* Posts by tom dial

2187 publicly visible posts • joined 16 Jan 2011

Russian hackers got Trump elected? Yeah, let's take a close look at that, says Obama

tom dial Silver badge

Given the state of previous OPM information assurance practice and Archuleta's relatively brief tenure as director, her dismissal was a more or less standard example of punishing the innocent.

tom dial Silver badge

Re: its *PRESUMPTIVE* president elect trump

An upvote for correctness as to US presidential election procedures. The popular vote, irrespective of who might have won a plurality. Abraham Lincoln was elected with a large electoral college majority, but only about 40% of the popular vote (it was a plurality, though). It is extremely unlikely that enough electors to change the outcome will vote against their pledges, and in many cases against their state law. The probability of that is effectively zero given that nearly all of those who vote for Trump (or Clinton) will do so fully in accord with their consciences.

The auditability, or lack of it, for electronic voting machines has practically nothing to do with whether or not they have a paper trail. Indeed, such a paper trail may only increase the ambiguity, since the laws may specify incompletely or ambiguously what is to be done if the tape from a machine differs from the contents of a memory card that records show came from the same machine. In practice, the cards (and if present, the tapes) are separated from the machine after completion of voting and passed from hand to hand several times before delivery to a central location for vote tabulation. There is an audit trail documenting the chain of custody, but it is not impossible that it could, by intent or more likely error, be damaged.

If the audit trail (and secure custody of all equipment) is complete, however, it is possible in principle to determine that the software in the machine that held the card (and printed the tape, if applicable) either were or were not in agreement. Not easy, and not cheap, but possible.

Auditing to determine whether only legally authorized people voted, however, is in many states impossible, by law or by federal court requirement and would be extremely difficult in the remainder.

tom dial Silver badge

Re: "... let's take a closer look... "

I guessed the author correctly from the slant and heavy use of loaded words, but Greenwald makes valid points. It would be best to think of poorly supported anonymous reports from government sources - all governments - as essentially identical to the "fake news" about which the "true news" purveyors are working so diligently to whip up a moral panic.

tom dial Silver badge

The FBI absence might be because the agency's mission is only weakly connected with collection and analysis of foreign intelligence. The foreign intelligence agencies, especially the CIA and even more the NSA are likely to have information that the FBI do not. Those who think the FBI raised the issue of Anthony Weiner's unauthorized possession of government email messages to bias the election against Clinton probably are mistaken, as are those who think it actually had a significant effect in either direction. By that time nearly everyone who cared will have reached a conclusion about how the email server issue spoke to Clinton's suitability for office and treated anything new on that as noise, just as they did with earlier reports of Trump's sexual abuse activities. We all were tired of it, all of it, before then.

tom dial Silver badge

Re: Computerized voting

The systems are auditable, with some difficulty, because of the necessity to establish that the software actually in use during the election was not able to misrecord voters' actions. While that is possible in principle under sufficiently controlled conditions, maintaining the controls uniformly across hundreds or thousands of voting places and an order of magnitude more machines and people is difficult and unlikely to be done perfectly. After that, it also is necessary to validate the software used to collect the votes, usually from removable memory cards, and to classify and total the votes for each candidate and issue. The only upside, if there is one, is that if all goes well the totals can be announced in time for the 10 PM news, a dubious benefit.

Hand counted paper ballots also have had issues, and without question there has been associated election fraud and a few stolen elections. In addition, they are technically fairly easy to audit, although traditional fraud techniques often included ballot spoilage that if done skillfully was hard to detect and correct. Auditing the activities of thousands of people over a 12 - 14 hour period has quite a few vulnerabilities, and paper ballot systems have had the counterpart of malfunctioning machines in the forms of ballot boxes that went missing or had broken seals.

Nothing is perfect, and election issues certainly are not limited to the US or to one political party.

tom dial Silver badge

Re: Plausibility

Unlike some countries, the US extends the notion of personal liberty to include the liberty to decline to participate in elections. That is not a scandal.

