The key to votes

Posted on by

From Ed Felten’s Blog

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.

The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.

Update (Oct. 28): Several people have asked whether this entry is a joke. Unfortunately, it is not a joke.

It turns out that the same key opens the Nedap/Groenendaal e-voting machines that the Dutch government has decided are unsafe for the forthcoming November 22 general election! Truly, you could not make this stuff up.

How many times can you sell your soul?

Posted on by

Mitch Ratcliffe on the Novell-Microsoft deal

The announcement that Novell and Microsoft will work together to improve interoperability between Windows and Novell’s SuSE Linux, as well as cross-promote and support one another’s products strikes me as eerily like one of those movies with Christopher Lee as Dracula.

Every time you see an old Dracula film, the same fool is making a deal with Drac to achieve eternal life, a life you know, as the viewer, is going to be awful and short. “Don’t do it!” you want to shout at the screen, and so it is with this deal between the maker of Windows and the acquirer, as Novell once staked its future on UNIX, of SuSE Linux.

I’m not saying Microsoft is evil, only that it makes these interoperability deals to defeat its partner, not help them. In the 90s, when both Windows and Novell Netware were under assault by IP networks, they tried to co-exist. Microsoft started making Netware-compatible versions of its local area network management and operating system software.

[…]

Linux may win someday, but Novell looks like it will be found dead one morning with mysterious bite marks on its neck. But we can see that now, because we’ve seen this movie before.

William Styron

Posted on by

Eric Homberger has written a nice obituary of William Styron. I loved this description of how and where he wrote:

Styron wrote his books in longhand using a No2 pencil on yellow lined paper. A good day’s work might see him complete two or three pages of manuscript. A quotation from Flaubert was displayed in his study: “Be regular and orderly in your life like a bourgeois, so that you may be violent and original in your work”.

I see now where I went wrong. I’ve been trying to avoid becoming bourgeois all my life. Sigh.

The Boston Globe obit adds something else about his craftsmanship:

Mr. Styron wrote in longhand on yellow legal pads, striving for 500 words a day. He preferred to write just one draft of a book, getting each page just right before proceeding to the next, rather than revising a completed draft. His own harshest critic, Mr. Styron had a self-described “neurotic need to be perfect each paragraph — each sentence, even — as I go along.”

The New New Middle East

Posted on by

Richard Haass’s sobering article in Foreign Affairs opens thus:

Just over two centuries since Napoleon’s arrival in Egypt heralded the advent of the modern Middle East — some 80 years after the demise of the Ottoman Empire, 50 years after the end of colonialism, and less than 20 years after the end of the Cold War — the American era in the Middle East, the fourth in the region’s modern history, has ended. Visions of a new, Europe-like region — peaceful, prosperous, democratic — will not be realized. Much more likely is the emergence of a new Middle East that will cause great harm to itself, the United States, and the world…

Haass is the President of the Council on Foreign Relations. He was chief of the Middle-East desk of the National Security Council for George Bush Snr, and director of policy planning in the state department during Dubya’s first term. Sidney Blumenthal (not the most reliable of sources IMHO) thinks that his views reflect those of James Baker, the man currently leading a survey of the policy options available in Iraq. The Foreign Affairs article is long and detailed. Haass produced a more accessible summary of it for the Financial Times. Thankfully, it remains outside that organ’s odious paywall.

Exploring the web

Posted on by

I wrote a post on the Guardian‘s Comment is Free Blog about the newly-announced partnership between MIT and the University of Southampton to study “Web science”. Extract:

Ah, poor Southampton (or Soton, as it’s known on the net). It’s about to learn that entering into a “partnership” with MIT is like marrying into the British royal family. As Ry Cooder might put it, you get to ride in the white Lincoln Continental with the red upholstery, but you must learn always to walk two paces behind your “partner” and never, ever assume that you have any rights to the fawning and adulation that followed upon your elevation. MIT doesn’t do partnerships in the normally understood sense of the term; what it does do are pragmatic or strategic liaisons that are deemed to be in its institutional interests. Ask the ancient University of Cambridge, which knows a thing or two about this. Gordon Brown put up £64 million of UK taxpayers’ money to lubricate a partnership between Cambridge and MIT. Guess who got the lion’s share of the loot?

Realpolitik on yellow paper

Posted on by

From the Economist’s review of Margaret MacMillan’s new book, Seize the Hour: when Nixon met Mao.

Some of the most revealing discoveries Ms MacMillan has made in her researches are the haiku-like memos Nixon wrote on his yellow pads. One, which he scribbled before the talks started, begins:

What they want:

1. Build up their world credentials

2. Taiwan

3. Get out of Asia

What we want:

1. Indo China (?)

2. Communication—To restrain Chinese expansion in Asia

3. In future—Reduce threat of confrontation by China Super Power

What we both want:

1. Reduce danger of confrontation & conflict

2. A more stable Asia

3. A restraint on USSR

Note the question-mark after “Indochina”!

MS Word architect to defy gravity

Posted on by

From The Register

Charles Simonyi, 58, is set to become the 450th person in space, and the fifth amateur cosmonaut to fly to the International Space Station (ISS). He also claims to be the first nerd heading for orbit.

He is slated to take off on 9 March, 2007, provided he completes his training and passes all the medical tests.

Simonyi told the BBC that he had three goals: “One of them is to advance civilian spaceflight, the second to assist space station research, and the third to involve kids in space sciences,” he said.

He says he plans to learn Russian as part of his preparation, and will also bone up on the workings of the rocket that will take him to the space station.

“Learning about the systems is part of my engineering curiosity and makes the whole experience so much more interesting when I understand exactly what is going on and, for example, why the flight is safe,” he explained.

After the eight minute journey to orbit, on board a Russian Soyuz rocket launched from the Baikonaur cosmodrome in Kazakhstan, the software engineer will spend two days travelling to the ISS. He’ll spend eight days on board before returning to Earth.

As with other high profile space tourists, Simonyi has organised his trip through Space Adventures. The ticket to the ISS is thought to cost between $20m and $25m.

One of Simonyi’s more inspired endowments was the money he gave Oxford to establish a Professorship of the Public Understanding of Science — currently occupied by Richard Dawkins.

Handwriting and subjectivity

Posted on by

I’ve had some interesting conversations recently with friends and colleagues about handwriting. I’m perpetually annoyed and puzzled by my own. Some days it seems legible and orderly, but usually I find it intensely irritating. And I wonder why it varies so much from day to day. Is it to do with mood, or hassle or tiredness? Or something else? In many cases (e.g. the pages of my notebook shown in the photograph) my scribbling seems — to me — to be illegible and hopelessly untidy. Other people’s handwriting, in contrast, always seems to me to be orderly and consistent — even when it’s illegible. But then I discover — from talking to them — that they think my handwriting is neat, orderly, legible and consistent, which it manifestly is not! So is it the case that other people’s handwriting always seems better than one’s own?

Another interesting observation. I spend a lot of my working day with techies. Yet — with only two exceptions — they all carry and use paper notebooks. (The two exceptions carry and make notes on tablet PCs.) It’s clear that the paper notebook has a lot of life left in it yet.

And while I’m on the subject, I’ve been to the terrific exhibition of David Hockney’s portraits at the National Portrait Gallery. The pictures are wonderful, but in a way the most fascinating exhibit is the glass case containing three of his notebooks. I was reminded of the story (no doubt apochryphal) about Picasso instructing a builder on changes he wanted to make to one of his studios. As he talked, he made some sketches of what he had in mind. Then he handed them to the builder and said “How much will this cost?” “Nothing”, replied the builder. “Just sign it”.