Sequoia Voting Systems Source Code Released 406
Mokurai sends a heads-up about Sequoia Voting Systems, which seems to have inadvertently released the SQL code for its voting databases. The existence of such code appears to violate Federal voting law: "Sequoia blew it on a public records response. ... They appear... to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold. They were wrong. The Linux 'strings' command was able to peel it apart. Nedit was able to digest 800-MB text files. What was revealed was thousands of lines of MS-SQL source code that appears to control or at least influence the logical flow of the election, in violation of a bunch of clauses in the FEC voting system rulebook banning interpreted code, machine modified code and mandating hash checks of voting system code." The code is all available for study or download, "the first time the innards of a US voting system can be downloaded and discussed publicly with no NDAs or court-ordered secrecy," notes Jim March of the Election Defense Alliance. Dig in and analyze.
What? (Score:3, Funny)
Re:What? (Score:5, Insightful)
Re:What? (Score:5, Insightful)
Anyone with half a brain realized converting from dumb paper ballots to "smart" electronic machines that could manipulate the votes was a Bad Idea (tm). Unfortunately that disqualifies most of our state politicians.
Re:What? (Score:5, Insightful)
As my Software Engineering instructor said...
Someone was thinking that voting was primarily a counting problem and had the idea that computers were excellent at counting, so computers would be excellent at registering votes.
Of course, voting is minimally about counting, and from what we've seen even these clowns couldn't do that right.
Re: (Score:3, Insightful)
Re: (Score:2)
Bad idea? What, making it so that those who paid them money to vote the way they wanted could ensure that they continued to be elected was a bad idea?
I haven't been able to make myself believe that this choice was made in innocence. Fixing elections has happened on a small scale for a long time. This is merely the modernizing of that "fine old tradition".
Re: (Score:3, Interesting)
I just saw the free movie Zeitgeist Addendum [zeitgeistmovie.com] last night. It explains how the US keeps the whole world under our thumb through the Federal Reserve, the fractional lending reserves, and the World Bank which gives loans to other countries in order for our corporations to go in there and build infrastructure -- in other words, we loan them money, they pay it to us (via our corporations), and then they still owe the entire amount of money.
And the fact that our money is created out of thin air, via debt, is just
Re: (Score:2, Insightful)
But the media will ignore it. Remember last year when voting machines were found to have *actually* lost votes in an Ohio election? No? That was an even bigger story, and the media ignored that as well...
Never underestimate the ability of the media in this country to ignore important news in favor of the latest distraction.
Re:What? (Score:4, Insightful)
The reason voting irregularities mean diddly squat in a presidential election is due to the fact that Joe Citizen's votes don't matter directly.
Thanks to the electoral college, any voting irregularities are overruled by the imprimatur elector fiat.
Re: (Score:2)
Re: (Score:2)
Re:What? (Score:5, Funny)
Treason? (Score:2)
Time to call on Article 3 if this really is an attempt to influence the vote?
Re: (Score:2)
"Treason against the United States, shall consist only in levying war against them, or in adhering to their enemies, giving them aid and comfort."
How would you propose to twist this definition to fit your idea?
Re: (Score:3, Funny)
Why, thank you, that's the justification we've been looking for. Invoke Article III!
Re: (Score:3, Funny)
To be honest... (Score:5, Insightful)
Re:To be honest... (Score:5, Funny)
No, we need to have security! How the heck can a system be secure if everyone can see how it works and therefore how to crack it?! This stuff is simply too important to be left in the hands of the average citizen.
Re: (Score:2, Redundant)
Is that a joke, a troll, or insurmountable ignorance? I really can't tell.
Given the total incompetence to date, of any company implementing a voting system, I think open source is the only way it's going to get done right.
If properly implemented, the voting system can be as secure as the crypto primitives it's built upon.
you're wrong. (Score:3, Insightful)
Re:you're wrong. (Score:4, Insightful)
How about this?
You select your candidate / party / referendum option on screen.
The computer prints out a ballot paper and records your vote.
You put the ballot paper in the ballot box.
The returning officer selects a sample of ballot boxes at random and checks them to the computer.
Re:you're wrong. (Score:5, Insightful)
Re: (Score:2)
That's what we have in Britain, but the polls close at 10pm (or 9pm for local elections) and you generally don't know the result until early the following morning, unless you live in Sunderland South.