If there is a scandal around denial of voting rights, it nearly entirely concerns denial of the right to those who have completed prison sentences and have not had full civil rights restored, not voter suppression, so called. Complaints about poor people of color being denied by reason of color is largely nonsense and perfectly understandable in terms of normal partisan activity. The Republicans writing the laws took "black" to be an accurate proxy for "Democratic voter" as, indeed, it is. No rational person thinks those laws would have escaped their initial committee assignments unscathed if as many as 25 or 30 per cent of the targeted voters had been believed to lean Republican. Aside from that, the voter suppression laws, so called, actually prevented very few from voting (although they unquestionably made registration and obtaining require ID more difficult for some) and in most places probably fell about evenly on both black and white citizens.

The real scandal is the quasi-institutionalization of the major parties and the political rigidity that has brought, to the point where major parties presented national candidates that a large majority of the electorate considered untrustworthy and unsuited for the office they sought.

Latest loon for Trump's cabinet: Young-blood-loving, kidney-market advocate Jim O'Neill

tom dial Silver badge

Re: Your bias?

I think we are about to finish up a couple of terms with an introvert president, and there is plenty of evidence that it didn't work out all that well. The main rejected candidate in the immediate past election also seems to be more an introvert than an extrovert, suggesting that a large fraction of the population in a large part of the country might, for now, prefer an extrovert. For now. It remains to be seen whether it works out well or ill.

tom dial Silver badge

Re: Your bias?

The basic physics and chemistry around the atmospheric contaminants may be well understood, but the quantitative effect may be less well understood and subject to doubt, at least as to the amount of change, both if nothing is done and in response to proposed corrective action. And although there is no room for doubt about the proposition that human activities contribute contaminants that tend to raise the average world temperature, there is some uncertainty about the importance of that compared to other sources, and there is considerable reason to question whether, when it comes down to the point where 2700 million people in China and India (and the 322 million in the US) will accept the costs associated with proposed reductions. I do not see the evidence that they will, and unlike physics and chemistry, which are hard, politics is really hard.

tom dial Silver badge

Re: We have vays to make you

From a slightly different angle, the first paragraph seems like it might be an argument for autonomous, possibly unaccountable, agencies or ones subject only to political control by those in charge of the government. The latter seems to be what so many, here and elsewhere, worry about with the upcoming Trump administration.

tom dial Silver badge

Re: Your bias?

There is a good to be made in favor of having the head of a government department skeptical, if not necessarily opposed, to the department's mission.

It is well known that over time government agencies tend to be staffed by employees having a bias toward the presumed agency mission and a clear incentive to extend its scope and authority. One fairly obvious current example is to be found in the number of agencies jostling for position in defining and establishing rules over "cybersecurity." Another is the recent attempt by the FCC to elbow its way onto the FTC turf in protecting personal privacy, while both of them attempt to increase government authority over at least the US part of the Internet.

It also is well known that regulating agencies like the EPA, FTC, and FCC, and others that hand out goodies like DOD, HEW, and HUD, come to be surrounded by client groups, which bring to bear a good deal of carefully tailored advocacy intended to channel the regulation in their preferred direction or bring them direct or indirect benefits from agency activities. Client/supplicant groups also are training grounds for future agency employees and employers of former agency employees. The laws and regulations intended to control such revolving door employment actions are not necessarily effective. I recall one instance in which a DOD agency IT director issued a directive that Oracle DBMS would be the agency standard. He retired a few months later and the following week began work as an executive at Oracle, but not in a division that dealt with DOD procurements. He was followed shortly after by his former deputy.

Competition within the government, properly managed by the President and Cabinet officers, might bring some of the benefits that it does in the private sector. Department or agency heads who are skeptical of or oppose the commonly understood organization mission and its implementation can contribute to that and might exert some control over excessive collaboration between agencies and their clients.

My name's Jeff B and I'm here to say: Canada's getting an AWS region around the way

tom dial Silver badge

Re: Canada is part of Five Eyes

Perhaps. But there is no obvious reason that the possibility (or even probability) of changes to targeting procedures would have any effect on my claim. A number of populations or organizations are targeted, now, simply because they exist. There is no reason to wait for tomorrow.

tom dial Silver badge

Re: Canada is part of Five Eyes

I can see no reason for a US or Canadian citizen (or legal resident, at least in the US) to be either more or less worried about either NSA or CSIS (or GCHQ, for that matter). Those who have a need for worry, or otherwise wish to do so, should do irrespective of where their AWS or other processing and storage is located.

