Linux: The electoral test that pencil and paper meet Misc.7/24/2001; 12:28:18 PM 'When Carol Boughton's Canberra consultancy, Software Improvements, won a $200,000 contract to provide an electronic voting system for the ACT's October election, it was critically important her team got the technology right.'"ACT" stands for "Australian Capital Territory". This is still a poll-based scheme... you have to come in and vote, it's not a remote thing. (This is good.)What's interesting about this is the system is all open source: 'The only platform that provided robustness and voter confidence was GNU Debian Linux, with all source code released under the General Public License (GPL).''Douglas Jones, an associate professor of computer science at the University of Iowa, in testimony in January on voting technology before the US Civil Rights Commission, adopted the axiom, "trust no one"...."Truly open source systems are valuable, but they pose threats, too, because anyone can get and modify the code."...'I chopped out quite a bit there; please read the article for full context. I wanted to point out that the phrase "anyone can get and modify the code" is deceptive, and probably doesn't accurately convey what the professor actually said. It may be true that I can download this voting software, make some changes, and compile it, but the effect that would have on the ACT voting results would be precisely bupkis. I would still need to get those changes into the real voting system, which should be virtually impossible, regardless of the details of the actual vote counting software.The machines will be physically secured at the polling location and the counting location (I hope!), and as long as all communications between those two locations are adequately and competently secured (which should be easy to do with something like ssh & certificate authentication), it will be very difficult to affect the system remotely, almost regardless of any weaknesses in the system. That leaves only local exploits... and there are other things that could be done to detect the effects of that. If I were designing this system, I'd put some paranoia checks into the counting system. Is one of the polling computers changing its tune? Is it suddenly registering too many votes too quickly?So, while in a vague theoretical sense, open source voting software might allow someone to discover holes in the system and exploit them, there are still huge (theoretically insurmountable) practical difficulties in exploiting these bugs, and even bigger ones associated with not being detected, assuming competent system design and administration. When considered against the very practical and real problems proprietary voting systems have, with their opaqueness and the power being handed over to the vendors of the system as a result (who could know if they were fudging the vote by a percent or two?), open source is the clear winner for voting software. It may not be perfect, but if you insist on using software, there's no reason to go with closed source.
Sad and lonely in cyberspace? No, not really. Technology & Sociology7/23/2001; 3:22:23 PM 'A new, longer follow-up from a study that linked Web use to poor mental health — heavily publicized three years ago — shows that most bad effects have disappeared.'"Either the Internet has changed, or people have learned to use it more constructively, or both," says the study leader, psychologist Robert Kraut of Carnegie Mellon University in Pittsburgh.'And now we see that the Internet benefits psychology as much as other sciences... thanks to the "Internet Time" phenomenon, faulty studies from 1998, corrected by follow-up studies in 2001, can dodge the (*cough cough*) psychologically challenging issues of admitting the original study may have been flawed. (Surely that's at least a possibility, nyet?)The previous study is discussed in this this Salon article from 1998:'"Sad, Lonely World Discovered in Cyberspace": The front-page headline in Sunday's New York Times conjured an image of intrepid explorers trekking to the edge of a precipice to win a precious glimpse of some remote tribe. It's a romantic, attention-getting picture, which is no doubt what attracted Times editors to the wording. But -- as so often is the case with media portraits of Net culture -- the truth is far more mundane.'
Go Ahead, Make Ashcroft's Day Misc.7/23/2001; 2:08:20 PM 'So on Friday afternoon, when Ashcroft announced a tough-on-hacking initiative to combat the people of "poor and evil motivations" who seek to bring down the world's precious computers, did cyber-punks flinch and ask themselves if they felt lucky?'Not likely.... The new program will create a cadre of specialized cybercrime attorneys -- called "computer hacking and intellectual property" units, or, stupidly, CHIPs. They'll be based at 10 field offices around the country, from which, Ashcroft promised, they'll be able to respond like lightning to any digital threats....'But that's all the program consists of -- lawyers. Though he cited several statistics to prove to the assembled media how big a problem computer crime is, Ashcroft's was a gospel of prosecution, not of cyber security. His message, peppered as it was with such misnomers as "hacker" to mean "cyber-criminal," indicated a fundamental ignorance of the computer security community and their ethic.'The article has a couple of good examples of why this is not a good thing. If they were half serious, couldn't they afford maybe one technical person on staff?
