You Can't Make Mistakes.

Lord save us.

Egypt switched out of daylight savings time today. I didn’t know this until we were almost an hour early/late leaving for an appointment.

Oh, by the way, I’m back in Egypt now. Jeff and I arrived in Cairo this past weekend. Sorry about the lack of updates, but I’ve been jet-lagged to the point that I can’t seem to get out of bed before noon, if not 2 or 3. This does not make for very productive days. Regardless, I will write updates of this week’s adventures later.

Back to the daylight savings rules for Egypt.

Egypt goes to daylight savings time at 23:59:59 on the last Thursday in April when the clocks move forward to 01:00:00 on Friday morning, thus skipping an hour in the time-line. Egypt leaves daylight savings time on the last Thursday of September when the clock moves from 23:59:59 to 23:00:00 on the same day. Seems reasonable right?

This is, of course, unless the shift will occur during Ramadan. In years in which this is the case—2006, 2007, 2008—the time changes on the last Thursday before Ramadan. That was, of course, last night. So, I woke up this afternoon, thinking that I had gotten up terribly late, again. But this time I was rewarded with the new knowledge that I had managed to wake up a whole hour earlier than I thought I had.

You think you’re confused? Try being groggy in the afternoon in a hot apartment, blearily looking at your watch, mobile phone and laptop trying to figure out what time it is when none of them match. My watch had run down it’s wind from yesterday a bit, so it was off anyway—it winds itself when I walk, but I hadn’t done enough of that apparently. My mobile hadn’t shifted automatically, as it was supposed to. The laptop did, but offered no explanation.

I have never believed in Daylight Savings Time to begin with, and one day, when I have more power, I will require that my subjects adhere to whatever time is on my watch. Wait, that’s not very nice, is it? I just wish that humans had figured out that if they just shifted their daily patterns rather than shifting our whole time-system everything would run much better.

Indiana figured this out a while back. Part of the state doesn’t shift into DST in the summer. Why, you ask? Because if they shifted, then the chickens wouldn’t know what time to lay eggs, and the cows wouldn’t know what time to give milk.

Way to go Indiana. Good on you. Maybe the rest of the world will follow this shining example someday. We can only hope.

Nothing is impossible to find.

Hacker stryde.hax posted this article yesterday which indicates that he believes that he has found evidence of the underage status of one of China’s medal-winning Olympians. Additionally, he has requested that screenshots of the offending documents be posted on people’s blogs. In the interest of net-neutrality and in the face of censorship, here they are:

The name of the Olympian in question is: He Kexin (何可欣)

You can read more about how stryde.hax found these spreadsheets at his blog. There would be need for further verification of this, of course. Or, the could be an instance of sensationalist frenzy which would result in some people losing face. Either way, there you go.

Don’t forget to wear a condom.

The comic this morning on xkcd is a good example of arguments for and against electronic voting.

Read it. Careful though: it is funny, so the humorless fascists for whom you work may have blocked the site and also be in the business of firing anyone who tries to access it.

Regardless of that, it is a little ridiculous to have anti-virus software on a voting machine. A voting machine should probably not be network connected. If it is in fact network connected, then we shouldn’t have had the problems that we did with corrupted SD cards not having the voting data when needed. These things each indicate other problems as well.

First, if a voting machine is online, it is immediately insecure. All computers are prone to attack through either a network interface or by way of physical access to a machine. That said, some computers are more secure than others. Those computers used for high-profile applications—such as, I don’t know, off the top of my head, uh, VOTING—will of course be more delectable targets. So, possible operating principle number one: keep voting machines off-line.

Then, if a voting machine is off-line, why does it need virus protection software? The SD cards used for transporting data—the insecurity of which we will get to in a moment—should be checked for any virus or malware IMMEDIATELY BEFORE they are being placed into a machine. Ergo, there should never have been any need for virus protection software on these machines.

On to the point of XKCD this morning: What operating system is running on these voting machines and what is it doing? I am not sure, but I am just going to take a gander that is was Windows XP, or some-such. Now, Windows is known for: crashing, being-virus prone, being entirely insecure in the case of physical access to a machine, and a laundry-list of other fun things. Firstly, Windows should not be the operating system of choice for this application. There are more than enough compelling reasons to take that right off the table. Therefore, we should assume that there was a contract—read: set of payouts, kicks-backs, or other reward perks—involved between Premier Election Solutions (a.k.a. – Diebold) and Microsoft.

Let’s look at this again. Logically, so far, we have decided that: 1) voting machines should be using a secure, robust operating system, 2) voting machines should not be networked.

Or should they?

Is it secure to have votes stored in .xls (Microsoft Access) files and then transported on SD cards to a computer terminal by some flunkie (read: election official or Premier Election Solutions Employee) for transmitting over what one would hope are secure channels?

No, is the only answer to that question, by the way. PHYSICAL ACCESS to data is the point of least security. Swapping cards is just the easiest way to corrupt/alter the voting data.

The alternative: a networked voting machine which is connected to several sets of voting servers around the country—redundancy, in this case, is security, or at least accountability—via port/transport-encrypted connection protocols. The data is transmitted and tabulated at these central sites, plural. The data that is transmitted is stored on a separate physical disk from the operating system. That disk is encrypted and, if it is an SD card, there is no physical access to it—like a slot that it plugs into. Screwdrivers with weird noses are in order if you want it out.

When the data is transmitted, it can be in the form of an encrypted binary image of the disk. This is more secure than an .xls stored on an SD card. All of this will happen when the decentralized server farms call the data in at the end of the election. Also, at the end of the election, a printout could have a per-transaction list of the data received from the voters at each site. There are a number of ways to maintain the anonymity of the voters. Remove names, randomize times, etc. This printout would also be output electronically so that it can be stored for checking results, if there is a dispute.

Votes are tabulated/reported faster. The security is better—though only as good as its worst implementer. Everyone goes home happy-ish. Or at least as happy as they were before the election.

Back to the original topic: virus software. Here’s a fun thing: often, these days, viruses are written to attack and corrupt the virus protection software itself. Like real-world pathogens, they have adapted to attack the defenses first, and then go for the soft belly. So, if your computer is riddled with viruses, start over. This time, don’t use the virus software. Just use a malware detector like Spybot – Search & Destroy. In the distant past, when I still bothered with Windows, this was my virus-protection scheme, and it worked like a charm. My dad has been doing the same thing for years, and it works like a charm.

Again, back to the original topic: voting machines should not have Windows on them. Neither should servers. Linux is working all over the computing world on servers and in embedded devices for applications which require a great deal of security and require the OS to be robust—i.e. – not crashy. It comes in all sorts of flavors. It is scalable, customizable, and the source code is open. In other words, the kernel—most basic part of the operating system—can be fully customized to run exactly what is needed in the hardware, which also limits security gaps. It is also good at all the things that we talked about above: transport encryption, disk encryption, complicated networking schemes, redundancy, binary image backups. It also doesn’t have that nasty habit of crashing and dying forever. If it crashes, it can reboot, and it will be fine. This can even happen automatically since parts of the system can be restarted without your ever having to know about it in a user interface.

I don’t want to sound like an evangelical Linux user, but I am. And I will also admit that Linux is not for everyone—a statement that I do not fully believe, but which I will allow at present. It is however, perfect for an application like running voting systems. Even if you ran a Linux system comparable to what is running now on these silly machines, the problems would scale back immediately.

So, take that for what it’s worth. I felt that the comic was funny, but might need a little further explanation. There you go.

Oh yah, disclosure: This post was written from a laptop running an unnecessarily secure Ubuntu install, backed up on a server in my house running Debian and transmitted to the internet via a router running the Linux-based DD-WRT to a—you guessed it—Linux web-server share running WordPress. This blog post is delivered to you using only open-source operating systems and applications on our end. I can’t vouch for what you used to view it, but if you used Firefox, it’s a step in the right direction.

Testing… Testing. Is this thing on.

We are always, it seems, interested in measuring or coding personality. I read this article [PDF] this morning over my coffee and found it fascinating. The results aren’t necessarily fascinating, but the idea is.

