I protest.

Billmon is the man!

Well, it looks like someone took Billmon's advice:

There is a great story out there waiting to be written, and I can even give you the lead:

White House political director Karl Rove, currently under suspicion for divulging the name of a CIA undercover agent, was paid more than $__________ by the Senate campaigns of Attorney General John Ashcroft, the man charged with investigating the scandal.

In "Ashcroft, Rove ties scrutinized," MSNBC reports:

A COMPANY controlled by Rove, who stands accused by the CIA officer's husband of at least condoning the leak, was paid more than $300,000 by Ashcroft's 1994 Senate campaign in Missouri for direct mail work and other servicesi, the New York Times reported Friday, citing campaign finance data.

Well, Billmon, does that qualify? I think it does indeed.

Good news on a Friday morning. But, um, not so much for Ashcroft, Rove or their supporters, I suppose. Hee.

Grumpily unemployed.

Ah, so the "economy" actually "gained" some 57,000 jobs last month. Well, not so much gained as failed to lose, really. (Links via skippy the bush kangaroo; thanks, skippy.) The pain is no less than it was in August and we're all a month closer to the end of unemployment compensation. I note, though, that software engineering jobs in Bangalore are booming. And the boom is not just in Bangalore, either. I guess all these jobs the United States is exporting has been a real windfall for those guys. I have worked with folks from Bangalore and other parts of India, many of whom are undoubtedly benefiting from this situation. Those of us here in the States, though, are left high and dry.

You know, I have no particular desire to learn a new career when my current career is still in strong demand. Just not here, where companies actually have to pay their employees something reasonable. In India, they pay a fraction of the wage they would have to pay here, making for a situation in which an American cannot compete. Personally, I think there is a simple and potentially very effective legislative solution: Force companies based in the United States to pay their overseas workers on the same wage scale as their American workers. Not only would this eliminate the inequity of outsourcing jobs overseas, it would also provide legal weapons against abuses like the Nike sweatshops in southeast Asia.

Oh, and to those who claim that there will be "new jobs" to replace the old ones: That is simply not true. With the caliber of people in places like India and China, you can successfully outsource pretty much any high-tech job. These people are just as good at what they do as we are. Many (if not most) of them went to school here! But their cost of living is a fraction of ours and they can prosper on a salary that would put many of us on the street.

Meanwhile, a whole lot of us are watching our diminishing bank accounts and wondering just what we are going to have to do to get a job.

Oh, yeah, and George W. "tax cuts for the rich" Bush can take his god damned tax cuts and shove them up his pasty white ass!

I'll help.

It ain't me, man.

I just did my duty. I have to say as well that it is a privilege indeed to vote against Arnold "pig" Schwartznegger. Naturally, my vote was no on the recall, for Bustamante (the lesser of any of the various evils; I would have voted for Georgy Russell if I thought that she had even the ghost of a chance of winning, sigh), no on Prop 54.

Shortly before I left to go vote, I had a UPS delivery. I asked the guy if he had voted yet. He hadn't, but it turned out that he had planned to vote the same way I did, apparently. At least there are a few of us who aren't idiots. I won't say anything about the color of his uniform.

Now to find out how this thing is going. Ghods, I hope that I don't wake up in the morning to the Governator. Blech.

Nation of pinheads.

As I type this, CNN.com projects Arnold "fascist, sexist moronic fuck" Schwartzenegger as having won today's election. Unbelievable.

That's with only sixteen percent of the precincts reporting, so at least there's a chance, albeit slim, that the bigoted fuck won't be the next Governor of California.

I suggest that someone start a recall campaign. I would damned well support it!

Apologies to Bill Griffith

Lust.

Courtesy this Slashdot article, I've found the thing I want for Christmas this year. Hell, for any year. I currently use a 21" Sony monitor at 1600x1200 resolution which I have crammed with small-font windows to get as much on-screen as possible. Well, screw that! How about this puppy?

A combined resolution of 19,200x4800. Coolness. Me want.

