Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Ouch! (Score 1) 74

The journal publishers are in a world of hurt. So are Universities and faculty. They all want to get behind *something,* they just don't know what. Perhaps these guys have a good enough model and a critical mass of backers (one big publisher -- hundreds of journals, and a big University) to build some momentum.

Comment Re:I do this for a living (Score 1) 422

OK, all good points and truthful, for that side of the debate.

The reasons to go IP are: (1) flexibility for the future; (2) more sophisticated, integrated, and remote management; (3) lower cost cabling, particularly for future changes; and (4) more secure.

(1) The world is going IP, like it or not. You don't really know what the access control hardware of the future will look like. If you ever want to add biometric devices, cameras, or who knows what, that stuff will almost certainly be IP only.

(2) IP systems permit hardware and software to sold and upgraded separately. It is common to use existing security, identification, authorization, and logging of access control and physical security system using the IT departments existing infrastructure (RADIUS, TACACS+). You can't do this closed access control systems. Management can be done remotely, for example, in one central location to manage dozens of buildings, or using cloud-based services for smaller companies (like his). If you outsource HR (many people do), you might as well have them control the card-keys, too.

(3) Everybody we work for ends up having to run more cable AFTER the building is finished. Boy, is that expensive, using 'home runs' on special cable. (4) I will put modern, redundant switches up against any current door hardware for reliability -- but I get your point. IP connections are often very securely encrypted. Not true for the RS-485 cables. Either you or I could break into anywhere, if we had access to even one of those cables.

Anyway, its a good debate. I will also give your side credit for having more choices of hardware, currently.

Comment I do this for a living (Score 1) 422

I design IT for buildings.

Be sure to put in enough access points for wireless. If you can't afford a lot, at least pull the cat6.

If you want to use any kind of access control (card keys for doors) make that IP-based, not the ancient 6-wire proprietary cable.

If you want security cameras, those should all be Ethernet, too. Again, at least pull the cable and terminate it in a J-box.

Put in a small server room (size of an office) with extra air-conditioning, no window, and a heavy-gauge door.

As far a servers go, everything is going VMware now.

Comment Re:Hard, but not impossible (Score 1) 218

An entity trying to buy votes in an election typical goes to a group of people who would not normally vote but think similarly -- such a members of a church, school or town. They pay individually or give money to the group, and often provide transportation, such as bussing to the polling place. The members feel loyalty to their group or to the payer and so they vote as directed -- mostly. This is the common method. I am not guessing. This is a long established, unfortunate, practice both in the US and other countries.

Comment Hard, but not impossible (Score 2, Interesting) 218

I have a lot of background in cryptography and interent security. (This does not mean my opinion is better than yours.)

I agree that this is a hard problem and that there are many exposed 'weak links.'

But I don't think it is insolvable.

If someone were to offer $1 million to the best proposed solution, and a handful of $100,000 runner up prizes, the zillion smart people who read /. and are underemployed would come up with some great solutions.

There are some tricks that can be borrowed from current election checking. For example, look carefully at all of the user statistics -- compare to prior elections, registration stats, time of day, IP addresses, user PK certificates, comparison to other, "similar," voting domains, etc. This type of non-privacy-invading audit is good at identifying problems down to about 1% - 3% of the voting population. A hacker, trying something for the first time, has a good chance of getting located this way.

Another trick is sample audits -- a bit like "exit polls," where a fraction of voters are asked how the voted. This can be viewed as privacy invasion, but it happens all the time, now, so there is really no policy change. Again, this can find anomalies down to about 3%.

Another trick is post-election audits of PK certificates. Better late than never.

Another tool is to carefully monitor internet traffic to look for anomalies, particularly DOS attempts.

Another tool is to provide "hardened" computers that voters can use, at places smilar to today's polling locations -- senior centers, gov't offices. These machines have had some type of security audit. And yes -- this approach has its own risks, I know. I would suggest mixing this approach with user's own computers.

I know people want to use web browsers, but I would not do that. Voters have to download a totally dedicated app (see open source, below), and each app has PK signature.

Another trick is give some users hardware keys, like paypal and RSA use. Even if only 1% of voters have a hardware key this provides a very high degree of polling information and that can spot fraud down to a small fraction of a percent.

And finally, all software should be open source. Period. As pointed out repeatedly, relying on secrecy is pretty much a guarantee of breech.

I am not offering a solution here. I am merely pointing out that there are methods and tools that can be used as a starting point for a real solution.

Don't say a problem is insolvable until you have tried seriously to solve it.

And finally, no voting system is 100.000% perfect. Get over it. For example, no system prevents buying votes. No system prevents voters from lying. Build the best system you can.

Comment Re:What is so unfair about "fair?" (Score 1) 219

Standards are never "owned." Except that the text is copyrighted to avoid corruption. Compliance with any Standard is strictly voluntary.

Standards are ABSOLUTELY too important for any one or two companies to control. A typical Standards committee (IEEE, ANSI, CCITT, etc) requires a minimum of 40 industry representatives and 75 to 80% positive vote from those members to pass. 100 members is more typical.

Comment Re:What is so unfair about "fair?" (Score -1, Troll) 219

If you want Standards totally unencumbered, great! Volunteer. Most of the other people on the committee will agree with your intent.

Like or not, patents foster innovation. They have done so since the time of the Greeks, and the founding fathers built patent protection into the US Constitution.

A society that does not reward work in an investment with any way to protect the work will still be painting on cave walls.

And, by the way, Standards that people don't like, ARE ignored. Happens every day.

Slashdot Top Deals

"Stupidity, like virtue, is its own reward" -- William E. Davidsen