Nothing but winning.
Uncategorized
40
Posts
12
Posters
0
Views
-
@violetmadder @mkb @Bandersnatch @DemocracyMattersALot @mattblaze Oh sorry to bother you. I was just curious about your ideas.
Thanks for the reference.
@dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot While there might be good public policy reasons to use open source software and designs for election systems, there's probably very little security benefit to be gained by doing so. Open source software is just as subject to malicious tampering and bugs as closed source.
The approach favored by experts involves *assuming* the software is compromised, and conducting routine post-election audits on the ballots to verify the tally.
-
@dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot While there might be good public policy reasons to use open source software and designs for election systems, there's probably very little security benefit to be gained by doing so. Open source software is just as subject to malicious tampering and bugs as closed source.
The approach favored by experts involves *assuming* the software is compromised, and conducting routine post-election audits on the ballots to verify the tally.
@mattblaze @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot My view on open source code and voting is that while open source is useful in many cases it is not necessarily so in voting code.
Why? One of the argument of O-source code is inspection. It is a good argument, if it were done (may AI tools can do good work here - but what is the criteria they would use to tell good from bad?)
In our effort we concluded that while inspection is good, testing is better - and that anyone ought to be able to test (and that vendors ought to supply test gear), *and* that test results be published to all.
There is a side effect - we want to encourage vendors to build good voting systems (software+hardware+procedures). So we ought to leave some incentives, like not requiring publication of the code (or parts of the code) and limit open copying/use - leaving some room for innovation and profit.
We also tend to forget toolchains - which are often a significant overlooked vulnerability.
-
@mattblaze @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot My view on open source code and voting is that while open source is useful in many cases it is not necessarily so in voting code.
Why? One of the argument of O-source code is inspection. It is a good argument, if it were done (may AI tools can do good work here - but what is the criteria they would use to tell good from bad?)
In our effort we concluded that while inspection is good, testing is better - and that anyone ought to be able to test (and that vendors ought to supply test gear), *and* that test results be published to all.
There is a side effect - we want to encourage vendors to build good voting systems (software+hardware+procedures). So we ought to leave some incentives, like not requiring publication of the code (or parts of the code) and limit open copying/use - leaving some room for innovation and profit.
We also tend to forget toolchains - which are often a significant overlooked vulnerability.
@karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot There are two major attack vectors for automation in voting systems: (1) Exploitation of bugs to induce malicious behavior, and (2) replacement of the legitimate software with malware.
Open source attempts to address (1), but the "many eyes make all bugs shallow" maxim breaks down as systems become as complex as they are today. And (2) is an inherent problem for precinct equipment, which is vulnerable to tampering.
-
@karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot There are two major attack vectors for automation in voting systems: (1) Exploitation of bugs to induce malicious behavior, and (2) replacement of the legitimate software with malware.
Open source attempts to address (1), but the "many eyes make all bugs shallow" maxim breaks down as systems become as complex as they are today. And (2) is an inherent problem for precinct equipment, which is vulnerable to tampering.
@karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot So the approach of trying to completely secure election software is ultimately a fool's errand. That's why modern techniques like risk-limiting audits are so critical.
-
@dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot While there might be good public policy reasons to use open source software and designs for election systems, there's probably very little security benefit to be gained by doing so. Open source software is just as subject to malicious tampering and bugs as closed source.
The approach favored by experts involves *assuming* the software is compromised, and conducting routine post-election audits on the ballots to verify the tally.
@mattblaze @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot Commercial software comes with a support model, and competent support is expensive. Competent support with massive demand for a few days a year is even more expensive.
You might want source availability, verifiable builds and more, but the economics of āanyone can use itā that comes with Open Source (tm) is a very very hard tradeoff.
-
@violetmadder @mkb @Bandersnatch @DemocracyMattersALot @mattblaze How would you do it better?
@dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot @mattblaze
I wonder why electronic voting machines and voting software are necessary at all.
I mean, some software is necessary for summarizing results etc; but as for actual counting, other democracies count votes manually, give (semi) final tallies in just a few hours, and the entire process is extensively audited and leaves detailed trails of every step. -
@mattblaze @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot My view on open source code and voting is that while open source is useful in many cases it is not necessarily so in voting code.
Why? One of the argument of O-source code is inspection. It is a good argument, if it were done (may AI tools can do good work here - but what is the criteria they would use to tell good from bad?)
In our effort we concluded that while inspection is good, testing is better - and that anyone ought to be able to test (and that vendors ought to supply test gear), *and* that test results be published to all.
There is a side effect - we want to encourage vendors to build good voting systems (software+hardware+procedures). So we ought to leave some incentives, like not requiring publication of the code (or parts of the code) and limit open copying/use - leaving some room for innovation and profit.
We also tend to forget toolchains - which are often a significant overlooked vulnerability.
@karlauerbach @mattblaze @violetmadder @mkb @Bandersnatch @DemocracyMattersALot I hear you all.
Very interesting points and ideas from different perspectives.Our federal election-voting procedures are also largely governed by individual state laws, as directed by the US Constitution, though efforts have been made to enact overarching standards, guidelines, and testing.
https://www.congress.gov/crs_external_products/R/PDF/R47592/R47592.3.pdf
--
https://www.eac.gov/
--
https://en.wikipedia.org/wiki/Election_Assistance_Commission -
@dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot @mattblaze
I wonder why electronic voting machines and voting software are necessary at all.
I mean, some software is necessary for summarizing results etc; but as for actual counting, other democracies count votes manually, give (semi) final tallies in just a few hours, and the entire process is extensively audited and leaves detailed trails of every step.@mbpaz @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot US elections are - by far- the most complex in the world. We vote on more things, in more ways, than any other democracy. Automation is essential in practice in US election, in ways that it isn't almost everywhere else.
-
@mattblaze @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot My view on open source code and voting is that while open source is useful in many cases it is not necessarily so in voting code.
Why? One of the argument of O-source code is inspection. It is a good argument, if it were done (may AI tools can do good work here - but what is the criteria they would use to tell good from bad?)
In our effort we concluded that while inspection is good, testing is better - and that anyone ought to be able to test (and that vendors ought to supply test gear), *and* that test results be published to all.
There is a side effect - we want to encourage vendors to build good voting systems (software+hardware+procedures). So we ought to leave some incentives, like not requiring publication of the code (or parts of the code) and limit open copying/use - leaving some room for innovation and profit.
We also tend to forget toolchains - which are often a significant overlooked vulnerability.
@karlauerbach @mattblaze @violetmadder @mkb @Bandersnatch @DemocracyMattersALot Great points.
I can see all this from a business-perspective. -
@karlauerbach @mattblaze @violetmadder @mkb @Bandersnatch @DemocracyMattersALot I hear you all.
Very interesting points and ideas from different perspectives.Our federal election-voting procedures are also largely governed by individual state laws, as directed by the US Constitution, though efforts have been made to enact overarching standards, guidelines, and testing.
https://www.congress.gov/crs_external_products/R/PDF/R47592/R47592.3.pdf
--
https://www.eac.gov/
--
https://en.wikipedia.org/wiki/Election_Assistance_Commission@dalfen @mattblaze @violetmadder @mkb @Bandersnatch @DemocracyMattersALot We always need to keep in mind that security is best applied in layers.
Many of us are software people and we tend to think in those terms. But hardware is important. I brought a Diebold voting machine to a conference long ago and a person was able to pick the lock in less than ten seconds. Voting hardware is hard - there are a lot of environmental issues, like lack of reliable grounding and angry voters.
Procedures go on top of all of this - how are spoiled ballots declared and handled? How are cross-checks applied to physical media to assure that at the end of the day every piece of paper is accounted for?
And, of course, statistical auditing - it can't prove with absolute God-like authority that bad things happened, but it sure can point a bright light of suggestion.
By-the-way, I had not realized until yesterday that registration was introduced in the 1890s to exclude "undesirable" voters.
-
@mbpaz @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot US elections are - by far- the most complex in the world. We vote on more things, in more ways, than any other democracy. Automation is essential in practice in US election, in ways that it isn't almost everywhere else.
@mattblaze @mbpaz @dalfen @mkb @Bandersnatch @DemocracyMattersALot
Which is also a problem to watch out for. The complexity of the law helps concentrate power in the hands of people who can afford the services of special clerics whose entire lives are dedicated to memorizing the intricacies.