Re: (Score:2)
Our polls are typically open until 8 p.m. California time, which adjusting for time differences == 11 p.m. Washington D.C. time. So the results wouldn't be known until early morning (~1 a.m.) the next day.
Americans won't stand for it. They want to know NOW damnit, not tomorrow.
Of course in the old days, elections used to last much longer. In the 1800 election the result was not known until almost four months later (the Congress chose Jefferson(D) over Adams(F)). I think if our ancestors could wait that
Re:you're wrong. (Score:4, Insightful)
I don't think the American public would really be all that upset if the election results didn't come in until the next morning. I suspect it's actually the news media that wants the results ASAP, in order to get everyone watching the election day evening news so that they can charge more for ad space.
Re: (Score:2)
Electronic voting has the (yet unrealized since it interferes with the corporate vision of electronic voting as a profit powerhouse) potential to be much cheaper and gives the results in 0 minutes rather than 120.
Re: (Score:3, Insightful)
too much voting? (Score:5, Informative)
Maybe it's a cultural thing, but I've never seen the necessity to complicate things any further than paper, pencil, double physical count. Cheap, no machines involved, fast. On a national election down here (about 15 million voters), voting booths close at 6pm and results are known nation wide right on time to open the 8pm evening news.
Except that Americans like to vote on everything.
Not just politicians, but sherifs, judges, district attorneys (i.e., head government prosecutors), etc. Add this to the fact that most elections (municipal, county, state, federal) tend to happen on one day [wikipedia.org], so that when you walk into the booth, you don't just have a piece of paper, but a small booklet to go through. Then add propositions (i.e., referendums) that many states have if enough people sign a petition. If you want to be an educated voter on all the possible choices you have to do some serious studying.
And then you have to count all of these 20+ separate run offs for the various levels of government.
Re: (Score:3, Insightful)
Except that Americans like to vote on everything.
And?
If it's important enough to vote on, it's important enough to count properly.
Re: (Score:3, Insightful)
Have you ever seen voter turn-out numbers? Americans don't like to vote at all.
Re: (Score:3, Insightful)
Of course it happened. A lot. That's why the voting process evolved. In my youth, when I went with my parents, boxes were made of wood, sometimes you would hand the envelope containing the ballot to the election judge for him to put into the box, etc. Nowdays, boxes are transparent, made out of plexyglas, the officials are forbidden to even touch your ballot. You give your id, a person checks you are on the list, if you're okayed the judge push a lever on top of the box. This advance a mechanical counter an
Re: (Score:2)
You have a list of results by ballot box adding up to the total result for the election.
You select some of these ballot boxes and check that the figures on the screen are the same as what's in the box.
Optionally, you let the candidates chose a selection of boxes they want to have checked - they can pick ones where they think there might be problems or they got less votes than they expected.
There's somebody wrong on the internet... (Score:2)
And it's you!
There are voting protocols that simultaneously allow:
Verification of the voter by the voting authority
Prevention of double (multiple) voting
Anonymity for the voter to the voting authority
Verification of the voters own vote
Begin your research with David Chaum's blind signature.
Re:There's somebody wrong on the internet... (Score:4, Interesting)
Re: (Score:3, Insightful)
If I can verify my vote, I can prove to myself after the fact how I voted, and therefore I can prove it to somebody else.
Not necessarily. If an essential part of the algorithm (a key) is only in your head you can prove the results to yourself, but not to anyone else - especially if a wrong key produces a proof that is just as valid as the one made with the correct key. A simple XOR would be sufficient. You can store and publish such encrypted vote results all you want, only the original voter can tell wh
Re: (Score:3, Insightful)
Again, why not just use a printer? Select your votes, all of them get tallied and a printout with machine readable and human readable output. Put that in a box. If there is a question about the final tally, you can A: verify that the initial digital count matches a barcode-scanned recount, B: verify that all or some of the barcode-scanned votes match the written out votes, C: count all of the human readable output manually.
The idea that we can't do industrial printers these days on the cheap and reliable
Re:There's somebody wrong on the internet... (Score:4, Insightful)
As a matter of due diligence, I will look up your "David Chaum's blind signature" (I may have already). I'm certain it will have a fatal flaw, as has every system I've examined thus far. It doesn't matter how many people jump up and down in support of their ideologies or how vigorously. Nobody has shown me a secret ballot, end-to-end verifiable voting system. I do not believe one exists. (I would like to be proven wrong, but I don't think anybody can.)