The US government's ability to demand Canada-resident data may be changed some by the recent New York decision concerning a Microsoft email account in Ireland, but it is a good be that the US is, or soon will be, working with other governments to smooth procedures for exercising mutual legal assistance treaties that exist (I expect there is one between Canada and the US) and negotiate them to the extent possible where they do not exist. In view of the proximity of the US and Canada, it seems likely that the procedures are fairly well established in both directions.

There probably is not much of interest here except marketing.

China and Russia aren't ready to go it alone on tech, but their threats are worryingly plausible

tom dial Silver badge

Re: Would you expect anything else?

But strike the word " military" in the first paragraph. Reliance on imports limits many other options as well.

US election pollsters weren't (very) wrong – statistically speaking

tom dial Silver badge

Re: no votes for Trump counted in 3 weeks

Count the votes from 32 counties, perhaps?

That said, there is reason for considerable suspicion if, in fact, a significant number of voting districts have not yet reported results three weeks after the election. Nearly all absentee ballots, which most states require be mailed no later than election day, and ballots from deployed military personnel, should be in hand by a week or ten days after the election, and taking longer than a few days to count them should raise suspicion about the counting procedures.

tom dial Silver badge

The electoral college was a derivative of the population crediting policy for the House of Representatives. The bias in the electoral college since then has been a result of the facts that every state is allocated two Senators and at least one Representative irrespective of its population.

Censuses beginning with the first, in 1790, counted women on the same basis as men, although only New Jersey allowed them to vote (until disallowing it in 1807). It is likely that neither race nor sex has been a significant issue in apportioning Representatives since the census of 1870 or perhaps 1880, well over a century ago. Who is allowed to vote, however, has been and remains a contentious issue from time to time.

tom dial Silver badge

Re: Elector allocations

"Cooler heads" is pretty much what Hamilton argued in Federalist No. 68 in favor of indirect choice of the president using electors. Those wishing to describe the electors as "wealthier heads" are not far wrong, since the correlation of wealth and education was high then, just as it is now. That is slightly related to the imbalance between high and low population states in electoral college strength, but probably only weakly and perhaps coincidentally.

tom dial Silver badge

Re: Mandatory Voting

The electoral college would be tough to change. If you are interested in seeing the electoral vote assigned somewhat proportionally, consider the methods of Nebraska and Maine, and take it up with your state legislature.

Note that if everyone had used the Nebraska/Maine procedures, Trump almost certainly would have won, although quite a lot more narrowly. That would have been a good thing, as it would be much harder to argue that he has a "mandate."

tom dial Silver badge

Re: 1 person 1 vote - is not true

"Empty" states like Iowa (and Utah) have 6 electoral votes. The median states by electoral vote (Louisiana and Kentucky) have 8. Of the 24 states above median electoral vote (and population) Trump won in 14 (223 electoral votes) and Clinton won in 10 (183 electoral votes). In the states (and District of Columbia) at or below median in electoral votes, Trump won in 16 (83 electoral votes) and Clinton won in 11 (49 electoral votes).

While one person, one vote does not apply, it is fairly clear that Trump's support was both substantial and geographically widespread. This is even clearer if one examines the results by county, which show that Clinton's support was quite strongly coastal with a few spots in between.

Exclusive: Team Trump's net neutrality guru talks to El Reg

tom dial Silver badge

Re: ...

Of the millions who registered their opinions with the FCC on the Net Neutrality question, a few tens of thousands probably had enough understanding of communication technology and economics to form their own opinions. Most of the rest were acting on the expressed opinions of various "experts" predicting assorted awful outcomes from allowing of "fast lanes" or free services.

The article, and the paper by Layton and Calderwood, concern economics and the thesis that Net Neutrality is not conducive to efficient network resource allocation, which in the end affects everyone who deploys, operates, or uses a network.

tom dial Silver badge

Re: Trump appointments

I do not think Trump ever claimed to be a conservative, at least without backpedaling shortly after. Some of his positions and promises were aimed at those who claim to be conservative, but many or most have been creeping off stage since the election. He is no more a conservative than Hillary Clinton is a liberal (current usage assumed).

