Saturday, December 27, 2003
It’s been a good month for privacy and electronic freedom. Justice Ginsburg ruled RIAA’s use of the DMCA subpoenas and their argument “borders upon the silly.” Read the Ginsburg decision in PDF format (pretty clear in her message!) Looks like the judicial branch is slowly but steadily and surely limiting the broad, abusive powers granted under the DMCA, applying conservative readings at most turns. DMCA still needs to be pulled in the legislature, but it is reassuring to see the system work—checks and balances.
Norway’s Jon Lech Johansen’s earlier acquittal on all counts of alleged copyright violations—stemming from his creation of a way to read DVD’s on Linux — was upheld by a panel of seven judges (three full time judges and four “lay” judges, of which two had technical expertise) in the appeals court. It will probably go on to Norway’s supreme court, but this type of unanimous decision at the appeals court level does not bode well for the prosecution’s chances.
Finally Black Box Voting systems and especially Diebold, have come under greater and greater scrutiny by the general press—even being named as Fortune Magazines worst technology of 2003—as well as EFF(Electronic Frontier Foundation) and the technical press. More states and districts are requiring paper trails, and Diebold was raked over the coals when it was discovered in California that NONE of the fielded black boxes were running the state certified software. Diebold also backed down after the EFF and Center for Internet and Society Cyberlaw Clinic at Stanford Law School stepped in to provide legal representation to two college students and a non-profit ISP being sued by Diebold for Copyright violations under the DMCA. Diebold has agreed not to sue and to retract all prior legal threats from all ISP’s and individuals it sent them out to. EFF and the team from Stanford are seeking a final court order that will clarify the legality of providing links and protect posters, linkers and ISP’s.
If you can, support the EFF with membership or a gift. They have been instrumental in helping in all of these issues.
Also filed in
|
|
Wednesday, November 26, 2003
It seems the rumors of Diebold ATM’s having been infected with a worm were true. Considering that their voting machines are based on a similar code base (Windows) we should trust these people and their black box systems with handling our vote?
Of course I personally don’t understand why an ATM needs to run Windows as a base operating system at all. Technically the requirements for an ATM like device are very narrowly defined and could be handled very well by a low power embedded device with very restricted code base. Even better — but not a source of the worm infection — would be to have the code run from a write protected compact flash device or a mini-cd.
This is not only an example of Diebold’s untrustworthiness but also another example of monolithic software causing problems. While basing a device off Windows XP or Windows XP Embedded can reduce development time it opens up the device to many, if not all, of the same security risks that affect desktop Windows, which by virtue of being the dominant operating system on the planet is also the target of 90% of the security hacks and worms. While basing the devices on a reduced footprint Linux or BSD would also reduce time to market, and expose the device to certain security issues, at least with a Linux or BSD core developers could strip all non-essential services from the source entirely thus reducing vulnerability.
It seems IBM agrees in some way as they have announced that they will be discontinuing support for OS/2 including on ATM devices, recommending instead that vendors turn to Linux. Naturally Microsoft is taking advantage of the shift in IBM’s OS/2 plan to push for vendors to turn to Windows XP and XP embedded.
Also filed in
|
|
Tuesday, November 11, 2003
A new CERT Advisory, CA-2003-28, was issued today. This one is for Buffer overflow condition in Microsoft Windows. This includes Windows 2000, XP and XP 64-Bit Edition.
The overflow is in the Windows Workstation Service (WKSSVC.DLL). This could allow remote attacks to execute arbitrary code or cause a DOS(Denial of Service).
To fix the condition you will need to apply a patch specified in Microsoft Security Bulletin MS03-049.
Let’s get patching…
Also filed in
|
|
Saturday, November 8, 2003
Quick daily (well maybe regular would be more appropriate) read linkfest:
- RSSWeather is still listed as experimental, but has been very accurate.
- Clay Shirky has an interesting piece on the “Semantic Web”. The gist of it is that:
- The Semantic Web is a machine for creating syllogisms
- syllogisms don’t work well in the real world (for a number of reasons)
- As a result, the Semantic Web will not be very useful either.
I’m not sure yet whether I agree with his argument in it’s entirety, but he makes some excellent points. Knowing the developmental history of the web, I think the Semantic Web—as put forth by most of it’s proponents—will not succeed in it’s entirety, but there will be some very good developments that do come out of it.
- Shelly is taking BurningBird to a more private level after it was visited by the IRS.
- Joe Maddalone figured out how to get multiple versions of IE(Internet Explorer) running on one system.
- Support the ACLU give up your privacy.
Wednesday, November 5, 2003
I haven’t been able to determine what type of machine’s were in use–I know that electronic machines are being used in some districts of Connecticut–but here is yet another scary voting system failure, this one in my own backyard.
A quick Summary of the article:
The machines malfunctioned shortly after polls opened, forcing them to be shut down. From opening until about 9am no paper ballots were available (they had to be printed up) so many voters were unable to vote before work, and many did not (or could not) return to polling places before they closed. Even for those who voted there was no privacy and the paper ballot was handed over to election officials, not put into a ballot box or similar. Election officials recognize that it is “a big can of worms” and that there is probably grounds for legal challenge to the election.
No matter what type of voting machines these were, this underlines the need for audit trails, effective primary and emergency voting procedures (well understood by election and polling station workers), and effective backup voting methods and rules.