Disclaimer: I am a cryptographer, and I have done research on topics related to electronic voting in the past.
As a matter of simply stating a fact, regardless of your due diligence, the fact is that blind signatures and their application to electronic voting is a subject which is about 15 years old by now. If you didn't already know about this concept, then you are clearly not an expert in electronic voting or even in any related field of cryptology. Cryptographic electronic voting is a highly technical subject involving many different areas and subfields of cryptology, some of them heavily number theoretic and mathematical. You are probably not technically knowledgeable enough to pass judgment on such heavily technical subjects in which you are uninformed (or worse, prejudiced against, as evidenced by your choice use of words such as "ideologies").
Even if I'm wrong about you, and you are technically knowledgeable enough to correctly evaluate cryptographic voting systems, it doesn't matter. For every one of you, there are thousands of other voters who are not technically knowledgeable, but who think that they are.
The problem with voting systems is not mathematical. It is not cryptographic. From the point of view of cryptography, secret ballot, end-to-end verifiable voting systems do exist, and have been known for decades. Either a mix net [wikipedia.org] or the Benaloh cryptosystem [wikipedia.org] together with threshold secret sharing delegation of trust is all that is required. The problem with cryptographic end-to-end voting systems is that for every one cryptographer in the world, there are thousands of uninformed members of the general public who don't understand the math, and who think that the scheme is either untrustworthy or that they have found a flaw. For this reason, even if there is a secret ballot, end-to-end verifiable voting system (which there is), it will never be accepted by the general public. As a research scientist, I have had far too much experience in dealing with such obstacles. The public does not trust scientists, even when the scientists clearly know more than they do.
Re: (Score:3, Insightful)
If you didn't already know about this concept, then you are clearly not an expert in electronic voting or even in any related field of cryptology. Cryptographic electronic voting is a highly technical subject involving many different areas and subfields of cryptology, some of them heavily number theoretic and mathematical. You are probably not technically knowledgeable enough to pass judgment on such heavily technical subjects in which you are uninformed (or worse, prejudiced against, as evidenced by your choice use of words such as "ideologies").
The public does not trust scientists, even when the scientists clearly know more than they do.
Still wondering why ? A 6th grader with a good pair of eyes can understand and control a paper vote. The more people you gather to keep watch, the better, no training necessary. It would take you, with all your intelligence and experience, weeks of efforts to verify an e-system implementation, and you'd be one of a handful able to do so. And all it would take to rig the system would be to outsmart your small lot of scientists. Just *imagine* for a second the source code is mathematically correct and you ver
Re: (Score:3, Informative)
Still wondering why ? A 6th grader with a good pair of eyes can understand and control a paper vote. The more people you gather to keep watch, the better, no training necessary. It would take you, with all your intelligence and experience, weeks of efforts to verify an e-system implementation, and you'd be one of a handful able to do so. And all it would take to rig the system would be to outsmart your small lot of scientists. Just *imagine* for a second the source code is mathematically correct and you verified it. How about the compiler ? Do you know if the system really runs on the bare metal or is it trapped in a VM ? Are you per chance a computer scientist as well as a cryptologist ? How many scientists would it take to screw that light bulb in the end ? How long would it take ?
Thanks, but I am neither a computer scientist, nor am I still wondering why. I figured out what you said a long time ago. Some computer scientists have also figured it out. That's why a lot of voting research these days is in the area of non-cryptographic voting schemes that still provide secret ballot end-to-end security. No such scheme is known today, but significant progress has been made, for example ThreeBallot [mit.edu] by Ron Rivest.
I, and many researchers, are well aware that no solution to the voting pr
Re: (Score:3, Insightful)
I've actually put some thought into this and I think I have an idea that could work. It could provide accountability, although not necessarily in a provable form, but at least to let the individual voter know if their vote was lost or changed.
When you vote, you can enter TWO votes. The first is your actual real it-counts vote. The second is a made up vote. It's totally optional, but lets you enter a second vote different than your first. One is vote A and one is vote B, and you pick which (A or B) is c
Re:you're wrong. (Score:4, Insightful)
You are required to give your hash code to your boss. HE looks up your vote and picks A or B. 50-50 chance he picks the fake one and you live. 50-50 chance he picks the real one and you lose your job.