The future.

The Iraqi woman who blogs as River Bend tells us about a rape, part of the ongoing rape of Iraq by the United States at the behest of a few men in Washington, D.C. In five, ten, fifteen, years, when Americans die at the hands of Iraqi terrorists, remember these words:

The trees are bulldozed and trampled beneath heavy machinery. We see the residents and keepers of these orchards begging the troops to spare the trees, holding up crushed branches, leaves and fruit — not yet ripe — from the ground littered with a green massacre. The faces of the farmers are crushed and amazed at the atrocity. I remember one wrinkled face holding up 4 oranges from the ground, still green (our citrus fruit ripens in the winter) and screaming at the camera- "Is this freedom? Is this democracy?!" And his son, who was about 10, stood there with tears of rage streaming down his cheeks and quietly said, "We want 5 troops dead for each tree they cut down… five troops." A "terrorist," perhaps? Or a terrorized child who had to watch his family's future hacked down in the name of democracy and freedom?

We are creating another Palestine. We are breeding hatred of Americans among people who were indifferent and who could (easily!) have been our friends. Instead, they are now our enemies.

When people look for someone to blame when they have lost a relative or a friend to a terrorist attack, will they look to the young men and women carrying out that attack? Or will they remember the actions of a handful of old men in Washington, who made certain that those young men and women would be willing to die for the cause of their hatred of the United States?

Of course, we can still avoid that fate. We can oust Bush, Cheney and the rest, we can try them for the crimes that they have committed, we can earnestly apologize to the Iraqi people for the part we have all played in this atrocity. We can, and doing so might even work, to defuse a hatred that will long outlive the Bush presidency. The problem is, though, that we won't.

How to destroy a democracy.

Here's one way: Subvert or co-opt the mechanism used for voting. Of course, it's much easier if the mechanism is already insecure and if you can actually manufacture it yourself then you're home free.

Do you think I'm joking? If you do (or even if you don't), read the article "All the President's votes?" at the Independent. When you finish, you certainly will not be laughing. At this point, any person who seriously thinks that electronic voting is a good idea is a fool. As a very experienced software engineer, I know well how insecure so-called "operating systems" like Windows 98 are, and although the article claims that Windows 2000 "has numerous safeguards to keep out intruders," it is not really that much more secure than Windows 98, particularly in its default configuration. There is a document that defines security for computer systems, known as the "Orange Book" but officially named the Department of Defense Trusted Computer System Evaluation Criteria. Per that reference, Windows NT (which includes Windows 2000) is rated at C2, "controlled access protection." One would think that a system used for voting should be rated at B1 at least, and preferably at B2.

One attribute of all the ratings defined by the Orange Book, the attribute that allows one to select the rating in the first place, is that of being auditable. One must audit a system, typically using a preestablished set of criteria, to determine whether it is secure. In the case of the systems using in Georgia and elsewhere, the systems provided by all three manufacturers (Diebold, Sequoia and Election Systems and Software) not only are not audited, they are protected under "trade secret" agreements which make it a felony to inspect them. One might suspect that this could be an attempt at "security through obscurity," except for the fact that, first, "security through obscurity" doesn't work, second, that all three of these companies have contributed heavily to the Republican Party and, third, that systems from all three of these have been involved in elections with results that were at least questionable.

To add proof to the insecurity of these devices, after Diebold posted an emergency bug fix along with the entire election software package to a public FTP site,

Roxanne Jekot, a computer programmer with 20 years' experience, and an occasional teacher at Lanier Technical College northeast of Atlanta, did a line-by-line review and found "enough to stand your hair on end".

