Comment Re:Wow (Score 2) 77
Lately? The Canadian govt is always trying to catch up the the US govt's bad habits. Tis always been true, and is true regardless of which political party is winning on either side of the border.
Comment Re:Online voting cannot be secured (Score 1) 405
There are practical problems with the scheme. But note that they don't need to keep track of which key goes with who, because they can calculate the hash for every possible vote for each key, and just check how many matches there are. No need to know which key to use on which hash.
A good way to do it might be to individually seal the copies of secret keys that go to voters, before randomly distributing them. You could even have the randomization done by an organization that's independent of the organization that generated the keys. Of course, unless their randomization is done within the plain sight of voters, it would have to be taken on some level of trust that it was done randomly. If it requires being done within the plain sight of voters, well might as well do paper voting anyway. Still though, if you could trust they were being randomly distributed, it could be fine.
Comment Re:Online voting cannot be secured (Score 1) 405
Strong cryptographic hashes couldn't realistically be reversed, and believe it or not, rather advanced ones can be done on paper. Many strong cryptographic hashes can be done on not-hugely-daunting amounts of paper, provided the input data to the hash is not too huge, and it's not like it's a large file being hashed. So long as a proper cryptographic hash is in use, it *cannot* be reversed without doing a blind search of all possible inputs to the hash. Make the number of bits of inputs large and random enough (i.e. good "secret keys" of say... 256 bits or so), and that cannot be done within the lifetime of civilization. So... no... attackers reversing hashes is not feasible if the system is done right. Doing it right does make what voters would have to do on paper a little tedious, but manageable.
And that last part? That's what the public record aspect prevents. Even if there was a MITM-ish attack, the user can verify via other computers/connections at other times, whether their hash got inserted into the public record correctly. Ideally, this public record would be highly distributed. It seems highly unlikely a MITM could prevent a user who cares from finding out their vote was in the public record in the long run.
In any case, none of this matters, because even though cryptographic hashes and public records could hypothetically solve many issues and make a technically robust system, they don't solve the "talking about the guy with the gun pointing at his head telling him how to vote" type issue.
And that last part? That's what the public record aspect prevents. Even if there was a MITM-ish attack, the user can verify via other computers/connections at other times, whether their hash got inserted into the public record correctly. Ideally, this public record would be highly distributed. It seems highly unlikely a MITM could prevent a user who cares from finding out their vote was in the public record in the long run.
In any case, none of this matters, because even though cryptographic hashes and public records could hypothetically solve many issues and make a technically robust system, they don't solve the "talking about the guy with the gun pointing at his head telling him how to vote" type issue.
Comment Re:Online voting cannot be secured (Score 1) 405
Actually... voting is much simpler than bank transactions in that the number of choices is small, and because of that, there *is* a way. It could even be made so that votes are 100% verifiable! Well, so long as the government can securely get information to the citizen via non-electronic means anyway.
What you do, is have the government send all citizens a "secret key" via non-electronic means, and keep a paper record of which "secret key" corresponds to which citizens. Also, when the "secret key" is sent to citizens, include instructions on how the citizen can do a hash of their vote and the secret key, on PAPER!
The citizen then anonymously submits their hash, to a public record. Because it's a hash, their ballot is still secret except to the organization that has kept paper records of the "secret keys". Because the hash is in the public, their vote *cannot* be silently tampered with prior to counting (It can be tampered with during counting, but so can paper votes). Then to count the votes, the organization holding the secret keys computes all the possible hashes for each citizen and counts the matches up, ideally using a single-purpose tabulation system based on hard-wired hash-and-count logic rather than a programmable device (Since the hash is being done by citizens on paper, it can't be *that* hard to implement the hash with hard-wired logic).
Under this system, because the computers doing the communication are not treated as a trusted devices (hashes done on paper), there really isn't any way this could be compromised any easier than paper voting.
That said, there are three problems with the no-worse-than-paper-votes system I propose:
1) People would whine about having to do *math* on paper to vote
2) The government still needs to somehow get a "secret key" to people via non-electronic and secure means. That's hard.
3) No government would actually bother to implement a secure system, when they can just pay a contractor for an insecure system which the contractor claims is secure.
What you do, is have the government send all citizens a "secret key" via non-electronic means, and keep a paper record of which "secret key" corresponds to which citizens. Also, when the "secret key" is sent to citizens, include instructions on how the citizen can do a hash of their vote and the secret key, on PAPER!