Re:you're wrong. (Score:4, Interesting)
Good catch, that's the sort of thinking I was hoping to hear from.
OK then one more tweak. The receipt you print in the booth can either be your real or your dummy vote. You pick just before you leave. So if you are being coerced, you can pick the dummy receipt but if you want to watch over your vote you pick the real receipt to take home.
So in this case you don't get an A/B choice when you get home and punch in the URL. It immediately shows a vote, either the dummy or the real, whichever you elected to get the receipt for.
Are we bulletproof yet? That doesn't look like it adds any real complexity to what I'm trying to keep to a bare minimum.
Re: (Score:3, Insightful)
Re:you're wrong. (Score:4, Interesting)
Re: (Score:2)
Yeah, because open source software is always perfect.
Flash forward 4 years and 3 forks later, gVote and kVote are largely complete with a few annoying bugs to work around. The two produce incompatible results due to differences in opinion, and the only guy with admin rights to the gVote svn repository had a shitfit and hasn't been reachable for a month.
Re: (Score:2)
Develop it however the hell you like, pay people if necessary, just release the source code when you're done to prove you did it right.
Re: (Score:2)
Actually you'll find him "swimming with the fishes" at the bottom of New York Harbor. Gotta love that NYC political engine.
Re: (Score:2)
Re: (Score:3, Interesting)
Are you being sarcastic? A voting system takes a very finite set of possible inputs, it needs to only give some very specific outputs. I really think there are few excuses for not being able to develop a secure system, secure enough to be totally open despite the value of being able to crack it. Its not like our society can't afford to make the required investment in such a system given the other things our government is spending money doing.
If it can't be done then electronic voting should not be used a
Re: (Score:2)
Have you looked around? Many state governments are on the verge of bankruptcy and don't have the funds necessary to spend on e-voting upgrades. IMHO they should just go back to paper ballots. The old 1990s-era scantron machines seemed to work quite well - rapid counting ability, plus having a physical record that could be counted by hand for later verification. Oh and cheap.
Oh and before you say the Federal government should pay - (1) They don't have any money either; they just borrow it from China and
Re: (Score:3, Insightful)
Which means if the 17th was repealed, Senators would be elected by the State Governments, and the States could use the power of the Senate to kick-around the U.S. government when it tries to abuse its power...... similar to how the UK, France, Germany and other members use their power to kick-around the EU government and keep it restrained.
Example:
California, Washington, and a bunch of other states legalize marijuana for use by doctors. President Dickhead ignores the laws and arrests CA, WA, and other citi
Re: (Score:2)
It terrifies me that so many people are replying to this as if it's a serious comment.
Slashdot, I am disappointed.
So... (Score:5, Funny)
Was going to post a pseudo-witty comment but... (Score:3, Informative)
"Well you may throw your rock and hide your hand
Workin' in the dark against your fellow man
But as sure as God made black and white
What's down in the dark will be brought to the light"
-Johnny Cash
Quote taken from the index of http://studysequoia.wikispaces.com/ [wikispaces.com]. Wishful thinking, but how apt.
Open Source (Score:5, Insightful)
I absolutely hate the thought of my vote being inputted in to a closed magical-mystery box.
Re: (Score:2)
... because that would be socialistic.
(or so sayeth the GOP)
Re: (Score:3, Insightful)
Yeah but MY state is run by the Democrats (and has been for almost 60 years). What excuse do they have for not developing open-source voting for Maryland? Oh that's right... same as the GOP... holding onto the monopoly.
Re:Open Source (Score:5, Insightful)
The last administration isn't around any more. This administration could set its self apart from the old one by requiring all voting system code be open-sourced. But I agree; the chances of that happening are not any better than under the old overlord.
Who uses them? (Score:2)
Re: (Score:3, Informative)
http://lmgtfy.com/?q=sequoia+voting+machines [lmgtfy.com]
While redacting... (Score:2)
Re:While redacting... (Score:4, Insightful)
votes[candidate]++;
Hyperbole much (Score:3, Interesting)
"code that appears to control or at least influence the logical flow of the election"
Which means the uneducated inspecting strings saw things like:
BAL_ID null
-- 1 - show candidate on ballot (default)
-- 0 - remove candidate from the ballot
-- 2 - don't show candidate on the ballot, but reserve space for her on the layout
All of which is perfectly benign when voters are not eligible to vote for certain candidates for any number of reasons.
The more you read at the ultimate site more you realize the people digging thru this garbage know nothing about what they are reading, and not much about programming either.
Just because you know how to run grep or strings does not mean you can use the data it reveals.
Re: (Score:2)
/* Table : CONTEST */
/* Description: Election specific contest. There could be multiple
contests per office differentiated by party
Re: (Score:2)
Re: (Score:2)
That it creates table views on the fly does not make it un-audit-able.
Table views on the fly will ALWAYS come out the same as long as the inputs are the same. All that is required is that the data that DRIVES the selection and the content of the tables be locked during the election, and till after audit.
Note: For the record, I personally believe strongly in the paper ballot. But I also know paper ballot boxes get stuffed all the time. Karzi?
But reading comments out of code (and what you have pasted is cl
Re: (Score:2)
Yah, that looks like a normal domain table along with comments as to the meanings of field values... Since the ballot design is part of the database, I would be surprised not to see those.
Of course, with 800mb to go through, it's possible something less normal is in there.
Re: (Score:2)
Did you examine the code, or are you making things up?
Re:Hyperbole much (Score:5, Insightful)
You could have kept reading, you know.
The FEC standards say "prohibited". They do not say "Any self-modifying, dynamically loaded or interpreted code is only okay if someone who is a really good programmer says it is" or "Interpreted code is okey dokey as long as it isn't called all that often". If the database itself contains application code which modifies the database, then that's a problem. It doesn't matter what kind of code it is or how benign you think it is, it should not be there at all.
If you would like to share your educated opinion where it matters, feel free to comment in the wiki [wikispaces.com]. That's what it's there for.
Re: (Score:2, Interesting)
They obviously don't understand much because this database is not corrupt. I just loaded it in a SQL Server database fine. SQL Server 2005.
There are 88 tables in the database.
Re: (Score:3, Insightful)
From the site:
UPDATE 10/20/09 5:45pm Pacific Time: It appears the files were NOT VANDALIZED and will open in MS-SQL Server 2005. It also appears they did redact "code" to some degree. I'm still not clear on why there are thousands of lines of source code still left in there. I'm working on scoring a copy of SQL Server 2005 ASAP so I can look for myself. Check the discussion areas to follow along in realtime.
Interesting.
Re: (Score:3, Interesting)
Re: (Score:3, Informative)
Re: (Score:2, Insightful)
No need to show someone for whom the voter is not eligible to for.
(I assume English is a second language for you, because the statement was perfectly clear the first time).
Some states have closed primaries. Democrats only get to vote for democrats, republicans for republicans.
Some people are not voting in their proper polling place and can't vote for the local candidates (because they don't live there).
I could go on, but I suspect you will have difficulty reading much more thru your tin foil hat.
Re: (Score:3, Insightful)
Does it matter to you at all that the presence of this logic in interpreted code (SQL) is a direct violation of federal law?
Re:Hyperbole much (Score:4, Insightful)
Re: (Score:3, Informative)
Show me the section in federal law that cites wiki!
OK, I'll quote this [wikispaces.com] instead:
"4.2.2 Software Integrity
Self-modifying, dynamically loaded, or interpreted code is prohibited, except under the security provisions outlined in section 6.4.e [sic - see note below]. This prohibition is to ensure that the software tested and approved during the qualification process remains unchanged and retains its integrity. External modification of code during execution shall be prohibited. Where the development environment (programming language and development tools) inc
Re:Hyperbole much (Score:4, Interesting)
Nice one jackass, but I'm not a lawyer, I'm a programmer. It should be pretty goddamn clear to any novice that a stored procedure in MS SQL Server, which is what we're dealing with here, is most definitely interpreted code. The law clearly states that interpreted code is not allowed because of the obvious fact that it can easily be changed after the certification. They state that once the software is certified that there are no more compilers or linkers allowed in the onboard software and that the binaries should be able to have their checksum validated in the field to ensure it's the same software that was certified. Especially when the SQL code to create those same stored procedures ships with the product, as if the database itself is set up in the field.
Now, I'm not a lawyer, but that seems pretty goddamn clear to me that a stored procedure in SQL Server does not meet those criteria.
But, and I'm being honest here, I really want to hear your opinion on the matter, since mine doesn't matter, and is based on scary capital letters.
Re: (Score:2)
It could well be quite reasonable and still be illegal.
In many states in a primary election you show the voters only the candidates of their own party + non-partisan offices. That's one valid reason. Doesn't mean that doing it that way is legal.
An interesting question might be "How easy is it to replace those stored procedures with others on election day?". This is the kind of question that has frequently been raised and which I have never heard satisfactory answer to. Only answers that apply to some pa
Re: (Score:2)
I think Number 2 here is the big ticket item.
SQL code, if locked during the election, is no different than a hard coded program. Don't mistake the container for the content.
Re: (Score:2)
Yes I did read that.
I took issue with the second sentence in your quote. That sentence is simply FLAT WRONG, and invalidates the writers point, and pretty much everything else they have to say.
Code stored in a table can be hash checked. The table can be locked. The table can be hash checked.
Interpreted has no precise meaning in computer science, or in a court of law.
Re:Hyperbole much (Score:5, Informative)
First, I'm the guy that built that wiki page.
Second, "code that defines races" can be used to alter results. I have a lot of experience playing with Diebold databases because we've had access to those since 2003 when Diebold left an FTP site open. If you swap the candidate ID numbers between two candidates in the Diebold database (run in MS-Access), you'll flip the election. In a heartbeat.
It *appears* there's code present in this Sequoia database to do the same thing. Note the word "appears". The best way to find out, and the most MORAL way, was to put it up for public review.
Risking exposure of our technical warts, sure. Still worth it. Check the discussion areas at the wiki - we're learning a hell of a lot, very quickly.
But yes, it's true: I don't know MS-SQL, and nobody else at EDA does either. So we were faced with a choice: find a few people who did know it, pay 'em a bunch of donated money to write a formal report behind closed doors, or do a public review and exam even if that means exposing any mistakes we make, knowing they'll be caught pretty damn quick.
Which was better?
Too early to start the scandalising (Score:3, Insightful)
Canadian Elections - KISS (Score:3, Interesting)
Re: (Score:2)
That last one may be pushing things just a bit..
FWIW, municipal elections seem to favour paper ballots followed by scanners for counting. To my mind that offers a nice balance of speed and accuracy in counting, with nice paper backups in case there are questions.
Re: (Score:3, Insightful)
Not if you have 10 times as many people to count them. These massively parallel systems scale rather well you know.
Wikileaks? (Score:2)
This sort of stuff would go down well there...
(evidence of possible vote tampering and all that jazz)
This is cool and all, but... (Score:4, Insightful)
* t violates the federal rulebook on voting systems on several levels: the rules require that code be hash-checked to prove authenticity in the field for obvious reasons. If the real working code is buried in with the data, no such hash-checks are possible.
Except that so far, I'm seeing table construction and table layouts. I guess that's technically code - as any SQL technically is - but a good case can be made to say that it's just the database structure. Which can, of course, be subjected to a hash check.
The federal rulebook is also clear that code can't be interpreted, apparently to avoid modification "in the field" (generally county or city election offices).
Well shit, in that case, they can't use SQL at all. Since a database is a fairly reasonable way to track the candidate data, display strings, etc... I'm pretty sure that this wasn't the intent of the law. (No, IANAL, just applying common sense).
I do think it's great and long overdue that this information is now available. But I also think they'll want to finish the analysis and get some people who understand what they're looking at, before they start making claims. There may be validity to them - but so far it's tenuous if there at all. (Full disclosure: I'd love to electronic voting either a) shut down or preferably b) administered in a 100% transparent fashion... so I'm not making this post in anybody's defense)
Re:This is cool and all, but... (Score:5, Insightful)
Except that so far, I'm seeing table construction and table layouts. I guess that's technically code - as any SQL technically is - but a good case can be made to say that it's just the database structure. Which can, of course, be subjected to a hash check.
Except that the DDL isn't in a bunch of scripts that are building the schema, the schema exists in a bunch of strings that are concatenated together in stored procedures with some arguments to the procs munged in, and passed to Exec statements when the stored procedures are run.
That's not normal table building, that's an unabashedly self-modifying database.
Re:This is cool and all, but... (Score:4, Interesting)
Take a Page from CT (Score:2)
here in connecticut we simply check off our choice(s) on a paper ballot and insert them for machine scans which tally the votes electronically for rapid post election reporting. since the voter actually voted on paper, and since the paper record remains in the machine magazine until opened under multi-party supervision, it's at least as safe as regular ballots while satisfying legal requirements under the voting act. i miss the hulking and heavy curtain lever machines i grew with (and now own for posterity)
Another case of failed redaction! (Score:3, Informative)
The file they have is simply a SQL Server backup.
It takes a few minutes to restore using SQL 2005 Express + SSMSE
Nothing has been destroyed or sabotaged.
but...
When the database is restored you get the tables with the data in. :)
All the stored procedures have been deleted. Or so Seqoia thought
As the use of strings on the backup file demonstrates, the text of the sp's are still there.
There are various database tools (Lumigent was one from memory) that allow looking back through the database log and, I expect, returning the database to a previous state.
Just when companies had got the hang of cleaning up after track changes they move on to SQL database backups :)
How to restore the .bak file using Microsoft SQL.. (Score:3, Informative)
How to restore the .bak file using Microsoft SQL Server Express 2008:
Step 1. Go download SQL Server Express 2008 (This is trivial, left up to the reader. You might have to go to a microsoft webpage) and install.
Step 2. Go download SQL Tools for SQL Server (Trivial) and install.
Step 3. Go download the .bak.zip file from the above wiki. Save it to 'C:\foofoo\'. Unzip the .bak file within it to 'C:\foofoo\'. You should now have: 'C:\foofoo\RIV_20081104_Canvass_Final_dbset_E.bak'
Step 4. Start up SQL Server Express
Step 5. Open SQL Management Studio and connect to your local SQLEXPRESS instance.
Step 6. Click on the top most node in (Should be your machine's name\SQLEXPRESS). Click "New Query".
Step 7. Run the following query:
RESTORE DATABASE RIV_20081104_E FROM disk='C:\foofoo\RIV_20081104_Canvass_Final_dbset_E.bak'
WITH MOVE 'RIV_20081104_Esys' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Esys.mdf',
MOVE 'RIV_20081104_Edat' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Edat.mdf',
MOVE 'RIV_20081104_Elog' TO 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\RIV_20081104_Elog.ldf',
REPLACE
go
Step 8. Wait.
Step 9. This should create a database called RIV_20081104_E.
Have fun.
The story is not based on fact. (Score:3, Informative)
Re:What? (Score:4, Informative)
Appears to control or at least influence the logical flow of the election
What exactly does that mean?
Means they suspect that the code for the actually tallying and evaluating ballots is in SQL. It is suggested that this violates the law for being dynamic and interpreted.
Re: (Score:3, Funny)
Now does stripping the illusion of voting away make us more or less free
Don't blame me! I voted for Kodos!
Re: (Score:2, Interesting)
Vote! Vote my little worms!
Divert your will and energies into our little show of "change"!
While another Goldman exec is put in charge of "Enforcement [bloomberg.com] - ensuring [yahoo.com] that there is none... [boston.com]
You see, under the post-Kennedy era system of American government, executive and legislative sideshows are intended not to demonstrate and direct power - but to distract from the real power of the land.
Bang! One magic bullet. You buy that story, and they already had you in the Matrix.
Re: (Score:2)
If the system favored one candidate over another, you'd want a revote, yes. But the voting system is never perfect and just about every close vote is contested. So, given the expense of elections, I'd argue against any revotes if the only problem is flawed code, and not an actual bias for one candidate / party or another.
Re: (Score:2)
What's wrong with NEdit? It's true I also use gedit, kedit, and medit, but sometimes nedit is the right tool. (I also use kate, and various other editors. Even vi(m). Not EMACS because I dislike their file handling system, but that's a purely personal taste.
When you're doing pattern matching in an editor (well, certain kinds of pattern matchin) NEdit is the right choice. The others will allow to to eventually craft grammars to handle the patterns, but NEdit lets you build them en-passant.
Re: (Score:3, Insightful)
All code is interpreted by something. That something might be hardware, microcode, firmware, a middle layer, or even a whole VM, but all code is interpreted.
Saying code is or is not interpreted is simply where you draw the line. Even "native" code on most processors these is really interpreted by the microcode or something similar.
I think you know exactly what they mean. Human-readable code == bad; byte-code == good.
Your argument boils down to the same sort of definition-shifting, intellectual masturbation as, "But everything humans make is natural because humans are natural," or "There's no such thing as an honest politician because everybody lies sometimes." Everyone knows what "interpreted," "natural," and "honest" actually mean in context, and pettifogging over terms like that adds nothing to any discussion ever.