I have a cousin who was almost killed by colloidal silver. It would have helped if conventional medicine had had some answer for his headaches.
I have a sister who was almost killed by antibiotics. Homeopathic treatments brought her back the first time. Later, she almost died from cancer because she was too scared to talk with MDs who would naturally insist on prescribing conventional medicine. She got really lucky and went to a hospital that allowed unconventional treatments like reiki. They also allowed me to bring in food and weren't offended when she wouldn't eat the standard fare from their kitchens, and when she insisted on picking and choosing what treatments to subject herself to. I personally used reiki to help her reduce the swelling in her legs. I know I did something, even though I can't quantify what I did, and I know I can't reproduce it on demand.
The last point is probably the biggest problem with homeopathy. There are times you can do things that you don't understand. It's kind of like hacking a huge system you are unfamiliar with, where maybe you're lucky at first, and you get some ideas and they seem to work.
But then the boss comes in and says, since you had some small success with tweaking a few things and saved the company a few thousand dollars, you should be able to convert the system from big function A to big function B, and you should be able to plan the project and set up a schedule, and it should all come together on time and make the company millions of dollars. Yesterday.
And then you hire some guys out of college and they insist that you have to have a planning meeting or two and describe all the modules and their interfaces and the API so they can apply top-down or whatever the current fad in design is.
Homeopathic is a bit like software hacking, I think.
per virii at dictionary.com/reference.com. Okay. However, it is acknowledged to be meaningful among computer hackers.
Can't blame allergic reactions on misprescribed medicine? That's news to me. Even back in the '50s, doctors knew that some people would react poorly to penicillin, and that overprescription could induce such reactions.
But, technically, the reactions she suffers are not allergic.
And the prescription that almost did her in the first time had nothing to do with a bacterial infection. It was "for general health", what MDs would later excuse as a "guard against secondary infections". What she needed was balanced meals and rest.
And you shouldn't take medical advice from anyone you meet on the web, really. Not that I was intending to give any.
I could probably stop there and get modded +2 funny, but I've got a rant to counter your rant.
I've watched conventional medicine almost kill my sister. Twice.
Most of conventional medicine is placebo. It is quite nearly criminal to prescribe anti-biotics for the common cold, when the best medicine would be chicken soup or a nice, hot, cup of spicy apple cider. (Half a teaspoon of grated ginger root does quite a lot of good, and another half teaspoon of cinnamon makes it almost addictive, but anyway.) Oh, and rest, of course.
Medicine uses a lot of showmanship, a lot of placebo, a lot of gamesmanship, and a lot of what could best be described as something like hacking. We don't have the API maps and UML diagrams for all the systems of the body, even if we set aside the metaphysical issues.
Who are we to call conventional medicine good and homeopathic evil?
It is true that homeopathic practice makes claims they shouldn't, but so does conventional medicine. The competition between conventional and homeopathic is not healthy for society in general.
I have a cousin who was almost killed by colloidal silver. It would have helped if conventional medicine had had some answer for his headaches.
I have a sister who was almost killed by antibiotics. Homeopathic treatments brought her back the first time. Later, she almost died from cancer because she was too scared to talk with MDs who would naturally insist on prescribing conventional medicine. She got really lucky and went to a hospital that allowed unconventional treatments like reiki. They also allowed me to bring in food and weren't offended when she wouldn't eat the standard fare from their kitchens, and when she insisted on picking and choosing what treatments to subject herself to. I personally used reiki to help her reduce the swelling in her legs. I know I did something, even though I can't quantify what I did, and I know I can't reproduce it on demand.
The last point is probably the biggest problem with homeopathy. There are times you can do things that you don't understand. It's kind of like hacking a huge system you are unfamiliar with, where maybe you're lucky at first, and you get some ideas and they seem to work.
But then the boss comes in and says, since you had some small success with tweaking a few things and saved the company a few thousand dollars, you should be able to convert the system from big function A to big function B, and you should be able to plan the project and set up a schedule, and it should all come together on time and make the company millions of dollars. Yesterday.
And then you hire some guys out of college and they insist that you have to have a planning meeting or two and describe all the modules and their interfaces and the API so they can apply top-down or whatever the current fad in design is.
Homeopathic is a bit like software hacking, I think.
Free, as in the banana in that box you see over there, monkey.
Yeah, that's right, just put your hand in that little gap between the bars. Just big enough for your hand. No, no, don't worry about whether it'll be big enough for your hand when it's holding the banana. Nothing to worry about at all.
Besides, when we come to help you, we'll give you a whole bunch of bananas and a nice little cage to ride in.
If paper, well, it seems to me we are back to paper.
And then there is the problem of whether possession of enough keys would allow backtracking through the obscurring processes and identifying voters.
I suppose it would not be impossible to substitute a web published anonymous roll and caching the published roll to get somewhat close to the effect of paper for some definition of "somewhat close". But then we are relying on, say, Google (maybe not so bad), Microsoft (need I say more?), and others to not yield to pressure should there be a coverup.
I understand PKCS. I also understand that it depends on humans to implement it.
And then there's opacity, which simply cannot be got around. Humans can judge the paper ballot with separable stub method. Ordinary humans can't judge cryptography. (Which is what I keep talking about the ROMs for.)
hmm. Okay, say I compromise the ROM. I don't try to make it record false votes, but I do write in a little routine that makes the voting machine give up the actual value of each vote in order voted or some slightly obscure way of reproducing the votes by an alternate (out of band) method. Your cryptography is holding this wall just fine, but the enemy has jumped over a different wall and escaped with just enough information for the local goons to come around telling you you voted for the wrong guy, and maybe next time the artificial kneecaps will remind you not to do that.
Shoot, if you consider how much RFI keyboards and monitors leak, the ROM could be compromised with a routine to broadcast the vote being cast through some pushbutton wires, or even the display screen. Or, if you really want to be subtle, the physical printed circuit might leave an innocent looking length of trace ungrounded, and the ROM could broadcast the vote out that.
How many examples of hidden ways to compromise this kind of machinery do you need before you start taking a serious look at how much you're gambling on cryptography?
If there really is a need, you can build the community.
If there really isn't a need, maybe what you are worried about is not what you think it is.
In particular, if Theo didn't have a strong personality, openBSD wouldn't be worth polishing or protecting.
Maybe openBSD is good today, but tomorrow something will come up that needs someone with the technical insight and the personal drive to get it done. So, say we somehow replace Theo. Is the replacement going to have a strong enough personality to get the job done? How about the technical skill. How about the interest?
By the way, Theo is right to go after this problem. Mixing licenses is a really bad idea, and so is changing licenses without permission from all the original authors.
Well, changing licenses without permission is illegal, immoral, bad for business, and frowned on in courts, therefore, mixing licenses in a single file is a just plain bad idea. It could well undo the entire legal basis of the GPL community. (Which is the irony of the argument here.)
Not the undo GPL so much as the community.
So, yeah, Theo is right. Once again.
If you want a more business-friendly openBSD, network, get a few good engineers and maybe some business types too, and fork it. If it really is an idea whose time has come, you can make it happen.
assuming public key doesn't get killed by quantum computing or something else we haven't seen yet, what magic in cryptography prevents me from, for instance, failing to protect the necessary private keys? (I'm suddenly not sure if I'm getting the terminology right, but I mean the half of the key pair that the owner of the key pair keeps secret to prevent others from signing things.)
v.3 s. 5 (c) "... This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it."
Original authors have authority to give such permission.
So the GPL does not allow people to do what the BSD copyright does not allow, unless said people are the original authors of the BSD copyrighted material.
(How long will it take for this idea to penetrate certain heads?)
No. You can't just put in lines of GPLed code and suddenly the net effect is GPL.
When you add code under a different license, there is an obligation to make it clear where the borders are.
This obligation has been often ignored. That does not make the obligation go away.
Otherwise, the dual licensing bit is nonsense.
If the guy who offered dual license wants to allow his contributions to be distributed under either alone, he does not have the authority to strip the copyright notice from source which contains contributions from those who have not said such a thing was allowed.
The only solution is to carefully annotate which lines are under which license. Otherwise, it becomes a game of chicken, to see which author(s) can stare the other(s) down. (And even with the annotation, I have trouble seeing the purpose of the dual license idea in this case. I do understand the necessity of the dual license for Perl, but that's a different question entirely.)
Since keeping the file under BSD does not prevent the file from being linked or #included with GPLed code, I really don't see the purpose of the dual license, unless it is specifically to initiate a game of chicken.
