or whatever one's favorite anti-counterfieting
device is) that is stored inside the ATM-like voting
machine, a "reciept" is printed which contains the
following:
The unique keycode
Human-readable candidate selections
A machine readable (barcode, perhaps) encoding of
this information
Date and Time
One copy of the receipt should go into a lockbox
inside the machine, just like the magnetic stripe
cards. Another could go to the voter, who can
immediately notify the staff if the machine "made
a mistake" and their vote needs to be invalidated
and they must vote again, but this brings up the
possiblity of fraudulent receipts and probably
should not occur. To guard against this, any
action triggered by a voter receipt would have to
start with insertion of the receipt into a reader
which would match the receipt against the ones
stored in the voting machines. This is the most
uncertain aspect of this system, other than the
unavoidable issues of voter coercion, and
unlikely issues like massive conspiracies.
The database of votes could be made public, with
each vote paired with the card number that was
used to make the vote. Privacy is ensured since
no one knows which card number corresponds with
which voter except for each voter knowing their
own number. Any voter could then check his or
her physical receipt against the entry in the
public database online (it would be provided by
copying the DB after the polling stations close,
and moving the drive with the copied info OFF
of the polling LAN to another, online system).
A mismatch would be indication of election
fraud or error. Counterfeit receipts could be
prevented if the encrypted version of the
information printed on the receipt is encrypted
with the 3 public keys corresponding to federal,
state, and local authorities. In this way, a
receipt could only be counterfeited with a
mass-conspiracy involving cooperation of
all three of these entities. Receipts submitted
could then be checked by all 3 entities. The
"public" keys for encrypting vote information
would only be inside the polling machines, and
the private keys only on the secure systems of
the agencies in question.
Now, the first pass of the vote count is quite
simple: count the # votes in the DB for each
candidate. However, there are avenues for
multiple recounts, which is necessary to
maintain a fair system:
count the votes on the backup DB(s)
take the receipts and run them through
a counter based on barcode scanning
manually recount using the information
printed on the receipts
The reporting of results to the central state
agency would occur as follows:
each voting machine would count the
votes in the DB AND confirm against cards and
receipts in its internal lockboxes, so a
triple-verified count is automatic
a report would be printed on special
paper, and encoded on to a magnetic stripe
card, and written to removable media along
with a copy of the original DB - all this
would be sent to the central state voting
office; this would occur on a station set up
just for this process, on the LAN, but also
ATM-like to prevent tampering
All voting machines and tabulators would be
alarmed, with a loud audible alarm, and only
auditors granted access under applicable
state law would have the keys.
For recounts, the state appointed auditors
(presumably under police escort) would go to
the polling stations, open the voting
machines, and retrieve the chambers
containing the cards, the receipts, and all
but one copy of the DB (one copy should
remain on a drive which can not easily be
removed from the machine, the others would
be on HDs in slide-out trays or removable
media disks). Once the auditor unlocked
the door, he or she would insert a special
card into a special reader inside the
machine. The internal computer system of
the polling station would write all it's
state logs to all disks, "print" the auditor
ID on all disks and in an EEPROM, shut-down
to protect the data, seal the slots through
which the cards and receipts drop into their
receptacles, and a light would come on
meaning "ok, take the data now". Only the
auditor's card could restart that station at
this point.
The preferable method of recounting is to
bring the retrieved media to the state
election offices and recount the votes on
a centralized system which performs the DB
counting, and verifies the votes by checking
the count in the DB, receipts, and encrypted
DB - and confirming against the mag cards
in the card cartridges. The state authorities
can also check the magnetic cards against the
entries in the issuance DB to make sure all
the inserted cards were indeed issued by the
state and are thus valid.
Local recounts could be done with a similar
setup locally - but could not check the
cards against the state DB. Of course, a
first recount locally could be just to
re-run the first verification in the
original voting machines, in case a n
on-repeating bug had occurred. A lot of
possible combinations of how to run the
recount exist, but it is best if machines
are used until the last recount to avoid
an extra chance of fraud.
To provide for hand-recounts, it may be that
a change in the process by which the printed
receipts are left in the machines unless
needed for hand-recount locally, is put in
place. This would make the state computers
rely on checking the DB against the encryped
DB, and making sure each key corresponds to
a mag stripe card, meaning only one rather
than two verifications against a physical
object.
To defraud the vote, you would need to do the
following:
change the entry in all copies of the DB
create a new magnetic stripe card with
a corresponding key, which could be difficult if
the keys are generated using a clever enough
algorithm
print a proper receipt
put your receipt and magnetic card into
the lockboxes (or introduce them during a manual
recount)
change the DB which tracks which magnetic
cards have been issued (which could be in a
central, offline, secure location at the state
printing office)
Clearly, trusted workers could defraud any system
with enough cooperation and concerted effort by
people in positions of authority over the process.
But this system is designed to require a lot of
effort to avoid the multiple verifications that
the machines can do before any humans even get
involved in the process. With a federal key for
encrypted votes, even the FEC could check votes.
Tampering with the machines to write votes for
one candidate to another, by altering the
software that controls all these processes, is
the most serious threat to the system. However,
in this way the system is no worse than the
ballot machines used in many states, and indeed
by having the federal and state election
commissions have digitally signed copies of
the system code in their secure storage centers
they can check against such alterations if it
becomes an issue.
Obviously this system leaves room for a lot of
oversight in a recount, including the fact that
the card keys are stored somewhere not accessible
to most people. And, in very extreme cases,
voters could be asked to bring in THEIR
receipts and votes which did not have a pair of
receipts associated with them could be more
carefully scrutinized in terms of attempting to
detect fraud.
Of course, the system has holes, any system does,
but this is a nice compromise between computer
convenience and accuracy, and oversight and
fairness.
Now, why not let people vote from home or work?
A few reasons:
minimal oversight and protection against
coercion by other people in the home or office
the authentication process could be more
easily compromised technologically, even if the
transmission process is relatively secure, since
users are notorious for bad security practices
like writing down passwords, leaving accounts
which host certificats and keys logged in, etc.
no witnesses if there is a problem, and
no reliable way to allow someone to invalidate
an entire vote if accidentially or through some
malicious attack, they confirm the wrong final
selection list
voting is a public activity, and going
out into public, joining a voting queue, and
casting your vote is a symbol of democracy,
plus you get to see other people supporting this
process and feel included
Of course, there is room for coercion at the
polling station, but this system does nothing
to increase or decrease that - and no technical
fix is available for this issue.
Finally...
Why so complicated? Many might think "hey, this
system is at least as complicated as the current
system, shouldn't it be simpler?" It is simpler
for the voter, actually, but more complex in
terms of ways to verify results because the
governmetn should spare no expense in such an
important issue. Democracy is at stake. At some
point, our society must value SOMETHING over
convenience and frugality. This process is not
intended to be trivially simple, it is intended
to be fair, secure, private, and accurate.
I would hope that our basic principles of fair
democracy are more valuable than convenience,
expediency, cost-cutting, and even the "cool
factor" of the Internet.
Of course, since I just came up with this system
today over lunch, with some input from my friend
Mike, it may have some things we overlooked, but
most major problems with previously proposed
systems seem to be addressed in this.
(This was also posted in reply to Friday's article: http://slashdot.org/article.pl?sid=00/11/10/00112
Regarding election technology...
- ---
The question becomes, do we prefer expediency over democracy,
or would we rather have an accurate count of votes and thus
uphold the "will" of the voters?
First of all, expediency is the only reason to connect the
polling stations over the Internet. It is not yet the case
that the Internet is mature enough that all things should
be done using it as the communication medium. The security
holes present in current Internet transactions are too
severe to warrant the risk in order to obtain a benefit,
vote count expediency, which is only somewhat important.
(It is important for foreign relations reasons to maintain
our image of strength and cohesion, but that could easily
be resolved if both campaigns simply stated that they are
in full support of accurate vote counting, are preparing
their transitions strategies, and will work with the other
party to maintain national unity since in a close election
it is clear that neither party has a strong mandate to
power - these issues are human issues, machines can not
fix them.)
Leaving the Internet out of it, things become easier.
First off, the interface:
I suggest a system somewhat similar to the one in
Riverside California.
To maintain privacy, voters should still sign in manually
in front of a polling station worker who will check their
signature against the one from their voter registration
card, and perhaps picture ID (though this is not done in
NY city where I vote unless, I suppose, your signature
has changed too much - though I am not certain... not
checking picture ID does mean that poor people who may
not have any use for a driver's license or passport can
vote more easily, but does increase chances of fraud).
Signing in manually leaves a book of signatures against
which the number of votes can be checked to make sure
there are not more or fewer votes in the system than in
the signature book - to help guard against poll workers
giving multiple votes to people.
The voter should then be given a card with a magnetic
stripe. These cards should be pre-"printed" and contain
no information about the voter. Since there is no way
to know the order in which voters will arrive, you can
trust your card is random if they just pull one off the
top of a stack for each voter. On the card should be
a code which releases the electronic voting station for
use by the voter - and nothing else. The code might
contain an encrypted string on information such as the
county, state, and polling center location, but need
also involve a unique integer which is the differentiator
for which vote is being made. The code should also be
printed on the card, so that humans can later read it if
needed. This would be computed using the public keys
of keypairs held by the state and federal election
commissions.
The pre-printed cards would be produced centrally, by
the state election commission.
(As an aside, to avoid "running out of ballots", there
should be enough cards at each polling station for 100%
voter turnout - and since the cards are reusable, unlike
most ballots, the cost over time should become minimal.)