-
@mattblaze @mbpaz @dalfen @mkb @Bandersnatch @DemocracyMattersALot
Which is also a problem to watch out for. The complexity of the law helps concentrate power in the hands of people who can afford the services of special clerics whose entire lives are dedicated to memorizing the intricacies.
@violetmadder @mbpaz @dalfen @mkb @Bandersnatch @DemocracyMattersALot Well, some things are actually hard, and benefit from the input of experts.
Election law (especially) is an obstacle course full of Chesteron's Fences.
-
@dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot @mattblaze
I wonder why electronic voting machines and voting software are necessary at all.
I mean, some software is necessary for summarizing results etc; but as for actual counting, other democracies count votes manually, give (semi) final tallies in just a few hours, and the entire process is extensively audited and leaves detailed trails of every step.@mbpaz @violetmadder @mkb @Bandersnatch @DemocracyMattersALot @mattblaze I hear you. My state conducts electronic voting but also prints up each voter's choices (which they verify) as a backup in case a recount is needed.
It seems a bit redundant, but backups are important.
Some of the ideas behind electronic voting are to improve efficiency and accuracy. I suppose there is always room for human error when interpreting other humans' hand written ballots. Fraud can also occur there.
-
@karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot So the approach of trying to completely secure election software is ultimately a fool's errand. That's why modern techniques like risk-limiting audits are so critical.
@mattblaze @karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot
The phrase "completely secure election software" assumes you do every part of the election in software.
IMHO, that's guaranteed-fail.Toronto uses hardware to do a first read of the paper ballots as they get dropped into the box. It saves the data, and reports it by cell phone a few minutes after closing the precinct. Instant results.
The ballots are saved for a manual or judicial recount, so hacking the software only lasts until a random sample is recounted manually. AKA, a risk-limiting audit.
Consider it a safety-critical system, not a computing problem.
-
@dalfen @mattblaze @violetmadder @mkb @Bandersnatch @DemocracyMattersALot We always need to keep in mind that security is best applied in layers.
Many of us are software people and we tend to think in those terms. But hardware is important. I brought a Diebold voting machine to a conference long ago and a person was able to pick the lock in less than ten seconds. Voting hardware is hard - there are a lot of environmental issues, like lack of reliable grounding and angry voters.
Procedures go on top of all of this - how are spoiled ballots declared and handled? How are cross-checks applied to physical media to assure that at the end of the day every piece of paper is accounted for?
And, of course, statistical auditing - it can't prove with absolute God-like authority that bad things happened, but it sure can point a bright light of suggestion.
By-the-way, I had not realized until yesterday that registration was introduced in the 1890s to exclude "undesirable" voters.
@karlauerbach @dalfen @mattblaze @mkb @Bandersnatch @DemocracyMattersALot
Layers! Yes!
It reminds me of the TSA theater shit-- all this song and dance making us take off our shoes, then some kid points out hey actually this door over here isn't even locked, and you can change the HTML on the page where you print out your boarding pass, and got partyvanned for speaking up about it.
-
@mattblaze @karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot
The phrase "completely secure election software" assumes you do every part of the election in software.
IMHO, that's guaranteed-fail.Toronto uses hardware to do a first read of the paper ballots as they get dropped into the box. It saves the data, and reports it by cell phone a few minutes after closing the precinct. Instant results.
The ballots are saved for a manual or judicial recount, so hacking the software only lasts until a random sample is recounted manually. AKA, a risk-limiting audit.
Consider it a safety-critical system, not a computing problem.
@davecb @karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot No, it does not imply that at all.
But whatever. You all are the experts. I just work here.
-
@davecb @karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot No, it does not imply that at all.
But whatever. You all are the experts. I just work here.
@mattblaze @davecb @karlauerbach @violetmadder @mkb @Bandersnatch @DemocracyMattersALot I'm not an expert in this. I appreciate your input.
-
@mattblaze @karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot
The phrase "completely secure election software" assumes you do every part of the election in software.
IMHO, that's guaranteed-fail.Toronto uses hardware to do a first read of the paper ballots as they get dropped into the box. It saves the data, and reports it by cell phone a few minutes after closing the precinct. Instant results.
The ballots are saved for a manual or judicial recount, so hacking the software only lasts until a random sample is recounted manually. AKA, a risk-limiting audit.
Consider it a safety-critical system, not a computing problem.