"There were security holes all over it," she says, "from the most basic display of the ballot on the screen all the way through the operating system." … Also embedded in the software were the comments of the programmers working on it. One described what he and his colleagues had just done as "a gross hack". Elsewhere was the remark: "This doesn't really work." "Not a confidence builder, would you say?" Ms Jekot says. "They were operating in panic mode, cobbling together something that would work for the moment, knowing that at some point they would have to go back to figure out how to make it work more permanently." She found some of the code downright suspect - for example, an overtly meaningless instruction to divide the number of write-in votes by 1. … Mostly, though, she was struck by the shoddiness of much of the programming. "I really expected to have some difficulty reviewing the source code because it would be at a higher level than I am accustomed to," she says. "In fact, a lot of this stuff looked like the homework my first-year students might have turned in."

I can easily imagine a reason for that divide-by-one instruction: If you know what you're doing, it is possible, even trivial, to modify that apparent "1" to some other number, on the running system. This would divide the number of write-in votes by whatever number the person making the illicit modification wanted.

And that is just the most obvious potential hack. There are lots more.

Diebold had no specific comment on Ms Jekot's interpretations, offering only a blanket caution about the complexity of election systems "often not well understood by individuals with little real-world experience".

So some people with "real-world experience" examined their software:

… a group of researchers from the Information Security Institute at Johns Hopkins University in Baltimore discovered what they called "stunning flaws". These included putting the password in the source code, a basic security no-no; manipulating the voter smart-card function so one person could cast more than one vote; and other loopholes that could theoretically allow voters' ballot choices to be altered without their knowledge, either on the spot or by remote access.

Diebold's response?

… the Johns Hopkins report was riddled with false assumptions, inadequate information and "a multitude of false conclusions".

Of course, others have made similar findings, or even worse. Diebold now claims that they have upgraded their encryption and password handling on their Maryland machines. Of course, we can't verify that claim, due to the trade-secret agreements, and even if it were true, it leaves out all the other states where Diebold equipment is installed.

Politicians aren't software engineers and I don't expect them to understand the ins and outs of system security. I do, however, expect them to believe software engineers who do understand this stuff. Unfortunately, they have, for the most part, been fed a pack of lies by people at companies like Diebold. These companies have an obvious conflict of interest, given that they have political interests in the outcome of elections and they provide the mechanisms by which the governments conducts those elections. Further, they have managed to hide the evidence of their malice and dishonesty behind draconian "trade secret" agreements that forbid anyone from auditing their devices.

As long as that is the case, electronic voting in the United States is a fraud. Do not trust it, do not use it and demand that your government remove it or avoid it in the first place.

Update: Billmon has a somewhat different perspective on the same story in "Getting Out the Vote."

How to destroy a democracy, part 2.

Today's Salon has an interview ("Bad grades for a voting-machine exam") with a 28-year-old programmer named Jeremiah Akin, who observed a "test" of the Sequoia touch-screen voting machines used in Riverside County, California. He was not impressed, to put it mildly. His conclusion was that

"statements made by the Registrar of Voters indicated to me that she is not qualified to assess the reliability and security of such systems, and that she misunderstands some essentials of computer programming and operation. Her deputies refused to answer some important questions. Some statements made by officials at the Registrar's office, and found on the contractor's Web site, I learned on the test day were misleading or inaccurate. Further research after the test day has turned up several other reasons to doubt the reliability, security and accuracy of the system."

From his description of the so-called "test," it wasn't a test at all. The observers were unable to use the touchscreen or even to see its contents, the "test" was done entirely from a cartridge inserted into the rear of the device and it appears that no one hung around to see the "test" complete. The only evidence that anything like what should happen in an election did happen was an assertion by Mischelle Townsend, the Riverside County Registrar of Voters. In addition, the software that was running the devices was apparently running in "pre election mode," a test mode of some kind, and was not operating as it would in a real election.

I suppose that to someone not knowledgable in the field of computer science, programming or software engineering, this might seem sufficient. It's not. A real test would have had the software operating in full election mode, the testers would have been able to actually "vote" using the devices and they would have been able to verify that their vote was processed properly. That is how software testing works: You run it as if it were running for real and see how it works. If it fails, you fix it. In this case, this being a supposed verification before an actual election, if it failed, the devices should have been disqualified for use in the election. Unfortunately, the devices neither failed nor succeeded. They were not verified at all; whether or not how they performed in their "pre election mode" might match their performance in a real election (a seriously problematic situation itself), the "test" was a fraud. If I were to demonstrate software in the way Akin describes the demonstration that he witnessed, I would be very deservedly fired.

