votescript kills Diebold. I could do it on one floppy in Linux, but not
at the library, and it's not that unixy a program/problem. Perhaps the
bootable Forth types would find it amusing. A demo on
a Palm or a Blackberry wouldn't hurt either.

RIck Hohensee (H3sm, shasm/osimplay...)

(Sent to Maryland print dailies...)

I have written a computer program called votescript that is a
menu-driven ballot editor
for any non-legacy PC. It is written in GNU Bash, which is the native
command shell
of the Linux operating system. votescript and Linux are both free,
public domain, and open-source, i.e. utterly transparent. I wrote
votescript in Adelphi originally and debugged the most recent version
at the Mount Ranier Library a few doors up from
Van Hollen's office, on Ubuntu Linux. Kudos to the DC LUG and Ubuntu
people for making that possible. votescript is posted to md.politics
and unix groups in Usenet News, perhaps better known these days as
Google Groups.

humbubba wrote:

No, it doesn't. I haven't seen your "votescript" code, but I fearlessly
predict that I could break it. Send me the code, and I'll happily
demonstrate.

The problem isn't presenting a list of options to a user and having them
select one. The problem is recording the votes in a way that can be
later verified, audited, and still keep individual choices secret. All
the while, you also need to provide security and have the means to prove
if votes were tampered with.

I'm not saying that Diebold has done these things well or in some cases
at all. In fact, the problems with Diebold's machines are quite well
documented now. They are at best garbage and at worst part of a plan to
manipulate votes.

But your "votescript" hack likely doesn't do any of this either. Witness:

The first external dependency. How does "votescript" protect against
someone installing a hacked bash shell?

John Passaniti wrote:

God, this troll hasn't died yet?

humbubba wrote:

Interesting. I'm supposedly a troll because I pointed out that your
"votescript" is likely just a trivial way to capture votes, and doesn't
provide for the real-world security, auditing, and everything else that
would be necessary to have a system people could trust. Or am I a troll
for pointing out that building on top of bash and Linux raises the
potential for tampering with votes by hacking those layers?

You state that the value of something like "votescript" is that it is
open and transparent. So feel free to demonstrate that fact and make it
available for download off your web site. Don't have space? Write to
me directly (substitute my first name for "nntp") and I'll be happy to
give you as much disk space as you need for "votescript" on my site.

I look forward to being proved wrong.

"humbubba" yahoo.com> wrote in message
news:1160516868.383388.75380@m73g2000cwd.googlegroups.com...

He is not trolling. If you seriously wish to present an automatic voting
system for serious use, you have to be prepared to answer all challenges
regarding its security. John's comments are quite valid.

John Passaniti wrote:

Would you consider providing links to sources that explain what the
real problems are?

My first thought about trusting Linux is to trim down Damnsmalllinux.
It's 50 megabytes and loads from a CD-ROM. Cut out what you don't need
from it and add the voting code; it's likely to be no more than 40
megabytes. Better if you don't give it net access since that cuts out
access for some hackers -- except that reduces the convenience too. As
a first attempt I'd say do without it rather than try to make it
secure. So you keep cutting down the Linux until you don't notice
anything you can do without, and you publish that along with a SHA or
other security scheme. Let everybody who wants to, look for a way to
break it.

humbubba wrote:

As you didn't provide a URL for where the code could be downloaded
anywhere in this thread, I'm not sure how I or anyone could. I'm
looking forward to viewing it myself, once you provide a reference to it.

J Thomas wrote:

Sure. You can start by looking at the negative case-- the problems that
researchers have found in existing systems. blackboxvoting.org and the
related group blackboxvoting.com both have plenty of material on the
issues found with Diebold and other companies (ESS and Sequoia are the
primary competition) that make these devices. Further, news feeds and
articles on these sites will expose you to research, commentary, and
other information that you may find useful in understanding what it
would take to have an electronic system that could be trusted.

Then, you can look at sites like www.openvotingconsortium.org and look
into their project, look over their design, and from there you can see
what some of the non-obvious issues are and how they intend to address it.

Then, go over to SourceForge, search for "vote" and find the handful of
applications that are being promoted. Look over their designs and
again, you can find aspects of voting you might never have considered.

John Passaniti wrote:

I agree it would have been convenient for him to provide a link.

I looked in Google groups for posts by humbubba since the beginning of
the month. That immediately turned up the threat "this votescript
version has been mostly debugged on Ubuntu" on comp.unix.shell. It was
real easy to find.

In article <1160491743.038990.303130@h48g2000cwc.googlegroups.com>,
humbubba yahoo.com> wrote: