Since the electronic voting equipment manufacturers are completely incompetent when it comes to security, I and any other person with a working brain (when it comes to security, that is) have been expecting that we would be hearing an awful lot about machines “malfunctioning” in this year’s election.

If you haven’t caught any of the stories yet, check out Pete Ashdown’s recent post on some voting experiences that have been sent in to him, as well as this story on KFDM’s website.

There are other stories surfacing already.

Pay very close attention to your voting. Make sure the machine shows what you really wanted to vote for before you commit your vote. Double-check the printout from the voting machine and make sure that every one of the items marked is what you really wanted to vote for.

It’s your responsibility to ensure that your vote was recorded as you want it. The electronic voting systems adopted in the state of Utah are so insecure that it doesn’t matter how good the elections officials and workers are at their jobs; votes are going to be stolen this year and with greater ease than in any past year.

It’s up to you, the voter, to protect yourself and your vote.

I’ll quote the part he quoted and intersperse it with my comments.

Today Oracle announced that it would provide the same enterprise class support for Linux as it provides for its database, middleware and applications products. Oracle starts with Red Hat Linux, removes Red Hat trademarks, and then adds Linux bug fixes.

Sound like what CentOS and White Box Enterprise Linux (WBEL) do. OK, that’s fine.

Currently, Red Hat only provides bug fixes for the latest version of its software.

Wrong.

Red Hat provides seven (7) years of support from the release date of Red Hat Enterprise Linux (RHEL) release (since RHEL3, only 5 years for RHEL2.1), including the production of errata packages for both security and bug fixes. This means that support, including updates, will not be terminated until after October 2010 for RHEL3 and February 2012 for RHEL4.

This often requires customers to upgrade to a new version of Linux software to get a bug fixed.

Wrong.

However, it is true that Red Hat does not backport drivers or other new feature support to released versions.

Oracle’s new Unbreakable Linux program …

Oracle’s “Unbreakable Linux” program has been around for years. Perhaps, they meant to convey that this new incarnation of the (existing) Unbreakable Linux program, which now includes an Oracle branded Linux distribution.

… will provide bug fixes to future, current, and back releases of Linux. In other words, Oracle will provide the same level of enterprise support for Linux as is available for other operating systems.

Thus implying that Linux is backwater, until Oracle steps in and makes it acceptable. Sounds like big software company marketting people to me :) .

Oracle is offering its Unbreakable Linux program for substantially less than Red Hat currently charges for its best support.

Given that Red Hat has support option from nothing (no support contract is required) or pay-per-incident phone support up to 24×7 on-site Red Hat employees managing your systems with a couple dozen options in between, “best support” could mean a lot of things.

Of course, tons of people get confused easily by Red Hat’s “licensing” costs. No! They are not charging you for a license. Everything in RHEL is free and open. You can buy both a support contract and/or (a) subscription(s) to Red Hat Network (RHN).

“We believe that better support and lower support prices will speed the adoption of Linux,

Well, duh!

… and we are working closely with our partners to make that happen,” said Oracle CEO Larry Ellison. “Intel is a development partner. Dell and HP are resellers and support partners. Many others are signed up to help us move Linux up to mission critical status in the data center.

I’ve got news for you Oracle, Linux is already mission critical in lots of data centers, including yours. That’s right, Oracle has been using Linux as the platform for delivery of their hosted applications services for years. I am also personally familiar with enough Fortune 500 companies data centers to say that they all have at least one of their mission-critical applications running on Linux. But don’t take my word for it; almost all of them have made public statements in some form or another which indicate that this is the case.

Please, will you folks stop treating Linux like something you are coming along to save from “certain self doom”. You’re not. Most of you are, on the other had, making wonderful contributions, but all of our Linux are not belong to you.

Although this last one isn’t really that big of a deal, it’s yet another example of how marketing people in companies that should know better keep implying that Linux isn’t ready for “real world” workloads.

BTW: I’m sitting in a lousy hotel room in Austin, Texas with NyQuil in my system, feeling sick and extremely drowsy. Maybe I should post while in this state, but I’m doing it anyway (isn’t that one of the corollary definitions of “stupid”?). So, if I messed up a detail or a link, please, let me know, but bear with me. Also, I only have Internet access in the evenings, if it’s working (took a couple of hours to get a stable connection tonight). I’ve gotta go sleep now. I sure hope I don’t feel this crappy, tomorrow. Goodnight.

Rather than talking further about this, I’ll let you read the article. It’s very good. But I would like to point out that there are a lot of parallels in network & systems security that could be drawn here.

I hope and pray that those childrens’ mother will be found soon and that she is all right.

For those who may not be familiar with the Reiser’s, Hans runs Namesys and is a key figure behind the development of the reiserfs and Reiser4 (read about Reiser4 on WikiPedia) filesystems. Reiserfs was the first journaling filesystem for Linux.

In the story, the reporters point out that the police do not regard Hans Reiser as a suspect at this time.

This makes a lot of sense to me, since Nina dropped off the kids and they were with him, she went to the grocery store and never showed up at her friend’s, according to her plan for that day. Her vehicle was found with the groceries inside of it. Though the article doesn’t say anything about it, I have to assume that the police have already verified that she did make the purchase at the grocery store and I would, therefore, also have to assume that they have video of her shopping at the store and leaving it.

There also was no mention of a search warrant for Hans’ home, but I’m sure they had one. I think it was a very good idea of the police to take the precaution of searching his home early on and to use a cadaver sniffing dog.

Much of the investigative processes and police procedure is the process of elimination. They take each possibility one by one and seek to prove or disprove it and move on to the next. That’s the same proccess we computer folk use when troubleshooting a problem. Both investigation and troubleshooting follow this line because it works very well.

A paper license tag, a salad and stories that didn’t make sense pricked the suspicions of a state trooper who stopped the car of a wanted fugitive polygamist in Las Vegas.

But it was the pumping carotid artery in the neck of Warren Steed Jeffs that convinced Nevada Highway Patrolman Eddie Dutchover that he had cornered someone big.

This is an excellent example of security “Done Right”. Dutchover correctly applied behavioral profiling. It takes a smart person with the right training to be able to correctly do behavioral profiling without it degrading into racial profiling or some other mostly ineffectual form of profiling.

Eddie Dutchover, I take my hat off to you and your expert application of such effective techniques. Bravo!

Also, in the same CNN story, you can read about how Utah is getting first crack at prosecuting Jeffs.

There are also a couple of interesting video clips linked within the article. They are linked via a JavaScript thingy, so I’ll refer you to the CNN article to view them (I could work out URLs to give you some direct links here, but I’m not going to take the time to do that, tonight).

Why would this be a problem for them? After all, they are in business to make money, right?

Sure, merchants who accept credit cards pay a small (or not so small, depending on which card we’re talking about) transaction fee plus a percentage of the transaction in order to offer their customers the convenience of card usage. With over 1 trillion such transactions per year, the card processing firms aren’t hurting. But, note that I said the processing companies. That would be companies like VISA, MasterCard and American Express. Card issuers are banks and other entities who actually back the cards. Yes, Amex has their own bank and issue cards, too, and processors like Discover and Diner’s Club only issue cards through their own banks. It’s the banks who receive card payments from consumers. They don’t get a penny from the card processing operations.

So, why would it be such a problem for a bank to get paid?

The banks actually make the vast majority of their credit card profits from the interest charged on card balances. But, as The Wall Street Journal reported, more and more people are paying down those balances. Lower balances equals lower interest payments equals lower profits.

Additionally, more and more Americans are waking up and not only paying down their cards, but keeping them down or getting rid of them altogether once they finish paying the card(s) off.

I say, go ahead; pay those balances off and don’t run your cards up. Especially given the outrageous interest rates people with excellent credit are now paying. Of course, if you know what you are doing, a quick phone call can cut your rates in half.

Call up your credit card issuer (bank, credit union, department store, whomever) and ask for a lower rate. They will almost always give it to you. They want you to stay with them, forever, and they know you’re not going to do it if the interest is bothering you. They would rather keep you for the long haul than see you go bankrupt and never pay on it again.

And remember this: it always pays to shop around for the best deal on anything you are going to buy. That includes money. I always shop for the best price on my money.

I’ll use myself as an example, I pay less than 3% on each of two car loans from my bank. There was no promotional offer or special arrangements through a dealer. I simply negotiated a reasonable deal for all. My bank loves to do business with me. Since they give me a decent price on the money I buy from them, they know I’ll come back. These two cars are number 2 & 3 that I have financed with them (used cars, too).

It’s always worth asking if you can get a better price. Spend one minute negotiating sometime. You might just be surprised at how much money you could save.

Basically, the Federal Excise Tax was introduced in 1898 to help pay for the Spanish-American War. At that time, a tax on phone service was a tax on only the wealthy. The US Department of the Treasury is finally ending this tax.

The result is that all phone companies (including cell phone carriers) must stop charging for the Federal Excise Tax on August 1st. Individuals and business can also file for refunds next year (on your 2006 tax return) to receive a refund for any excise tax paid on long-distance calls since March 1, 2003.

You should read the whole story on USA Today’s website (it’s quite short), as there are some interesting details. For example, there are some narrow circumstances in which you might have to still pay a 3% excise tax.

Here’s hoping you get some bones back next April 15th.