Insertion of this card should cause it to be read, the
voting machine "unlocked" for use, and the card to be
deposited in a strongbox similar to those used in ATM
machines for money deposits. No card may be reused in
a single election, and the polling station workers
should NOT have the keys to the strongbox (only the
canvassing board memebers who verify votes should have
this access).
Once the card is read, a user interface should appear
which lists the candidates in the following manner:
Party Name Candidate 1 Name(s) Photo
Party Name Candidate 2 Name(s) Photo
...
The voter should be able to select a candidate by
touching (using a touch screen) the party name,
candidate name, or photo. A confirmation screen
should then appear saying
"You have selected so-and-so from the such-and-such
party"
With the photo of the candidate(s) below, and
"confirm" and "change my vote" icons to touch.
Confirm commits the vote and moves on to the
choices for the next office up for election, and
"change my vote" should clear the choice and return
to the selections for that office.
This should occur for each election in your district.
At the end of the process, a list should appear as
such:
Your Choices:
-----------------------------------------------
Office 1 Party Name Candidate Name(s) Photo
Office 2 Party Name Candidate Name(s) Photo
...
With "confirm" and "change my vote" icons to touch.
Touching "change my vote" will bring up a screen
with the list of offices to touch to change the
vote for that office, and then to bring the voter
back to the "your choices" list after each re-vote.
(An aside on photos, to respond to some cynicism
about this:
Contrary to arrogant belief of cynical intelligentsia,
illiterate people may actually be quite intelligent
otherwise and able to understand the issues involved in
electing a president. Oral communcation can transfer a
lot of information, and many people who can't read can
do a lot of other things. Photos of the candidates at
the polling station are only a benefit, even though
illiteracy to the point of being unable to read even a
name is now rather rare - except among immigrants whose
native languages are not roman alphabet based, and who
may have read about the candidates in their native
language. Finally, if people choose not to vote for a
candidate because they're unattractive - they deserve
the governance they get...)
Touching "confirm" commits all votes. The vote ID
from the card that was inserted is the key into the
DB where the votes are stored. This DB should be
written to more than one disk: either two or more
mirrored servers, or to HD and removable media, or
some combination thereof.
In confirming the votes, public keys corresponding
to private keys held by the state, federal, and
local election commissions should be used to
encrypt a copy of the vote which will be stored
in one or more DBs, one copy for each key, and
one copy superencrypted with all 3 keys.
However, now what should also happen is that, using
a stack of special paper (with a state hologram on
it or whatever one's favorite anti-counterfieting
device is) that is stored inside the ATM-like voting
machine, a "reciept" is printed which contains the
following:
The unique keycode
Human-readable candidate selections
A machine readable (barcode, perhaps) encoding of
this information
Date and Time
One copy of the receipt should go into a lockbox
inside the machine, just like the magnetic stripe
cards. Another could go to the voter, who can
immediately notify the staff if the machine "made
a mistake" and their vote needs to be invalidated
and they must vote again, but this brings up the
possiblity of fraudulent receipts and probably
should not occur. To guard against this, any
action triggered by a voter receipt would have to
start with insertion of the receipt into a reader
which would match the receipt against the ones
stored in the voting machines. This is the most
uncertain aspect of this system, other than the
unavoidable issues of voter coercion, and
unlikely issues like massive conspiracies.
The database of votes could be made public, with
each vote paired with the card number that was
used to make the vote. Privacy is ensured since
no one knows which card number corresponds with
which voter except for each voter knowing their
own number. Any voter could then check his or
her physical receipt against the entry in the
public database online (it would be provided by
copying the DB after the polling stations close,
and moving the drive with the copied info OFF
of the polling LAN to another, online system).
A mismatch would be indication of election
fraud or error. Counterfeit receipts could be
prevented if the encrypted version of the
information printed on the receipt is encrypted
with the 3 public keys corresponding to federal,
state, and local authorities. In this way, a
receipt could only be counterfeited with a
mass-conspiracy involving cooperation of
all three of these entities. Receipts submitted
could then be checked by all 3 entities. The
"public" keys for encrypting vote information
would only be inside the polling machines, and
the private keys only on the secure systems of
the agencies in question.
Now, the first pass of the vote count is quite
simple: count the # votes in the DB for each
candidate. However, there are avenues for
multiple recounts, which is necessary to
maintain a fair system:
count the votes on the backup DB(s)
take the receipts and run them through
a counter based on barcode scanning
manually recount using the information
printed on the receipts
The reporting of results to the central state
agency would occur as follows:
each voting machine would count the
votes in the DB AND confirm against cards and
receipts in its internal lockboxes, so a
triple-verified count is automatic
a report would be printed on special
paper, and encoded on to a magnetic stripe
card, and written to removable media along
with a copy of the original DB - all this
would be sent to the central state voting
office; this would occur on a station set up
just for this process, on the LAN, but also
ATM-like to prevent tampering
All voting machines and tabulators would be
alarmed, with a loud audible alarm, and only
auditors granted access under applicable
state law would have the keys.