The voting judges receive a set number of ballots, enough plus a few for ever registered voter in the district to cast a vote. The number of ballots is known, so that the final count of ( votes + spoiled_ballots + unused_ballots == ballots_delivered ) can be tested. (By people, not just by machines.)
The ballot and stub are separable. The voter places the ballot in a jacket, separates the stub, and takes the ballot and stub to the judges.
A judge receives the ballot and stub, keeping the ballot in its jacket while the other judges (and any voters who happen to be nearby) watch. The ballot, in its jacket, goes into the locked ballot box. The stub goes into a separate box.
When the polls close, the first thing done is to unlock the ballot box with all judges present. The count of ballots cast is checked against the count of stubs, and the count of ballots, spoils, and leftovers is checked against the count of ballots provided. Then the judges count the actual votes and record their initial report.
Then the ballots cast are wrapped up with the stubs, the unused and spoiled ballots are wrapped separately, all are placed in the ballot box again and locked again, and everything is taken by at least two of the judges to the county offices, where the county officials verify the initial reports. (County or parish, or, in really large cities, I think it is done by ward or such.)
The judges keep a copy of their initial counts, so that they can check against the county's later reports.
Does that explain how recounts work?
You could call the combination of ballot, stub, and careful accounting of all ballots received a paper trail, of sorts, but it's not the same thing as the print-under-glass gadget, or the cryptographic receipt gadgetry.
If you can't trust the voting judges, no amount of cryptographic machinery will help. You simply have to have enough guts to volunteer to be a voting judge yourself next time, and make sure the other judges know that your family or someone else important knows you are being a voting judge.
If you can trust the voting judges to at least not try counterfeiting ballots, voting machines are superfluous.
I remember going through this in school, but something clearly does not ring true in the argument.
My family has a long history of philosophizing. We also have a long history of participation in the elections process (registration, voting judges, caucuses, etc.).
We do not vote people.
I read the history, instead of the modern psycho-histories, and I don't see people voting people.
I think there's a problem in the way people interpret the founding fathers through the lens of modern political philosophy. Maybe what is missing is whether a person can conceive of an elected representative implementing other people's ideas instead of his own, or his favorite lobby's.
As many, including myself, have pointed out, machines simply add more opportunity for fraud and remove the voter one step further from understanding the process by which he or she exercises franchise.
You do trust me to burn the ROMs, right? and to transport the machines to and from the polling places, right? And you do trust my friend to verify the ROMs, right?
And, of course, I should trust your verification procedures, should you decide to verify the ROMs yourself.
(Who's computer are the cryptographic keys stored on? Yours or mine?)
for people unwilling to learn how to exercise their franchise.
If the voting process required sacrificing a thirteen minute dead chicken at exactly thirteen and a half minutes past midnight, and signifying one's voice by choice by the seasoning (eye of newt for candidate A, bat's whisker for candidate B, etc.) then, yeah, there is an issue with the process being too complicated.
That's kind of what the problem with the hanging chads was. (And, if you think about it, one way of describing the problem with cryptographic methods.)
But checking a box or column?
If a voter can't be bothered to understand how to find the correct box or column to make a mark in, he or she really lacks some moral standing when complaining about votes not being counted.
And the final step of the implementation is, you guess it, making sure the voting machine gets to the polls and back to the county or parish offices with unmodified ROM and RAM.
Electronic and mathematical methods are not visible to the ordinary voter. That is the problem.
(They're not really visible to techie types, either, unless both you and I are allowed to check every ROM at every voting booth at every point in the day, and we still would have to be able to trust each other.
is that only the mathematicians really understand what's going on.
We may know that (if and only if the algorithm is implemented correctly) the method works, but for the rest of the citizenry, this is asking them to put their trust in (yet another) technical priesthood.
The system has to be simple enough for anyone to see, and simple enough that anyone willing to comprehend freedom can comprehend it. It has to be visible.
Thus, the stubbed, anonymous paper ballot, the stub and the ballot going in separate, locked boxes, and each voting station accounting for every ballot received, and more than two voting judges, from different parties, present all during the setup, voting, takedown, and initial count.
It is not perfect, but it is visible, and it works.
Nothing in this world is perfect, and when you start playing cryptic cryptographic math games, it just makes part of the process invisible (opaque) to too many voters.
Slashdot Mirror
per virii at dictionary.com/reference.com. Okay. However, it is acknowledged to be meaningful among computer hackers.
Can't blame allergic reactions on misprescribed medicine? That's news to me. Even back in the '50s, doctors knew that some people would react poorly to penicillin, and that overprescription could induce such reactions.
But, technically, the reactions she suffers are not allergic.
And the prescription that almost did her in the first time had nothing to do with a bacterial infection. It was "for general health", what MDs would later excuse as a "guard against secondary infections". What she needed was balanced meals and rest.
And you shouldn't take medical advice from anyone you meet on the web, really. Not that I was intending to give any.
joudanzuki
All the dilutions my sister uses are clear.
I could probably stop there and get modded +2 funny, but I've got a rant to counter your rant.
I've watched conventional medicine almost kill my sister. Twice.
Most of conventional medicine is placebo. It is quite nearly criminal to prescribe anti-biotics for the common cold, when the best medicine would be chicken soup or a nice, hot, cup of spicy apple cider. (Half a teaspoon of grated ginger root does quite a lot of good, and another half teaspoon of cinnamon makes it almost addictive, but anyway.) Oh, and rest, of course.
Medicine uses a lot of showmanship, a lot of placebo, a lot of gamesmanship, and a lot of what could best be described as something like hacking. We don't have the API maps and UML diagrams for all the systems of the body, even if we set aside the metaphysical issues.
Who are we to call conventional medicine good and homeopathic evil?
It is true that homeopathic practice makes claims they shouldn't, but so does conventional medicine. The competition between conventional and homeopathic is not healthy for society in general.
joudanzuki
I'll rant first, read later.
I have a cousin who was almost killed by colloidal silver. It would have helped if conventional medicine had had some answer for his headaches.
I have a sister who was almost killed by antibiotics. Homeopathic treatments brought her back the first time. Later, she almost died from cancer because she was too scared to talk with MDs who would naturally insist on prescribing conventional medicine. She got really lucky and went to a hospital that allowed unconventional treatments like reiki. They also allowed me to bring in food and weren't offended when she wouldn't eat the standard fare from their kitchens, and when she insisted on picking and choosing what treatments to subject herself to. I personally used reiki to help her reduce the swelling in her legs. I know I did something, even though I can't quantify what I did, and I know I can't reproduce it on demand.
The last point is probably the biggest problem with homeopathy. There are times you can do things that you don't understand. It's kind of like hacking a huge system you are unfamiliar with, where maybe you're lucky at first, and you get some ideas and they seem to work.
But then the boss comes in and says, since you had some small success with tweaking a few things and saved the company a few thousand dollars, you should be able to convert the system from big function A to big function B, and you should be able to plan the project and set up a schedule, and it should all come together on time and make the company millions of dollars. Yesterday.
And then you hire some guys out of college and they insist that you have to have a planning meeting or two and describe all the modules and their interfaces and the API so they can apply top-down or whatever the current fad in design is.
Homeopathic is a bit like software hacking, I think.
Conventional medicine still prescribes things like antibiotics for influenza.
Yeah. Kill those bacteria. That'll teach them stupid virii!
I've seen a relative done damage by colloidal silver. I've seen a sister almost killed by antibiotics.
Pot, meet kettle.
hmm.
Free, as in the banana in that box you see over there, monkey.
Yeah, that's right, just put your hand in that little gap between the bars. Just big enough for your hand. No, no, don't worry about whether it'll be big enough for your hand when it's holding the banana. Nothing to worry about at all.
Besides, when we come to help you, we'll give you a whole bunch of bananas and a nice little cage to ride in.
just need the original authors' permission.
But mixing licenses really is not a good idea. Keep the license of each source file.
You can link BSD copyrighted files with GPLed files, no problem.
If paper, well, it seems to me we are back to paper.
And then there is the problem of whether possession of enough keys would allow backtracking through the obscurring processes and identifying voters.
I suppose it would not be impossible to substitute a web published anonymous roll and caching the published roll to get somewhat close to the effect of paper for some definition of "somewhat close". But then we are relying on, say, Google (maybe not so bad), Microsoft (need I say more?), and others to not yield to pressure should there be a coverup.
I understand PKCS. I also understand that it depends on humans to implement it.
And then there's opacity, which simply cannot be got around. Humans can judge the paper ballot with separable stub method. Ordinary humans can't judge cryptography. (Which is what I keep talking about the ROMs for.)
hmm. Okay, say I compromise the ROM. I don't try to make it record false votes, but I do write in a little routine that makes the voting machine give up the actual value of each vote in order voted or some slightly obscure way of reproducing the votes by an alternate (out of band) method. Your cryptography is holding this wall just fine, but the enemy has jumped over a different wall and escaped with just enough information for the local goons to come around telling you you voted for the wrong guy, and maybe next time the artificial kneecaps will remind you not to do that.
Shoot, if you consider how much RFI keyboards and monitors leak, the ROM could be compromised with a routine to broadcast the vote being cast through some pushbutton wires, or even the display screen. Or, if you really want to be subtle, the physical printed circuit might leave an innocent looking length of trace ungrounded, and the ROM could broadcast the vote out that.
How many examples of hidden ways to compromise this kind of machinery do you need before you start taking a serious look at how much you're gambling on cryptography?
judanzuki
If there really is a need, you can build the community.
If there really isn't a need, maybe what you are worried about is not what you think it is.
In particular, if Theo didn't have a strong personality, openBSD wouldn't be worth polishing or protecting.
Maybe openBSD is good today, but tomorrow something will come up that needs someone with the technical insight and the personal drive to get it done. So, say we somehow replace Theo. Is the replacement going to have a strong enough personality to get the job done? How about the technical skill. How about the interest?
By the way, Theo is right to go after this problem. Mixing licenses is a really bad idea, and so is changing licenses without permission from all the original authors.
Well, changing licenses without permission is illegal, immoral, bad for business, and frowned on in courts, therefore, mixing licenses in a single file is a just plain bad idea. It could well undo the entire legal basis of the GPL community. (Which is the irony of the argument here.)
Not the undo GPL so much as the community.
So, yeah, Theo is right. Once again.
If you want a more business-friendly openBSD, network, get a few good engineers and maybe some business types too, and fork it. If it really is an idea whose time has come, you can make it happen.
assuming public key doesn't get killed by quantum computing or something else we haven't seen yet, what magic in cryptography prevents me from, for instance, failing to protect the necessary private keys? (I'm suddenly not sure if I'm getting the terminology right, but I mean the half of the key pair that the owner of the key pair keeps secret to prevent others from signing things.)
No reason for electronic voting machinery, except maybe for those with physical conditions that make it unreasonably difficult to use a bubble sheet.
Bubble sheets can be tallied electronically, but that's after the voting is all over with.
Simple ballot + stub, locked ballot box, proper accounting of unused ballots, with human judges and election observers, that's all that's necessary.
Every additional complexity just adds points of attack.
joudanzuki
v.3 s. 5 (c) "... This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it."
Original authors have authority to give such permission.
So the GPL does not allow people to do what the BSD copyright does not allow, unless said people are the original authors of the BSD copyrighted material.
(How long will it take for this idea to penetrate certain heads?)
not have been, but other files have apparently been published.
No. You can't just put in lines of GPLed code and suddenly the net effect is GPL.
When you add code under a different license, there is an obligation to make it clear where the borders are.
This obligation has been often ignored. That does not make the obligation go away.
Otherwise, the dual licensing bit is nonsense.
If the guy who offered dual license wants to allow his contributions to be distributed under either alone, he does not have the authority to strip the copyright notice from source which contains contributions from those who have not said such a thing was allowed.
The only solution is to carefully annotate which lines are under which license. Otherwise, it becomes a game of chicken, to see which author(s) can stare the other(s) down. (And even with the annotation, I have trouble seeing the purpose of the dual license idea in this case. I do understand the necessity of the dual license for Perl, but that's a different question entirely.)
Since keeping the file under BSD does not prevent the file from being linked or #included with GPLed code, I really don't see the purpose of the dual license, unless it is specifically to initiate a game of chicken.
joudanzuki
If you want something done right, ...
The voting judges receive a set number of ballots, enough plus a few for ever registered voter in the district to cast a vote. The number of ballots is known, so that the final count of ( votes + spoiled_ballots + unused_ballots == ballots_delivered ) can be tested. (By people, not just by machines.)
The ballot and stub are separable. The voter places the ballot in a jacket, separates the stub, and takes the ballot and stub to the judges.
A judge receives the ballot and stub, keeping the ballot in its jacket while the other judges (and any voters who happen to be nearby) watch. The ballot, in its jacket, goes into the locked ballot box. The stub goes into a separate box.
