Re: Prerendering of GUI for voting machines

From: Fred McLain <mclain_at_zipcon_dot_net>
Date: Sun Dec 02 2007 - 14:42:23 CST

It is easier to find text in code then numerical values, you don't
even need the code to see that something funny is going on. It's a
simple task to find strings in a binary, "strings engineBinary | grep
SomeName" whereas the code will be chock full of binary values who's
actual meanings are difficult to decipher given you don't even know
what hash algorithm they might be using.

By the way, isn't doing a CRC a standard Python library call? It is
in most languages.

In any case, I obviously do prefer the pre rendered solution. It is
far simpler code.

        -Fred-

On Dec 2, 2007, at 7:59 AM, Charlie Strauss wrote:

>
>
> On Dec 1, 2007, at 3:38 PM, Fred McLain wrote:
>
>> I'm not sure this would be effective. A CRC of the the image might
>> well be easier to hide.
>
> huh? How is something like:
>
> if crc(image.gif) == X08FE: do_evil()
>
> def crc(image):
> stuff
>
> easier to hide than
>
>>> if party=="Republican": do_evil()
>
>
>
> Besides which the whole point of doing the images is that there are
> fewer steps (no database, no rendering, pre detrimined layout)
> there's a lot less code to hide things in and one can even resource
> starve the system for added security.
>
>
>
>
>
>>
>> -Fred-
>>
>> On Nov 30, 2007, at 8:59 AM, Charlie Strauss wrote:
>>
>>> A while back there was also an argument made (I forget who now) to
>>> use all images for candidate names in voting machines. The idea was
>>> this was more secure because an evil machine could not simply have a
>>> statement like
>>>
>>> if party=="Republican": reject vote
>>>
>>> Of course a clever machine could do some sort of image recognition
>>> but it would be harder to hide.
>>>
>>>
>>>
>>> On Nov 30, 2007, at 1:36 AM, Alan Dechert wrote:
>>>
>>>>
>>>> I attended a talk by Ka-Ping Yee today (well, yesterday, actually,
>>>> since
>>>> it's now morning) at UC Berkeley. "Ping," talked about how much of
>>>> the
>>>> computer code used in computerized voting interfaces could be
>>>> eliminated by
>>>> prerendering. He has written code for a DRE that consists of only
>>>> 640 lines
>>>> of Python code, in contrast to 10's of thousands (or even 100s of
>>>> thousands)
>>>> of lines that the usual vendors have been selling.
>>>>
>>>> All of this sounded pretty familiar. In fact, we used a
>>>> prerendered GUI for
>>>> our demo in 2004. OVS has carried on by using prerendered screens
>>>> in their
>>>> designs. Prerendering has enabled OVC and OVS to get something
>>>> done with
>>>> very little code.
>>>>
>>>> Before seeing what OVS had come up with, I did not think of
>>>> prerendering as
>>>> a way to make a better voting system with less code. OVC used
>>>> prerendering
>>>> just to get the thing done. I never intended the demo to be done
>>>> that way!
>>>>
>>>> Have a look at our page on Sourceforge:
>>>>
>>>> http://evm2003.sourceforge.net/
>>>>
>>>> and check out the architecture link ...
>>>> http://evm2003.sourceforge.net/architecture.html
>>>>
>>>> Note the picture of the ballot:
>>>> http://evm2003.sourceforge.net/ballot-mockup3.gif
>>>>
>>>> I created this in a painting program just to show developers what I
>>>> wanted
>>>> to see. It turns out that this picture became the interface by
>>>> putting
>>>> Python code behind it to capture clicks (or touches) on the screen
>>>> at the
>>>> circles where choices are to be indicated.
>>>>
>>>> This is in contrast to our web demo (where the screen is rendering
>>>> by the
>>>> browser
>>>> http://user.it.uu.se/~jan/voting-project/ballot2.html ).
>>>>
>>>> I'm not sure who first suggested we use the prerendered screen for
>>>> the OVC
>>>> standalone demo -- maybe Fred McLain, David Mertz, or Jean-Paul
>>>> Gignac.
>>>> This may have been a key feature of our demo that we did not
>>>> advertise.
>>>>
>>>> Ping explains the advantages of prerendering in some detail....
>>>> sounds like
>>>> the way to go.
>>>>
>>>> http://www.usenix.org/events/evt06/tech/full_papers/yee/yee.pdf
>>>>
>>>> https://db.usenix.org/events/evt07/tech/full_papers/yee/yee_html/
>>>>
>>>> Alan D.
>>>>
>>>> _______________________________________________
>>>> OVC-discuss mailing list
>>>> OVC-discuss@listman.sonic.net
>>>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>>>> By sending email to the OVC-discuss list, you thereby agree to
>>>> release the content of your posts to the Public Domain--with the
>>>> exception of copyrighted material quoted according to fair use,
>>>> including publicly archiving at http://gnosis.python-hosting.com/
>>>> voting-project/
>>>
>>> _______________________________________________
>>> OVC-discuss mailing list
>>> OVC-discuss@listman.sonic.net
>>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>>> By sending email to the OVC-discuss list, you thereby agree to
>>> release the content of your posts to the Public Domain--with the
>>> exception of copyrighted material quoted according to fair use,
>>> including publicly archiving at http://gnosis.python-hosting.com/
>>> voting-project/
>>>
>>
>> Instant Messaging (IM) Addresses:
>> Jabber: mclain@jabber.org
>> Yahoo: appworx_fred, schemalogic_fred
>> MSN: appworx_fred@hotmail.com, schemalogic_fred@hotmail.com
>> AIM: mclain98021
>> ICQ: 6947005
>> GTalk (Jabber): mclain98021@gmail.com
>> Skype: fmclain
>>
>>
>>
>> _______________________________________________
>> OVC-discuss mailing list
>> OVC-discuss@listman.sonic.net
>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>> By sending email to the OVC-discuss list, you thereby agree to
>> release the content of your posts to the Public Domain--with the
>> exception of copyrighted material quoted according to fair use,
>> including publicly archiving at http://gnosis.python-hosting.com/
>> voting-project/
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at http://gnosis.python-hosting.com/voting-project/
>

Instant Messaging (IM) Addresses:
Jabber: mclain@jabber.org
Yahoo: appworx_fred, schemalogic_fred
MSN: appworx_fred@hotmail.com, schemalogic_fred@hotmail.com
AIM: mclain98021
ICQ: 6947005
GTalk (Jabber): mclain98021@gmail.com
Skype: fmclain

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Dec 31 23:17:02 2007

This archive was generated by hypermail 2.1.8 : Mon Dec 31 2007 - 23:17:10 CST