Lately? The Canadian govt is always trying to catch up the the US govt's bad habits. Tis always been true, and is true regardless of which political party is winning on either side of the border.
There are practical problems with the scheme. But note that they don't need to keep track of which key goes with who, because they can calculate the hash for every possible vote for each key, and just check how many matches there are. No need to know which key to use on which hash.
A good way to do it might be to individually seal the copies of secret keys that go to voters, before randomly distributing them. You could even have the randomization done by an organization that's independent of the organization that generated the keys. Of course, unless their randomization is done within the plain sight of voters, it would have to be taken on some level of trust that it was done randomly. If it requires being done within the plain sight of voters, well might as well do paper voting anyway. Still though, if you could trust they were being randomly distributed, it could be fine.
Strong cryptographic hashes couldn't realistically be reversed, and believe it or not, rather advanced ones can be done on paper. Many strong cryptographic hashes can be done on not-hugely-daunting amounts of paper, provided the input data to the hash is not too huge, and it's not like it's a large file being hashed. So long as a proper cryptographic hash is in use, it *cannot* be reversed without doing a blind search of all possible inputs to the hash. Make the number of bits of inputs large and random enough (i.e. good "secret keys" of say... 256 bits or so), and that cannot be done within the lifetime of civilization. So... no... attackers reversing hashes is not feasible if the system is done right. Doing it right does make what voters would have to do on paper a little tedious, but manageable.
And that last part? That's what the public record aspect prevents. Even if there was a MITM-ish attack, the user can verify via other computers/connections at other times, whether their hash got inserted into the public record correctly. Ideally, this public record would be highly distributed. It seems highly unlikely a MITM could prevent a user who cares from finding out their vote was in the public record in the long run.
In any case, none of this matters, because even though cryptographic hashes and public records could hypothetically solve many issues and make a technically robust system, they don't solve the "talking about the guy with the gun pointing at his head telling him how to vote" type issue.
Actually... voting is much simpler than bank transactions in that the number of choices is small, and because of that, there *is* a way. It could even be made so that votes are 100% verifiable! Well, so long as the government can securely get information to the citizen via non-electronic means anyway.
What you do, is have the government send all citizens a "secret key" via non-electronic means, and keep a paper record of which "secret key" corresponds to which citizens. Also, when the "secret key" is sent to citizens, include instructions on how the citizen can do a hash of their vote and the secret key, on PAPER!
The citizen then anonymously submits their hash, to a public record. Because it's a hash, their ballot is still secret except to the organization that has kept paper records of the "secret keys". Because the hash is in the public, their vote *cannot* be silently tampered with prior to counting (It can be tampered with during counting, but so can paper votes). Then to count the votes, the organization holding the secret keys computes all the possible hashes for each citizen and counts the matches up, ideally using a single-purpose tabulation system based on hard-wired hash-and-count logic rather than a programmable device (Since the hash is being done by citizens on paper, it can't be *that* hard to implement the hash with hard-wired logic).
Under this system, because the computers doing the communication are not treated as a trusted devices (hashes done on paper), there really isn't any way this could be compromised any easier than paper voting.
That said, there are three problems with the no-worse-than-paper-votes system I propose:
1) People would whine about having to do *math* on paper to vote
2) The government still needs to somehow get a "secret key" to people via non-electronic and secure means. That's hard.
3) No government would actually bother to implement a secure system, when they can just pay a contractor for an insecure system which the contractor claims is secure.
Rsync would do this very nicely, except that it requires manual initiation. So what you do is hack up a quick python/perl/etc script to do the following: 1) When it regains connection with the server, run a full rsync 2) When inotify tells the script that a file has changed, rsync that one file. Perhaps buffer changes for set amounts of time so fewer rsyncs need to be run
This should be possible to accomplish in less than a day of hacking in a language of one's choice.
Ok, while I agree that the concept of entering contracts without a way to know is bad, unlike what the article said, the cancellation fee IS advertised under the "some conditions apply" links here http://www.mytelus.com/internet/highspeed/display. do and to make it easier for people those links go to http://www.mytelus.com/internet/highspeed/includes /popup_mice.vm?type=lite and it does say "Cancellation fee applies to early Rate Protection plan termination." rather clearly.
I agree with the point that being able to enter contracts without knowing is silly, however I wish TFA would get the facts straight when saying things like that the cancellation fee is not mentioned anywhere.
A small paper? Why not a script to automatically contact online aquaitances via irc, jabber, e-mail, or whatever you usually contact them with:) Then have a small paper on how to activate that. Much more user friendly;)
Due to how much better the benchmarks seemed to rate the intel processers whenever it was compiled with the intel compiler... However the statment about "and even crash" suprises me somewhat.
I'll probably get modded redundent for this, but seriously, don't the editors read/. themselves! They should really at least put stuff about an artical they're about to make in the little search area and that would at least stop some duping. I'm begining to think I should start marking editors as foes every time they make a dupe, only I'm not that bored.
Heh. Reminds me of the face that a few computers at my schools have cd-rom booting disabled... however they set the stupid bios password to "admin" on a good number of the computers.
A friend of mine guessed that bios password first try because he accidently pressed the key to go into the bios and felt that giving a joking guess at the bios password took less effort than pressing the power button. Man, that was funny!
I don't see why you don't just use multiple partitions instead of images and use a normal bootloader. In case you don't already know, usb keys do support multiple partitions just like any other block device.
Though my computer useage does decrease my productivity at homework, I would'nt know even half of what I know, not to mention the fact that my thinking skills probably would'nt be nearly as good. The thing is that it's computer gaming that tends to cause problems, not so much as other activities. I'm not a gamer myself, and am more of a geek, and my hobbies of linux system administration, programing, and electronics are far more enlightening per a given amount of time than school.
To summerize my opinion, whether it's a problem depends on how the computer is being used, and the real problem causers are Chat junkies, and (espescially)Gamers, and not geek activities
I find that natural lighting is by far the best (I hate the tone of incandecent lights, and florescent lighting flickers too much). However the wierd thing is that my 60Hz CRT is somehow fine for me. (It's the only way I can get 1280x1024 on my 17" monitor, and I can't live below 1280x1024)
I personally think it would be a great idea!
And though it would be difficult, it's far from impossible:
One friend of mine is making a 3d robotic vision system using two black and white cameras and some FPGAs and PIC microcontrollers, and he's eventually going to try to make a neural network interated circuit (he has sponsers to pay for the masive costs of that) with back propagation and such for object regonition! My point is, he's doing that alone and it's a massive task, so surely a group of people could make a 3d accelerated open standard video card!
For one, commercial video cards limit themselves by clock cycles and don't do too much in parralel, however, a singal FPGA could fit many small floating point processing units (talking about... thousands) on a singal chip, and they could all run in parralel (and each can run 500 MHZ fanless, so add a fan and heat sink and it could clock even faster). So it could have plenty of power to 3d accelerate! In fact realtime raytracing could even be don't by clustering a reasonable number of FPGAs, however that's an excessive number of FPGAs for a singal video card.
Slashdot Mirror
Lately? The Canadian govt is always trying to catch up the the US govt's bad habits. Tis always been true, and is true regardless of which political party is winning on either side of the border.
There are practical problems with the scheme. But note that they don't need to keep track of which key goes with who, because they can calculate the hash for every possible vote for each key, and just check how many matches there are. No need to know which key to use on which hash. A good way to do it might be to individually seal the copies of secret keys that go to voters, before randomly distributing them. You could even have the randomization done by an organization that's independent of the organization that generated the keys. Of course, unless their randomization is done within the plain sight of voters, it would have to be taken on some level of trust that it was done randomly. If it requires being done within the plain sight of voters, well might as well do paper voting anyway. Still though, if you could trust they were being randomly distributed, it could be fine.
Strong cryptographic hashes couldn't realistically be reversed, and believe it or not, rather advanced ones can be done on paper. Many strong cryptographic hashes can be done on not-hugely-daunting amounts of paper, provided the input data to the hash is not too huge, and it's not like it's a large file being hashed. So long as a proper cryptographic hash is in use, it *cannot* be reversed without doing a blind search of all possible inputs to the hash. Make the number of bits of inputs large and random enough (i.e. good "secret keys" of say... 256 bits or so), and that cannot be done within the lifetime of civilization. So... no... attackers reversing hashes is not feasible if the system is done right. Doing it right does make what voters would have to do on paper a little tedious, but manageable.
And that last part? That's what the public record aspect prevents. Even if there was a MITM-ish attack, the user can verify via other computers/connections at other times, whether their hash got inserted into the public record correctly. Ideally, this public record would be highly distributed. It seems highly unlikely a MITM could prevent a user who cares from finding out their vote was in the public record in the long run.
In any case, none of this matters, because even though cryptographic hashes and public records could hypothetically solve many issues and make a technically robust system, they don't solve the "talking about the guy with the gun pointing at his head telling him how to vote" type issue.
Actually... voting is much simpler than bank transactions in that the number of choices is small, and because of that, there *is* a way. It could even be made so that votes are 100% verifiable! Well, so long as the government can securely get information to the citizen via non-electronic means anyway.
What you do, is have the government send all citizens a "secret key" via non-electronic means, and keep a paper record of which "secret key" corresponds to which citizens. Also, when the "secret key" is sent to citizens, include instructions on how the citizen can do a hash of their vote and the secret key, on PAPER!
The citizen then anonymously submits their hash, to a public record. Because it's a hash, their ballot is still secret except to the organization that has kept paper records of the "secret keys". Because the hash is in the public, their vote *cannot* be silently tampered with prior to counting (It can be tampered with during counting, but so can paper votes). Then to count the votes, the organization holding the secret keys computes all the possible hashes for each citizen and counts the matches up, ideally using a single-purpose tabulation system based on hard-wired hash-and-count logic rather than a programmable device (Since the hash is being done by citizens on paper, it can't be *that* hard to implement the hash with hard-wired logic).
Under this system, because the computers doing the communication are not treated as a trusted devices (hashes done on paper), there really isn't any way this could be compromised any easier than paper voting.
That said, there are three problems with the no-worse-than-paper-votes system I propose:
1) People would whine about having to do *math* on paper to vote
2) The government still needs to somehow get a "secret key" to people via non-electronic and secure means. That's hard.
3) No government would actually bother to implement a secure system, when they can just pay a contractor for an insecure system which the contractor claims is secure.
Rsync would do this very nicely, except that it requires manual initiation. So what you do is hack up a quick python/perl/etc script to do the following:
1) When it regains connection with the server, run a full rsync
2) When inotify tells the script that a file has changed, rsync that one file. Perhaps buffer changes for set amounts of time so fewer rsyncs need to be run
This should be possible to accomplish in less than a day of hacking in a language of one's choice.
Ok, while I agree that the concept of entering contracts without a way to know is bad, unlike what the article said, the cancellation fee IS advertised under the "some conditions apply" links here http://www.mytelus.com/internet/highspeed/display. do and to make it easier for people those links go to http://www.mytelus.com/internet/highspeed/includes /popup_mice.vm?type=lite and it does say "Cancellation fee applies to early Rate Protection plan termination." rather clearly.
I agree with the point that being able to enter contracts without knowing is silly, however I wish TFA would get the facts straight when saying things like that the cancellation fee is not mentioned anywhere.
Ooh, nice hack for not getting different ones in all your terminals and such :)
A small paper? Why not a script to automatically contact online aquaitances via irc, jabber, e-mail, or whatever you usually contact them with :) ;)
Then have a small paper on how to activate that. Much more user friendly
Self-awareness != self-preservation
Suicidal people prove this all of the time.
Glade + Pygtk + Python
Heh, looks like their demo at http://demo.roundcube.net/ might be a little bogged down by /.
IMHO, Python is the best lauguage for such.
Due to how much better the benchmarks seemed to rate the intel processers whenever it was compiled with the intel compiler...
However the statment about "and even crash" suprises me somewhat.
I'll probably get modded redundent for this, but seriously, don't the editors read /. themselves! They should really at least put stuff about an artical they're about to make in the little search area and that would at least stop some duping. I'm begining to think I should start marking editors as foes every time they make a dupe, only I'm not that bored.
This would be a good artical... were it not a dupe :-/
(hmm... stupid typos... s/face/fact/ )
Heh. Reminds me of the face that a few computers at my schools have cd-rom booting disabled... however they set the stupid bios password to "admin" on a good number of the computers.
A friend of mine guessed that bios password first try because he accidently pressed the key to go into the bios and felt that giving a joking guess at the bios password took less effort than pressing the power button. Man, that was funny!
As many have noted the key is the "visor" use-serial module. I'm getting tired of ask/. questions that one could solve with a google search :-/
a small Openmosix/LTSP cluster would make a good combo system for such. :-)
Great program. I only wish it was'nt dependent on QT and kde
I don't see why you don't just use multiple partitions instead of images and use a normal bootloader. In case you don't already know, usb keys do support multiple partitions just like any other block device.
Though my computer useage does decrease my productivity at homework, I would'nt know even half of what I know, not to mention the fact that my thinking skills probably would'nt be nearly as good. The thing is that it's computer gaming that tends to cause problems, not so much as other activities. I'm not a gamer myself, and am more of a geek, and my hobbies of linux system administration, programing, and electronics are far more enlightening per a given amount of time than school.
To summerize my opinion, whether it's a problem depends on how the computer is being used, and the real problem causers are Chat junkies, and (espescially)Gamers, and not geek activities
I find that natural lighting is by far the best (I hate the tone of incandecent lights, and florescent lighting flickers too much). However the wierd thing is that my 60Hz CRT is somehow fine for me. (It's the only way I can get 1280x1024 on my 17" monitor, and I can't live below 1280x1024)
I personally think it would be a great idea! And though it would be difficult, it's far from impossible: One friend of mine is making a 3d robotic vision system using two black and white cameras and some FPGAs and PIC microcontrollers, and he's eventually going to try to make a neural network interated circuit (he has sponsers to pay for the masive costs of that) with back propagation and such for object regonition! My point is, he's doing that alone and it's a massive task, so surely a group of people could make a 3d accelerated open standard video card! For one, commercial video cards limit themselves by clock cycles and don't do too much in parralel, however, a singal FPGA could fit many small floating point processing units (talking about... thousands) on a singal chip, and they could all run in parralel (and each can run 500 MHZ fanless, so add a fan and heat sink and it could clock even faster). So it could have plenty of power to 3d accelerate! In fact realtime raytracing could even be don't by clustering a reasonable number of FPGAs, however that's an excessive number of FPGAs for a singal video card.
No crashes here either: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040817 Firefox/0.9.3