When the polls close, the first thing done is to unlock the ballot box with all judges present. The count of ballots cast is checked against the count of stubs, and the count of ballots, spoils, and leftovers is checked against the count of ballots provided. Then the judges count the actual votes and record their initial report.
Then the ballots cast are wrapped up with the stubs, the unused and spoiled ballots are wrapped separately, all are placed in the ballot box again and locked again, and everything is taken by at least two of the judges to the county offices, where the county officials verify the initial reports. (County or parish, or, in really large cities, I think it is done by ward or such.)
The judges keep a copy of their initial counts, so that they can check against the county's later reports.
Does that explain how recounts work?
You could call the combination of ballot, stub, and careful accounting of all ballots received a paper trail, of sorts, but it's not the same thing as the print-under-glass gadget, or the cryptographic receipt gadgetry.
If you can't trust the voting judges, no amount of cryptographic machinery will help. You simply have to have enough guts to volunteer to be a voting judge yourself next time, and make sure the other judges know that your family or someone else important knows you are being a voting judge.
If you can trust the voting judges to at least not try counterfeiting ballots, voting machines are superfluous.
joudanzuki
I have a haddock.
I remember going through this in school, but something clearly does not ring true in the argument.
My family has a long history of philosophizing. We also have a long history of participation in the elections process (registration, voting judges, caucuses, etc.).
We do not vote people.
I read the history, instead of the modern psycho-histories, and I don't see people voting people.
I think there's a problem in the way people interpret the founding fathers through the lens of modern political philosophy. Maybe what is missing is whether a person can conceive of an elected representative implementing other people's ideas instead of his own, or his favorite lobby's.
joudanzuki
a ballot with a mark to the left of the candidate's name instead of in the box to the right should be counted.
Think about this.
Is someone who has trouble putting a mark in a box going to understand your system?
joudanzuki
changes nothing.
As many, including myself, have pointed out, machines simply add more opportunity for fraud and remove the voter one step further from understanding the process by which he or she exercises franchise.
You do trust me to burn the ROMs, right? and to transport the machines to and from the polling places, right? And you do trust my friend to verify the ROMs, right?
And, of course, I should trust your verification procedures, should you decide to verify the ROMs yourself.
(Who's computer are the cryptographic keys stored on? Yours or mine?)
joudanzuki.
for people unwilling to learn how to exercise their franchise.
If the voting process required sacrificing a thirteen minute dead chicken at exactly thirteen and a half minutes past midnight, and signifying one's voice by choice by the seasoning (eye of newt for candidate A, bat's whisker for candidate B, etc.) then, yeah, there is an issue with the process being too complicated.
That's kind of what the problem with the hanging chads was. (And, if you think about it, one way of describing the problem with cryptographic methods.)
But checking a box or column?
If a voter can't be bothered to understand how to find the correct box or column to make a mark in, he or she really lacks some moral standing when complaining about votes not being counted.
joudanzuki
I would be guessing that this article is a red herring designed to make voting machines that _do_ print paper trails appear more respectable.
right?
And trust me to carry the machines to the polling places, and generate the cryptographic keys (on my computer), right?
Yes?
is dependent on the implementation.
And the final step of the implementation is, you guess it, making sure the voting machine gets to the polls and back to the county or parish offices with unmodified ROM and RAM.
Electronic and mathematical methods are not visible to the ordinary voter. That is the problem.
(They're not really visible to techie types, either, unless both you and I are allowed to check every ROM at every voting booth at every point in the day, and we still would have to be able to trust each other.
You do trust me, right?)
joudanzuki
Not to mention that receipts are a red herring.
is that only the mathematicians really understand what's going on.
We may know that (if and only if the algorithm is implemented correctly) the method works, but for the rest of the citizenry, this is asking them to put their trust in (yet another) technical priesthood.
The system has to be simple enough for anyone to see, and simple enough that anyone willing to comprehend freedom can comprehend it. It has to be visible.
Thus, the stubbed, anonymous paper ballot, the stub and the ballot going in separate, locked boxes, and each voting station accounting for every ballot received, and more than two voting judges, from different parties, present all during the setup, voting, takedown, and initial count.
It is not perfect, but it is visible, and it works.
Nothing in this world is perfect, and when you start playing cryptic cryptographic math games, it just makes part of the process invisible (opaque) to too many voters.
joudanzuki