from Scottxyz:
"Go over to slashdot and try talking about "security" and "Access" in the same breath and see how seriously they take you over there - they won't even dignify you with a response, they'll just laugh at you and spray you with onomatopoetic responses like
http://slashdot.org/comments.pl?sid=70364&threshold=1&commentsort=0&tid=103&tid=126&tid=99&mode=thread&cid=6395360because all programmers know there is no security in Access. If Bev wants to leave out references to "one-way dialup modems" that's of course fine - because the fact that a voting system was written in Access is quite damning enough.)"
=====
The slashdot comment:
*choke*
*wheeze*
bwahahahahahahahahahahahah
*gasp*
Wait, these things are already in use?!?
*thud*
=============
Due to the length of that thread, for those on dialup modem, I'd like to honor Scottxyz by reposting his original here:
From Scottxyz
===========
At least one country (Australia) knows how idiotic it would be to use proprietary Microsoft blackbox spaghetti code for something like voting where transparency is vital:
Electronic voting and counting
Development of the system
http://www.elections.act.gov.au/EVACS.html#codeEVACS was written using Linux open source software to ensure appropriate transparency. A copy of the source code is available in a zip file (127 kb). The source code ... is in a separate file (38 kb). For more information contact Software Improvements.
In Australia anyone can download the open-source code they use in their voting systems, so the public can verify that it works. (The same way we know paper ballots work. Voting technology should be transparent, not blackbox.) Of course we couldn't do this in America for "copyright" or "profitability" reasons.
There's no reason for a voting system to be complicated or proprietary
Let me tell you something. I'm a programmer with about 10 years of experience with Microsoft Access. It's considered an insecure "toy" programming environment with minimal or no auditing capabilities and only appropriate for small projects. Access provides two programming languages to work in: SQL and VB (also known as VBA). SQL (Structured Query Language - a rock-solid industry standard that predates Microsoft) is where you write the guts of the system - you define tables (consisting of rows and columns) and then define "SELECT" queries computing totals based on adding together rows from those tables. VBA (Visual Basic for Applications - a crappy Johnny-come-lately language introduced to the programming world by Microsoft, full of weird confusing semi-documented behavior that drives most programmers up the wall for the first few months they use it - and generates lots of fees for Micro$oft at their 900-number help hotline) is where you write the code that displays the screens and menus. It's very easy to write "spaghetti code" in Access's built-in VBA language but a good programmer can avoid that by doing all of the computational work in SQL queries and then using just a modicum of VBA to get the various screens and menus to work together. (Note: You can of course write "spaghetti code" in any language.)
However, for a voting system, only an idiot programmer would write any more than a minimal amount of VB code. There's very little to do here: display a screen, let the user enter a vote, and close the screen.
You only need to define a base table with the votes (this is done in SQL, not in VB), and then write a GROUP BY query in SQL using the base table to tally up the votes. There's no procedural VB coding required for the guts of such a program. A little VB needs to be used to tie the whole thing together with some pretty menus and screens, but it would just be minimal window-dressing. A voting program that does one thing - entering and then totalling up ballots - is about as simple as you can get.
Which just shows how idiotic it is for Diebold to be saying there's anything "proprietary" or "trade secrets" or "copyrighted" here. They may have told their clients it was rocket science (to fatten up their fees), but any first-semester database programming student can write a GROUP BY query in SQL which computes a total. It's not something that needs to be copyrighted or protected like some kind of vital secret. It's about as complicated as doing a SUM() or a SUBTOTAL() function in Excel, which I'm sure many non-programmers have done. The whole notion that Diebold has to "protect its investment" in programming this trivial program is a load of crap.
Heck, right here I can write the a reasonable facsimile of the code that Diebold is claiming is a "proprietary" "trade secret" (and which they probably charged hundreds of thousands of dollars for).
Here's some simple code in SQL to, respectively, define a list of counties, define a list of candidates, record ballots, and then finally total ballots:
CREATE TABLE county (
county_id varchar(127) PRIMARY KEY
);
CREATE TABLE candidate (
candicate_id varchar(127) PRIMARY KEY
);
CREATE TABLE ballot (
ballot_id integer PRIMARY KEY,
county_id REFERENCES county,
candidate_id VARCHAR(127) REFERENCES candidate,
timestamp DATE DEFAULT NOW()
);
CREATE VIEW ballot_total
AS
SELECT count(*), candidate_id
FROM ballot
GROUP BY candidate_id;
Wow. Would you pay hundreds of thousands of dollars for this? Would you let a company clamp a copyright on this sort of standard stuff like it was some kind of "proprietary software"? (Yeah, there'd be a few more wrinkles to handle write-ins, etc - but you get the idea. Not a lot going on here.)
Diebold and ES&S are not only making our elections insecure, they're getting overpaid a lot of taxpayers dollars to do so!
That's pretty much all there is to programming a voting system. Sorry if it's a letdown for folks who think that programmers are geniuses or something but it's really pretty simple to write code that performs elementary addition and subtotalling.
Slap on a data-entry form which gets displayed so the voter can enter data once into the ballot table to cast their vote (Microsoft Access and most other database development environments often have built-in "wizards" which create such a data-entry form for the programmer automatically, or the programmer can roll up their sleeves and work for five minutes or so and make such a form themselves via a graphical programming environment) and then add in some sort of insecure modem-based unencrypted lame Internet communication protocol to send the subtotals down to some central office, and presto! you've got a big government contract for a completely insecure amateur voting system worthy of the slimiest backwater dictatorship!
The straw man: "one way dialup modems"
I won't even stoop to consider (at much length) the silly argument earlier over "one-way dialup modems" because once a machine is on a network a clever hacker - especially an "insider" hacker - can do whatever they want with it - whether or not the user manual says it's using a "one-way dialup modem" (yeah, bear in mind, Diebold says it's a one-way dialup modem. Since we never get to inspect these machines, why the hell are we even supposed to believe this abstruse claim?). Suffice to say that all you need is common sense here folks, and a recollection of what you've read in past few years about viruses running rampant particularly through systems that use Microsoft products. An email comes in (over that ultra-secure "one way modem dialup" connection or whatever the hell that is) and some fool opens it (maybe one of those unauthorized fools with security badges who for some mysterious reason has access to the room where the voting computers are) and then you've got a emailed virus running in the system every time the machine boots up again - a virus which can do all kinds of fun things like change tables in the Access program. (Even without an emailed virus coming in via modem, let's remember there are obviously plenty of other ways to get a virus onto a machine when the contractor can cry "copyright" whenever anyone attempts to look at their pathetic overpriced hodgepodge of hardware and software they have attempted to pass off as a voting workstation.)
But you don't even need such distracting arcana as "one-way dialup modems" or viruses to tinker with the database. Just go in and add and delete some rows like Bev explained in her article. A high-quality database (not Access) could use "triggers" to generate an audit trail to catch such a scenario - but Access doesn't support triggers.
The real smoking gun: TimeDateStampAdjuster
And while we're on a techie discussion... can I rant a bit about that special plug-in Bev illustrated in a screenshot - the one that lets you re-jigger the DateTimeStamp field? What on earth is that doing there?
You can check it out down at the bottom of this page:
http://www.blackboxvoting.com/scoop/S00065.htmYeah, instead of harping all day about the straw man in this case (the "one-way dialup modem") could we talk a bit about that bizarre little add-in called TimeDateStampAdjuster?
Talk about a smoking gun!!! What could that possibly be for except to blow away what little audit trail there might be in Access? There is NEVER any need on a database system to re-jigger a DateTimeStamp that's been set to Now() using the field's default setting when the ballot was first entered. You'd be kind of upset if you found that your ATM had a little add-on like that running on it - the better to post-date your check deposit so it won't be credited to your account on time.
I submit the ONLY reason that little TimeDateStampAdjuster add-in could be in the system is to allow tampering. There's absolutely no other reason to include such an "add-in". The meaning of "stamp" in the name TimeDateStamp is just what you'd think it is -- it's a system-generated stamp which is used to show when a record was entered (or last updated). It's there for security and it's supposed to be read-only - no user's supposed to be able to edit it. You don't "adjust" Time/Date stamps - you let the system generate them and they're strictly hands-off to humans.
Access doesn't actually even have Time/Date stamps - but you can get something similar with a bit of simple coding, using one of two methods:
(1) You can create an AfterUpdate event on the data-entry form, but this isn't very secure because it only works for records being edited via the data-entry form - it doesn't work if someone were to go and tamper with the underlying tables, bypassing the form - which is easy to do if you just (a) use the menu called 'Window' > 'Unhide' to bring up the screen showing all the underlying tables, or, if that's been blocked by some whiz-bang "security" you can also (b) hold down the SHIFT key when you open the database. (This isn't a secret - it's in the Access manual.)
(2) You could define a field and name it something like DateTimeCreated in table ballot and set it to the function Now() so that the current Date/Time is entered into the ballot record the instant it gets entered - but even that could be overridden using (a) or (b) above as well.
But I guess the thugs infiltrating the Georgia voting system were too lazy to go through all that manual labor, so they had the clever little labor-saving add-in called TimeDateStampAdjuster so they could save a few precious minutes while they're sneaking around tinkering with the voting machines. (As we all know from those suspense thriller movies where the clock is ticking while someone's desperately trying to hack into the computer, this can be a high-adrenaline moment, so I guess it does make sense to automate this step so avoid hacker error and make sure the criminals can get in and get out quickly.)
Microsoft Access is a toy database
By the way, as you probably suspected, no ATMs, no flight-reservation systems, no field-deployed Department of Defense software is ever written the "toy" language Microsoft Access. Microsoft Access just isn't used for any major work ever, because all programmers know it isn't able to provide the auditing, security, networking or scalability required for mission-critical projects. The very fact that Diebold was allowed to win a bid for a wide-area network system using the "desktop" database Access speaks volumes about the incompetence of the government officials who ran the bidding process. If I had a potential client needing a wide-area networked database and I had the gall to show up and offer a system based on Access, I'd be laughed out of the room. It's only used for "desktop" or "departmental" databases - it's not a client-server database (it's a "file-server" database, which is vastly inferior to client-server), and it's not secure. And to top it all off, the Microsoft Access password file (*.MDW file) is known to be preeminentaly hackable and crackable.
While some people here are arguing about tangential issues such as so-called "one-way dialup modems", check out what the nerds over at slashdot are saying about the notion of even thinking about using Microsoft Access for a voting system. They find the idea utterly laughable.
Go to this page and do the "Find" command in your browser to search for "Access":
http://slashdot.org/article.pl?sid=03/07/08/1949200&mode=thread&tid=103&tid=126&tid=99Or check out these derisive posts:
http://slashdot.org/comments.pl?sid=70364&threshold=1&commentsort=0&tid=103&tid=126&tid=99&mode=thread&cid=6395360http://slashdot.org/comments.pl?sid=70364&cid=6395382As you will notice, programmers don't even bother to get bogged down in the niceties of so-called "one-way dialup modems" - for them, the very idea of using Microsoft Access for something as serious as a voting system is humorous and/or horrifying enough in itself.
And if you're still uncertain about what a hacker can do once a modem is established check out the popular hacker program "Back Orifice" (a kind of disgusting-sounding name parodying Microsoft's "Back Office" product):
http://www.nwinternet.com/~pchelp/bo/bo.htmlBack Orifice is not a virus. It is in essence a remote administration tool.
It gives "system admin" type privileges to a remote user by way of the computer's Internet link.
What does this mean? It means that if Back Orifice is running in your computer, a remote operator anywhere on the global Internet can gain access and do almost anything you can do on your computer -- and some things you can't do -- all without any outward indication of his presence.
A modest proposal - from a programmer
How's this for a voting system: Carbon-paper ballots, in triplicate. Voter checks off their choices. White copy goes in the white bin (tallied by Republican-appointed polling officials). Pinnk copy goes in the pink bin (tallied by Democratic-appointed polling officials). "Goldenrod" or "canary" copy goes in the yellow bin (tallied by a UN-approved auditing company).