I will repeat my assertion, with emphasis:

The only evidence as to the proper operation of those devices presented at that "test" was the assertion by Mischelle Townsend that they worked correctly. All observers except Akin himself simply took her word for it. Akin refused to accept her assertion and tried to see for himself. For his efforts, Townsend has attacked him as (from the interviewer):

"a young man who had a chip on his shoulder when he came in here." She said that you came into the test with a "closed-minded" attitude and that you didn't want to "listen to the facts."

So rather than addressing Akin's concerns, Townsend attacks his intellect, ethics and objectivity. I'm afraid that the person in this situation, though, who has difficulty with their intellect, ethics and objectivity is one Mischelle Townsend.

Go read the article. It is both illuminating and very disturbing.

There are real and very, very serious concerns being raised by people like me, people who know software and who know how this stuff works. Rather than having those concerns be addressed, these people are being vilified, denigrated or simply ignored. The people pushing the touchscreen technology, whatever their motives might be, are behaving deceitfully, are hiding the actual operation of the devices and are providing no way at all to verify that they operate correctly. They want us to simply take their word for it that the things work like they say they work and like a voter might expect them to work.

Their word isn't good enough for me. It shouldn't be good enough for you, either.

Hacking democracy.

The Atlanta Journal-Constitution writes in "Dare accepted on electronic voting machines" that Georgia state election officials have accepted Roxanne Jekot's dare that

she and a few expert friends could crack Georgia's $54 million touch-screen voting system in a matter of minutes.

Brit Williams, who is the retired university professor who help design the system and who has been one of its most staunch defenders, "put the odds of corrupting the software undetected at 1 billion to one."

One billion to one. And this guy is a former professor of computer science? This figure is simply absurd. Outside of certain heavily-secured systems owned primarily by the military (to which I alluded a couple of days ago) there is no system on Earth for which these odds would be appropriate. This is the kind of statement that only someone almost completely unfamiliar with the field would make.

Williams' absurdity notwithstanding, however, I see this as a very good thing. (Assuming, of course, that Jekot and her friends have appropriate access to the devices in question, that is, the access that an election official would have.) I'm virtually certain that Williams and the state of Georgia will end up being very embarrassed by this demonstration, but this will be a very good thing indeed for the voters of that state.

Go Roxanne!

More on the Riverside "test."

It appears that Jeremiah Akin, about whom I recently wrote, has discovered this weblog. I received email from him earlier today, with some attached documents in which he thought I might be interested. He was right.

There are three documents. All three are from Mischelle Townsend and can be found at this link. One is an "interim response' to a set of questions asked by Kevin Akin, Chair of the Peace & Freedom Central Committee. The answers given are essentially trivial, concerning the job titles and identities of those who signed the "Logic and Accuracy Observation Board" form. The interesting bit is at the end, when Townsend claims that she

served on a California Secretary of State Task Force which examined security issues on DRE touchscreen voting units. The Task Force, and computer scientists who had some of the same concerns you have outlined in your list, posed security-related questions to the voting equipment manufacturers. Enclosed is a copy of those responses from our vendor, Sequoia Voting Systems.

This is interesting in two respects. The first, of course, is that it would be very interesting indeed to see the responses from Sequoia to those questions. I'm more interested, however, in knowing who those "computer scientists" were, what the questions were and how that "task force" could possibly have been satisfied having only received unsubstantiated assertions from the vendor.

The first document is honestly not really all that interesting. It's the copy of the "Logic and Accuracy Observation Board" form that makes me sit up and take notice, because of the precise wording of the declaration on that form:

We the undersigned declare that we observed the process of logic and accuracy testing of voting equipment performed by the Riverside County Registrar of Voters, as required by law and that all tests performed resulted in accurate voting of all units tested, including both touchscreen and absentee systems.

(Emphasis mine, of course.) Followed by the signatures of Bonnie Flickinger, Charolette Fox, Suzanne Martin, Lloyd Brown and Marc Troast. As Jeremiah Akin described the test in his interview in Salon, the observers could not possibly have confirmed that "all tests performed resulted in accurate voting of all units tested."

If this is the case, then, Jeremiah was quite right to refuse to sign the form. And those five people have perjured themselves.

Hmmm.

Jeremiah Akin and the Riverside "test."

After Jeremiah contacted me a few days ago, I gave him space on my web server so that he could make his report on his experience and the documents he has collected available for public viewing. You can find his site at this address. He has a few good things to say and his story has also been picked up by Slashdot, so the server is getting a good pounding.

Check out both his Slashdot article and his site, they add details not found in the Salon interview or in my summaries.

Nothing to say lately.

Between severe anxiety about my lack-of-job situation and a distinct lack of inspiration, I have just not had anything to say. I nearly wrote something a few days ago about the union situation and the obscenity that is Wal-Mart, but didn't have the energy. At least my wife and I are respecting the picket lines here in Southern California and I'm hoping that the companies that have so shabbily treated their employees learn a harsh lesson from this. It is pleasing to see half- or nearly-empty parking lots at every Albertson's, Von's, Pavilions and Ralph's I pass. As for Wal-Mart, it has been years since I've been inside one and until they change their policies, I plan to make it lots more years. In a country full of vile corporations, they are one of the most vile.

Hopefully life will eventually get a bit easier for me, but it looks like it's going to be a bit rough for a while. The unemployment is about to run out, as is the last dregs of the layoff benefit. This means that between rent, bills and the huge COBRA insurance payment, we're going to start going through our savings in a big way. And at the moment there's no relief in sight.

At least, though, I had a telephone interview today, I have an in-person interview next Monday and there is a third company that has expressed interest. All three are long shots, but that's better than no shot at all.

Wish me luck! And, if you feel generous, maybe stuff a buck or two into that donation jar over there to the right …. (Or just go to my main web site and click the ads at the top once or twice.)

Poking fun at advertisers.

I do have to point out one of the Adsense ads at the top of the main page of this weblog:

Federally Certified Voting
Solution Afforadable.[sic] Accurate.
Easy to Use.

Well, I don't know about "federally certified" or "easy to use," but considering that it is claimed to be "afforadable," I would suspect that "accurate" is not one of its strong points.

Heh.

How not to secure your voting software.

Jeremiah Akin just emailed me a pointer to a story in Wired, "E-Vote Software Leaked Online." It appears that Sequoia Voting Systems has screwed up almost as badly as Diebold did, leaving unencrypted binaries of its software on a publically-accessible FTP site where literally anyone at all could download and examine or modify it.

Oops.

Once again proving that "security through obscurity" is about the most insecure method there is.

I note that in the wake of the Wired article, Jaguar Computer Systems, the owners of the ftp site, has disabled anonymous access. The damage has been done, though.

Stunned disbelief.

I got a job today. I start on Monday. Which is the day I was supposed to have the interview for the job. Not the money I had hoped for, but not bad and lots better than the now nonexistent unemployment.

But what's this about hiring someone on the basis of his résumé and a short chat on the telephone, even if he does start as a contractor? Not that I'm complaining, mind you. It's just that I keep having to pick my jaw up off the floor.

HRL Labs, the former Hughes Research Labs. You know, the place where they invented things like the laser, among a whole bunch of things that we now take for granted.

Um, like, wow, man.

Drink me.

Via Sisyphus Shrugged:

You are water. You're not really organic; you're
neither acidic nor basic, yet you're an acid
and a base at the same time. You're strong
willed and opinionated, but relaxed and ready
to flow. So while you often seem worthless,
without you, everything would just not work.
People should definitely drink more of you
every day.

Which Biological Molecule Are You?
brought to you by Quizilla