For recounts, the state appointed auditors
(presumably under police escort) would go to
the polling stations, open the voting
machines, and retrieve the chambers
containing the cards, the receipts, and all
but one copy of the DB (one copy should
remain on a drive which can not easily be
removed from the machine, the others would
be on HDs in slide-out trays or removable
media disks). Once the auditor unlocked
the door, he or she would insert a special
card into a special reader inside the
machine. The internal computer system of
the polling station would write all it's
state logs to all disks, "print" the auditor
ID on all disks and in an EEPROM, shut-down
to protect the data, seal the slots through
which the cards and receipts drop into their
receptacles, and a light would come on
meaning "ok, take the data now". Only the
auditor's card could restart that station at
this point.
The preferable method of recounting is to
bring the retrieved media to the state
election offices and recount the votes on
a centralized system which performs the DB
counting, and verifies the votes by checking
the count in the DB, receipts, and encrypted
DB - and confirming against the mag cards
in the card cartridges. The state authorities
can also check the magnetic cards against the
entries in the issuance DB to make sure all
the inserted cards were indeed issued by the
state and are thus valid.
Local recounts could be done with a similar
setup locally - but could not check the
cards against the state DB. Of course, a
first recount locally could be just to
re-run the first verification in the
original voting machines, in case a n
on-repeating bug had occurred. A lot of
possible combinations of how to run the
recount exist, but it is best if machines
are used until the last recount to avoid
an extra chance of fraud.
To provide for hand-recounts, it may be that
a change in the process by which the printed
receipts are left in the machines unless
needed for hand-recount locally, is put in
place. This would make the state computers
rely on checking the DB against the encryped
DB, and making sure each key corresponds to
a mag stripe card, meaning only one rather
than two verifications against a physical
object.
To defraud the vote, you would need to do the
following:
change the entry in all copies of the DB
create a new magnetic stripe card with
a corresponding key, which could be difficult if
the keys are generated using a clever enough
algorithm
print a proper receipt
put your receipt and magnetic card into
the lockboxes (or introduce them during a manual
recount)
change the DB which tracks which magnetic
cards have been issued (which could be in a
central, offline, secure location at the state
printing office)
Clearly, trusted workers could defraud any system
with enough cooperation and concerted effort by
people in positions of authority over the process.
But this system is designed to require a lot of
effort to avoid the multiple verifications that
the machines can do before any humans even get
involved in the process. With a federal key for
encrypted votes, even the FEC could check votes.
Tampering with the machines to write votes for
one candidate to another, by altering the
software that controls all these processes, is
the most serious threat to the system. However,
in this way the system is no worse than the
ballot machines used in many states, and indeed
by having the federal and state election
commissions have digitally signed copies of
the system code in their secure storage centers
they can check against such alterations if it
becomes an issue.
Obviously this system leaves room for a lot of
oversight in a recount, including the fact that
the card keys are stored somewhere not accessible
to most people. And, in very extreme cases,
voters could be asked to bring in THEIR
receipts and votes which did not have a pair of
receipts associated with them could be more
carefully scrutinized in terms of attempting to
detect fraud.
Of course, the system has holes, any system does,
but this is a nice compromise between computer
convenience and accuracy, and oversight and
fairness.
Now, why not let people vote from home or work?
A few reasons:
minimal oversight and protection against
coercion by other people in the home or office
the authentication process could be more
easily compromised technologically, even if the
transmission process is relatively secure, since
users are notorious for bad security practices
like writing down passwords, leaving accounts
which host certificats and keys logged in, etc.
no witnesses if there is a problem, and
no reliable way to allow someone to invalidate
an entire vote if accidentially or through some
malicious attack, they confirm the wrong final
selection list
voting is a public activity, and going
out into public, joining a voting queue, and
casting your vote is a symbol of democracy,
plus you get to see other people supporting this
process and feel included
Of course, there is room for coercion at the
polling station, but this system does nothing
to increase or decrease that - and no technical
fix is available for this issue.
Finally...
Why so complicated? Many might think "hey, this
system is at least as complicated as the current
system, shouldn't it be simpler?" It is simpler
for the voter, actually, but more complex in
terms of ways to verify results because the
governmetn should spare no expense in such an
important issue. Democracy is at stake. At some
point, our society must value SOMETHING over
convenience and frugality. This process is not
intended to be trivially simple, it is intended
to be fair, secure, private, and accurate.
I would hope that our basic principles of fair
democracy are more valuable than convenience,
expediency, cost-cutting, and even the "cool
factor" of the Internet.
Of course, since I just came up with this system
today over lunch, with some input from my friend
Mike, it may have some things we overlooked, but
most major problems with previously proposed
systems seem to be addressed in this.
Knowing how to use a computer makes someone a Software Executive? Wow! I guess I'm one, too...