Obama's minions in the Congress further poisoned an already dirty well in various ways, and Obama lacked either the skill or the will to collaborate with the Republicans in Congress and sometimes even the Democrats. That left him the option of trying to expand executive branch reach by issuing orders and hoping the inevitable challenge would not be turned away by the courts. Donald Trump, come January 20 next, will be in position to cancel every one of them that he doesn't like. That may result in a worse outcome in some cases than if Obama had done nothing at all. The most obvious examples are DACA and DAPA, which by now will have produced a very convenient database of deportation candidates. Nonetheless, Trump will have Obama's example going forward in the event of a truculent Congress. And there is no plausible reason to think the next Congress, any more than the last forty or so, will do anything effective to limit him.

tom dial Silver badge

Re: ...

"A large number of individuals - " nearly all of them essentially clueless about communication technology - supported net neutrality as well."

"Packet prioritization, bandwidth throttling and tirered pricing will not inherently create a more democratic Internet." Maybe, maybe not. It is not entirely clear that "democratic," normally associated with group decision making and choosing government officials, is meaningful in the context of network governance. While these many millions were, by and large, vehemently in favor of net neutrality, it is far from obvious that any of them has benefited from it, or will. But it is fairly clear that large operators, including Google, considered it beneficial to them, as defined by the marginal profit they expected to clear as a result. The Open Internet Order might best be understood as a result of successful rent seeking supported by a moral panic.

"Reality is much more subtle and nuanced than this. It's not black and white. Just many different shades of grey." Indeed it is.

It is meaningful, however, to discuss techniques for efficient allocation of limited resources and is quite plausible, if not certain, that requiring all services to receive identical treatment in a packet switched network lead to inefficiency. This may show up, for example, as overbuilding or congestion (or its temporary mitigation, throttling), or possibly both at different times and places.

tom dial Silver badge

Re: This Google obsession is getting old

Yet Google provides direct utility to users, in the form of Internet indexing and search, that far exceeds that of any the alternatives or, indeed, all of them combined. As a result it earns piles of money for its shareholders. Any positive utility that the NSA and other government intelligence agencies provides is at best indirect and very difficult to define and measure.

'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

tom dial Silver badge

Re: Unless you're the FBI...

I don't claim to have read all the "Snowden" and Greenwald articles, but have read enough of them to know they do not speak much to the FBI, DEA, or even DHS.

Parallel construction, presumably intended to conceal intelligence sources and methods, is not by itself contrary to law as far as I am aware, any more than is concealing the identity of confidential informants who provide information to justify warrant issue. The NSA is permitted to refer to domestic law enforcement authorities information obtained by lawful (under US law) foreign intelligence surveillance. The articles that "revealed" these activities were unfortunately vague about the source of the information and the conditions under which it was obtained. They also did not make clear whether the authors did not know or knew and elected to leave it unmentioned.

Ultimately, the decision to issue a warrant rests with a judge who is at least nominally independent of the prosecutor and other law enforcement agents. They may rubber stamp the application, but it at least is a (possibly virtual) piece of paper that, in the US at least, can later be challenged in court if the warrant turns up information that leads to prosecution.

tom dial Silver badge

Re: Alternatively

According to the report in the source, Dallas News, the pictures were sent by email from the phone, then deleted. The claim, further, is that by the grace of the God of Apps, one of the pastor's apps backed up the sent messages before their deletion, thus preserving the evidence. The only thing that points to three-saint-names, though is that the police are reported to have found that a person of similar name has an account on the swinger site.

At last report, Thomas has not been convicted, which would help the lawsuit, although it is not a requirement as the standard of proof in the civil suit is much less than required for a criminal conviction. For now, there is reason to withhold judgment in the matter.

tom dial Silver badge

Re: Unless you're the FBI...

The FBI does not have that right either. They, and other law enforcement officers may apply for warrants, as may their counterparts in many other countries. If the application is granted they have the right to conduct a search as the warrant specifies.

