What is Digg?22 Comments
- vroom101, on 08/06/2008, -0/+5The very-encouraging-and-full-of-good-news article on one page: http://www.computerworld.com/action/article.do?com ... (www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9111820)
- toejamz, on 08/07/2008, -0/+3Ignorance is speaking, folks.
A good security system works best when everybody knows how it works, because then any weaknesses it may have have been compensated for. An excellent example is SSL. It's a very well understood, open protocol. It's probably that a significant majority of all encrypted communications today happen over SSL. It's well understood, well documented, tested by the smartest people of the world. It's as "open source" as any technology could be, a la OpenSSL.
Yet it's the gold standard for public-key cryptography, and is a foundational technology for the Internet itself. Ever give your credit card number or access your bank account using a website with an "https" address? You've benefited from widely used, highly secure technology that's also open source: SSL.
Get a clue. Comment. In that order, please. - InorganicMatter, on 08/07/2008, -0/+3Excellent. There are some things that just NEED to be open source. This (along with cryptography and security software) is certainly one of them.
- hugolp, on 08/07/2008, -0/+2There is no way I am buying a voting machine that actually counts the votes the people really did. - (Put here the name of any politician)
- proverbs17, on 08/07/2008, -0/+2Shoofast and toejamz are correct. It the code is open many people can go over it and make sure there aren't any back doors. This is security 101 stuff, get a clue Niallgriff.....
- digifuzz, on 08/07/2008, -0/+1I think thats the worst way possible you can do it. What _should_ be done, is that when you vote, a record of both a unique identifier assigned to you (be it an SSN or something else less linkable to you, but still uniquely assigned to you), location, time, and date and your vote should all be stored. At the end of the "voting", the votes can be counted and tallied up, making sure that each vote counted has a "real person" behind it.
You could also use that unique-identifier to "check" your vote to make sure it went the way you voted after the fact, so if you _know_ you voted one way (as printed on your "receipt"), but the record shows something else, or there is any other discrepancy based on date time and/or location you can start blowing whistles and all that good stuff. I really don't understand why this is so hard of a concept.
It could easily be web accessible too. Login could a combination of your unique ID, location, and date you voted. This way you could relatively anonymously check your results. So could anyone else.. but there should in theory be nothing anywhere linking your UID to any of your personal data anyway, so who cares. - proverbs17, on 08/07/2008, -0/+1On a technical and just plain common sense level, this sounds great.
Unfortunately, because we have to live in the "real world" this probably won't work. The people in charge (politicians in general, including all parties) won't understand (because the creators won't make enough money to pay the politicians off).
On the other hand, maybe it will, sometimes the good guys do win. Good Luck Guys!!!! - workharderscum, on 08/07/2008, -0/+1The problem is that the voting system at the moment demands that voters be unable to prove who they voted for - this is to prevent votes being bought (sure you can pay someone to vote a particular way, but if there is no way to prove that they they way they were told to, how do you know they actually did it?)
This is an important consideration, although I'm not really sure whether its still essential - its supposed to make sure people vote on the issues, rather than what they are told to do, but with the way elections are run these days, is there any real difference? There are so many other things wrong with the US election process, it might be worth sacrificing this ability to be able to prove that the votes were counted accurately?
Anyway, people (mainly cryptographers) are designing systems that can be proved to be accurate while still preventing voters proving what they did, but it'll be a while before any of these make it anywhere near the polling station. - Shootfast, on 08/07/2008, -0/+1Just because the code is open source, does not mean that everyone has access to your randomly generated keys and hashes. All it means is that the process is open for investigation, and so that people can see exactly where everything goes by following the code. More eyes means less hidden faults
- Rolcol, on 08/07/2008, -0/+1Thank you. A lot less advertisements and no annoying "preload" page.
- Rolcol, on 08/07/2008, -0/+1Yep. Me and my brother found a lot more bugs with the two of us than just one. (I mean literal bugs. More eyes really are better when you're looking for poisonous spiders and software holes)
- Origin415, on 08/07/2008, -0/+1Hiding flaws is not security, its just waiting for someone to uncover them. Its like leaning a piece of cardboard in front of the hole in your chain link fence. Just because you can see the fence does not make it any less secure, nor does it become more secure if you can't see it.
- formergthing, on 08/07/2008, -0/+0Why is it so hard to make an electronic voting machine?
If $answer = 1 then $firstguy = $firstguy ++
if $answer = 2 then $secondguy = $secondguy ++
and that's pretty much it. - DemonDomen, on 08/07/2008, -0/+0Yeah, but you're trying to make money here. It has to look complicated so that they can get more money for it.
- inactive, on 08/07/2008, -0/+0E-voting... where your vote doesn't matter quicker than normal voting.
- edmcguirk, on 08/07/2008, -0/+0Why are we still talking about paper? I can imagine that this proposal is a good interim solution but strong encryption and independant cross checking can gaurantee that the data is what the voter selected, unaltered, and permanently stored in an easily recountable form.
And it would cost less in consumables. - workharderscum, on 08/07/2008, -0/+0As your code shows, it's all the $$$$ that make it tricky......
But more seriously, its not just the counting thats hard - its making sure nothing else can affect the counting - most existing election programs run on some version of windows, which cannot really be vouched for - your counting code could be the most secure thing ever, but you don't know what the operating system (or other code running on the machine) can do.
Then theres the hardware - a lot of voting machines store data on memory cards which can also be attacked, or the seperate hardware for counting totals.
Open source voting software is a great step, but the entire system needs to be examined. - truck87bp, on 08/07/2008, -0/+0Thank You very much.
- Origin415, on 08/07/2008, -0/+0Your code is still overly complicated. You set each variable to itself, then increment the variable.
This is faster:
switch($answer)
{
case 1:
$firstguy++;
break;
case 2:
$secondguy++;
break;
case...
etc
}
I think the bigger thing is making it secure, though. - Niallgriff, on 08/07/2008, -2/+0"along with cryptography and security software"
yeah i love having people able to access something as important as a way to bypass my firewall let alone voting
/sarcasm
(some things should not be open source..)
© Digg Inc. 2009
— Content created and posted by Digg users is