Electronic Voting Machines “Malfunction”

1 Nov 2006

No surprise here.

Since the electronic voting equipment manufacturers are completely incompetent when it comes to security, I and any other person with a working brain (when it comes to security, that is) have been expecting that we would be hearing an awful lot about machines “malfunctioning” in this year’s election.

If you haven’t caught any of the stories yet, check out Pete Ashdown‘s recent post on some voting experiences that have been sent in to him, as well as this story on KFDM‘s website.

There are other stories surfacing already.

Pay very close attention to your voting. Make sure the machine shows what you really wanted to vote for before you commit your vote. Double-check the printout from the voting machine and make sure that every one of the items marked is what you really wanted to vote for.

It’s your responsibility to ensure that your vote was recorded as you want it. The electronic voting systems adopted in the state of Utah are so insecure that it doesn’t matter how good the elections officials and workers are at their jobs; votes are going to be stolen this year and with greater ease than in any past year.

It’s up to you, the voter, to protect yourself and your vote.



Response: Oracle Announces the Same Enterprise Class Support for Linux as for It’s Database

25 Oct 2006

I have known Marc Christiensen for years and have a lot of respect for him. He does a great job of keeping on top of things, which is why I was surprised that he didn’t catch the problems found in the Oracle press release he quotes in his recent post.

I’ll quote the part he quoted and intersperse it with my comments.

Today Oracle announced that it would provide the same enterprise class support for Linux as it provides for its database, middleware and applications products. Oracle starts with Red Hat Linux, removes Red Hat trademarks, and then adds Linux bug fixes.

Sound like what CentOS and White Box Enterprise Linux (WBEL) do. OK, that’s fine.

Currently, Red Hat only provides bug fixes for the latest version of its software.

Wrong.

Red Hat provides seven (7) years of support from the release date of Red Hat Enterprise Linux (RHEL) release (since RHEL3, only 5 years for RHEL2.1), including the production of errata packages for both security and bug fixes. This means that support, including updates, will not be terminated until after October 2010 for RHEL3 and February 2012 for RHEL4.

This often requires customers to upgrade to a new version of Linux software to get a bug fixed.

Wrong.

However, it is true that Red Hat does not backport drivers or other new feature support to released versions.

Oracle’s new Unbreakable Linux program …

Oracle’s “Unbreakable Linux” program has been around for years. Perhaps, they meant to convey that this new incarnation of the (existing) Unbreakable Linux program, which now includes an Oracle branded Linux distribution.

… will provide bug fixes to future, current, and back releases of Linux. In other words, Oracle will provide the same level of enterprise support for Linux as is available for other operating systems.

Thus implying that Linux is backwater, until Oracle steps in and makes it acceptable. Sounds like big software company marketting people to me :) .

Oracle is offering its Unbreakable Linux program for substantially less than Red Hat currently charges for its best support.

Given that Red Hat has support option from nothing (no support contract is required) or pay-per-incident phone support up to 24×7 on-site Red Hat employees managing your systems with a couple dozen options in between, “best support” could mean a lot of things.

Of course, tons of people get confused easily by Red Hat’s “licensing” costs. No! They are not charging you for a license. Everything in RHEL is free and open. You can buy both a support contract and/or (a) subscription(s) to Red Hat Network (RHN).

“We believe that better support and lower support prices will speed the adoption of Linux,

Well, duh!

… and we are working closely with our partners to make that happen,” said Oracle CEO Larry Ellison. “Intel is a development partner. Dell and HP are resellers and support partners. Many others are signed up to help us move Linux up to mission critical status in the data center.

I’ve got news for you Oracle, Linux is already mission critical in lots of data centers, including yours. That’s right, Oracle has been using Linux as the platform for delivery of their hosted applications services for years. I am also personally familiar with enough Fortune 500 companies data centers to say that they all have at least one of their mission-critical applications running on Linux. But don’t take my word for it; almost all of them have made public statements in some form or another which indicate that this is the case.

Please, will you folks stop treating Linux like something you are coming along to save from “certain self doom”. You’re not. Most of you are, on the other had, making wonderful contributions, but all of our Linux are not belong to you.

Although this last one isn’t really that big of a deal, it’s yet another example of how marketing people in companies that should know better keep implying that Linux isn’t ready for “real world” workloads.

BTW: I’m sitting in a lousy hotel room in Austin, Texas with NyQuil in my system, feeling sick and extremely drowsy. Maybe I should post while in this state, but I’m doing it anyway (isn’t that one of the corollary definitions of “stupid”?). So, if I messed up a detail or a link, please, let me know, but bear with me. Also, I only have Internet access in the evenings, if it’s working (took a couple of hours to get a stable connection tonight). I’ve gotta go sleep now. I sure hope I don’t feel this crappy, tomorrow. Goodnight.



Centralized Food Processing Puts Us at Risk

20 Oct 2006

This very well written article describes (in very easily understood terms) how the centralization and industrialization of food processing in the U.S. has lead to the point where contamination can easily occur and is very hard to track down. It also points out how we could easily make the problem much, much worse.

Rather than talking further about this, I’ll let you read the article. It’s very good. But I would like to point out that there are a lot of parallels in network & systems security that could be drawn here.



Nina Reiser Missing, Hans’ Home Searched

14 Sep 2006

This morning, this story was brought to my attention. When I read it, my first reaction was, “Wow.” and that was about it.

I hope and pray that those childrens’ mother will be found soon and that she is all right.

For those who may not be familiar with the Reiser’s, Hans runs Namesys and is a key figure behind the development of the reiserfs and Reiser4 (read about Reiser4 on WikiPedia) filesystems. Reiserfs was the first journaling filesystem for Linux.

In the story, the reporters point out that the police do not regard Hans Reiser as a suspect at this time.

This makes a lot of sense to me, since Nina dropped off the kids and they were with him, she went to the grocery store and never showed up at her friend’s, according to her plan for that day. Her vehicle was found with the groceries inside of it. Though the article doesn’t say anything about it, I have to assume that the police have already verified that she did make the purchase at the grocery store and I would, therefore, also have to assume that they have video of her shopping at the store and leaving it.

There also was no mention of a search warrant for Hans’ home, but I’m sure they had one. I think it was a very good idea of the police to take the precaution of searching his home early on and to use a cadaver sniffing dog.

Much of the investigative processes and police procedure is the process of elimination. They take each possibility one by one and seek to prove or disprove it and move on to the next. That’s the same proccess we computer folk use when troubleshooting a problem. Both investigation and troubleshooting follow this line because it works very well.



Smart State Trooper Captures Fugitive Polygamist

31 Aug 2006

CNN published this story about the capture of Warren Jeffs. It’s an interesting read. However, what I think is a more important part might go unnoticed by most people.

A paper license tag, a salad and stories that didn’t make sense pricked the suspicions of a state trooper who stopped the car of a wanted fugitive polygamist in Las Vegas.

But it was the pumping carotid artery in the neck of Warren Steed Jeffs that convinced Nevada Highway Patrolman Eddie Dutchover that he had cornered someone big.

This is an excellent example of security “Done Right”. Dutchover correctly applied behavioral profiling. It takes a smart person with the right training to be able to correctly do behavioral profiling without it degrading into racial profiling or some other mostly ineffectual form of profiling.

Eddie Dutchover, I take my hat off to you and your expert application of such effective techniques. Bravo!

Also, in the same CNN story, you can read about how Utah is getting first crack at prosecuting Jeffs.

There are also a couple of interesting video clips linked within the article. They are linked via a JavaScript thingy, so I’ll refer you to the CNN article to view them (I could work out URLs to give you some direct links here, but I’m not going to take the time to do that, tonight).



Good News About Credit Cards

17 Jun 2006

On May 25th, I was reading The Wall Street Journal. The cover story was titled, “Credit-Card Issuers’ Problem: People Are Paying Their Bills“.

Why would this be a problem for them? After all, they are in business to make money, right?
Read the rest of this entry »



108 Year Old Phone Tax Ending

5 Jun 2006

The May 26-29, 2006 issue of USA Today ran this story.

Basically, the Federal Excise Tax was introduced in 1898 to help pay for the Spanish-American War. At that time, a tax on phone service was a tax on only the wealthy. The US Department of the Treasury is finally ending this tax.

The result is that all phone companies (including cell phone carriers) must stop charging for the Federal Excise Tax on August 1st. Individuals and business can also file for refunds next year (on your 2006 tax return) to receive a refund for any excise tax paid on long-distance calls since March 1, 2003.

You should read the whole story on USA Today’s website (it’s quite short), as there are some interesting details. For example, there are some narrow circumstances in which you might have to still pay a 3% excise tax.

Here’s hoping you get some bones back next April 15th.