[Tfug] Any SQL gurus out there?

Ronald Sutherland ronald.sutherland at gmail.com
Fri Oct 26 14:33:50 MST 2007


On 10/26/07, Jim March <1.jim.march at gmail.com> wrote:
>
> Quoting Ronald Sutherland:
>
> A very interesting point.
>
> What they're trying to do with these binary blobs is prevent
> field-modification of code.


Yep but read-only media is a better solution. I would be more concerned with
field modificaion of the results and want an md5sum of both the ran program
and election results in a journal as the voting proceeds. I would want to be
able to verify if something changed before/during/after running election.
Since textual or binary data are the same /w md5sum or ilk, I see no
advantage in a binary blob. The politicians fear that if someone can
understand the scrip they can change it, which is just plain as backward, my
fear is that if I can't understand the binary blob why should I trust it.

The Federally approved test labs are supposed to check the source
> code, do their own compile, make sure the binary blob is legit, hash
> it and publish the hash.  That way what's in the field at the county
> level can be pinned down as being the same as what the labs checked
> months or years earlier.
>
> Now, there's ALL kinds of reasons to suspect (hell, prove) that the
> labs are doing a terrible job.  Two of the original three approved
> labs have already been fired for poor performance with two new ones
> grafted in.


yep trusting the government and especially its contractors is dumb.

An open source model is the way to go here.
>
> BUT!
>
> Until we get open source, making sure people inside the Pima elections
> division don't tweak code themselves or import tweaked code is a good
> thing.
>
> And that model of "freeze the binaries with hashes" can still be
> applied in an open-source world: publish the source along with
> compiler/system information, and anybody can check the code, do a
> compile and find the hash - then cross-check that hash against
> field-installed code.  A bit kludgy?  Maybe - but you also don't have
> to check sources in EVERY county.  You just have to check source code
> once (for a given product) and then publish the "known good hashes".


Part of my point was that unless you have the exact libraries that were used
to make the binaries your source will not build a set of binaries with the
same md5sum. It is very difficult to prove that a set of sources was used to
make a binary blob. So I don't see that providing the source is much help,
because its so difficult to prove that it was used to make the blob. However
in the case of a script it is easy to prove. For example the person who
validates the election program can copy the script from the cdrom right over
to there version management tools sandbox and ask if any differences are
present when compared to what is on the version management server.

Remember that most of your available election integrity volunteers are
> techno-turnips.  A useful percentage can be relied on to run a
> hash-check script and get a "yay or nay answer" but getting enough
> geeks together to check sources in 3,000 election agencies
> nationally...FORGET IT!


I understand that not everyone can do this but it only needs checked enough
to prove correctness. Once the cdrom like thing is verified, its iso image
blob gets a md5sum also and that can and should be check at all election
stations.

We can also get any number of situations where we don't necessarily
> agree with the rules ourselves, as with the Federal certification lab
> system, but we can still cite violations of those rules against a
> really screwed up company like Diebold.
>
> Jim March
>
>
As far as the election results, I'm going to crap out some ideas that are
likely brain farts... but anyway: textual (gets my vote, and print it for
each voter) or xml files, for results and journaling the process. These can
be zipped up like done with open office files. The journal should include
md5sum of everything important (script, interpretor, results and journal
files for each vote). The results are saved onto writable media(s) that are
physically protected (lock and key type stuff) at all times, but still
accessible to those who are verifying the process. Duplicate results should
be sent to a more centralized system, but the local copy is needed for
process verification and for when things go wrong. Also I should be able to
walk into a voting station at any time and ask for an electronic copy of the
results and journal file. I should be able to read the results with my own
eyes or run my own programs to count and look for oddness. For example as I
remove votes from the results file does the journals md5sum match what I
have. Can I as a voter find my paper printout within the results file, and
then check the journal for integrity of the file. I'm sure that what I've
said won't hold up when security people with some clue look at it, but as I
said its a brain fart.

I guess I'm not much help, but then I'm a pissed off tax payer (likely soon
to be X tax payer)  that is more or less disgusted with the politics and
actions that spew from our so called leaders. Its not enough that we have
been at war six years, and will likely end up spending over $2*10^12 on it.
We seem to be heading for more of the same, and the DEM's are not different,
they are driven by the same forces that drive REP's. If we can't figure out
how to tame the overly amplified ideas that push us to do dumb things we
will unravel.



More information about the tfug mailing list