@davecb @mattblaze @karlauerbach @violetmadder @mkb @Bandersnatch @DemocracyMattersALot Interesting to know what Toronto does. Thank you for sharing.
-
@mattblaze @karlauerbach @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot
The phrase "completely secure election software" assumes you do every part of the election in software.
IMHO, that's guaranteed-fail.Toronto uses hardware to do a first read of the paper ballots as they get dropped into the box. It saves the data, and reports it by cell phone a few minutes after closing the precinct. Instant results.
The ballots are saved for a manual or judicial recount, so hacking the software only lasts until a random sample is recounted manually. AKA, a risk-limiting audit.
Consider it a safety-critical system, not a computing problem.
@davecb @mattblaze @dalfen @violetmadder @mkb @Bandersnatch @DemocracyMattersALot That kind of "count at the moment of casting" is a good one.
I see it as a data element in an overall audit system rather than necessarily the primary act of voting.
I would note, however, that the goal of instant results is probably a distant fantasy in an era of provisional ballots and various forms of instant run off vote methods.
-
@DemocracyMattersALot He's gonna lose every bit of support he has left. MAGA is already fragmenting over his decision to unilaterally push the country into war.
@dalfen Two things we should be pushing towards: Permanently associating Trump and MAGA as who the Republican Party is (because it's true, they've been pushing for this since the Korean War), and to disassociate Republicans from Americans in the eyes of the world.
-
undefined oblomov@sociale.network shared this topic
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@aeva Huh, it must default to a really low version, which is why so many extensions say they're unsupported. Thanks so much! I'll go try it right away.
...
Yes, all extensions except ARB_vertex_program are now supported!
-
Portable CRT TV Becomes Retro Cyberdeck
These days, itās pretty easy to slap together a single-board computer and a cheap LCD screen to whip up a cool cyberdeck fast. But what if you wanna go more retro? [Manu] found a portable TV straight out of the original Blade Runner film, and decided this would be the perfect base for a cyberdeck rocking a whole-ass CRT screen.
The build started with a Panasonic TR-545 television. Back in the day, it took many large batteries to power this thing upāno surprise given how power hungry CRTs are. This gave [Manu] a neat opportunity to sneak all the new cyberdeck hardware into the original battery tray, including a new lithium-ion battery pack that is much more compact than the original. A Raspberry Pi 5 is running the show, computer-wise, and itās hooked up to an HDMI RF modulator that allows the video output signal to be hooked up to the TVās original antenna input. Itās not the cleanest way to go, but it allowed [Manu] to make the mod entirely reversible. All the new hardware slots neatly into the repurposed battery tray, and can be removed quite easily without damage to this vintage specimen. Even the keyboard fits nicely into the setup, as [Manu] was able to find a suitable 60% layout foldable unit right off the shelf.
Check out the slide deck for more details on the build, but be warnedāitās a 241 MB PDF. Bonus points if you calculate what that would cost to store on a hard drive in 1979 when the Panasonic TR-545 was on the market. Weāve seen a similar build before, too, with a classic black & white Magnavox unit. If you like squinting at a tiny blurry screen, a CRT cyberdeck is absolutely the way to go. Just be warned that the other screenwriters at your local coffee shop will be more interested in your hardware than whatever youāre actually working on. Good luck with your next pitch all the same. Video after the break.
-
@landelare Can't blame OpenGL in this case. @aeva pointed out I missed an initialization function, in GTK not OpenGL, so it would have failed even if I used DirectX. Looks like the problem is me not reading the documentation correctly.
-
Software is so gigantic now, I feel like I'm back on dialup. Containers and npm are trying my patience.
-
Dalla parte del diritto allāabitare: brescia, ancora proteste nelle case popolari. nuova fase dellāagenzia per la casa
@anarchia
Dalla parte del diritto allāabitare, trasmissione quindicinale di Radio onda dāurto di informazione e approfondimento sulle lotte per la casa, contro sfratti, sgomberi e pignoramenti. In questa
-
Checked in at ķė§ģģ¬ź³¼ by @hongminhee@hollo.social
åŗķ
-
Istanti fatali (ebook)
@libri - C'ĆØ sempre un prima e un dopo per una scoperta matematica
-
ģ, ęØę„ģ“ ę„åģ“ģźµ¬ė.