As for the article, it is not clear why the plaintiffs think they have a basis to seek not only compensation, but enrichment, from the dealer who employed the alleged perpetrator or, even more remote, from Toyota itself. The employee's act is said to be a criminal offense, and the agency's sales director has been charged. Dealership liability may depend on details like whether the accused had previous history of similar behavior and whether they knew of it, and if they did not, whether they had done reasonable (probably a jury question) pre-hire due diligence. Toyota's liability may be limited by their relationship to the dealer and details in the documents that govern the relationship. Toyota certainly will not want to set a precedent for future similar claims, but given their likely rarity might end up negotiating a settlement with sealed terms for some fraction of the amount demanded.

Google proudly regards dented shovel as Flash lies supine on the floor

tom dial Silver badge

Now if others, like Comcast Xfinitiy would do likewise. A few months back, Comcast "upgraded" and "improved" Xfinity web applications, which never before had the "benefits" of Flash. Now they do, and now they will no longer run on Linux versions of Chrome and Firefox because the latest available version is too old. That includes the schedule display/channel select application and also the application needed to report a problem or file a service request.

Investigatory Powers Act signed into UK law by Queen

tom dial Silver badge

I find it interesting that fairly straightforward and likely enough correct statements are so often downvoted and disputed.

The point was that if the police are interested in you, no matter the reason, using a VPN or TOR is unlikely to deter them or interfere significantly with their ability to pursue that interest. And it is not at all obvious that it will make it harder. Communication data surveillance is only one of their tools, and for in-country residents probably is one of the least important.

tom dial Silver badge

Re: Commercial suicide

You want to send sensitive company data to any employees, securely, you can't.

=> PGP will protect the data. If sending the data is authorized, would the metadata matter?

You want to leave said data on an intranet with web access securely, oh look, you can't.

=> On an intranet with web access: Does the act really cover internal transmission? Surely you did not mean web access from the public Internet and securely in the same sentence.

You want to research a company with a view to a takeover, in private, hah some chance

=> For those of us lacking the knowledge and imagination, it would help to have a plausible scenario in which searching public sources would be a problem.

Even if I'm being overly paranoid, if companies haven't legged it because of brexit, they'll be leaving in droves if they can't rely on secure internet as a general principle.

=> As I understand it, the act has little to do with Internet security, but something, maybe a lot, to do with privacy of some kinds of information in some circumstances.

tom dial Silver badge

Re: Could someone recommend a VPN?

If you live in a Five Eyes country, you probably would be more at risk using externally-based facilities (possibly including TOR). In the US, at least, legal protections are much stricter on (legal) residents than they are on those in other countries who are not US citizens. I have not seen anything detailed about it, but suspect that there are side agreements among Five Eyes governments to not target (or to be gentle about targeting) each other's citizens.

None of that would apply to external communication endpoints. The applicable legal protections might not be honored, but they might, and for the US, at least, there is some evidence that they are. Where they are, they might be effective, and that is better than the case where they do not exist at all.

tom dial Silver badge

If you are of interest to a law enforcement agency, and if you use anonymizers or VPNs or encrypted messaging, that is likely to increase their interest and bring closer scrutiny. If they have a decently plausible justification, they may be able to obtain a warrant (or UK equivalent, if different) for access that is much more intrusive than metadata collection, and much more likely to succeed in obtaining information about your activities in connection with whatever caught their attention in the first place.

The short version: if the police are interested in you, they generally will find ways to investigate you.

tom dial Silver badge

Re: Here's the full list...

It would be useful to have a brief description of the hoops through which one of these many agencies must jump before gaining access to the stored data. That, along with who can grant access, might be a deal more important than who can request and receive the data.

Internet Archive preps Canadian safe haven to swerve Donald Trump

tom dial Silver badge

Re: The True North, Strong and Free

Many of the countries "not so friendly to the interests of the USA" also would not be so friendly to freedom of access to information. The US might present some issues surrounding privacy, but is hard to match for prickliness* about anything resembling press freedom, and that certainly would include the Internet Archive. The government, and litigation attorneys and clients, being what they are, moves to restrict access could be tied up in rule making and the courts longer than Trump will be President, even if he is reelected in 2020.

As an aside, it would be easier, legally, for the US intelligence community to collect IP address information from a service in Canada than from one in the US, although its use might be limited by treaties or side agreements to pretty much the same population in either case.

* Except, in the short term, by those upset by "fake news" on social media.

CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

tom dial Silver badge

Yet the same "credible source" that considers the board of elections and email hackers to have been nation-state actors has said publicly that there is no evidence of election hacking as such.