It also goes to show what is required to me a Microsoft executive... I can just see the advertisements now:
"Executives wanted, must know how to make charts, PowerPoint presentations, and Microsoft Word documents - sending blank e-mails a plus"
I wish our execs sent more blank e-mails, the ones they do send always contain work...
While some people may wish to believe the Chinese government has no plans for e-warfare, it is already happening, and has been for some time, among hackers and their targets. This includes electronic warfare between corporate organizations, and even already among governments (such as the US and Iraq).
;-P
Virii, whether intended to be amusing or destructive, can cost companies or countries millions of dollars when they strike networks. This is an obvious form of electronic "munition", and intentional or not, virii have damaged a number of corporations economically. Most companies have recovered from these virus attacks, but it is clear that virii and other threats are still quite a problem.
It's amusing that this story and the China story came so near each other. Maybe it's the Chinese
By the time this gets out of appeals, RedHat will have put Microsoft out of business ;-)
Seriously...
It would be nice if Microsoft could have been defeated in the marketplace rather than in the courts. However, that doesn't seem to be happening. What about a counterattack by Microsoft's competitors by actually offering competitive pricing for superior products? What about working with software vendors to make it profitable for them to develop for alternate platforms?
I think Microsoft has competed unfairly in the marketplace, but on the other hand, I also think a lot of their competitors have competed stupidly in the marketplace... the two combined gave M$ a doubly unfair advantage, but it was only half their fault...
I'm all for antitrust action against M$, but that doesn't mean that I don't consider many of their competitors to have done a lousy job of trying to win away their customers...
The company I am IT Director for has spent exactly $0 and 0 hours of time confirming our Y2K compliance, and I'm sure we'll be just fine. Anything that breaks then, we'll fix it, or replace it. We're lucky enough not to have any time-dependent critical systems, unlike, say, a bank...
In terms of Y2K issues, I'm much more concerned with humans than machines. It is much more likely that some stupid religious zealot from some doomsday cult will nerve gas Times Square (the city of NY has been running poison gas assault drills in conjunction with FEMA, from what I've read in the print media) than that mass chaos will erupt due to some computers breaking. When disasters (such as hurricanes here on the east coast of the USA) hit major metro areas and wipe out power systems (and therefore all computer systems in the area) human response teams manage the crisis rather well. I think any Y2K related crashes (say a power grid goes down, or a traffic grid, or whatever) will be handled with similar efficiency by the emergency teams.
What is more difficult to respond to is a situation in which panicky humans are making a bad situation worse, and the Y2K hype essentially guarantees this - and if the problems are human-initiated rather than systemic, this will make the situation even worse. Also, humans are more likely to unleash NBC attacks on population centers than faulty systems, so they're much more likely to cause the real damage.
Don't worry so much about the stupid computers, worry about the stupid humans...
Personally, I plan to be out in the countryside with no emergency rations but far away from potential sites of stupid human antics...
What really will balkanize Linux is software which is made binary incompatible amongst Linux systems. In the BSD and SysV world, as with Linux, there is plenty of software that can be recompiled cross-platform, but it's software that was locked into releasing only on proprietary binary formats that fueled the competition between systems like IRIX, Solaris, HPUX, SCO, and OSF.
People use computers to perform various tasks other than running an OS. If software is not available for an OS, no matter how good the OS is is, it wanes in popularity and possibly dies. If companies only support RedHat with software, then no matter how good Linuxen like SUSE and Debian may be, they're going to eventually decline in favor of RedHat, because people need software to do work.
Also, many people can't handle recompiling software, so if they've got a Linux variant with a nice installer, and they can get commercial software in proprietary binary formats that have nice installers, then they are using a computing paradigm that is familiar to them...
Linuxen that have nice, easy installers and are supported by commercial software with nice, easy installers will be the ones that have the best chance of combating Microsoft... but they'll also fuel the "balkanization" of Linux...
Software vendors that don't commit to releasing cross-linux software are basically just pushing Linux towards the same situation that arose with other OSes... the difference is that it's easier with Linux to make cross-builds, so that a commercial package could be released on RedHat, SUSE, Debian, and perhaps others without as much effort as, say, a cross-build between Solaris and IRIX, and certainly more easily than a Windows and Mac cross-release...
It's up to the users to demand such things, by contacting commercial software vendors and requesting it, letting them know there is money in it for them... they're not going to do it out of the kindness of their hearts, they're in business to make a living, not prevent Linux balkanization...
However, I think most Linux vendors would be willing to support several Linux variants if they knew the customers were there, and the best way for them to find out that is the case is for the customers to let them know directly...
I realize there was a shortage of systems, but Apple has not handled communication with customers very well. I ordered a system over a month ago, and would like to be using it by now, but instead I'm wondering if I'll ever see it, and if so, when. I've got some software I'd like to be developing and testing on the Mac, but if the machine never arrives, we'll sooner drop the Mac version of the product than waste a lot of time trying to figure out what is going on with the Mac order...
Also, since I placed the order on Amex, I have no idea whether they're going to charge me full price from a month ago, or an adjusted price, and the only way I'll find out seems to be when the statement comes in - because Apple has said nothing about it.
This G4 was my first Macintosh since the 8100 series, and it seems that Apple still can't get it together to make me a happy customer - even from the start. I've had more problems with "friendly" Apple than any other vendor I've had to deal with... it's too bad, their hardware is great (their OS is just ok these days), but they just seem to be destined to make stupid mistakes and annoy a lot of customers...
What they need more than anything is a new commitment to actually handling customer (and developer!) relations issues in a sufficient manner... cool hardware and cool TV commercials are not enough...
Yes, Linux would survive, and so would NetBSD, FreeBSD, etc. Solaris is a great OS on SPARC systems, and if it were free it would reduce the cost of SPARC boxes with their best OS a bit (Linux is not the best OS on SPARC), but Solaris on x86 is pretty bad. My friends from Sun agree, and they probably ought to know...
Linux and the free BSD variants have taken pains to specifically to address the quirks of running a UNIX variant on lower-end hardware, and Solaris has not. Solaris is perfect for people running 64bit SPARC architectures, and there's not much guesswork needed as to why...
As at least one person has already pointed out, Solaris uses too much AT&T SysV code to be made completely open source by Sun, but they could give it away to end users for free as a closed source OS without violating their AT&T license. However, the user community would still be dependent upon Sun to support their hardware, and Sun has shown a remarkable lack of interest in making OSes for non-SPARC hardware...
Sather is an interesting language, but the resultant portable C code is, according to the testimonials on the Sather pages themselves, only as fast as the equivalent code written in C++.
;-)
Object Orientation is a relatively new paradigm, and work is still being done in making OO code run faster - in general. It is the OO heirarchy that slows down C++ compared to C, it is what helps make Java slower even though the JVM is a relatively efficient interpreter/VM, and it is what "crippled" languages like Smalltalk and Eiffel in the eyes of "real" developers. However, the ease of design and maintainability of OO code has inspired a lot of research into trying to speed up OO languages so they can compete with their functional counterparts.
The advantage of Sather isn't speed (not yet, maybe someday), but, according to the authors, ease of maintainability. This, however, might be a reason to make the choice to use this language. As C++ is fairly broken in some places due to the ad-hoc OO/C integration, it can be very quirky to work with, and it's easy to write bad C++. I'd need to study Sather in detail to say it is actually more elegant and maintainable than C++, but I rarely doubt claims that something is more elegant than C++
Unfortunately, though, to port the Perl source to Sather one would first need to port the Sather compiler to Windows, as Berkely hasn't bothered doing so... and the Perl6 team will obviously need to support Perl on Windows as that's been in the core Perl for a bit of time now...
Creating a formal language base to bootstrap a framework into C through LISP is a great idea... but according to Larry Wall, PERL can not be formally specified in such a manner, and therefore I believe that this tactic would not work in this case, though I have not really studied the possibility in any great detail.
The suggestion of rewriting Perl in Python is a bit silly... why not rewrite Perl in Scheme, TCL or Java... or Perl? Talk about speed not being an advantage... While Python is pretty fast, Java with a good compiler (such as Jikes) and a good JVM (such as Java2 with HotSpot) is faster, at least on our tests on WindowsNT and Linux.
If raw speed at the expense of maintainability (and therefore the possibility of speed lost to bad programming rather than a "bad language") is one's goal, C is still the language to use (or assembler if you're both wed to one chipset and a total maniac). Otherwise, there are a lot of choices, including C++.
I think C++ was chosen because porting from C to C++ isn't that difficult to do (at least to do very badly), and can be done incrementally. I think the efficiency of Perl in C vs C++ will depend entirely on the programmers and how they use the language. As one person already pointed out, if they use C++ for some added maintainability but with an eye towards speed (that is, use the parts that don't slow the program to a crawl), they'll do just fine on the speed front...
My workstation is a Pentium III, but it's only a 450mhz. Still, it crashes pretty much daily. That must be the real reason for BSODs! It's not Microsoft, it's Intel ;-)
As for the article... um... where was the content?
Guess what, until Open Source wins, people still have other work to do! Show me open source tools that perform their tasks *as well as or better than* their closed source counterparts and I'll choose the open source tools every time...
Otherwise, if we can't get our jobs done with the tools, open source loses...
Whether or not video and audio are a simulation does indeed get to the fine points of the definition of simulation, however I am unaware of any English word which fits the the phenomena between direct perception (by the mechanisms that are part of a human, your nervous system analogy does not work, the probe is not part of the human) and simulation... maybe translation or the phrase indirect perception.
Incidentally, image and audio manipulation technology have shown empircally that indirectly perceived information can be unreliable. This gets down to the philosophical questions about how we can trust our perceptions, and why humans rely on analogy and logical reasoning to attempt to understand what they perceive with respects to a known baseline we like to call reality.
The interpretation of previously imperceptable actual phenomenon through mechanical / electronic sensors into something humans can perceive always runs the risk of adding or deleting information which may skew the perception of the event. This reality of machine mediated perception must be accounted for by humans when reasoning about such phenomena.
This is a great announcement. Borland's tools are great, and in a cross-platform development house like ours, it'll be great to eventually have people on multiple platforms using at least some of the same tools (if only we could get Solaris versions). People here who are familiar with Windows environments only may be convinced to move over to Linux as more tools *they are already familiar with* get ported to Linux. This is a Good Thing (tm).
If we could move 50% or more of our developers to Linux or Solaris, I'd be very happy. I'd like to see managers like myself be able to make the transition also. Such a transition, though, would require the availability of necessary evil tools such as project management software available on UNIX/Linux (and with the same level of functionality as, say, Microsoft Project and Rational Requisite Pro).
Whether or not these tools are open source is irrelevant to my bosses, who are making business decisions, not community outreach decisions. Our technical department actually does support Open Source software, but we also know that when a job needs to be done, if the best tool is not open source, then get the closed source tool...
What really matters is not the licensing model of the tools, but their availability on the platform. Businesses are used to having to decide whether or not to accept stupid licensing terms, but they like to have the right tools to choose from. Lots of developers use Delphi on Windows, and if they use it on Linux, also, that is good for Linux, whether or not their software is open source.
It would be nice if all software could be open source, but that is not the reality of our current marketplace, and so if Linux wants to continue to expand its user base, this is indeed good news.
Maybe Borland/Inprise will even change some of their licensing to allow free software developers to redistribute Borland runtimes libraries with freely redistributable software, and to allow open source distribution of code generated using their code generation tools. Incidentally, Frameworks generated by, say, C++ builder, should already be open sourcable since a developer will add and modify it enough to create most programs to make the copyright their own - though I haven't looked into the fine print on the Borland/Inprise licenses in the last 5 years...
This sort of thing is the kind of pop-science which drives wedges between members of society. This kind of "thinking" is what reinforces the stereotypes that leads "geeks" to believe that they are some kind of uebermenchen, and everyone else to believe "we" are arrogant technocrats who have little concern for other humans.
Like any priesthood, the technocrats wish to justify their reified position and protect them/us from the "unwashed masses". This kind of
psychobabble is being supported by a resurgent popularity in the pseudosciences of eugenics and biometric racism/classism, all in an effort (spoken or unspoken, conscious or unconscious) to justify the disparity in wealth and privledge which has emerged in the supposedly egalitarian, meritocratic, and democratic Western European style socioeconomic systems.
This sort of nonsense is a prelude to the sort of society, envisioned by such astute thinkers as Aldous Huxley, George Orwell, Philip K. Dick, and others in their various speculative fiction works, in which biological justifications are given for various forms of social manipulation, and social justifications are given for various forms of biological manipulation.
Go back and read some historical accounts of early 20th century biological racism (the book _The Legacy of Malthus_ is a good start), in the United States, Europe, and Japan, and see the parallels between these early works and current treatises such as _The Bell Curve_ and articles such as the one mentioned which put forth scientifically unsound theories on why one group or another is biologically predisposed to some superior status.
Shrouding high intelligence in a cloak of psychological mystery by portraying it as a disorder is an old trick (ask any artist), and it helps reinforce the distinction between the "normal" and the "abnormal" which helps keep intelligence in-check when necessary, and also helps keep "normals" resigned to stupid labors because they believe themselves to be biologically inferior.
At the highest levels of power, the tables are turned again on the intelligentsia, and claims are made that one must have "innate leadership ability" and "emotional intelligence" in order to be a true leader, and this is something which the highly intelligent are declared to have a biological predisposition *against*. Thus, the intelligentsia are wedged in-between the "normals" and the "true leaders" as a biological glass ceiling and handy store of scapegoats.
The scientific age has replaced the divine right of kings with a pseudoscientific justification of class heirarchy based on translating biostatistics directly into a blueprint for predicting individual behavior. We can then say that meritocracy exists, and works just fine, but that most of you are too stupid to take advantage of it...
How convenient...
An amplified (or dampened) representation of a physical measurement, presented to a human sensory organ, is a form of simulation...
The virus pushes back on the probe with X=0.0000...Klbs of force, but the human is not actually able to feel X=0.00000...Klbs of force,
the human is not the probe, the human is not really "feeling" the virus, the human is being presented a simulated experience based on measurements taken by an instrument.
Very good work they're doing...
One of the drawbacks, though, of any tech which adds a new dimension of perceptability to an existing system through artificial means is that humans run the risk of confusing the simulation with the actual object. This is a well-known phenomenon which is studied philosophically and which fluid physicists, telesurgeons, mathematicians, and others who deal often with modeled realities that are becoming increasingly realistic need to take into account in their studies.
