I did read your previous comment, and did reply to it.

Again: I offer you $100 for your vote, if you prove me you voted for my candidate. You go in and vote. You generate this secret code, known only to you. Then, you come to my evil lair, connect via my computer to Teh Interwebz, and type in your secret code. The system verifies you voted for my Master, and I give you your well-earned money.

That should be impossible. But any system where you can prove *to yourself* you voted a certain way opens the door to vote selling or coercion.

Of course, it's obvious today that a test for behavior on inconsistent requests should have been done in OpenSSL. As well as a test for each failure cause should have been done by Apple. And next week, when an off-by-one bug bites us on an integer overflow in libfoobar, people will say testing for that condition should have been trivial.

So, yes, some conditions can be found with fuzzers. Of course, fuzzers work in an erratic way, and not all bugs can be triggered by them. But maybe fuzzing our code (more importantly, our security-sensitive code) will yield better results than preparing tests for those components in the system we are aware of.

Then again, properly fuzzing takes quite a bit of time. It is way less fun to watch a fuzzer than to see tests making green check marks...

The problem with voter-verifiable systems is that they are very prone to vote coercion or buying. If you can prove your "right way" vote was correctly counted, you can get the cheque. Or avoid the punishment for exercising your free will.

Say this system is approved. Say you want to buy my vote. You demand proof that I voted the way you wanted me to — If the e-voting platform allows me to confirm my vote was properly counted. So, all you have to do is to promise me to hand over the money if I prove you I did what we agreed. (or you can threaten me with physical violence unless I can prove it to you, same reasoning).

A secure voting system should never allow me to prove what was my vote — But that would make me very suspicious, as it could be recording false votes from the beginning, right? Right. The only solution is to have voters deposit papers with their stated vote (and no personal identifying marks!) in a booth, and allow for recounts if needed.

Your scheme is very similar to what we use in Debian for voting for the project leader (unlike the fully-open tally sheets for voting on issues, not people). However, this scheme is good only where people trust each other, for ocassions where you know there will be no vote buying/coercion. Not for a national elected government.

If you can prove your vote was correctly recorded, then you might be more easily persuaded to sell it — be it that you receive a pay for it, or you receive the service of not getting your bones broken.

A vote once cast is just a piece of paper among many. Nothing should tie it to a voter's identity. A voter should be unable to prove he voted a particular way.

It might still happen, but many among us will still fight for the population to understand the unavoidable security risks in doing so. We have the duty to do so.

I once asked this to an Estonian government person at a e-voting presentation in my country. Her answer: "We let you vote many times. Only the last one counts."

That would allow you to vote at the workplace, then go home and vote again.

Of course, you can gather people at the election day, two hours before booths close, and have everybody vote for $foo. Then, throw a party and lock them in (or something like that), and secure the vote is "right".

In a small country with 1.3 million inhabitants, a couple tens of thousands of votes can be decisive.

Or: How small the margin for a polemic vote? In Mexico, we have had presidential candidates winning with a (much disputed) 0.55% difference to the second place. How many votes do you need to rig such an election?

I cannot tell you how much I thank questions. All of them, even the dumbest.

I do try to be very clear and dynamic, but some topics... are just hard to grasp, or I have not found the proper way to teach them... But in some subjects, most students won't even realize they are not getting what I teach. There are a few students who are burnt with questions, and cannot stand on a point they don't understand. Some students insist on their questions even if they are sometimes just too easy.

I thank them. And I try to explain, over and over, from different angles. That's what brings back the attention of the rest of the class, and the different angles are in the end good for all of them.

Not precisely.

Yes, they are free. But the scientific world revolves around the notion of the different metrics to your work. And it's not only prestige: Often, your income level will be determined mainly by the impact factor of the magazines you publish in.

But... Guess who dictates the values for said impact factors in the international indexes?

Of course! The publishers of closed sciencie magazines.

I teach "Operating Systems". And yes, I don't expect (I'd love, though!) many from them to have to implement a Second-Chance (Clock) memory page replacement algorithm. But I do expect them to understand how duing professional their lives the programs they write will be treated by the operating system, and how to avoid bad performance resulting from inefficient patterns.

That's also a very striking fact. Practically all of the people I know that work on postgraduate studies in the best universities in the country not only do it without paying tuition, but getting a scolarship (around US$1000-1500 a month, roughly the salary they would get as professionals). The logic is, postgraduate studies do require you to focus full-time on them, and not giving them that attention will lead to failure. The whole society will benefit from masters and doctors, so the whole society pays for them. Of course, academic requisites for permanence are high.

If the society and government do not value having skilled professionals, sick schemes where graduate students have to spend their evenings serving at restaurants, and can devote much less to their studies. That's a losing recipe. And of course, that leads to longer terms because of failed subjects, which means increased debt.

I am a teacher at a public university in Mexico. I know many of my students work (and, of course, many don't) to get enough income to live (maybe because their parents cannot support them, maybe even because they support their family).

What I completely fail to understand is how on Earth can a 22-year-old graduate –as you say– with US$150K in loans. That is just insane. And sick.

In my country, as in most of Latin America, and (as far as I understand) in Europe, all of the best universities are State-run, and tuition is either free or really low — Of course, there are private universities, with first-world scolarships. They have some selling points, but with very few exceptions, they are basically little but diploma mills, and next to no research at all is done in them (just teaching).

Anyway, I cannot understand how the USA cannot have a decent public university system. I know there are *some*, as part of my family have graduated from them. But just the idea of being in such a deep debt as a freshly graduated student... Makes me sick.

You made me immediately think on the poor Lemmings looking at the decreasing counter on the top of their heads, only to grab their heads in distress upon reaching zero... Exploding in a gory feast of blood, leaving their poor mammal corpse for their brethen to remind them of their probable fate.

One of the cruelest games in game history. But, yes, one of the best ones as well.