Maybe Russia wished for Donald Trump to be elected, and maybe they made these efforts to that end, and maybe those efforts had an effect on voting behavior. That's a lot of maybes, and the direction of the effect on voters is, to understate, pretty murky.

tom dial Silver badge

Re: Interesting definition of a landslide victory you have there...

Trump won in 30 states, with a total voting eligible population of around 126 million; Clinton won in 20 states and the District of Columbia, with a total voting eligible population of around 94 million. It is not entirely clear that the archaic counting system produced a seriously incorrect result. For reasons Hamilton discussed in The Federalist (No. 68), presidents are not elected by popular vote. People have disagreed with that, but they should at least give careful consideration to the argument before concluding that it is rubbish.

Time passage has brought changes. One has been to corrupt the original presidential selection process and establish quasi-legal institutional status for political parties that, at bottom, are self interested private organizations. Another change is to increase enormously the powers and importance of the President, a change that most political parties, including the two largest, have long supported enthusiastically. It may be that the problem is not the electoral college as such, but that has been altered to operate in a way that is quite at odds with its original intent.

tom dial Silver badge

Re: From the article:

It is all but certain that said professor knows a great deal more about information security than he does about voting behavior.

As for connection of voting machines to the public Internet, it is all but certain that there were effective controls to prevent that, even for voting machines with the capability. However, hacking of individual voting machines is not the only way, and not the most likely or effective, to alter the ultimate vote count - as the professor and others have pointed out elsewhere.

tom dial Silver badge

There is no more reason to believe an exit poll than there is to believe one taken in advance of the election. Aside from sampling error and refusal to answer, some people will lie, especially if, as in the immediate past election, one of the candidates is widely viewed as unworthy of respect.

tom dial Silver badge

Re: Vote Fraud? Are you CRAAAZY?

Voter suppression laws, so called, did not disenfranchise anyone. They also made no racial or ethnic distinctions, although they plainly had more impact on those who were poor, unmotivated, or not very bright, or who would have had trouble documenting their eligibility to vote. Few of them, if any, failed to make the required ID available at no delivery point charge, although for some people assembling the documentation required and going to the place of issue, usually the same place that issues driving licenses. The required documentation is generally in line with that required to obtain a Social Security card, and probably in line with that required to register for other federal and state benefit programs.

The big disenfranchisement in the US is not these laws, but the sometimes permanent legal disenfranchisement of convicted felons, along with the large number of former felons resulting from the ill-conceived War on Drugs. This number almost certainly is at least an order of magnitude larger than the number of those actually disenfranchised due to "voter suppression." In some states, this can be undone only on approval of the governor of an individual request. A few states allow convicts to vote, and some that do not lift the ban at completion of the sentence.

The "evidence" for fraud seems to be hypothesized hacking of some equipment combined with deviation of some results from pre-election polling reports. As the BrExit and last UK general election shows us, These cannot be considered reliable. As a matter of historical fact, recounts rarely change election outcomes, especially above the local level. Even Michigan, with a reported Trump plurality of almost 11,000 votes, has a very low probability of changing after a recount. Pennsylvania, with a margin approaching 70,000 will not flip, and Wisconsin, with a margin of around 22,000 also is very unlikely to be changed. Clinton would need all three.

tom dial Silver badge

Re: Vote Fraud? Are you CRAAAZY?

The vote fraud of which Democrats were so dismissive was an older type in which people voted who were not permitted for reasons such as death or lack of citizenship. Arguably, that was quite rare and unlikely to affect the outcome except in rare cases of extremely close elections, although as far as I am aware, the presumed rarity stems as much or more from general failure to look for it as any actual analysis.

Fraudulent configuration or programming of systems used for vote recording and counting is a legitimate matter for concern. It has been in principle for many of us since they were introduced, and for quite a few more after demonstration of various vulnerabilities in the recording machines and the general vulnerability of the systems and networks on which the software is prepared, stored, and transferred. It should be noted that similar vulnerabilities existed on rather old electromechanical vote recording systems, although complaints about that were rare to nonexistent.