Digital signature becomes law Misc.7/21/2001; 8:32:43 PM 'Electronic signatures are now as legally binding as hand-written ones.'A European Commission directive came into force on Thursday, legally recognising the digital signature for the first time. 'These signatures can be used for signing contracts on e-mail and will make business much more efficient, speeding up transactions around the world.'If I recall correctly, these are electronic signitures, not digital signitures.
Frontier XML Python Module
Personal Notes
7/18/2001; 3:39:34 PM I've released a Python module for Frontier's Table XML format. Please follow the link for more info if you're curious.
Case highlights law's threat to fair-use rights DMCA7/18/2001; 12:39:49 PM 'The music industry is no longer threatening computer science professor Ed Felten with civil lawsuits for his research into one of the industry's digital copy-protection schemes. He doesn't have the same assurance, however, that the United States government won't launch a criminal prosecution if he proceeds.'That uncertainty grew more pronounced this week when the FBI arrested a visiting Russian computer scientist Monday in Las Vegas, charging him with violating the 1998 Digital Millennium Copyright Act by distributing software that cracked a system for encrypting electronic books. It was one of the first criminal prosecutions under a bad law that was designed to protect copyright owners from unauthorized copying but is having all kinds of other negative effects....'Felten and his colleagues then filed suit, asking a federal judge in New Jersey to specifically allow them to publish -- to allow them their First Amendment rights -- and declare the DMCA unconstitutional. 'But the U.S. Justice Department, also a defendant in the Felten suit, hasn't responded. And after Tuesday's arrest, it's no wonder that Felten -- and programmers and researchers everywhere -- should be feeling considerably more nervous. A federal prosecutor in San Jose told me Tuesday that the law under which was Sklyarov charged wouldn't apply in Felten's case, but why should he take the risk?'
Swedish Supreme Court on the EU Data Directive Free Speech7/18/2001; 10:51:10 AM 'The Swedish Supreme Court has made an important decision regarding the EU data directive. This directive has been interpreted by many people as a serious infringement in the freedom of speech, since it requires permission from the person you write about before you publish any information about a person on the Internet.''The case was a person, who had published a web site, in which he seriously criticized several Swedish banks and named individuals working at these banks, which he regarded as having improperly cheated the customers of the bank from their money.''The Swedish Supreme Court rejects the convictions in the lower court and the appeal court, and frees the person from all he was prosecuted for.'The main reasons given by the Swedish Supreme Court for this decision is that:'The EU Data Directive is based on the European Convention for protection of human rights. This convention has two possibly contradictory requirements: Protection of Privacy and Freedom of Speech. However, Protection of Privacy is specified in this convention as including private and family life, home and personal correspondence. Acts taken by bank directors in their work do not belong to this area....'I find this interesting mostly because it is a break from the EU.
Going on vacation
Administrative
7/6/2001; 8:40:45 AM I'll be leaving for a week so the already-sporadic updates will be getting even more sporadic.
Every time in the last week I've tried to post something here, I've been unable to get through. The problem's not always the ETP.com server, but it doesn't much matter. I think that when I get back, I'm moving to another server under my control, 'cause this week has been annoying.
Microsoft drops Smart Tags from Windows XP Free Speech6/28/2001; 8:56:32 AM 'As first reported by CNET News.com, the Redmond, Wash.-based company has included Smart Tags in the most recent test versions of Windows XP, an upgrade to the Windows operating system. But a company spokesman said Wednesday that the technology will not be included in the final version that will be released Oct. 25.'Let's hear it for the power of whining!I'm glad that Microsoft is doing this. But it is in some sense disappointing. Someday, we as a society are going to have to pay the piper and actually hammer out these issues. (Then again, the longer we delay, the more we understand this stuff...)
Napster copyright ruling upheld
Music & MP3
6/25/2001; 9:42:29 PM 'A federal appeals court has upheld its February decision that Napster contributes to copyright infringement and must remove protected works from its song-swapping service...'
'The court's ruling leaves the U.S. Supreme Court as the remaining legal arena for Napster Inc.'