The gist is: can we something about the personality of an individual based on their e-mail address? This is an age-old question, of course. The primary use of astrology, in this author’s estimation, has been to parse personality traits. For example, Virgos are particularly mercurial. Their interests wander and range vastly. Is this true? Well, it probably is, for some.

The difference between the former and latter types of personality profiling is that the former uses a trait generated by the individual in question, whereas the latter has very little to do with them, at least on the surface. Then again, perhaps there are more factors that we are not considering, such as weather, personalities of parents and mood/temper changes based on time of year. Who knows?

Then there is the personality inventory. I took my first one a few years ago as part of a study conducted by a counseling psychology student for her thesis project. She was testing the Minnesota Multi-phasic Personality Inventory. I’m not sure about the particulars. Regardless, the questions are tricky and vague, but their compiled results are supposed to tell you something about your personality. My test indicated that I either had a personality disorder, or was a genius. Now, I don’t think that I am a genius, not even a little, but it was the more comforting alternative. There was more to it than that, something about frequencies, blah blah. Boring stuff. Sort of.

It made me interested in these types of tests though. Do they really tell us anything about ourselves, and, if so, what?

A few years later, I took the Myers-Briggs test. This one I liked. The results are a bit more human-readable—not that psychologists are not human, but well, you get what I mean. Since taking this, I have always tested the same way, which is also interesting. The questions on different exams will vary greatly, but they are designed to indicate personality traits when answered in a specific way.

I am an ENTJ [Extraversion - iNtuition - Thinking - Judging], apparently.

You have the following traits as options: Attitudes—Extraverted or Introverted, Functions—Intuitive or Sensing, Thinking or Feeling, and Lifestyle—Judging and Perceiving.

Here are a couple of tests for your enjoyment. These are obviously just intended for online amusement, not for real use. These type of assessments are best administered by a professional. But, then, when have we ever cared about that. Each one takes about 4-5 minutes. If you have a few minutes to kill take one—or more—and post the results as a comment here. It would be interesting to see what sort of personalities we all have, wouldn’t it?

A general Myers-Briggs assessment

An assessment for programmers

An interesting assessment with sliders

Well, that should help you to waste about 15 minutes today. Try it out and post the results.

for humor.

Yesterday I got an e-mail from my mother. This is not an uncommon event, but the e-mail was uncommon. She indicated that when she attempted to click the link my my blog-update email, that the computer told her that the web page was not accessible because it contained humor.

Humor?

I was blocked by a server for being funny. I don’t really think that I am funny, but I am on someone’s radar, I guess. I wonder if there is a list published every month with the URL’s of websites that may or may not contain humor. Either that or a great deal of people are reading this blog at that particular place—no names, protect the innocent—and the sysadmin caught it.

I get it, really. No one wants employees surfing the internet during work. Sure. I just cringe at the idea that we block we content because it contains something funny. I think that I might lose my mind if I couldn’t read humor online in between other tasks. We might see an increase in postal-employee-psychosis-style freakouts.

My advice: read this blog at home. Don’t get fired on my account.

Mom, et al: wear Kevlar to work, and have humorless attack drills regularly so that everyone knows what to do if someone loses it because they couldn’t read Dilbert that morning.

And me, well, I probably get flagged for stuff all the time. We live in a world of paranoia and flagging of “sensitive” data, risks, shady people, people who aren’t shady but might be in a place that is known to have other shady people in it: these are all very common. I know my passport has been flagged before, but never for being funny.

but your laptop closer.

An article on Slashdot [http://yro.slashdot.org/article.pl?sid=08/08/01/0958242] this morning discusses the Department of Homeland Security’s policies regarding the seizure of laptops and other personal data storage devices at border patrol points. Apparently this also includes scraps of paper which may be in your pockets. The scary part about this policy is that it extends to American citizens as well.

I myself have nothing to hide on my laptop, but I also have data that I don’t want anyone else to have. My research and writing is all on there. Possibly credit card data, who knows? I feel like this is privacy-invasion-ey. I’m getting a little sick of terrorism as a crutch for stripping away civil rights. Where do we live again?

I’ll probably be arrested at the airport later this month after writing this blog. Kidding. Kind of.

Any thoughts?