My colleague pointed out this blog entry, how to shift intentions into tasks. It describes the simple conversational technique of transforming an intention into a verifiable task. For instance, “I will keep up my blog entries” should metamorphize into “I will write three entries a week.” Not only useful, so that work is done, but also helpful in identifying the series of tasks needed to complete a project.
We have not caught the worm making the rounds. But still people's email boxes are overly cluttered. So, while filters remove standard attachments and Outllook internally is set to block standard evil attachments, still the outside world delivers a steady stream of safe, unwanted email from all over. In the end, we shuttered the email lists, set up a centralized anti-virus server to ensure workstations were as protected as possible, and my colleague built a new email server using procmail/SmartMail to provide better control over attachments. Spam Assassin is set in place as well, although it appears to need to be trained more closely before we deploy it in production mode.
It was fun to figure out ways to improve the systems we use. Indeed the careful problem solving and creative solutions that computer issues tend to require is what makes the problems fascinating. It isn't just solving the problem, but making the solution fit what already exists, what can be done on available equipment and how to keep the work we support going.
Now the next step is figuring out how best to manage patches for the Windows world. Automated, yes, but. Some references to keep in mind: 5 tips to effective patch management and NTBugtraq and Too Many Patches. Things to consider: the short time between bug announcement and exploitation, as in the blaster worm and the RPC it invoked; the setup of machines and their hardware so have a better sense of when a patch might pose a problem. How to best verify patching of remote offices.
I happen not to be a fan of diamonds for reasons of taste. Aside from any concern about supporting the DeBeers cartel (reason enough) or buying conflict diamonds, I simply don't like the stone. Unless the diamond comes as replacement needle for my record player. In fact, the prejudice runs in the family, based on this recent scene: my mother pushing some old family rings my way, suggesting the diamonds could be used in a pair of earrings for me, followed by my shoving them back urging her to take them. In the end the rings returned to the bank vault where they'd been sitting for, oh, probably a generation.
But I digress. Here is a nicely bilious entry on diamonds and diamond-buying US-style and an incisive comment on the politics involved.
A useful resource for some future date: CSS 3 column layouts
On why paper ballots are a Good Thing. Simple to use, understand and protect, qualities unmatched as yet by electronic voting machines.
David Dill, one of the computer scientists critical of unaudited electronic voting machines (the kind in question), is involved with Verified Voting. The frequently asked questions section addresses why paper verification of votes is so important for building trust in computerized voting systems and for preventing fraud, abuse, errors, and practical jokes in tabulating votes.
In Jolted Over Electronic Voting: Report's Security Warning Shakes Some States' Trust, the Washington Post reports on the reaction to the Johns Hopkins electronic voting report (PDF):
Since being released two weeks ago, the Hopkins report has sent shock waves across the country. Some states have backed away from purchasing any kind of electronic voting machine, despite a new federal law that has created a gold rush by allocating billions to buy the machines and requiring all states, as well as the District of Columbia, to replace antiquated voting equipment by 2006.
The apparent closeness of election officials and purveyors of software raises questions about whether good judgment is being exercised in selecting new voting machines:
Still, the atmosphere remained fairly clubby, with one lab doing the testing and a revolving door between voting machine companies and the state officials who later went to work for them. Although nearly 20 companies have had equipment certified by the FEC, only three are major players: Diebold, with 55,000 touch screens throughout the country; ES&S of Omaha; and Oakland, Calif.-based Sequoia Voting Systems.
All machines go through the FEC's testing and certification process, which can cost companies anywhere from $25,000 to $100,000. Yet a 2001 report by the General Accounting Office found that the FEC standards do not thoroughly test for security or user friendliness and that only 37 states follow them.
To me, the most damning bit of information, assuming this isn't unique to Iowa or this one person:
Doug Jones, a computer scientist in Iowa, said the testing is so secret that even he, as an insider who serves on the state board that certifies voting equipment, can't get information. Five years ago, he found the identical security flaws cited in the Hopkins report.
You know you are a insert appropriate descriptor when you spend the evening bopping between two PBS stations, one featuring a bio of Thomas Jefferson and the other a history of Sparta. Remarkably, the two pieces shared an surprising commonality: the vision of an ideal government. The program did not make Sparta's utopia particularly endearing, but did show its undeniable merits and uniqueness among political entities in the eastern Mediterranean.
In the end I went for an Athlon XP processor, not Intel. (Why? Primarily cost; the difference bought the motherboard.) So, one Athlon XP 2100 plus, on an Asus A78nx Deluxe motherboard, and I threw in another hard drive for building a RAID. The board has 2 100-Mb network connectors, 2 Firewire ports, and 4 USB slots. And was available for shipment unlike the Gigabyte GA-7NNXP board.
I lost a working computer this weekend. Although the motherboard receives power from the power supply, not even the BIOS is talking. It may be the case (power switch), it may be I damaged the electronics on the motherboard. It is, however, time to buy again. This looks tempting as does this and this.
First choice is Intel versus AMD. I'm leaning toward AMD since the marginal speed advantage of an Intel chip is not apparent in the applications I'll be using. So, a motherboard, a case, a spare hard drive and some memory.
Okay so HAL is not actually running the next election. Still, electronic voting is a delicate and risky maneuver, based on the limited experience of computers in the polling booth to date and the known failure points and security risks of the existing models. Even so, the push to move to electronic voting systems is on, the sales force ready and the pitch honed: no local election official wants to oversee a repeat of Florida's debacle.
So just how flawed are the systems election officials are buying? The July 23, 2003 report (PDF), Analysis of an Electronic Voting System explains:
This unique opportunity [manufacturer's source code published on the internet] for independent scientific analysis of voting system source code demonstrates the fallacy of the closed-source argument for such a critical system. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk.
I'm confident it is possible to build a better electronic voting system. But if existing versions do not even match existing systems' reliability, accuracy and security. So they aren't ready to leave the lab just yet. For instance, good old optical recognition systems are reasonably accurate, require only a pencil and paper, and retain copies of the ballots if a recount is necessary.
Confidence-building measures: more openness, such as opening any source-code to general viewing. It'll improve the code, remove bugs. Backups. Redundancy. Some system for confirming and retrieving individual ballots (or ballot equivalents). In other words, let the light of day shine upon the voting process.