By translating the actual physical phenomenon to another scale and/or another dimension, it is required that one always keep in mind that what they are experiencing is an interpretation. For example, a virus doesn't really "push-back" at you with Xlbs of force, that is just a simulation of the effect of your teleoperated manipulator coming into contact with the surface membrane. Similar problems exist in visualization, audization, and other simulation and modeling disciplines.
I hope that scientists will find ways to understand these interpretive obstacles and teach them to their students, so that good science will not be hindered by errors in translation...
This is a useful tool which, if it works, will mean no more making lame hacks around poorly implemented elements of various browsers to create effects which one's clients often want implemented, against the best advise of their Web developer...
Also, such middleware for multiple deployability will allow those who are delivering fat content with thin design to do so very easily by coding the content in XML and then transponding...
Nothing earth-shattering here, but useful...
Recently I was travelling in California on business and wanted to set up an account with a no-brainer ISP so that I could check my e-mail (and Slashdot ;->) easily and without long-distance phone charges. I looked at all the majors with national POPs and they all had great deals for $20/mo +/- a few bucks, and places like Sprint and MCI also had options for ISP/Long Distance packages similar to the Qwest deal.
In most of these cases even the $20+/- mo ISP deals required the use of proprietary software (or customized versions of common software) a'la the Qwest deal in order to be able to sign up. After about 2-3 hours of searching for the right deal, I finally decided on an acceptable deal from MindSpring which was *primarily* based on the fact that they had a client which supported NT (I've got NT on my laptop, as well as Linux) and also happened to publish their networking info so you could hand-configure a client as well.
I was pretty annoyed that all the "great" deals required that you use Windows 95/98. Not only is this a reinforcement of the Microsoft monopoly (are they paying ISPs to do this?), but it requires one to use an OS with no security and poor stability regardless of whether or not you are a user of greater technical sophistication and higher requirements.
Essentially, people who know what they are doing are being require to pay a premium for service that will support them, even if their service needs (simple e-mail and connectivity) happen to match up with the lower level users. Why should I have to pay more for the SAME service just because I want to use Linux, or even NT?
The problem with back-slapping oneself about such developments is that there is always the question "What happens if we miss?"
What happens is that millions of people die. Better to not have nuclear weapons launched at you in the first place, therefore tons of money would be better spent on diplomatic and humanitarian missions to further understanding and co-development with the USA and countries who might otherwise be our enemies. But, no, a technocracy calls for quick technological fixes to all problems. Better we think of ways to beat our enemies than actually talk to some other humans and try to reduce the number of enemies we have. However, such diplomacy often is counter to the interests of multinational corporations (and major campaign donors to American politicos), especially the armaments and aerospace industries and their strong allied industries (oil, steel, and other raw materials).
Maybe this weapon actually works well... so what? It's much better if there's never any reason to use it! We can sleep a few extra minutes of sound sleep knowing that America may be protected by a fairly reliable ABMS, but I'd sleep even better knowing that there were also a lot of my tax dollars going into making the world a better place for humans instead of just for multinational corporations...
How hard is it to negotiate a decent recording contract? Very hard. Have most artists been screwed by their labels in the past and wish to screw them back, selling direct to the fans and pocketing as much of the proceeds as possible? Yep.
Direct sales of MP3s (if any cheap 'Net wankers would pay for them rather than pirate everything...), images, etc. would make it easier for musicians, artists, etc. to actually make a living at their first-choice profession of making beautiful and/or interesting works for public consumption. It could help the artists break free of a fairly repressive media system which rewards only a few superstars with mega-wealth for their efforts, and lets the rest languish in both obscurity and relative poverty. Very few performers get rich off their talents, direct Internet distribution COULD help more artists earn at least enough money to keep making their work, IF people were willing to pay rather than expect that everything be free.
Many programmers who release their software for free make money off of consulting or supporting the software, or have other programming jobs. There are much fewer similar options for musicians and artists...
However, the Internet public seems to be showing that they're almost as willing to screw the artist as the major media conglomerates... which is too bad.
Gee, well, that's nice for Linus and all, and I'm happy for him. It doesn't entitle him to call himself Dr. Torvalds, but who cares? He's a smart guy, did great work for the open source community, and deserves to be rewarded for it. What this really means to his life and work, though, is probably nothing...
Incidentally, how come other major contributors to UNIX and Linux development (Rob Pike immediately comes to mind, as he only has a B.S. yet is a full research MTS at Bell Labs) haven't been conferred such honors? Why? Publicity. Hype. Lobbying. That's about it.
Linux is a good OS, but it's not the end-all and be-all of UNIXen and UNIX-like variant OSes (sorry, but I pick OSes by their strengths for a particular job, and I will go to NetBSD, Solaris, and Irix as much as Linux... and NT on those rare occasions where it makes sense...), but the one thing it has over all others is good PR (and impeccable (Internet) timing)...