Nothing is impossible to find.

Hacker stryde.hax posted this article yesterday which indicates that he believes that he has found evidence of the underage status of one of China’s medal-winning Olympians. Additionally, he has requested that screenshots of the offending documents be posted on people’s blogs. In the interest of net-neutrality and in the face of censorship, here they are:

The name of the Olympian in question is: He Kexin (何可欣)

You can read more about how stryde.hax found these spreadsheets at his blog. There would be need for further verification of this, of course. Or, the could be an instance of sensationalist frenzy which would result in some people losing face. Either way, there you go.

Don’t forget to wear a condom.

The comic this morning on xkcd is a good example of arguments for and against electronic voting.

Read it. Careful though: it is funny, so the humorless fascists for whom you work may have blocked the site and also be in the business of firing anyone who tries to access it.

Regardless of that, it is a little ridiculous to have anti-virus software on a voting machine. A voting machine should probably not be network connected. If it is in fact network connected, then we shouldn’t have had the problems that we did with corrupted SD cards not having the voting data when needed. These things each indicate other problems as well.

First, if a voting machine is online, it is immediately insecure. All computers are prone to attack through either a network interface or by way of physical access to a machine. That said, some computers are more secure than others. Those computers used for high-profile applications—such as, I don’t know, off the top of my head, uh, VOTING—will of course be more delectable targets. So, possible operating principle number one: keep voting machines off-line.

Then, if a voting machine is off-line, why does it need virus protection software? The SD cards used for transporting data—the insecurity of which we will get to in a moment—should be checked for any virus or malware IMMEDIATELY BEFORE they are being placed into a machine. Ergo, there should never have been any need for virus protection software on these machines.

On to the point of XKCD this morning: What operating system is running on these voting machines and what is it doing? I am not sure, but I am just going to take a gander that is was Windows XP, or some-such. Now, Windows is known for: crashing, being-virus prone, being entirely insecure in the case of physical access to a machine, and a laundry-list of other fun things. Firstly, Windows should not be the operating system of choice for this application. There are more than enough compelling reasons to take that right off the table. Therefore, we should assume that there was a contract—read: set of payouts, kicks-backs, or other reward perks—involved between Premier Election Solutions (a.k.a. - Diebold) and Microsoft.

Let’s look at this again. Logically, so far, we have decided that: 1) voting machines should be using a secure, robust operating system, 2) voting machines should not be networked.

Or should they?

Is it secure to have votes stored in .xls (Microsoft Access) files and then transported on SD cards to a computer terminal by some flunkie (read: election official or Premier Election Solutions Employee) for transmitting over what one would hope are secure channels?

No, is the only answer to that question, by the way. PHYSICAL ACCESS to data is the point of least security. Swapping cards is just the easiest way to corrupt/alter the voting data.

The alternative: a networked voting machine which is connected to several sets of voting servers around the country—redundancy, in this case, is security, or at least accountability—via port/transport-encrypted connection protocols. The data is transmitted and tabulated at these central sites, plural. The data that is transmitted is stored on a separate physical disk from the operating system. That disk is encrypted and, if it is an SD card, there is no physical access to it—like a slot that it plugs into. Screwdrivers with weird noses are in order if you want it out.

When the data is transmitted, it can be in the form of an encrypted binary image of the disk. This is more secure than an .xls stored on an SD card. All of this will happen when the decentralized server farms call the data in at the end of the election. Also, at the end of the election, a printout could have a per-transaction list of the data received from the voters at each site. There are a number of ways to maintain the anonymity of the voters. Remove names, randomize times, etc. This printout would also be output electronically so that it can be stored for checking results, if there is a dispute.

Votes are tabulated/reported faster. The security is better—though only as good as its worst implementer. Everyone goes home happy-ish. Or at least as happy as they were before the election.

Back to the original topic: virus software. Here’s a fun thing: often, these days, viruses are written to attack and corrupt the virus protection software itself. Like real-world pathogens, they have adapted to attack the defenses first, and then go for the soft belly. So, if your computer is riddled with viruses, start over. This time, don’t use the virus software. Just use a malware detector like Spybot - Search & Destroy. In the distant past, when I still bothered with Windows, this was my virus-protection scheme, and it worked like a charm. My dad has been doing the same thing for years, and it works like a charm.

Again, back to the original topic: voting machines should not have Windows on them. Neither should servers. Linux is working all over the computing world on servers and in embedded devices for applications which require a great deal of security and require the OS to be robust—i.e. - not crashy. It comes in all sorts of flavors. It is scalable, customizable, and the source code is open. In other words, the kernel—most basic part of the operating system—can be fully customized to run exactly what is needed in the hardware, which also limits security gaps. It is also good at all the things that we talked about above: transport encryption, disk encryption, complicated networking schemes, redundancy, binary image backups. It also doesn’t have that nasty habit of crashing and dying forever. If it crashes, it can reboot, and it will be fine. This can even happen automatically since parts of the system can be restarted without your ever having to know about it in a user interface.

I don’t want to sound like an evangelical Linux user, but I am. And I will also admit that Linux is not for everyone—a statement that I do not fully believe, but which I will allow at present. It is however, perfect for an application like running voting systems. Even if you ran a Linux system comparable to what is running now on these silly machines, the problems would scale back immediately.

So, take that for what it’s worth. I felt that the comic was funny, but might need a little further explanation. There you go.

Oh yah, disclosure: This post was written from a laptop running an unnecessarily secure Ubuntu install, backed up on a server in my house running Debian and transmitted to the internet via a router running the Linux-based DD-WRT to a—you guessed it—Linux web-server share running WordPress. This blog post is delivered to you using only open-source operating systems and applications on our end. I can’t vouch for what you used to view it, but if you used Firefox, it’s a step in the right direction.

Testing… Testing. Is this thing on.

We are always, it seems, interested in measuring or coding personality. I read this article [PDF] this morning over my coffee and found it fascinating. The results aren’t necessarily fascinating, but the idea is.

The gist is: can we something about the personality of an individual based on their e-mail address? This is an age-old question, of course. The primary use of astrology, in this author’s estimation, has been to parse personality traits. For example, Virgos are particularly mercurial. Their interests wander and range vastly. Is this true? Well, it probably is, for some.

The difference between the former and latter types of personality profiling is that the former uses a trait generated by the individual in question, whereas the latter has very little to do with them, at least on the surface. Then again, perhaps there are more factors that we are not considering, such as weather, personalities of parents and mood/temper changes based on time of year. Who knows?

Then there is the personality inventory. I took my first one a few years ago as part of a study conducted by a counseling psychology student for her thesis project. She was testing the Minnesota Multi-phasic Personality Inventory. I’m not sure about the particulars. Regardless, the questions are tricky and vague, but their compiled results are supposed to tell you something about your personality. My test indicated that I either had a personality disorder, or was a genius. Now, I don’t think that I am a genius, not even a little, but it was the more comforting alternative. There was more to it than that, something about frequencies, blah blah. Boring stuff. Sort of.

It made me interested in these types of tests though. Do they really tell us anything about ourselves, and, if so, what?

A few years later, I took the Myers-Briggs test. This one I liked. The results are a bit more human-readable—not that psychologists are not human, but well, you get what I mean. Since taking this, I have always tested the same way, which is also interesting. The questions on different exams will vary greatly, but they are designed to indicate personality traits when answered in a specific way.

I am an ENTJ [Extraversion - iNtuition - Thinking - Judging], apparently.

You have the following traits as options: Attitudes—Extraverted or Introverted, Functions—Intuitive or Sensing, Thinking or Feeling, and Lifestyle—Judging and Perceiving.

Here are a couple of tests for your enjoyment. These are obviously just intended for online amusement, not for real use. These type of assessments are best administered by a professional. But, then, when have we ever cared about that. Each one takes about 4-5 minutes. If you have a few minutes to kill take one—or more—and post the results as a comment here. It would be interesting to see what sort of personalities we all have, wouldn’t it?

A general Myers-Briggs assessment

An assessment for programmers

An interesting assessment with sliders

Well, that should help you to waste about 15 minutes today. Try it out and post the results.

for humor.

Yesterday I got an e-mail from my mother. This is not an uncommon event, but the e-mail was uncommon. She indicated that when she attempted to click the link my my blog-update email, that the computer told her that the web page was not accessible because it contained humor.

Humor?

I was blocked by a server for being funny. I don’t really think that I am funny, but I am on someone’s radar, I guess. I wonder if there is a list published every month with the URL’s of websites that may or may not contain humor. Either that or a great deal of people are reading this blog at that particular place—no names, protect the innocent—and the sysadmin caught it.

I get it, really. No one wants employees surfing the internet during work. Sure. I just cringe at the idea that we block we content because it contains something funny. I think that I might lose my mind if I couldn’t read humor online in between other tasks. We might see an increase in postal-employee-psychosis-style freakouts.

My advice: read this blog at home. Don’t get fired on my account.

Mom, et al: wear Kevlar to work, and have humorless attack drills regularly so that everyone knows what to do if someone loses it because they couldn’t read Dilbert that morning.

And me, well, I probably get flagged for stuff all the time. We live in a world of paranoia and flagging of “sensitive” data, risks, shady people, people who aren’t shady but might be in a place that is known to have other shady people in it: these are all very common. I know my passport has been flagged before, but never for being funny.

but your laptop closer.

An article on Slashdot [http://yro.slashdot.org/article.pl?sid=08/08/01/0958242] this morning discusses the Department of Homeland Security’s policies regarding the seizure of laptops and other personal data storage devices at border patrol points. Apparently this also includes scraps of paper which may be in your pockets. The scary part about this policy is that it extends to American citizens as well.

I myself have nothing to hide on my laptop, but I also have data that I don’t want anyone else to have. My research and writing is all on there. Possibly credit card data, who knows? I feel like this is privacy-invasion-ey. I’m getting a little sick of terrorism as a crutch for stripping away civil rights. Where do we live again?

I’ll probably be arrested at the airport later this month after writing this blog. Kidding. Kind of.

Any thoughts?

This guy, Tim Krieder, is brilliant. Today’s comic is particularly good; and poignant.

http://www.thepaincomics.com/weekly080730.htm

Enjoy.

because it is none of your business.

I just heard retired U.S. Army Lt. Col. Robert Maginnis indicate—with regard to the “Don’t Ask, Don’t Tell” policy employed by the U.S. Armed forces for discriminating against homosexual service-people—that “when you raise your hand to swear to defend the Constitution, you are giving up some of your rights to free speech.”1

Really?

I don’t remember seeing that in the constitution. Listen to the full discussion on the Diane Rehm Show.

———

1 Diane Rehm Show, 24 July 2008

n. - the opposite of innovation.

Yah, I made up a word: sue me. Actually, don’t sue me. I can’t afford that right now. Between preparing to move out of the country and writing chapter 4 of my thesis—a job I do for very little pay—I’m not in any position for an out-of-court settlement.

More to the point though. I caught the following quote this morning, and this was the word that came into my brain.

It’s not the genius who is 100 years ahead of his time but average man who is 100 years behind it. -Robert Musil, novelist (1880-1942)

It is absolutely true, by the way and it reminded me of a discussion that I had with my dad after my last post regarding the state of innovation in our current economic and social climate.

What we decided was that the best thing for a struggling economy/company/city is to let it fail, unless it is willing to change.

Case in point: General Motors. Old, good company. Makes cars. Could be substituted with any of the other major American automotive companies. They haven’t really committed any serious innovation in the past century. Cars are, with many bells and whistles aside, primarily the same as they were 100 years ago. They still operate under the same principles, for the most part, and the end result is the same. If you disagree with this, then you haven’t looked under the hood of any car. I would suggest then that you find a Model-A and dismantle it. Then, find a late model Mustang and dismantle it. Put both of the back together. You’ll see what I am talking about.

Now, there are some companies which have committed innovation. Any company that is putting a solar panel on the top of a car to give extra power for the air-con—Toyota—is innovative in this climate. Running cars on hydrogen fuel cells, hybrids, electrics, and plug-in models are all innovative.

General Motors—our present case-study—has done none of these things. And I don’t want to hear that GM has the Volt, an electric concept car. It is too late for concept cars. Please move to the back of the line.

Back to the crux of this line of argumentation: GM has made no major innovations of late, possibly ever, and yet they and their investors are worried and scrambling to figure out/fix their current financial problem. However, nothing they do will make any difference.

They already have the only solution to their problems, but it is just a concept car. They could save the company and generate a huge amount of business if they were just to release that car, and all problems along with it. It wouldn’t be for everyone, of course. At first it would only be for the brave who don’t mind being late because their battery died or something. It would be for those who are willing to test and try and see how it works. The deal that would have to come along with it, of course, is that the dealers would have to service anything that went wrong with the car free-of-charge and immediately. Throw in 24-hour tow-from-anywhere-and-take-you-home service: brilliant.1 They would change everything.

The only other thing to do now is to simply let it die, which is more likely. Maybe the market fallout from that will take the other big two with it. We can only hope.

I know, I’m a horrible bastard for wishing such fates on American companies. “Do [I] know what effect that would have on so many Americans’ lives?” Yes, I do. But, do you know what else would happen? Some genius young engineer, right in line with his time, will be able to step up and do something brilliant. This time, though, he won’t have the added innovative hurdle of having to either out-shout the “Big Three” or be subsumed into them and destroyed by their contrary interests. Jobs and economic development to follow.

We haven’t seen a Thomas Edison, Alexander Graham Bell, George Washington Carver, or any of their ilk in such a long time that we wouldn’t know an innovator if they punched us in the face. Maybe it is time for some knock-outs, but they won’t come until the big, stupid brutes die off to make way for the skinny, malnourished geniuses.

———

1 This idea was lifted directly from a phone conversation with my dad yesterday. Dad: it’s a great idea.

that I am turning into my father

Not that it is a bad thing. Quite the opposite, in fact. However, my dad seems to have this weird set of things that happen to him. For a long time, I admit, I thought that it was because he is just particular or fussy in certain, strange ways. For instance, he used to tell us that he believed that he had a sign on the top of his car that was invisible to him—but visible to assholes—which indicated that people should drive like assholes when they are around his car.

The scary thing is that it does sometimes seem that way.

Another seemingly odd thing is that my dad will only wear Jack Purcell sneakers. Now, this wouldn’t be odd, except that the late, great Hunter S. Thompson also only wore Jack Purcell sneakers, and that they have become increasingly hard to find. My mother, bless her, goes to relatively extreme lengths to procure said sneakers for my dad. Or at least she did until the advent of really good internet commerce. Now I think that she buys them online.

This is not the only thing that my dad has trouble finding though. It seems that almost everything that he likes simply goes out of business, becomes unsupported, or disappears completely. Other things, like hand-held computers—which I argue have just evolved in ways that have made them unrecognizable, though Dad has compelling arguments as to why this is not the case—have gone out of vogue to the point of non-existence. Certain very good spam removal software, cordless 18v power tools, computer peripherals, et al have simply ceased to exist once my dad has taken a liking to them.

Now, this has happened to me to some degree in the past. Something that I buy once, and then like, seems to not be available when I go back to get more. It has usually been something that I could take or leave: nothing too important.

Until today.

This morning I went to buy deodorant. I have a brand and type that I particularly like because it has no aluminum in it and yet it still acts as a deodorant. It is Adidas brand Cotton Tech antiperspirant produced by COTY. When I left for Egypt last fall I took 8 sticks of it with me because I like it so much.

Now, it isn’t that this is just a brand or a type that I particularly like, but it is the ONLY antiperspirant on the market that doesn’t use aluminum. It uses some other stuff, like powdered cotton, and it is the best deodorant I have ever used, and the only one that has ever really worked.

The ONLY ONE on the market, keep in mind.

So, I go to the store today to get that and a few other things. I don’t see it. Finally, I spot the Adidas brand deodorants. I look at the labels. Those labeled “deodorant” have no powdered cotton stuff in them. Those labeled “antiperspirant” ALL have aluminum in them. Then I spot one that boasts about cotton something. I pick it up, thrilled—though the packaging is very different than what I am used to—and swiftly realize that it is not what I am looking for.

This antiperspirant has the same cotton stuff that my old one did AND is has aluminum zinconium—or some equally heinous-sounding shit—in it.

Damn, I thought, and decided that I would just check at a different store. I did, and they didn’t have what I was looking for either. They had the women’s variety, though.

So I figured that I would just come home and look online and then buy it on the internet.

Oh no. No, no, no.

I looked EVERYWHERE for this stuff. I even copied the information off the label of the last stick that I have. Nothing. NOTHING.

It is not jsut as though this stuff doesn’t exist, it is as though it has never existed. There is no evidence of it ever having been sold anywhere.

Fickle internet.

So here I am. Without deodorant—though I know that I left about 3 sticks of it in Egypt and am now fiending to have it when I go back in a month and a half. I have exhausted every online source for deodorant and I can’t find a single stick. Even if I could, I wouldn’t be able to buy enough of it to keep me in aluminum-free antiperspirant for the rest of my life, which is what I would need.

So, I am furious. The problem, again, is not that I liked the brand or that type or anything and could easily replace it with something similar. The problem is that there is ABSOLUTELY no other similar product on the market.

So, my options are as follows: 1) Find this stuff and stockpile it if it is the last thing I do. 2) Write an angry letter, receive no response. 3) Find an alternative that doesn’t even come close to doing the same thing. 4) Stop wearing deodorant altogether. 5) Learn more chemistry. Find the ingredients on the label of the one remaining stick that I have in my possession—read: cold dead hand. Create a concoction based on these ingredients and then use the ol’ trial-and-error method to sort out the proper proportions and method for making it.

I carry the curse of my father: the curse of liking brilliant things that are destined to either fail or simply disappear from the consumer market.

I suppose that I will go back to writing my thesis now, just sweaty and smelly.

Damn.

Itchy and Scratchy

I came down with a rather bad case of poison ivy last week. I was absentmindedly pulling weeds and likely picked it up then since I wasn’t wearing any gloves, which is abnormal.

In any case, I usually don’t have any problem with it. The point of contact is itchy for a few days, I put calamine on it, it goes away. This time is totally different.

I have had it since last week and it has been spreading. I think that this occurs while I am sleeping so I am reduced to sleeping in a burqa to keep myself from making contact with my own skin.

The funniest part about this experience, though, is the advice that I have found for getting rid of it.

I was, against my better judgment, trolling Google last night looking for remedies. I found the usual sort: calamine, steroid shots, vitamins, etc.

Then I found a treasure trove of insanity. There were recommendations that poison ivy victims use everything from hair dryers to cool whip to saran wrap on their poison ivy. They went something like this:

“I had poison ivy a few years ago, and it was so bad and nothing worked so in desperation I mixed together a paste of bleach, oatmeal, furniture polish, and baking soda. Then I spread the mixture on my poison ivy and wrapped it with saran wrap for five hours. Then I removed the saran wrap and used the hair dryer to dry the mixture into something just shy of concrete and then sanded it and the rash off my skin with a belt-sander. I never got poison ivy again.” – Ralph, Oklahoma, 2001

“When we were little, and got poison ivy from playing outside in the woods, my grandma would draw us a really hot bath, as hot as she could get it. Then, she would pour kettles of boiling black tea in it and tell us to get in. It scalded something terrible, but when our skin finally healed from being scalded, the poison ivy was gone too!” – Sally, New Jersey, 1997

“I get poison ivy every summer because my cats play outside and then come in and I pet them and end up with it all over my hands and neck. Every summer! I don’t know, I just love my cats! So, now I take 8000mg of vitamin c and 10000mg of zinc and wash it down with a tea made of poison ivy leaves, cat hair, and acetone. It works like a charm! I have to carry my liver around in a bag from all the vitamins, but I haven’t had poison ivy in 10 years!” – Gertrude, Idaho, 2006

The moral of the story: don’t google your symptoms, or about any sort of home remedy unless you want to be amused. People are crazy! For now, I am sticking with the way that has worked for me in the past, that my grandma recommended to me one time: cover my entire body in a paste made of baking soda, cut a clove of garlic in half, put one half in my mouth and bury the other half in the yard where the poison ivy is, do a little dance, and take a hot shower, then a cold shower, then a hot shower, then a cold shower, then a hot shower and then dry myself off with a hair dryer with a diffuser attachment.

Then I am going to judiciously apply calamine and aveeno, remember to take my vitamins and hope it goes away by the end of the week.

Wear gloves and long sleeves folks.