The citizen then anonymously submits their hash, to a public record. Because it's a hash, their ballot is still secret except to the organization that has kept paper records of the "secret keys". Because the hash is in the public, their vote *cannot* be silently tampered with prior to counting (It can be tampered with during counting, but so can paper votes). Then to count the votes, the organization holding the secret keys computes all the possible hashes for each citizen and counts the matches up, ideally using a single-purpose tabulation system based on hard-wired hash-and-count logic rather than a programmable device (Since the hash is being done by citizens on paper, it can't be *that* hard to implement the hash with hard-wired logic).
Under this system, because the computers doing the communication are not treated as a trusted devices (hashes done on paper), there really isn't any way this could be compromised any easier than paper voting.
That said, there are three problems with the no-worse-than-paper-votes system I propose:
1) People would whine about having to do *math* on paper to vote
2) The government still needs to somehow get a "secret key" to people via non-electronic and secure means. That's hard.
3) No government would actually bother to implement a secure system, when they can just pay a contractor for an insecure system which the contractor claims is secure.
Future Looks Bright for Large Scale Solar Farms 325
Hugh Pickens writes "The economist reports that Concentrating Solar Power (CSP) systems that capture and focus the sun's rays to heat a working fluid and drive a turbine, are making a comeback. Although the world's largest solar farm was built over twenty years ago, until recently no new plants have been built. Now with the combination of federal energy credits, the enactment of renewable energy standards in many states, and public antipathy to coal fired power plant, the first such plant to be built in decades started providing 64 megawatts of electricity to Las Vegas this summer. Electricity from the Nevada plant costs an estimated 17 cents per kilowatt hour (kWh), but projections suggest that CSP power could fall to below ten cents per kWh as the technology improves. Coal power costs just 2-3 cents per kWh but that will likely rise if regulation eventually factors in the environmental costs of the carbon coal produces."
Comment Rsync + inotify (Score 1) 305
Rsync would do this very nicely, except that it requires manual initiation. So what you do is hack up a quick python/perl/etc script to do the following:
1) When it regains connection with the server, run a full rsync
2) When inotify tells the script that a file has changed, rsync that one file. Perhaps buffer changes for set amounts of time so fewer rsyncs need to be run
This should be possible to accomplish in less than a day of hacking in a language of one's choice.
1) When it regains connection with the server, run a full rsync
2) When inotify tells the script that a file has changed, rsync that one file. Perhaps buffer changes for set amounts of time so fewer rsyncs need to be run
This should be possible to accomplish in less than a day of hacking in a language of one's choice.
White House E-mail Scandal Widens 839
Spamicles alerts us to a report just issued (PDF) by the House Committee on Oversight and Government Reform. At least 88 White House officials used Republican National Committee email accounts for government business. The RNC has destroyed at least some of the emails from 51 of those officials. Law requires emails sent by officials to be stored or recorded. There is evidence that White House lawyers and the (current) Attorney General knew of this but did not act to stop it. From the article: "These e-mail accounts were used by White House officials for official purposes, such as communicating with federal agencies about federal appointments and policies... Given the heavy reliance by White House officials on RNC e-mail accounts, the high rank of the White House officials involved, and the large quantity of missing e-mails, the potential violation of the Presidential Records Act may be extensive."
Best Places To Work In IT 297
jcatcw writes "Computerworld's annual summary of the best places to work in IT lists companies that excel in five areas of employment: career development, retention, benefits, diversity, and training. According to the scorecard, the top five retention methods are: competitive benefits; competitive salaries; work/life balance; flexible work hours; and tuition reimbursement. Of the top 100 companies, 64 expect the number of U.S.-based IT staffers to increase in 2007, on average by 7%. Here is the whole list. The top three are Quicken Loans, University of Miami, and Sharp HealthCare."
Feed Chilling Effects In Action: Canadian Bloggers Worried About Legal Threats Stay Q (techdirt.com)
A few months ago, we had the story of a guy in Canada who was suing a whole bunch of sites because commenters on those sites said things he believed were defamatory. He supposedly even went after a few sites that simply linked to the defamatory material (and then there were claims that he went after sites that simply linked to sites that linked to the supposedly defamatory content). That seems a bit absurd, for obvious reasons. However, an article in Toronto's Globe Mail notes that it may actually have been effective. Various bloggers have stopped writing about the guy out of a fear of getting sued as well. That, of course, is exactly what the suits were intended to do: to create some "chilling effects" against free speech. While the US laws clearly protect publishers and online services from content they didn't write, Canada doesn't have such protections -- and the chilling effects from that gap in the law are quite clear in this case. There's nothing wrong with using the law against those who actually are making defamatory remarks. However, suing sites that host those remarks or those who simply write about the story itself isn't protecting against defamation. It's going beyond that to intimidate anyone who might normally write about a perfectly legitimate legal issue.
Feed 100Gb/s Ethernet talks break down (theregister.com)
When IEEE standard committees attack
The fickle finger of an IEEE committee may be goading along a death rattle for the organization's goal of reaching a 100 Gb/s Ethernet standard.
Journal Journal: Vitamin D casts cancer prevention in new light
For decades, researchers have puzzled over why rich northern countries have cancer rates many times higher than those in developing countries -- and many have laid the blame on dangerous pollutants spewed out by industry. But research into vitamin D is suggesting both a plausible answer to this medical puzzle and a he
Soldat 1.4 Released 78
FliesLikeABrick writes "Soldat 1.4 has finally been released. After 19 months since the announcement, this version adds multi-byte language support, many new features available to registered players, a ton of bugfixes, and a new lobby server and protocol. It took a lot of time and effort, but the largest update to Soldat has finally been posted and made available. While there are surely going to be some new bugs introduced, the new version is available for free at the game's site. From the site: 'Ladies and Gentlemen, I know you have all been (im)patiently waiting for Soldat 1.4. Thanks to all that contributed to this version. This version was a collaborative effort and it wouldn`t happen without you. ... So without further delay, it is with your encouragement, criticism and support from you all that I can happily release Soldat 1.4 to you all to enjoy. Please use the torrent link provided to help distribute Soldat 1.4 for others and ease server load, and seed for as long as you can.'"
New Submarine Cable Planned Between SE Asia and US 121
el_flynn writes "BusinessWeek is reporting on a new submarine cable system that will link South East Asia directly with the USA. Designated Asia-America Gateway (AAG), the project will involve a consortium of 17 international telcos, including AT&T Inc, India's Bharti AirTel, BT Global Network Services, CAT Telekom (Thailand), Eastern Telecommunications Philippines Inc (Philippines), Indosat (Indonesia) and Pacific Communications Pte Ltd (Cambodia). Led by Telekom Malaysia Berhad, the project is slated for completion in 2008, where 20,000km of cables will be providing a capacity of up to 1.92 Terabits per second of data bandwidth. Interestingly, the fibre-optic cable system will be taking a different route from many existing cables to avoid quake-prone areas and a repeat of the disruption to Asian web access caused by a tremor off Taiwan four months ago."
How Google Earth Images Are Made 122
An anonymous reader writes "The Google Librarian Central site has up a piece by Mark Aubin, a Software Engineer who works on Google Earth. Aubin explains some of the process behind capturing satellite imagery for use with the product. 'Most people are surprised to learn that we have more than one source for our imagery. We collect it via airplane and satellite, but also just about any way you can imagine getting a camera above the Earth's surface: hot air balloons, model airplanes - even kites. The traditional aerial survey involves mounting a special gyroscopic, stabilized camera in the belly of an airplane and flying it at an elevation of between 15,000 feet and 30,000 feet, depending on the resolution of imagery you're interested in. As the plane takes a predefined route over the desired area, it forms a series of parallel lines with about 40 percent overlap between lines and 60 percent overlap in the direction of flight. This overlap of images is what provides us with enough detail to remove distortions caused by the varying shape of the Earth's surface.'
Submission + - CS programs changing to attract women students
Magnifico writes: In today's The New York Times, there is a story about American universities are actively recruiting women to be Computer Science students and changing CS courses to do so. The story, "Computer Science Takes Steps to Bring Women to the Fold", explains that the number of women in CS is shrinking: "Women received about 38 percent of the computer science bachelor's degrees awarded in the United States in 1985, the peak year, but in 2003, the figure was only about 28 percent, according to the National Science Foundation." One of the largest barriers to recruiting women to the field is the "nerd factor". To attract women students to the CS field, "Moving emphasis away from programming proficiency was a key to the success of programs Dr. Blum and her colleagues at Carnegie Mellon instituted to draw more women into computer science." Changes at CMU increased women students in the CS program from 8 percent to nearly 40 percent.
Slashdot Top Deals
Base 8 is just like base 10, if you are missing two fingers. -- Tom Lehrer
