Black Box software holes no big deal?

Maybe I've read 'way too many trash Western novels, but...

Look at it this way: You're in a card game and this one guy keeps winning most of the hands. Happens he owns the cards you're playing with. Then you take a closer look at the cards and discover that the deck is marked.

No big deal, right? You can't prove he was cheating, can you? Maybe he just got his decks mixed up, and this is one he uses on weekends for card tricks or something, right?

RIGHT?

:eyes:

I don't think many others here care.

YAWN YAWN YAWN YAWN YAWN YAWN YAWN

You're not qualified to speak for me, so please don't.

You could, however, enlighten me as to why it's your opinion that people don't care about voting fraud.

Thanks.

But what this story is about is potential voting
fraud and that's quite a bit different, isn't it ?

And it didn't live up to its hype as the second coming
of the Pentagon Papers or as one of the articles claimed
"bigger than Watergate".


And the fact that it appeared on the same site that carried
the Katherine Harris is dead story as fact (and acknowledges
that it does no fact checking) doesn't do much for it's
credibility.

that's why today's report was so frustrating: I had source and data files and couldn't verify the scenario she described.

I think some here don't care whether the cards are marked or not - they want to raise questions however implausible.

Worse yet, I think that's a popular attitude to assume, hence my statement.

You are being very negative. I care about the people who try to get things done. I don't understand the work she has done, but it will stand or fall on its own merit.

You posted to a thread I was on earlier, where I was quoting an article. You were wrong, as far as I could tell, but it seemed as though you just had to have that say. Hey, I did not care if you proved me to be wrong, but the fact that you had to so worried me. Someone backed me up on it, and I was quoting an article anyway. You just had to correct me. Why? I had everything in quotes.

Let Bev's work stand or fall on its merit. I am sure that is what the world will do. I do not understand the people here who think others don't care.

Here is an example: We were talking to some neighbors today. I made it clear I did not understand the codes, etc, but the research on the voting was being done. To a person, they said if it was not secure it should be fixed right now. Only one believed actual fraud, but all believed it was open to fraud.

People do care, they care a lot. There is little I can do myself. I am well-educated and fairly intelligent, but I am not especially a technically oriented person.

What bothers me is that people here are literally trying to disparage the work. That is what irritates me, and I wonder what are their motives.

I always admired you, but now I am just getting upset.

The story is about the code, specifically the quality of the code and the absolute absence of any real security.

Is there evidence an election was rigged? Not that I have seen, but there is plenty of evidence that the code is so porous my cat could crack it between naps.

People serious about security do not use any MS product, never mind Access and Windows CE.

Diebold is trying to tell us the bank is perfectly secure, when in fact the vault is made of cardboard.

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

Once again, I have to take exception; part of the system that I put together for the Palm Beach County's Clerk of the Court resided on MS SQL Server - part on Oracle, for performance reasons. They were very serious about security and good people.

I've read Bev's report. From what I have on my system, there is nothing to substantiate the scenario she described. I understand her concerns, but logically, the same holes exist in any DBMS. I can grab a scrambled password, update a record and make myself an application's administrator.

The databases on my system, downloaded from her site, do not confirm her description of the multiple table system. I wish I had more code, because I don't have the module that expands that table.

Dan's review was lukewarm at best. I think more information is required - but Bev's already released this.

Sorry, David. You know I've tried to be helpful, but I've been involved in too many investigations - and coded too many MS platforms, to take you seriously now.

"People serious about security do not use any MS product"

Please ... give us a break. I wish it were so ...

.... people who have been looking at this code for months, and given the sheer volume of code it makes sense that it would take a while, see a 2 or 3 ledger system but you don't?

How long have you been looking at the code? You are confident that the 2-ledger system is not there? Is that what you are saying?

but in what I've seen, they're not identical without manipulation - and I don't have the code that processes the summary table.

I don't know who's been looking at this longer, but will respond to anyone who can show me.

I'd like to make this a matter of record. You have been consistently naysaying this whole matter, and now you admit that you have not seen all the code, which I pretty much knew anyway since I don't think ANYone has yet seen all the code, incuding Bev, despite its availability. There's simply too much of it.

So again and again you've been saying, with considerable certainty, including in this thread, that there's no "there" there, despite the fact that you haven't seen all the code. You have second guessed and dissed people who HAVE seen more of the code than you have, people who HAVE seen what you admit you can't replicate because YOU DON'T HAVE THE CODE.

What's wrong with this picture?

I don't mind skepticism, really. It's when it postures as CERTAINTY and attempts to discredit people who by definition know more than you do, without having the facts to back you up. YOU insist that the facts aren't there on Bev's side -- but in actuality you have no idea. YOUR facts are even sketchier. NO! YOUR facts are non-existent.

Amazing.

Eloriel

mistating what I've said ... can you address my concerns or not?

for nearly 17 years. My last job (1992-2000) was working installing networks in banks, side by side with Diebold computers responsible for ATM transactions and wire transfers. *All* of these machines ran UNIX.

I'm not Bev, I *do* have some credentials in the field.

I do not claim to be a programmer, but I have writtend apps in SQL (back in the 80's when only MicroRim's RBase had SQL) and while MS SQL is more secure than Access, this software runs on Access. Access is not secure, and most certainly Windows CE is not secure.

Every "hardened" system I have ever seen where security and/or reliability was a priority has run on UNIX.

Just my experiences, your mileage may vary.

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

Before there was an Internet, I managed an academic connection to Bitnet. I set up one of the first Usenet newsgroup - for the City of Delray Beach. I edited my home page - with vi.

Our mileage varies. I wish MS didn't have the impact it does, but GEMS is a desktop application that doesn't require the license fee of anything more robust. That's why I imported legacy data into Oracle on Solaris and designed the scanning application with PowerBuilder and implemented it with SQL Server.

You all believe in Karma so what's the big deal?

I am speaking for myself only, I in NO way speak for Bev.

I am a skeptic. I have yet to see *any* evidence of "rigging". What I have seen is a program *so* porous and lacking in security that it can be attacked from dozens of angles.

I am *not* a programmer, but I do work with them, and have worked with a number of them in the past in private industry, government and academe. Not a one of them had a high opinion of MS security. On this I am talking about the OS, not MSSQL. *I* have cracked NT passwords in the past and I am a tech, not a cracker. I did this to unlock systems folks had "locked" themselves out of.

MS OS's have "adequate" security provided that:

1) They are administered competently.

2) They have regular security updates applied.

3) They are competently shielded from outside attack.

I have *rarely* seen any one of these, never mind all of them on a site.

I would have preferred the Scoop story focus on the rotten code, rather than trumpeting itself as the next "Watergate".

But, Scoop did something we couldn't do, they gathered the code and made it public. They are risking getting sued and/or prosecuted. But, by doing so, the code will now be examined by hundreds if not thousands of IT pros who are much better qualifed to evaluate it.

Now, Bev can publish her comments and they will stand or fall of their own merit without an injunction being slapped ten minutes after the book is out.

Scoop did something no one else in the media had the guts to do. And brother, we have approached a *lot* of people.

Again, these are *my* views, not Bev's.

The code is there, get your copy and go crazy. <g>

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org