Friday, February 8, 2008

WYPR has Canceled the Mark Steiner Show

One of the best local (Baltimore-Washington-Frederick) shows on public radio is gone (the other that comes to mind is the Diane Rehm Show). The president of WYPR has posted a letter addressing the issue, but provides no reason. Apparently the issue was ratings. Unfortunately they've replaced the Steiner Show with national shows, and so now WYPR (Your Public Radio) has no high quality local programming. To top that off, WYPR's The Signal today featured pseudoscience, a "ghost historian" who started the show off with a gauss meter. Give me a break. One has to wonder about the station management, and whether quality information is a priority at WYPR. Certainly quality local programming is not.

Secure and Easy Internet Voting

Giampiero E. G. Beroggi "Secure and Easy Internet Voting" IEEE Computer Volume 41 Number 2, February 2008 This is one of those articles that inadvertently provides examples of why computerized computing is a bad idea. Starting with the second paragraph, where Beroggi says "One reason for the delay in implementing more technologically sophisticated voting methods is the computer science community's almost unanimous wariness of Internet-based elections." Rather than addressing this, he goes on to list putative advantages of e-voting, and then starts the third paragraph "Fortunately, in light of these strong advantages, more countries are beginning to consider e-voting...." He has listed advantages, and just dismissed the computing community's reservations by simply not mentioning them. Is electronic voting really scarier than other methods? I think so. Any of a number of people can trot out problems with any voting technology, including paper. But I have yet to see an e-voting advocate address either of the following two problems except to say that computer security professionals are too obsessed with unlikely events. Of course, many popular, oft-successful attacks initially seemed unlikely, especially to non-security people. This is what scares me when I hear political scientists say it's safe, or usability experts say that if we address the usability issues, e-voting will be fine. If we address usability issues, the accuracy of unhacked machines is improved. Anyhow, the two issues:
  1. The class break. With e-voting, there's the possibility that a small group of people could modify a large number of geographically disparate machines.
  2. The technological sophistication needed to understand the hacks. Boards of Elections and state assemblies don't have the the ability to intelligently discuss attacks against e-voting, let alone detect them.
The author of this article dismisses these problems by simply not mentioning them directly. His attitude appears to be that computer scientists have issues, but we can ignore them. There are at least two troubling aspects to the author's section entitled "Security." First, is the repeated claim that the system uses SSL and 1024 bit encryption. If he's talking about RSA keys, this is a bit light. If he's talking about the symmetric algorithm, well, I doubt he is. So, for all we know they're just using DES or something like that. Then there's the statement that "The literature on e-voting emphasizes the danger of making source code available as a way to build trust in the system, since attackers with such access could modify voting and auditing records." I'll have to read his reference, but I don't see how a single 3-page CACM article equates to "the literature." Keeping the source code secret does, as the author suggests, reduce trust. Shouldn't voting be an open process? Shouldn't citizens be able to judge the quality of the voting system? As it is now in the US, the answer is no: corporations' proprietary "rights" trump voter confidence. And should voting systems rely upon security by obscurity? If so, then the first disgruntled employee to leave the manufacturer or a certifying body or whatnot can spill the beans, and then we'll all wish it had been open and enough people had cared to find the bug that Beroggi advocates covering up.

Tuesday, February 5, 2008

Gnome Deficiencies

Two things that should be much more obvious in Gnome, if not actually defaults: xmodmap -e "remove lock = Caps_Lock" xmodmap -e "keycode 106 = " In other words, disable caps lock, and disable the insert key. Why these aren't even offered as choices in the keyboard configuration menu is simply befuddling, not to mention the time wasted by many, many people if Google search results are any indication.