Re: Minimum hardware requirements and a few odds and ends.

From: Bob Ramstad <rramstad_at_alum_dot_mit_dot_edu>
Date: Thu Apr 22 2004 - 09:55:42 CDT

Ed Kennedy wrote:

> Hello All:
>
> I know that it doesn't take much of a computer to run a cd only
> based Linux program like Knoppix or Slax. However, I note that there
> is also a proposal that 'images' of the computer generated ballot be
> burned to a CD at the same time if I understand this correctly. OK,
> that means 2 CD drives with one being capable of burning CD's. Slax
> says that it doesn't run very well on 16mb of Ram. So that suggests
> that a minimum amount of Ram would be at least 32mb. Let's see now,
> we would also need sound cards for the blind unless they were
> integrated into the motherboard but that is more or less standard
> anymore. Will the touch screen monitors require special video cards?
> In terms of general machines, I'd guess that you wouldn't find
> machines with 2 CD drives and one being a burner in much of anything
> less than a Pentium II. What do other people think?
>

Computers can be configured with any desired hardware, CPU has nothing
to do with the number of CD drives a computer can support. I also
believe that it would be a VERY GOOD idea to have votes recorded on the
boot medium so that the entire software package used to produce ballots
AND the ballots themselves are on one piece of media. This would be
very nice in the case of any court challenge or investigation if there
were allegations of tampering. Ergo, I definitely like the idea of a
multisession CD-R which contains the software, configuration files and
ballots in separate sessions. Impossible to lose the ballots or
separate them from the software used to create them.

> By the way, I can't help but notice that both Knoppix and Slax
> seem a little cranky or unpredictable on the various machines I tried
> them on after downloading them today. I noticed that they weren't
> very happy with Samsung 21" CRT monitors although they worked after a
> fashion. On one of my machines, the keyboard quit and on another the
> sound wouldn't work. On yet another machine, the network card quit.
> So, I kind of wonder about the viability of them as a general solution
> to what to do with PC's that come with Windows installed. Of course,
> there is the possibility of operator error.
>

 From my own experience, it takes a little work to get Knoppix happy
with specific configurations, but once it is working properly, it
works. Most issues can be addressed with simple configuration directives.

I do agree though that there will need to be some sort of clear testing
path for making sure that the software system is working correctly on
whatever hardware it is running on.

> Finally, about the proposed 'hacking contest'. This is a public
> relations idea to build confidence in the software developed through
> the open voting consortium. It would be nice if we could borrow a few
> DRE machines from a county and submit them to the same treatment.
> Each hacker would get 3 hours to compromise a machine that is set up
> to vote. Each machine would have been 'voted' and the results would
> be known to the judges of the contest. Then the hacker would have to
> cause the totals to change say by 5% without leaving the room. You
> could have it during one of the yearly black hat conventions. Most
> importantly, it would also be a confidence building measure for Joe
> Lunchbucket and his elected representatives. Yes, as far as software
> testing goes it is silly and unneeded but for publicity it could
> be very effective. Also, just think about how a head to head
> contest would be as a clear demonstration of the problems
> of privately built DRE's.
>

I very much do NOT like this idea, as a computer programmer. Three
hours isn't enough time to properly define a problem, much less find and
exploit a vulnerability. This smacks to me of a publicity stunt -- and
what do we do when the inevitable happens, namely, that no one hacks
into anything in the 3 hours, and all systems appear secure? (We all
know that's a crock, but I'd give you 20 to 1 that this would be the
outcome.) The net effect would be that the media would report that
Diebold et al are just as secure as OVC, which is exactly what we do NOT
want to have.

It sounds like an event tailor made for the media -- lots of flash, no
substance.

Conversely, I would think it would be interesting -- and probably very
good PR -- to get the first release candidate up on the net and to offer
a small cash prize (maybe $1000) for the best code improvement /
suggestion. This could be used to contrast the OVC with closed systems,
as this is something which is a very good idea which closed companies
cannot do.

-- Bob

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:16 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT