Not just an issue for documentation, but also for marketing materials. I can't count the number of times I've looked into some app that was referenced vaguely in a comment somewhere, only to have to dig for half an hour on that thing's web site just to figure out what the thing is supposed to even do in the first place...
Why would they do it during the off state? If they know the voltage and can measure the current that they're driving it with -- or vice versa -- they can use Ohm's law to calculate the resistance.
It's too late for this former user of Apple's productivity software. Killing Aperture and nerfing the iWork suite destroyed any willingness I could have ever had to go back.
I like their OS, but it would be a hard sell for me to ever choose to migrate to their productivity software again.
The question I keep asking is: why? They give these patents to random people, and 5 or 10% of the proceeds if they win the suits. What do they get out of it?
If they were legit, then I don't see the need to assign the patents they own to someone else before litigating. Unless there's a gotcha, and it's a scam somehow.
Very strange, and just another reason why patents should probably be non-transferrable and "use it or lose it".
> Connolly ultimately concluded that the arrangements were unfair to the LLC owners and that Pugal, Bui, and Hall should’ve had independent counsel advising them. He wrote that IP Edge structured the LLCs so that it received the lion’s share of the litigation benefits while the the on-paper owners “assume all the risk” from the lawsuits, including attorneys’ fees awards or court-imposed sanctions.
The part i don't understand - is it them personally that have the risk or the LLC? I thought the point of forming an LLC was to prevent personal luability, in which case this doesn't sound that risky from the perspective of the patent owner.
As I understand it (not completely), according to the SHIELD act, the losing party in a patent dispute has to pay legal fees for both sides, which are usually substantial. If the lawyers who really own the patent represent themselves, they are in danger of having to pay out if they lose. So they effectively hired a plaintiff that they could 'represent'. Handing out 10% of the proceeds if you win against halving the costs if you lose is a reasonable hedge.
However a legal firm is not supposed to do that, which is why they are in trouble.
If the lawsuit goes bad and the random people foolish enough to sign up take the legal liability, and the folks behind the scenes take none of the risks and remain hidden.
Planes are expensive due to the difficulty of certifying them and maintaining the right to sell them under various regulations, not because they're using physical switches.
Yes, but large price and low volume (and actual technical acceptance criteria) also means they're not gonna be obsessing over saving fractional cents on control panels.
In my locale there is a header on the physical ballot that contains a bunch of barcodes, presumably to make your votes machine readable. It then prints the votes in text below.
I absolutely hate that fact. I am a human, I cannot read barcodes without a computer. Therefore, I cannot tell if the important part of what was recorded is correct.
I believe the idea is that random audits check whether the barcode matches the human-readable part, and in the extremely unlikely even problems are found they simply hand-recount _all_ the ballots ignoring the barcode.
Can you find any website or document that validates that these "random audits" are done? By whom and on what cadence? I've not been able to find anything like this. Just hand-waving, assertions that "someone does something," and so on.
If you don't trust risk-limitjng audits, you're never gonna trust any voting system. Someone has to administer the system, do the counting, sum up the totals, etc.
> I've not been able to find anything like this. Just hand-waving, assertions that "someone does something," and so on.
(Taking a bit more pointed tone than I usually would, because of the amount of misinformation around this general topic and because of annoyance at people putting less effort in than election workers, from secretaries of state down to volunteers, and casting shade from the laziness of their armchair. Thank you to all the people spending their time trying to secure elections!)
Did you try searching for "colorado voting audit"?
The value of absolute transparency is why nothing will beat paper ballots written and marked in plain English counted by hand with anyone and everyone who cares about election integrity watching the process.
I was mostly thinking people in coercive relationships.
But in terms of communities it might be that voting is looked down upon for certain members of that community not the community as a whole.
In broader terms while marking people who have voted may not reveal who they voted for it does reveal that they did vote. This is less private than the election authorities maintaining the record of who has voted.
I mean, if you're willing to spend that much, and it'll be very expensive, then sure. It's just technophobia - machines are going to be more accurate than a human (who also can make a mistake!).
Almost every democratic country on Earth today does it like that, and all democratic countries have done it like that for the last 100-200 years. Counting paper ballots is just not that hard. Machines are infinitely more complex and exploitable.
Plus, you have the extra layer of public perception: it's much easier to convince a chunk of the public that all the machines in some area are miscounting, than it is to convince them that all human vote counter in those areas are miscounting, and all in the same direction.
Any programmer worth their salt knows that it's practically impossible to vet that what is executing is 1:1 the code that someone at some point in time audited somewhere, or that the code is worthy of trust from the commons in the first place.
Anyone and everyone can watch someone count paper ballots, noone can watch a computer count electronic ballots.
> Any programmer worth their salt knows that it's practically impossible to vet that what is executing is 1:1 the code that someone at some point in time audited somewhere, or that the code is worthy of trust from the commons in the first place.
What?
There are entire systems built around doing exactly that. Embedded, military, high-trust.
It's never state of the art performance or mass deployed, because most people would rather have performance and cost optimized over assurance, but it exists and is in production use.
You verify hardware, chain of custody from production to delivery, track every deployed piece of hardware, then lock the firmware and enforce restrictions on anything that executes after that.
It's not easy or cheap (or foolproof, as anything can be exploited), but it's also not impossible. And substantially hardens security.
And for simpler systems with lower performance requirements, completely achievable.
F.ex. voting machines don't need to be running 16-core, hyperthreaded CPUs running multi-process operating systems
> There are entire systems built around doing exactly that. Embedded, military, high-trust.
This is a completely different thing. In those systems, the organization doing the vetting is the one that protects itself through those systems; the good of the organization is presumed to be aligned with the good of the end-users by the threat model. That is, the threat model is purely external to the organization: we are protecting the army's computers from an enemy army or a rogue soldier. An end-user of such a system (say, a low rank soldier sitting in a tank that includes remote-controlled components) can't really trust that those things are used in their best interest. For all they know, the devices are listening to every conversation looking for signs of treason/incompetence - this is still perfectly allowed by an embedded, military, high-trust system. It's the generals that trust the system, as it were, not the individual soldiers.
In contrast, in an election, what we care about is not that the sitting president trusts the results; we care that every individual voter trusts them. And the individual voters are not the ones that have the power to control the way procurement, hiring, vetting, verification, and everything else is done. In fact, the relationship between the electorate and the voting organizers is normally modeled as partly adversarial. The true test of a democracy is whether the populace can easily vote down the people currently in power, the ones that are organizing the election, when they would like to maintain their power.
So yes, I agree that if I am building a system that I want to trust with voting, and I have enough money, I can build an electronic system that I can trust. And you can build one that you can trust. But I can't build one that you can trust, unless you already trust me.
There is no way to demonstrate that what is executing is the source code unless you're compiling at execution time from a local vetted copy of the source code. Is the guy who vetted the source code vetted? Who vets the vetter? Is the compiler actually compiling the source code? Is the compiler compiling as generally expected? What about bugs in the compiler? Is the source code even what it claims (binary blobs!)?
What about the hardware? Are there any black box enclaves? Bugs? Does it actually crunch as would be generally expected of a number cruncher? Does it even have the vetted software?
All this complexity and anyone would be fully within their right to say "I don't and won't trust this."
Meanwhile, someone counting paper ballots by hand can be immediately understood by anyone and everyone. It's simple and it's brutally effective. So what if the process takes time? Good stuff usually takes time, what's the rush? So what if the human counter(s) screw up? Human errors are inevitable, that's why you count multiple times to confirm the results can be repeated.
The most secure, most hardened, most certified ballot counting machine cannot compare to a simple human counting paper ballots in witness of anyone and everyone.
The questions you're asking make it seem like (a) you're not thinking about this very hard, (b) you're trying to reach the answer you've already decided on, or (c) you're not familiar with high trust systems.
Still, in the interest of a conversation, some brief answers. Please ask in detail about any you're interested in (but realize I'm going to balance the time I spend answering with the time you spend researching and asking).
"Is the guy who vetted the source code vetted?" Yes, because he or she was assigned a key and signed the code with it.
"Who vets the vetter?" Whatever level of diligence you want, up to and including TS+SCI level.
"Is the compiler actually compiling the source code? Is the compiler compiling as generally expected? What about bugs in the compiler?" This is why you test. And it's pathological to believe that well-tested compilers, that have built trillions of lines of code, are going to only fail to successfully compile election code.
"Is the source code even what it claims (binary blobs!)?" See test and also dependency review and qualification.
"What about the hardware? Are there any black box enclaves?" Yes, by design, because that's how secure systems are built. And no, the enclaves aren't black boxes.
"Bugs? Does it actually crunch as would be generally expected of a number cruncher?" Testing and validation.
"Does it even have the vetted software?" Signed executables, enforced by trusted hardware.
> Meanwhile, someone counting paper ballots by hand can be immediately understood by anyone and everyone. It's simple and it's brutally effective
No, it's not. Because people are messy, error-prone entities, especially when it comes to doing a boring process 100+ times in a row.
You're not comparing against perfection: you're comparing against at best bored/distracted and at worst possibly-partisan humans.
Human counts rarely match exactly, because humans make mistakes. And then they make mistakes in the recounts intended to validate counts.
If you can't envision all the ways humans can fail, then I'd reflect on why things never fail at your work because of people, and everything always runs smoothly.
The point is that humans counting paper ballots by hand in the witness of anyone and everyone is and always will be more credible than any voting machine ever. You can certify the digital chain of trust as much as you want, it will not beat human hands counting paper ballots as anyone and everyone watches.
>you're not thinking about this very hard
Yes, because the commons will not think very hard about a complicated "solution" when a much simpler solution already exists.
>If you can't envision all the ways humans can fail,
Yes, humans fail. It's also not important. Any election worth its salt should be counting multiple times using a variety of counters and witnesses to demonstrate repeatability of the vote.
Again: Humans failing is not important.
What is important is the ability to verify immediately and simply how the vote is being tallied. Machines can and will fail (or more likely be corrupted) like humans, but we can immediately see when the human screws up whereas it's impossible to see when the machine screws up.
It's baffling I'm having to argue this to FOSS people of all peoples, you guys should know better than anyone else that vetting source code and binaries and hardware is a fool's errand for something as important as counting votes.
Nothing beats the brutal simplicity of hand counting paper ballots while everyone watches.
Human counters can be biased, and they're definitely more inaccurate. Machines, unless actively exploited by a third party, will always do the same thing, time after time. I don't believe it's worth the extra expenditure to hire tens of thousands of counters (again, human counters adds manual counting into the process, meaning another place for it to go wrong/be manipulated) when machines do the same thing with no fuss.
> Machines, unless actively exploited by a third party, will always do the same thing, time after time.
That "unless" is the whole problem. And it's not just if a third party gets involved, it can well be from the builders or the current operators of the machine who are the ones actively exploiting it as well.
The disconnect is that in most of the world we only vote for one or two candidates on a ballot. In America you vote for everything from the president to the dog catcher on one ballot.
While I think of it, the USA and UK should both stop holding votes on working days. That is nuts! Do what Australia does and vote on a Saturday and make it compulsory.
Are you sure? The last time I voted in Germany they gave me five ballots (EU, state, county, city, district), some with dozens of candidates - per party. I had dozens of votes to give.
I'm Australian, that screenshot is from the State election in South Australia, it is an example of how the Upper House ballot paper looks, it is similar in my state New South Wales.
The vertical columns (labelled as Group A to E in screenshot) divide up the political parties. The Greens will be one column, Labor Party another, Liberal Party another column and so on.
There are two horizontal rows separated by a thick line.
You can choose to either vote "above the line" or "below the line" but not both methods.
Above the line is used if you would like to vote based upon the wishes of a political party and below the line is used for "finer grained" voting for individual persons.
For example the Labor party might have 3 Candidates "Fred", "Mary" and "Bob" if I vote above the line I can put a 1 next to the Labor party and then the Labor party's wishes will determine how my vote is distributed.
Or if I Vote below the line I must number 12 different people in the order I want them to be chosen. So I could number Bob from Labor first, Peggy from the Greens second, then Fred from Labor third and so on and I exert exact control over how I want my preferences to be distributed.
edit:
Our elections are staggered, The State parliament is elected on different day to the Federal Parliament, which is different to Local City Council elections.
Believe me, we've been aware that this is a non-bug feature for a long time.
The Tuesday law was passed in 1845. Instead of changing it, many legislators are pushing in the opposite direction: trying to selectively suppress their opponents' votes further. If it hurts them more than us, it's a worthy goal!
We do it in the UK
Volunteers count the votes because they want to see a fair election (and there are ways of checking if someone partisan slipped some votes into the wrong pile).
I agree with GP. Transparency is more important than precision in democracy.
Good engineering is about choosing the right technology, not just the more recent one. Sometimes the right technology is paper.
Says who? Also, what does "accurate" here actually mean?
Speaking as someone who actually understands computers and machines: I agree with the commons (who are simpletons with regards to computers and machines) that machines cannot be trusted to be "accurate" (whatever that means) or even trusted in general.
Especially when a simpler, confirmable-by-anyone method exists: Having someone count paper ballots by hand in the presence of anyone and everyone. That includes mistakes and errors. The value here is anyone and everyone can and will immediately understand (and thus accept) what is going on.
Also, why are we even putting the integrity of the very foundation of our democracy on the table in exchange for convenience and cost of all things? Are we serious? It should be a good thing we are taking precious time and money to make sure our democracy is working properly. I thought democracy was actually fucking important.
Machines are amazing at counting things without losing their place. I'd trust an ATM's counted stack of bills over a human's (for sure if they only each got one try).
I've written some code at a previous job to simplify data entry. The previous method was adding numbers from a stack of papers, with a calculator.
I trust my code to add up the numbers on the computer over a human reading them from a printout and entering them in a calculator.
If the technical problem was solely about counting then obviously everywhere in the world we would be using machines by now. But we don't. Because the technical problem is trust, not counting.
Health insurance manual claims processors (who usually average ~5 years of experience) can do 95+% accuracy, at speed (a few minutes), at scale. That's counting and verifying multiple things against processing rules.
General data entry, from less trained folks, tends to average around 85% accurate (i.e. 15 mistakes + 85 entries correct, out of 100 entries).
Let's say they get rid of the barcodes and only show the human readable text. How does that prove any better or worse that the machine counted the vote the way it says it did on the slip?
The presence of the barcodes doesn't do anything to reduce the trustworthiness of the system
It starts with being able to tell that the information was encoded correctly when I submitted it.
Tell me this: what is the advantage of a barcode, over a scantron-esque system where I can see which item I chose because a dot is filled in?
The scantron-esque system is still efficiently machine readable; we've had scantron since I was a kid. The difference is, I can verify with my own two eyes that the information is encoded correctly on the ballot I submitted if it's done scantron-style.
I cannot do that with barcodes.
It adds another layer of safety. Do we still have to be able to trust the rest of the system? Yup. But I cannot trust anything at all if I cannot even verify that my vote was submitted correctly in the first place.
>It adds another layer of safety. Do we still have to be able to trust the rest of the system? Yup. But I cannot trust anything at all if I cannot even verify that my vote was submitted correctly in the first place.
I don't disagree that it's strictly better, but the improvements in security are marginal. Any audits/recounts would be done by looking at the human readable part of the ballot, and would therefore be unaffected. Moreover, regardless of whether there's barcodes or not, you'd want to conduct proactive recounts to mitigate any risk for tampered/broken machines. In that case, getting rid of barcodes wouldn't add any security in practice.
With a scantron voting system every single voter becomes an auditor. That’s orders of magnitude more auditing than will ever be achieved by randomized barcode audits and it will catch far smaller discrepancies. Even if a machine made only one mistake ever, it would stand a chance of getting caught. Not so with barcodes.
>That’s orders of magnitude more auditing than will ever be achieved by randomized barcode audits and it will catch far smaller discrepancies. Even if a machine made only one mistake ever, it would stand a chance of getting caught. Not so with barcodes.
When was the last time you had a printer print the wrong thing? Moreover, if an election is close enough that a few votes matter, there's definitely going to be a manual recount, so any advantage is purely academic (eg. knowing that candidate A won by 51.704% rather than 51.703%). Point is, either the error is big enough that it's trivially detected with spot checks, or the margins are so close that a manual recount is performed automatically.
But how do you know what position 5 option 2 is set to the person you voted for on the tabulation machine for a bubble fill? It's not like the counting machine is OCR'ing the choice to figure it out. In the end the pattern of dots on a scantron to what the computer thinks the ballot was is just as illegible as a collection of bar codes. It's practically the same thing.
I'm fine with it so long as the choices are also printed in a human readable way at the bottom. If it was just a giant bar code or whatever I wouldn't like it.
Pretty sure GP is saying a scantron-style one can still be flipped or offset at the destination. They use position on the ballot, not OCR, to determine what the vote is.
It's not actually about how the ballot is interpreted by downstream hardware and software. That's a different issue.
It's about the ability for the voter to determine that their own part of the process -- the recording of their own vote -- is done correctly in every respect.
Each step of the system has to be verifiable as correct for the system to be trustworthy. As it stands right now, I cannot visually verify that my own vote produced a correct printed ballot. I have no way of doing that.
This removes one of the most critical safeguards. If something in the software (malicious or otherwise) records an incorrect barcode, I have absolutely no way of knowing.
>It's not actually about how the ballot is interpreted by downstream hardware and software. That's a different issue.
To me, this seems like the only part worth worrying about, and any solution to it should satisfy your concerns as well.
Every ballot should have a UUID that the voter takes with them (or make it a hash of their voter registration number or something). As soon as the ballot is processed, the results are posted to a public place. Voters can then confirm their ballot was recorded accurately.
This still doesn't tell you that all the internal variables were incremented correctly, but you can separately aggregate the publicly posted results and compare with the aggregate reported by the machine.
The problem this still doesn't solve is electronically stuffing in fake ballots.
> Every ballot should have a UUID that the voter takes with them (or make it a hash of their voter registration number or something). As soon as the ballot is processed, the results are posted to a public place. Voters can then confirm their ballot was recorded accurately.
Opening the door for vote bribery or voter intimidation.
$1,000 for every tag proving you voted for my candidate.
If you don't prove you voted for my candidate, expect some retaliation!
You can already do that today by having people take a photo of their ballot. Or just buy their signed but otherwise blank mail-in ballot and complete it at gangster HQ. Or give them the money and don't require proof at all, because most people will just do what they agreed to do.
This doesn't happen today because it isn't scalable and is easy to get caught and prosecuted. Electronic manipulation is more appealing because it does not require interacting with people.
Taking a photo of the ballot is illegal. Also, one can just always strike the ballot before putting it in the
machine after having the completed ballot. In some places of mail in ballots it's possible to cancel the mail in ballots and vote in person after.
And bribing people to vote is already illegal in the first place. Do things being illegal stop the behavior or not? You're arguing both sides of the coin at this point.
Most people aren't going to try too hard to undermine or outsmart the gangster. Which is why, again, the perpetrator doesn't even need validation of how people actually voted. Vague threats will work just fine. In fact the gangster will still beat up a random sampling of the voters anyway.
There's far less incentive to actually pay bribes or hurt specific people if there's no reliable proof of the vote. Even with people taking a photo of a ballot, one can still just strike that ballot and vote again after taking a photo. It's an immense risk that will likely not do you any good, because there's no way to actually know those people voted. The people you're paying and who voted for you would have likely voted for you anyways and you're just otherwise paying people to not bother voting at all or voting against you, while you face immense risk.
If the gangster is just going to hurt a random sampling of people anyways, you might as well just vote however you want to vote. They may or may not commit violence against you regardless of how you vote, its completely disconnected. If you know they can validate it, you're probably going to be less brave.
Just put yourself in those two situations. One where the ballot is absolutely secret, and one where it can be trivially looked up. Someone says you better vote for X or I'll hurt you. You really don't want to vote for X. In the first instance, do you vote for X? In the second, do you still vote for X knowing the thug will be able to know for sure how you voted?
I'm not suggesting nobody would do an illegal thing, obviously I acknowledge people would do illegal things. I'm just pointing to that as why taking a photo of a ballot is illegal in many areas.
I learned how to cook rice properly from my Mom. Pot, 2x water, boil then turn to low, add rice, 18 minutes, done. My only gripe is that I'm still trying to find a good rice pot with the little steam vent in the lid.
The rice cookers I've seen take twice as long to make rice that is by no means twice as good.
To each, their own. My Mom loves the rice cooker I gave back to her because it took too long to cook rice. =)
reply