The primary goal in using these machines seems to be quicker tabulation and announcement of results, hopefully by the nighttime news readings. This is an illegitimate reason. However, it can be met decently by using optically scanned human-readable paper ballots, which offer a reasonable possibility of manual recount, as is legally required in some jurisdictions when the lead is narrow enough.

Until that is done, auditing the results makes a good deal of sense, especially in cases where there is potential for wholesale manipulation that would be difficult or impossible to identify and correct. "Recounting" and machine auditing probably would not allow anything better than discarding results from dodgy machines, but it could hasten adoption of properly verifiable and transparent voting systems.

SQL Server on Linux: Runs well in spite of internal quirks. Why?

tom dial Silver badge

Re: Repositories? apt and yum integration? Really?!?!

I do not understand, or think justified, the downvotes to this sensible post. I have made a very small number of exceptions on systems I have for personal use, and doubtless would make more if I were being paid to support customers.

However, I have a relative for whom I field occasional technical support questions related to his installing X on Ubuntu. Invariably X is a binary download, often from what I consider a somewhat dodgy source, and often chosen as an alternative for something available from Ubuntu repositories that appears fit for purpose. He choose non-distribution alternatives that promise features the repository one does not, but they do not always deliver on the promise. Quite often, though, they do deliver large amounts of wasted time and aggravation before they are fully operational; and a few of them never got to that point.

Some providers are open to suggestion and will make changes to improve the installation and operation of their product. Foxit Software, which offers a PDF reader, is one example. That Microsoft apparently provides a repository and appropriate dependency resolution suggests they are serious about this and want it to work well. And that is a good thing.

How to confuse a Euro-cop: Survey reveals the crypto they love to hate

tom dial Silver badge

Re: Crypto Comms

These suggestions might be useful for spies (both "ours" and "theirs") and those engaged in various forms of activity defined as criminal behavior under applicable laws. They are likely to seem like quite a lot of bother to the overwhelming majority of the population who are not in either category, for whom the best use case may be privacy for affairs or sexting (Anthony Weiner, take note). That may seem uncomfortably close to "those who have nothing to hide have nothing to fear," but it probably is true that the majority of people who are not already subjects of specific law enforcement interest are very unlikely to wind up in trouble due to their tradecraft failures.

tom dial Silver badge

Re: @ejit

Judicial process and warfare are not commonly thought to be closely associated.

Drone attacks certainly kill people near the target, and they also may go astray, fail to hit the target and still kill or maim substantial numbers of people. Yet they probably are more effective than car bomb attacks on markets or mosques, barrel bombs, or bombs dropped from high flying planes in terms of killing specific people without killing too many who may not be personally involved in a conflict. Upwards of 25,000 people, few of them directly involved in Nazi military operations, were killed between 13 and 15 February, 1945, and the Tokyo bombings of 9 - 10 March, 1945 killed roughly 4 times as many, most of them quite as innocent as most of the bystanders killed in drone attacks.

Wars are really bad things, and they always kill or injure innocent people. Focusing on particular weapons, especially those which limit unintended killing and injury, is a distraction from the main point.

tom dial Silver badge

Torture might work, but then again it might not, and it often won't be easy, or perhaps even possible, to tell. A torture victim may well lie to make the torture stop or pause, saying whatever seems necessary and effective at that. Unless the information can be verified quickly against other information known to be true it is likely to be worth little, as it is if it merely confirms information the interrogators believe to be true.

tom dial Silver badge

Re: Encryption will only work as intended until everybody is using it all the time

An easy to use frontend for using PGP with emails

I've had very little technical trouble with Thunderbird and Enigmail. Neither has my wife, for whom I set it up. The combination transferred flawlessly from Windows 7 to Windows 10 (unlike some other applications) and through three or four Debian Linux distribution upgrades. The last time I looked there remained some work to be done on web mail interfaces, although ProtonMail's is not too bad. Google End-to-End and Mailvelope were usable, although I do not know whether they have had a proper security validation or, indeed, still are being developed and maintained.

The problem has very little to do with availability or technical matters, and a great deal to do with the observed fact that only a tiny fraction of the public, as against those who lurk on technical web sites, actually cares about it.

HPE tape library permits unauthorised remote access

tom dial Silver badge

Owners who care about their data should not manage these or similar devices in-band, and their out-of-band network should not be accessible from the public internet, for the same reasons that apply, for example, to water and power plants.

A bit of critical thinking sometimes is useful

Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?

tom dial Silver badge

Re: You see, these IT security experts approached this testimony in the wrong way...

Have an upvote for the probable accuracy of the claim, but the implied reason is a bad motivation for legislation.

Zuckerberg says just one per cent of news on Facebook is fake

tom dial Silver badge

For practical purposes I do not use Facebook, and in particular, I neither post nor seek out political news there.

That said, I think Facebook is getting something of a bad rap in this. The user provided political "news," probably better be called rumor in many cases, almost certainly is protected speech (in the USA) under the first amendment. As long as they are only a transmitter of the material they probably are pretty much in the clear, even if the material is false or misleading

They are entitled to suppress it if they wish, because they are not a government entity, but doing so will make some of their users unhappy. We already have seen an instance of this in their temporary removal of the famous picture of the nude Vietnamese girl running from a napalm attack. Censoring their users' political opinions, even because they are false or inaccurate, certainly will encourage discontent, as many people get pretty worked up about such things. It also is likely to lay them open to complaints, and possibly lawsuits if they begin to censor and fail, as is inevitable, to identify everything they need to. They will be better off letting the political stuff go except for clear and direct threats and the relatively small number of other first amendment exceptions.

Silicon Valley's oligarchs got a punch in the head – and that's actually good thing

tom dial Silver badge

Re: Confused Brit

Fact Check: The claim that Diebold voting machines were used to steal Ohio from Gore appears likely to be untrue, as Diebold Election Systems Inc. was founded in 2002, two years after the Bush//Gore election.

I worked a number of elections in Cuyahoga County, Ohio in later years when Diebold machines actually were in use there, and it is my recollection that the machines were reasonably secure physically, and were delivered to voting locations with tamper evident seals over the access doors for the modem and internal electronics that were not to be removed for any reason, and if damaged were to be reported. I never encountered that, but assume that damage would have prevented putting the machine in service for the election. Other controls were generally adequate to prevent abuse in polling locations without collusion by both Democratic and Republican election judges.

There are no guarantees that the software could not be altered before the machines were sent to polling locations, or the stored votes changed after the election was completed, but it would pretty much have to be done at the board of elections between opening of the sealed bags with memory cards and inserting them into the systems that accumulated the vote totals.

tom dial Silver badge

Re: It wasn't illegal.

I did check. The reference is 44 USC Chapter 35, along with implementing standards issued by NIST around 2005 or 2006. The law imposes requirements on senior agency officials to ensure information security. As the head of a cabinet department Clinton was responsible to ensure information security within the Department of State, not undermine and subvert it.

Colin Powell used a personal email account during his tenure as Secretary of State, during a time that bridged passage of the above act, and before NIST completed the standards, during which the State Department systems were considerably less adequate than they were when Clinton took office in 2009. Condolezza Rice has stated that she avoided use of email.

The State Department non-classified network was, indeed, penetrated - in 2013, after Clinton left the position of Secretary of State. It is possible, although uncertain, that it would not have been if she had carried out her obligation to ensure that her CIO and his staff maintained DoS system and network security properly.

Given the known vulnerabilities of the clintonemail.com servers, the only operationally useful assumption about it is that everything that ever touched it was known to every significant national intelligence service in the world.

And FWIW, my vote also did not go to either Clinton or Trump.

tom dial Silver badge

Re: @tom dial ... Entirely predictable?

@Ian: While I raised the question thinking of pre-election polls, this may be more or less true. I do not know of proper academic research that bears on this, but there is suspiciot, and has been for decades, that some error may come from systematic bias in the subset of respondents who answer untruthfully or refuse to answer. One of the fundamental requirements for a good survey was understood 50 years ago or more is that you pick a sample and do what it takes to interview everyone in the sample, making return visits as necessary. The more deviation there is from that the greater the likely error in addition to the customarily reported sampling error.

Whatever the cause, my impression is that it is worsening over time. The last three big failures that come to mind are the most recent UK general election, the BREXIT referendum, and the US election last Tuesday. On the other hand, Alan Lichtman of American University has predicted the last ten presidential elections based on a series of 13 T/F questions about the political/electoral environment - no need for costly interviews.