If voting software is open source, the code is available for anyone to see. And every .org that analyzes software for exploits will be scrutinizing it in a way that proprietary just never could be. This isn’t even controversial.When referring to Linux vs other operating systems, you are probably correct. But anyone has access to those programs. With the voting programs not quite so much, hence the lawsuits to gain access that have been filed.
Some places use weighting, ranked choice elections.
I'll take your word for that, seriously. And agree.You don’t know what you’re talking about. Open source software is heavily scrutinized by experts all over the world in a way proprietary software cannot. Open source software is in use in many critical systems today, and I trust it in our systems way more than I’d trust proprietary software.
If voting software is open source, the code is available for anyone to see. And every .org that analyzes software for exploits will be scrutinizing it in a way that proprietary just never could be. This isn’t even controversial.
I mentioned the rank-ordered voting as to why there would be a need for a system that includes weighing.Weighted or rank-order elections is just a little more complicated to tabulate, but the algorithms should absolutely be open source to ensure the weighting is computed according to the laws that define it.
Once again I believe you. I'm just having a problem seeing how it's easier to hack a program you don't have access to vs one you do. For most/all software on the open market, yes open source is better. But were not talking about software that is generally available on the open market.If voting software is open source, the code is available for anyone to see. And every .org that analyzes software for exploits will be scrutinizing it in a way that proprietary just never could be. This isn’t even controversial.
Weighted or rank-order elections is just a little more complicated to tabulate, but the algorithms should absolutely be open source to ensure the weighting is computed according to the laws that define it.
Right. And I think that’s a case that especially needs transparency since it’s not just simple tabulation, but requires an algorithm that is defined by the law. I don’t want to just trust some proprietary system that it is per the law, no matter how much testing is done. For one thing, if I see the code, I can determine edge cases that aren’t apparent from the specifications.I'll take your word for that, seriously. And agree.
I mentioned the rank-ordered voting as to why there would be a need for a system that includes weighing.
If it’s open source, yes, it’s available to the open market/general public. You only need to figure out where the repository is. In my world, if it’s java or JVM based, it’ll probably be in maven central. Or regardless, you’ll probably find it on github. Its availability is only obscured by lack of knowledge. Google is your friend for finding technical information. It’s only your enemy for political stuff.Once again I believe you. I'm just having a problem seeing how it's easier to hack a program you don't have access to vs one you do. For most/all software on the open market, yes open source is better. But were not talking about software that is generally available on the open market.
I can go to my local shop and pick up a copy of Linux, Windows, Apple, etc. Can't quite do that with voting software.
When Dominion staff are worried about machines being accessed from Kosovo, and rather or not it was an authorized user(which would have been allowed) the entire "not internet connected" kind of goes out the window doesn't it. That apparently is just another lie they told to keep the sheep calm.
What “sources” would you deem reliable?Hmmm... staffer accessing corporate email (Office 365 with Okta multi-factor authentication) via phone... and the geo-tag of the IP address investigated. (hint: it would be alarming if it had NOT been investigated)
Not the same as voting machines connected to the internet... at all. Not remotely even close... unless Dominion's Office 365 email service was hosted on Michigan voting machines instead of the Microsoft cloud.
The sources you are relying upon to interpret this for you are unreliable... grossly unreliable to the point of me questioning if they are intentional in this. Or just incompetent/ignorant.
Part of the reason I "don't believe"... because every time I look at the supposed smoking gun/Kracken evidence, it's proven to be bull**** under the even the most basic investigation based upon the evidence THEY present.
In theory, yes. In reality... not so much.If voting software is open source, the code is available for anyone to see. And every .org that analyzes software for exploits will be scrutinizing it in a way that proprietary just never could be. This isn’t even controversial.
Weighted or rank-order elections is just a little more complicated to tabulate, but the algorithms should absolutely be open source to ensure the weighting is computed according to the laws that define it.
CNN and MSNBC, of course...What “sources” would you deem reliable?
I didn't rely on any other source to debunk that claim other than the evidence "they" presented with their gross mis-representation... so definitely NOT this one.What “sources” would you deem reliable?
Do you believe any whistleblowers?I didn't rely on any other source to debunk that claim other than the evidence "they" presented with their gross mis-representation... so definitely NOT this one.
This is Trump Tower/Russian Alfa Bank hyperventilating bs.
Any? Yes, if there stories and facts add up and are independently verifiable.Do you believe any whistleblowers?
We dealt with log4j too. Nice thing about open source software is that when vulnerabilities are found there are lots of CI/CD tools to continuously scan for libraries that contain them. I’d trust open source voting software over proprietary any day. And not just because of being more robust. Does it tally correctly?In theory, yes. In reality... not so much.
One of the most used Java utility libraries (log4j) had to have an initial exploit uncovered in the wild to welcome the scrutiny that uncovered... multiple other vulnerabilities.
The Apache Log4j vulnerabilities: A timeline
The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded.www.csoonline.com
I lived through this... no fun.
Personally, I'd take a white hat hacker community/conference bounty over "someone in the OS community is looking" every time.
And all of the automated vulnerability, library dependency, etc scan tools are available and should be standard practice/gates to proprietary software as well.We dealt with log4j too. Nice thing about open source software is that when vulnerabilities are found there are lots of CI/CD tools to continuously scan for libraries that contain them. I’d trust open source voting software over proprietary any day.
I must be dense... how can it not without being immediately apparent?And not just because of being more robust. Does it tally correctly?
It is where I work. I don't write open source software. I write proprietary software. We use open source third party libraries and frameworks, almost exclusively. Our code is scanned for bugs, potential vulnerabilities, and use of library versions that have known vulnerabilities.And all of the automated vulnerability, library dependency, etc scan tools are available and should be standard practice/gates to proprietary software as well.
No such claim has been made. But it's as close as we get. Sometimes there isn't an open source solution. But there should be. We do use some proprietary libraries. But we don't have transparency in those unless we reverse engineer it, which is a violation of terms of use. We trust it follows their published specifications.Having said that, open source is no panacea... some OS has broad and lasting community support, other projects, that support lapses and those frameworks/libraries/etc increasingly become proprietary to keep relevant or must be re-factored out.
Of course not. No one said otherwise. But, for most common tasks, OS has something robust with wide support. When we decide to use an open source technology, we have a process to vet it. It has to go through approvals. It has to be on the list of approved technologies. One of those considerations, of course, is active, ongoing updating. If activity on a project falls off, that technology falls off the list.Not all OS has a retains rebust community support.
I wouldn't rule out the former.I must be dense... how can it not without being immediately apparent?
Of course there's the paper trail. And yeah, it needs to be a team effort.Each of these voting terminals prints a paper man/machine readable ballot which is then scanned at the drop box ('member the issue in Maricopa AZ where the ballots wouldn't scan for a couple hours?) There is literally a 'paper trail' as well as the equivalent of 'double entry accounting'... triple actually for in person voting... signed in voters, voters/votes at each terminal, the paper ballots. To 'stuff' the in person voting, you've got three checkpoints to cover.
Is that really a serious question? Or are you trying to introduce a little passive aggression?And yes, i review my printed paper ballot... don't you?
Ditto.It is where I work. I don't write open source software. I write proprietary software. We use open source third party libraries and frameworks, almost exclusively. Our code is scanned for bugs, potential vulnerabilities, and use of library versions that have known vulnerabilities.
And I would suggest that voting system software falls into this... more on my search of OS voting s/w below.No such claim has been made. But it's as close as we get. Sometimes there isn't an open source solution. But there should be. We do use some proprietary libraries. But we don't have transparency in those unless we reverse engineer it, which is a violation of terms of use. We trust it follows their published specifications.
Yup and the presumption is that voting is a common task and has (or should have) a well-supported OS community behind it. My limited search yielded the Open Voting Consortium. Their support site is not whatchumitecall trust-inspiring.Of course not. No one said otherwise. But, for most common tasks, OS has something robust with wide support. When we decide to use an open source technology, we have a process to vet it. It has to go through approvals. It has to be on the list of approved technologies. One of those considerations, of course, is active, ongoing updating. If activity on a project falls off, that technology falls off the list.
Nor would I, hence the reason I offered it, lol!I wouldn't rule out the former.
Ignoring rank order voting - IMO it's a solution in search of a problem, and the wrong solution at that - I'd say you need better QA's and better SMEs/Product Owners to define the acceptance criteria!Seriously, if I wrote code to tally votes, I think I could make it very difficult to detect that it's favoring one party over another, while still passing acceptance testing. Especially with something more complex like rank order voting. As long as I make it pass acceptance testing.
I think you're making light work here...Of course there's the paper trail. And yeah, it needs to be a team effort.
Perhaps I should have specifically phrased it with the indefinite "you" as in "doesn't everybody?" Which we know the answer to that is no.Is that really a serious question? Or are you trying to introduce a little passive aggression?