Re: Minimum hardware requirements and a few odds and ends.

From: Edmund R. Kennedy <ekennedyx_at_yahoo_dot_com>
Date: Thu Apr 22 2004 - 10:32:17 CDT

Hello Bob:

     You got it right. The 'hacking contest' is a
publicity stunt. Obviously it's more than a bit into
the future given the state of the demo. However,
sooner or later OVC is going to need to grab some ink
and air time so let's bank it for future use. I do
like your idea of the material improvement contest.

     I still like the idea of either using new
commodity PC's (with cost sharing by local agencies)
or extending the life of functionally obsolete
machines for use in voting. Yes, you can order them
up the new ones in most any arrangement one wants.
However, if it's something you can just grab off the
assembly line I'd say the idea is more viable. As MS
is rightly criticized for its plug and pray technology
you don't necessarily want to fall into the same trap.
 You head into that trap when one suggests that all
you need to do is to 'tweak' the software a little.
Anyway, it seems from everyone's feedback that it
would be a good idea if each machine had a CD drive
with read/write capabilities.

     Again my model of the decision maker and user of
these OVC systems are that of someone with the
equivalent of a 10th grade education. Therefore one
must follow the doctrine of KISS (Keep it simple,
silly). While tweaking machines to work or work
better may seem like a trivial item to you, to most
people it at least annoying and in some cases down
right intimidating.

     For example, I mistook Slackwear Linux for Slax
Linux yesterday (defective wet wear)and attempted to
install it on a middle aged IBM Thinkpad yesterday.
After adding the software requested Linux partition, I
found that I had managed to erase enough of the
Windows 2000-pro operating system that it would no
longer boot (except curiously with Knoppix and Slax ).
 Actually this is no big deal as one of our techs will
be coming around today to re-image it and it's our
'spare'. However, that's the sort of trouble that us
mere mortals can get into.

     I also agree that each and every machine must be
sound capable. It's both a case of non-discrimination
and has to do with the ease of possible future use.
Anyway, I've got to stop making the world safe for
democracy and get back to work.

Thanks, Ed Kennedy

     

--- Bob Ramstad <rramstad@alum.mit.edu> wrote:
> Ed Kennedy wrote:
>
> > Hello All:
> >
> > I know that it doesn't take much of a computer
> to run a CD only
> > based Linux program like Knoppix or Slax.
> However, I note that there
> > is also a proposal that 'images' of the computer
> generated ballot be
> > burned to a CD at the same time if I understand
> this correctly. OK,
> > that means 2 CD drives with one being capable of
> burning Cd's. Slax
> > says that it doesn't run very well on 16MB of Ram.
> So that suggests
> > that a minimum amount of Ram would be at least
> 32MB. Let's see now,
> > we would also need sound cards for the blind
> unless they were
> > integrated into the motherboard but that is more
> or less standard
> > anymore. Will the touch screen monitors require
> special video cards?
> > In terms of general machines, I'd guess that you
> wouldn't find
> > machines with 2 CD drives and one being a burner
> in much of anything
> > less than a Pentium II. What do other people
> think?
> >
>
>
> Computers can be configured with any desired
> hardware, CPU has nothing
> to do with the number of CD drives a computer can
> support. I also
> believe that it would be a VERY GOOD idea to have
> votes recorded on the
> boot medium so that the entire software package used
> to produce ballots
> AND the ballots themselves are on one piece of
> media. This would be
> very nice in the case of any court challenge or
> investigation if there
> were allegations of tampering. Ergo, I definitely
> like the idea of a
> multi-session CD-R which contains the software,
> configuration files and
> ballots in separate sessions. Impossible to lose
> the ballots or
> separate them from the software used to create them.
>
> > By the way, I can't help but notice that both
> Knoppix and Slax
> > seem a little cranky or unpredictable on the
> various machines I tried
> > them on after downloading them today. I noticed
> that they weren't
> > very happy with Samsung 21" CRT monitors although
> they worked after a
> > fashion. On one of my machines, the keyboard quit
> and on another the
> > sound wouldn't work. On yet another machine, the
> network card quit.
> > So, I kind of wonder about the viability of them
> as a general solution
> > to what to do with PC's that come with Windows
> installed. Of course,
> > there is the possibility of operator error.
> >
>
>
> From my own experience, it takes a little work to
> get Knoppix happy
> with specific configurations, but once it is working
> properly, it
> works. Most issues can be addressed with simple
> configuration directives.
>
> I do agree though that there will need to be some
> sort of clear testing
> path for making sure that the software system is
> working correctly on
> whatever hardware it is running on.
>
> > Finally, about the proposed 'hacking contest'.
> This is a public
> > relations idea to build confidence in the software
> developed through
> > the open voting consortium. It would be nice if
> we could borrow a few
> > DRE machines from a county and submit them to the
> same treatment.
> > Each hacker would get 3 hours to compromise a
> machine that is set up
> > to vote. Each machine would have been 'voted' and
> the results would
> > be known to the judges of the contest. Then the
> hacker would have to
> > cause the totals to change say by 5% without
> leaving the room. You
> > could have it during one of the yearly black hat
> conventions. Most
> > importantly, it would also be a confidence
> building measure for Joe
> > Lunchbucket and his elected representatives. Yes,
> as far as software
> > testing goes it is silly and unneeded but for
> publicity it could
> > be very effective. Also, just think about how a
> head to head
> > contest would be as a clear demonstration of the
> problems
> > of privately built DRE's.
> >
>
>
> I very much do NOT like this idea, as a computer
> programmer. Three
> hours isn't enough time to properly define a
> problem, much less find and
> exploit a vulnerability. This smacks to me of a
> publicity stunt -- and
> what do we do when the inevitable happens, namely,
> that no one hacks
> into anything in the 3 hours, and all systems appear
> secure? (We all
> know that's a crock, but I'd give you 20 to 1 that
> this would be the
> outcome.) The net effect would be that the media
> would report that
> Diebold et al are just as secure as OVC, which is
> exactly what we do NOT
> want to have.
>
> It sounds like an event tailor made for the media --
> lots of flash, no
> substance.
>
> Conversely, I would think it would be interesting --
> and probably very
> good PR -- to get the first release candidate up on
> the net and to offer
> a small cash prize (maybe $1000) for the best code
> improvement /
> suggestion. This could be used to contrast the OVC
> with closed systems,
> as this is something which is a very good idea which
> closed companies
> cannot do.
>
> -- Bob
>

=====
10777 Bendigo Cove
San Diego, CA 92126-2510

Amendment 1 to the US Constitution

"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof, or abridging the freedom of speech, or of the press; or the right of people peaceably to assemble, and to petition the government for the redress of grievances."
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:16 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT