Re: Vote verification --- a futile exercise?

2002-04-05 Thread Richard Braakman 

On Thu, Apr 04, 2002 at 06:49:09PM -0500, Jeff Licquia wrote:
 Not necessarily.  [...]

Interesting scheme.  It makes some assumptions about living habits that
might not be correct for Debian developers, though :-)  (For example,
I send most of my mail around noon and around midnight.)

A more effective version might be to monitor mailing list activity directly
to see which times to target.  This would be especially useful if you can
stir up a discussion in which people state their support for one of the
candidates.

One way to prevent this might be to use batched mails, for example a server
that collects mail for a whole day and then forwards them (in random order)
to the vote counter in one batch.  This can be defeated by collusion between
the vote counter and the operator of this server -- but we're already assuming
anonymous mail, right?  The requirements would be the same.  In fact
existing anonymous mail services already use such batching and reordering,
though not on the scale of whole days.

In the extreme, every voter could operate an anonymous mail gateway for
this vote.  If there is collusion between *all* the voters, then there
is little point in voting :-)  However, this would ignore the problem
of voter apathy.  I'm afraid that this whole scheme fails requirement 0:

 0) Voting should be easy for the voters

Making voting difficult will introduce a bias that favours extremists.

Oh... I just realized that per-day batching would still not work.
Suppose the vote taker's favourite candidate does something really
unpopular halfway through the vote (such as revealing his Secret Master
Plan to Take Over the World).  In that case, dropping votes from the
second half of the voting period could affect the outcome.

 [Again, not that Manoj would ever do such a vile thing.]

Indeed.  We're geeks, and the election is a new toy that we're taking
apart to see how it works :-)

Richard Braakman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Vote verification --- a futile exercise?

2002-04-05 Thread Anthony DeRobertis 


On Friday, April 5, 2002, at 04:51 AM, Richard Braakman wrote:

 Indeed.  We're geeks, and the election is a new toy that we're taking
 apart to see how it works :-)

rant

Yep. And we'll eventually come up with something that works 
perfectly every time, never allows fraud, vote selling, etc.; 
allows you to change your mind; does not force you to vote for 
one of two major parties; and can be understood by anyone 
willing to take the time to learn it.

Then someone --- let's call them SoftMicro --- will come out 
with a voting system that is plagued with security holes, 
routinely has votes and entire elections stolen, forces people 
to vote for the one major candidate or have his vote effectively 
not count; counts votes using some contortionist's dream, 
understood by no one (source is not available); and eventually 
spits out a random result each time (when it doesn't crash 
completely, requiring a new election). People will flock to it 
in droves.

/rant


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Transcript of the Debate

2002-04-05 Thread peter karlsson 

Anthony DeRobertis:

 Hmmm? See time stamp 15:05. After that they are called 'bdale',
 'Branden', and 'Raphael'

Ahh. I see. I only looked at the first page and saw the aliases. Silly me...

-- 
\\//
peter - http://www.softwolves.pp.se/
  Statement concerning unsolicited e-mail according to Swedish law:
  http://www.softwolves.pp.se/peter/reklampost.html


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Election status

2002-04-05 Thread Sven 

On Wed, Apr 03, 2002 at 02:27:28PM -0600, Manoj Srivastava wrote:
 Sven == Sven  [EMAIL PROTECTED] writes:
 
  Sven Was this md5sum not supposed to be sent in the aknowledgement
 
   ``Supposed'' to be? I don't think that it was decided to
  modify the vote system, no. The best I recall is some discussion last
  year about secret ballot protocols, but that is as far as it went.

Well, i did not yet receive any kind of aknowledgement for my vote, but as i
understood, it should contain some kind of id or something which i can use to
check that the voting script did its job right.

And the problem is not so much to check that there is not some evil intention
on the vote-master's part or something such, just to check that the voting
script did not misfire.

  Sven mail of the ballot, so it would only be comparing two md5sums,
  Sven quite easy to do. Two cutpastes should do the job, nothing
  Sven arcane involved here ?
 
   And, of course, you then lose the benefit of having the
  md5sums, since I could slip the same md5sum to more than one
  person. I guess it would still be a deterrent, since I would never
  know who all did not really check the md5sum.

Yes, sure, but that is the real problem.

   Is it really that hard to run md5sum? Can we really survive as
  a project if the developers feel that way? 
 
   Allow me to demonstrate. (Note: since my userid is
  srivasta, and if my secret token was 0123456789ABXDE, then i get:
   -
   % echo srivasta 0123456789ABXDE | md5sum
   f305c07513500e690a7f98f10c52a7fc
  --
   I can even do this:
  % egrep $(echo srivasta 0123456789ABXDE | md5sum) tally.txt
 and see that my vote is valid.  

Ok, no problem, 

The difficulty is that we are speaking about id + vote + secret word, and that
the way of concatenating them is not clear.

There would be a difference between :

% echo srivasta 0123456789ABXDE | md5sum
f305c07513500e690a7f98f10c52a7fc

and

% echo srivasta0123456789ABXDE | md5sum
3fd531504123df0165a3be23f4d8a33d

Now, what about the vote part, should i use the whole text of my signed
ballot, the unsigned version, (which will yield a multiline text part to
md5sum) or a simple shortcut thereof. Or maybe we should forget about this
part ?

   How hard was that?
 
   I guess I'll change the ack to put i a command line. I am not
  going to ship the md5sum in the ack, so there. 

The main problem here is what exactly we are to md5sum, not the fact that we
shall md5sum something.

Friendly,

Sven Luther


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Vote verification --- a futile exercise?

2002-04-05 Thread Jeff Licquia 

On Fri, 2002-04-05 at 04:51, Richard Braakman wrote:
 Oh... I just realized that per-day batching would still not work.
 Suppose the vote taker's favourite candidate does something really
 unpopular halfway through the vote (such as revealing his Secret Master
 Plan to Take Over the World).  In that case, dropping votes from the
 second half of the voting period could affect the outcome.

You'd have to be able to predict that the candidate would have such a
plan, and would reveal it in the middle of the election.  This might not
be a problem if the CTF is also the Second-In-Command, Evil Plot, Inc.

The general problem still remains, however: if the CTF can drop random
unknown votes, and if the CTF can correlate any outside event with
probabilities in voter activity times, then the CTF can exert influence
on the election results.  Even something like a popular tech conference
(Euro voters are all at CeBIT this week) or a holiday (all the Irish
developers are too busy partying to vote on St. Patrick's Day) could be
used.

Using this protocol, the best solution to all these problems is voter
vigilance.  If enough voters threw a fit that their votes weren't being
published, then (as you pointed out), the whole election process could
be stopped pending an investigation.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Election status

2002-04-05 Thread Manoj Srivastava 

Sven == Sven  [EMAIL PROTECTED] writes:

 Sven Well, i did not yet receive any kind of aknowledgement for my
 Sven vote, but as i understood, it should contain some kind of id or
 Sven something which i can use to check that the voting script did
 Sven its job right.

I suspect you have gotten the ack now.

 Sven And the problem is not so much to check that there is not some
 Sven evil intention on the vote-master's part or something such,
 Sven just to check that the voting script did not misfire.

And now you know what your vote was parsed to be.

 Sven The difficulty is that we are speaking about id + vote + secret
 Sven word, and that the way of concatenating them is not clear.

And you also now know that the ack said specifically what
 command line to use:
  % echo sven 0123456789ABCDE | md5sum
 This instruction shall also be repeated on the final tally sheet.

 Sven The main problem here is what exactly we are to md5sum, not the
 Sven fact that we shall md5sum something.

The main problem is that you are not giving anyone but
 yourself any credit for intelligence.

manoj
-- 
 I will make no bargains with terrorist hardware. Peter da Silva
Manoj Srivastava   [EMAIL PROTECTED]  http://www.debian.org/%7Esrivasta/
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

*****SPAM***** (±¤°í)´ç½ÅÀ» ¹é¸¸ÀåÀÚŬ·´¿¡ ÃÊ´ëÇÕ´Ï´Ù...

2002-04-05 Thread ¹®¿ë¹Ì 
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=Content-Type content=text/html; charset=unicode
META content=MSHTML 6.00.2713.1100 name=GENERATOR/HEAD
BODY
 
font color=blue face=ÈÞ¸Õ¸ÅÁ÷ü size=3span style=FONT-SIZE: 
18ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/span/fontfont
 face=ÈÞ¸Õ¸ÅÁ÷üa href=http://nancho.starhana.com;script 
language=javascript src= 
http://myhome.hananet.net/~nannaya77/js/don1.js;/script/a/font
P/P 
a href=http://nancho.starhana.com; target=_blankimg 
src=http://starhana.com/images/mtima1.jpg; border=0 width=134 
height=114img src=http://starhana.com/images/mtima2.gif; border=0 
width=146 height=114img src=http://starhana.com/images/mtima3.gif; 
border=0 width=146 height=114img 
src=http://starhana.com/images/mtima4.jpg; border=0 width=170 
height=114/a
pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=3span style=FONT-SIZE: 
20ptÀÌÀ¯°¡ 
ÀÖ´Â ·©Å· 1À§ ½ÎÀÌÆ®/span/font/p
pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14ptÃÖ±Ù 
¿©·¯´Þµ¿¾È /spanfont color=blue span style=FONT-SIZE: 
14pt¹«·áÁ¤º¸ºÐ¾ß/span/fontspan style=FONT-SIZE: 14pt 
ÀÇ ·©Ä» ¼øÀ§ 1À§ÀÎ ½ÎÀÌÆ®°¡ ¾îµðÀÎÁö Ȥ½Ã ¾Æ½Ã³ª¿ä? 
/span/FONT/FONT/p
pa href=http://nancho.starhana.com;span style=FONT-SIZE: 20ptfont 
face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff size=5¿© 
±â/font/span/aFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 
14pt °¡ 
·©Å· 1À§¶ó¸é ±×·² ¸¸ÇÑ ÀÌÀ¯°¡ÀÖÁö ¾Ê°Ú½À´Ï±î? /span/FONT/FONT/p
pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14pt´ÔÀ» Á¤ÁßÈ÷ 
ÃÊ´ëÇÏ°Ú½À´Ï´Ù. 
/span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 
14pt»ç¾÷°¡Àû ¾È¸ñÀ¸·Î °ËÅäÇϽŴٸé 
Á¤¸» ³î¶ó½Ç °ÍÀÔ´Ï´Ù./span/font/p
pa href=http://nancho.starhana.com;span style=FONT-SIZE: 26ptfont 
face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=6¹é¸¸ÀåÀÚŬ·´/font/span/aspan 
style=FONT-SIZE: 26pta href=http://nancho.starhana.com;font 
face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=6nbsp;/font/afont 
face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=5nbsp;/font/spanFONT size=3FONT 
face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 20ptfont color=fuchsia 
nbsp;/fontfont color=blue ¹Ù·Î°¡±â/font/spanspan style=FONT-SIZE: 
26ptfont color=fuchsia 
nbsp;nbsp;nbsp;nbsp;/font/span/FONT/FONT/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#33 size=3span style=FONT-SIZE: 
16ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¶Ç
 
ÇϳªÀÇ ºò ´º½º /span/fonta href=http://www.winergrup.com;span 
style=FONT-SIZE: 20ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff00ff 
size=6nbsp;ºòÇ÷¡´Ö/font/span/aFONT size=3font face=ÈÞ¸Õ¸ÅÁ÷ü 
color=fuchsiaspan style=FONT-SIZE: 20pt 
nbsp;/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü color=bluespan 
style=FONT-SIZE: 20pt¹Ù·Î°¡±â/span/font/FONT/p
pnbsp;FONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷ünbsp;span style=FONT-SIZE: 
14ptÀÌ ¸ðµÎ°¡ /spanfont color=red span style=FONT-SIZE: 
14pt¹é¸¸ÀåÀÚŬ·´/span/fontspan style=FONT-SIZE: 14pt¿¡¼­ 
½ÇÇö °¡´ÉÇÕ´Ï´Ù. ÂüÀ¸·Î ¾öû³­ Á¤º¸°¡
  /span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 
14ptÁ¦ ȨÆäÀÌÁö¿¡ ÀÖ½À´Ï´Ù. 
/span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀϹÝȸ¿ø°¡ÀÔÀº 
¹«·áÀ̸ç ÀÚ¼¼È÷ ÀÐ¾î º¸½Ã¸é
ÁÁÀº Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ°í »ç¾÷¼³¸íȸ Àå¼Òµµ/span/font   font 
face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÂü¼® ÇÏ½Ç ¼ö 
ÀÖ½À´Ï´Ù./span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇÁ·£Â÷ÀÌÁî¿¡ 
°¡ÀÔÇϽøé 
Á¤½Ä »ç¾÷ÀÚ ÀÚ°ÝÀ¸·Î ÀÚ½ÅÀÇ È¨ÆäÀÌÁö°¡ /span/fontfont size=3span 
style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4»ý¼ºµÇ¸ç 
ÀçÅñٹ«·Î¼­ ¹«ÀÚº» 
   
  ¹«Á¡Æ÷/FONT/FONT   
  FONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4ÀÇ 
   
  ÀÎÅͳݿöÅ· 
»ç¾÷ÀÌ °¡´ÉÇÕ´Ï´Ù/FONT./FONT/span/font/p
pfont size=3span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÇÁ·£Â÷ÀÌÁî 
°¡ÀԽô ¾à°£ÀÇ È¨ÆäÀÌÁö ¿î¿µ À¯Áöºñ¸¸ °¨¼öÇϽøé 
µË´Ï´Ù./FONT/span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÁÖÀÇ ÇϽÇÁ¡ 
ȸ¿ø°¡ÀԽà 
id¸¦ °£´ÜÇÏ¸ç ¿Ü¿ì±â ½¬¿î °ÍÀ¸·Î Çϼ¼¿ä. ÀÌÀ¯´Â ÇÁ·£Â÷ÀÌÁî °¡ÀԽà 
id°¡ ÀÚ½ÅÀÇ µµ¸ÞÀÎÀ¸·Î ¿Ã¶ó°©´Ï´Ù./span/font/p
pfont size=4span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÁ¦ Ȩ¿¡ 
¿À½Ã¸é FONT 
color=#ff¿î¿µÀÚ ÇÁ·ÎÇÊ/FONTFONT color=#00À» ÀÐ¾î º¸½Ã°í ±× ´ÙÀ½ 
´Ù¸¥ Á¤º¸µéÀ» 

  /FONT/FONT/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span 
style=FONT-SIZE: 14pt²Ä²ÄÈ÷ ¿­¶÷Çϼ¼¿ä./span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=fuchsiaspan style=FONT-SIZE: 
14pt(Âü°í)/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span 
style=FONT-SIZE: 14pt¹é¸¸ÀåÀÚŬ·´°ú 
»ó°ü¾øÀÌ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=bluespan 
style=FONT-SIZE: 14ptºòÇ÷¡´Ö/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 
color=#01span style=FONT-SIZE: 14pt»ç¾÷¸¸/span/fontfont 
face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀ» 
Èñ¸ÁÇϽô ºÐÀº ¹«·áȸ¿ø °¡ÀÔÈÄ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 
color=redspan style=FONT-SIZE: 14ptiwÂü°¡Çϱâ/span/fontfont 
face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt 
Ç׸ñÀ» Ŭ¸¯ÇϽþî Âü¿©½ÅûÀ»/span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇϽðųª ÀüÈ­¸¦ 
ÁÖ½Ã¸é ¾È³»¸¦ ÇÏ°Ú½À´Ï´Ù.

*****SPAM***** (±¤°í)´ç½ÅÀ» ¹é¸¸ÀåÀÚŬ·´¿¡ ÃÊ´ëÇÕ´Ï´Ù...

2002-04-05 Thread ¹®¿ë¹Ì 
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTMLHEAD
META http-equiv=Content-Type content=text/html; charset=unicode
META content=MSHTML 6.00.2713.1100 name=GENERATOR/HEAD
BODY
 
font color=blue face=ÈÞ¸Õ¸ÅÁ÷ü size=3span style=FONT-SIZE: 
18ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/span/fontfont
 face=ÈÞ¸Õ¸ÅÁ÷üa href=http://nancho.starhana.com;script 
language=javascript src= 
http://myhome.hananet.net/~nannaya77/js/don1.js;/script/a/font
P/P 
a href=http://nancho.starhana.com; target=_blankimg 
src=http://starhana.com/images/mtima1.jpg; border=0 width=134 
height=114img src=http://starhana.com/images/mtima2.gif; border=0 
width=146 height=114img src=http://starhana.com/images/mtima3.gif; 
border=0 width=146 height=114img 
src=http://starhana.com/images/mtima4.jpg; border=0 width=170 
height=114/a
pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=3span style=FONT-SIZE: 
20ptÀÌÀ¯°¡ 
ÀÖ´Â ·©Å· 1À§ ½ÎÀÌÆ®/span/font/p
pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14ptÃÖ±Ù 
¿©·¯´Þµ¿¾È /spanfont color=blue span style=FONT-SIZE: 
14pt¹«·áÁ¤º¸ºÐ¾ß/span/fontspan style=FONT-SIZE: 14pt 
ÀÇ ·©Ä» ¼øÀ§ 1À§ÀÎ ½ÎÀÌÆ®°¡ ¾îµðÀÎÁö Ȥ½Ã ¾Æ½Ã³ª¿ä? 
/span/FONT/FONT/p
pa href=http://nancho.starhana.com;span style=FONT-SIZE: 20ptfont 
face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff size=5¿© 
±â/font/span/aFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 
14pt °¡ 
·©Å· 1À§¶ó¸é ±×·² ¸¸ÇÑ ÀÌÀ¯°¡ÀÖÁö ¾Ê°Ú½À´Ï±î? /span/FONT/FONT/p
pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14pt´ÔÀ» Á¤ÁßÈ÷ 
ÃÊ´ëÇÏ°Ú½À´Ï´Ù. 
/span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 
14pt»ç¾÷°¡Àû ¾È¸ñÀ¸·Î °ËÅäÇϽŴٸé 
Á¤¸» ³î¶ó½Ç °ÍÀÔ´Ï´Ù./span/font/p
pa href=http://nancho.starhana.com;span style=FONT-SIZE: 26ptfont 
face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=6¹é¸¸ÀåÀÚŬ·´/font/span/aspan 
style=FONT-SIZE: 26pta href=http://nancho.starhana.com;font 
face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=6nbsp;/font/afont 
face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=5nbsp;/font/spanFONT size=3FONT 
face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 20ptfont color=fuchsia 
nbsp;/fontfont color=blue ¹Ù·Î°¡±â/font/spanspan style=FONT-SIZE: 
26ptfont color=fuchsia 
nbsp;nbsp;nbsp;nbsp;/font/span/FONT/FONT/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#33 size=3span style=FONT-SIZE: 
16ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¶Ç
 
ÇϳªÀÇ ºò ´º½º /span/fonta href=http://www.winergrup.com;span 
style=FONT-SIZE: 20ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff00ff 
size=6nbsp;ºòÇ÷¡´Ö/font/span/aFONT size=3font face=ÈÞ¸Õ¸ÅÁ÷ü 
color=fuchsiaspan style=FONT-SIZE: 20pt 
nbsp;/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü color=bluespan 
style=FONT-SIZE: 20pt¹Ù·Î°¡±â/span/font/FONT/p
pnbsp;FONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷ünbsp;span style=FONT-SIZE: 
14ptÀÌ ¸ðµÎ°¡ /spanfont color=red span style=FONT-SIZE: 
14pt¹é¸¸ÀåÀÚŬ·´/span/fontspan style=FONT-SIZE: 14pt¿¡¼­ 
½ÇÇö °¡´ÉÇÕ´Ï´Ù. ÂüÀ¸·Î ¾öû³­ Á¤º¸°¡
  /span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 
14ptÁ¦ ȨÆäÀÌÁö¿¡ ÀÖ½À´Ï´Ù. 
/span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀϹÝȸ¿ø°¡ÀÔÀº 
¹«·áÀ̸ç ÀÚ¼¼È÷ ÀÐ¾î º¸½Ã¸é
ÁÁÀº Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ°í »ç¾÷¼³¸íȸ Àå¼Òµµ/span/font   font 
face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÂü¼® ÇÏ½Ç ¼ö 
ÀÖ½À´Ï´Ù./span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇÁ·£Â÷ÀÌÁî¿¡ 
°¡ÀÔÇϽøé 
Á¤½Ä »ç¾÷ÀÚ ÀÚ°ÝÀ¸·Î ÀÚ½ÅÀÇ È¨ÆäÀÌÁö°¡ /span/fontfont size=3span 
style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4»ý¼ºµÇ¸ç 
ÀçÅñٹ«·Î¼­ ¹«ÀÚº» 
   
  ¹«Á¡Æ÷/FONT/FONT   
  FONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4ÀÇ 
   
  ÀÎÅͳݿöÅ· 
»ç¾÷ÀÌ °¡´ÉÇÕ´Ï´Ù/FONT./FONT/span/font/p
pfont size=3span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÇÁ·£Â÷ÀÌÁî 
°¡ÀԽô ¾à°£ÀÇ È¨ÆäÀÌÁö ¿î¿µ À¯Áöºñ¸¸ °¨¼öÇϽøé 
µË´Ï´Ù./FONT/span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÁÖÀÇ ÇϽÇÁ¡ 
ȸ¿ø°¡ÀԽà 
id¸¦ °£´ÜÇÏ¸ç ¿Ü¿ì±â ½¬¿î °ÍÀ¸·Î Çϼ¼¿ä. ÀÌÀ¯´Â ÇÁ·£Â÷ÀÌÁî °¡ÀԽà 
id°¡ ÀÚ½ÅÀÇ µµ¸ÞÀÎÀ¸·Î ¿Ã¶ó°©´Ï´Ù./span/font/p
pfont size=4span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÁ¦ Ȩ¿¡ 
¿À½Ã¸é FONT 
color=#ff¿î¿µÀÚ ÇÁ·ÎÇÊ/FONTFONT color=#00À» ÀÐ¾î º¸½Ã°í ±× ´ÙÀ½ 
´Ù¸¥ Á¤º¸µéÀ» 

  /FONT/FONT/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span 
style=FONT-SIZE: 14pt²Ä²ÄÈ÷ ¿­¶÷Çϼ¼¿ä./span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=fuchsiaspan style=FONT-SIZE: 
14pt(Âü°í)/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span 
style=FONT-SIZE: 14pt¹é¸¸ÀåÀÚŬ·´°ú 
»ó°ü¾øÀÌ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=bluespan 
style=FONT-SIZE: 14ptºòÇ÷¡´Ö/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 
color=#01span style=FONT-SIZE: 14pt»ç¾÷¸¸/span/fontfont 
face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀ» 
Èñ¸ÁÇϽô ºÐÀº ¹«·áȸ¿ø °¡ÀÔÈÄ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 
color=redspan style=FONT-SIZE: 14ptiwÂü°¡Çϱâ/span/fontfont 
face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt 
Ç׸ñÀ» Ŭ¸¯ÇϽþî Âü¿©½ÅûÀ»/span/font/p
pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇϽðųª ÀüÈ­¸¦ 
ÁÖ½Ã¸é ¾È³»¸¦ ÇÏ°Ú½À´Ï´Ù.

Re: Vote verification --- a futile exercise?

2002-04-05 Thread Richard Braakman 
On Thu, Apr 04, 2002 at 06:49:09PM -0500, Jeff Licquia wrote:
 Not necessarily.  [...]

Interesting scheme.  It makes some assumptions about living habits that
might not be correct for Debian developers, though :-)  (For example,
I send most of my mail around noon and around midnight.)

A more effective version might be to monitor mailing list activity directly
to see which times to target.  This would be especially useful if you can
stir up a discussion in which people state their support for one of the
candidates.

One way to prevent this might be to use batched mails, for example a server
that collects mail for a whole day and then forwards them (in random order)
to the vote counter in one batch.  This can be defeated by collusion between
the vote counter and the operator of this server -- but we're already assuming
anonymous mail, right?  The requirements would be the same.  In fact
existing anonymous mail services already use such batching and reordering,
though not on the scale of whole days.

In the extreme, every voter could operate an anonymous mail gateway for
this vote.  If there is collusion between *all* the voters, then there
is little point in voting :-)  However, this would ignore the problem
of voter apathy.  I'm afraid that this whole scheme fails requirement 0:

 0) Voting should be easy for the voters

Making voting difficult will introduce a bias that favours extremists.

Oh... I just realized that per-day batching would still not work.
Suppose the vote taker's favourite candidate does something really
unpopular halfway through the vote (such as revealing his Secret Master
Plan to Take Over the World).  In that case, dropping votes from the
second half of the voting period could affect the outcome.

 [Again, not that Manoj would ever do such a vile thing.]

Indeed.  We're geeks, and the election is a new toy that we're taking
apart to see how it works :-)

Richard Braakman


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Vote verification --- a futile exercise?

2002-04-05 Thread Anthony DeRobertis 


On Friday, April 5, 2002, at 04:51 AM, Richard Braakman wrote:


Indeed.  We're geeks, and the election is a new toy that we're taking
apart to see how it works :-)


rant

Yep. And we'll eventually come up with something that works 
perfectly every time, never allows fraud, vote selling, etc.; 
allows you to change your mind; does not force you to vote for 
one of two major parties; and can be understood by anyone 
willing to take the time to learn it.


Then someone --- let's call them SoftMicro --- will come out 
with a voting system that is plagued with security holes, 
routinely has votes and entire elections stolen, forces people 
to vote for the one major candidate or have his vote effectively 
not count; counts votes using some contortionist's dream, 
understood by no one (source is not available); and eventually 
spits out a random result each time (when it doesn't crash 
completely, requiring a new election). People will flock to it 
in droves.


/rant


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Transcript of the Debate

2002-04-05 Thread peter karlsson 
Anthony DeRobertis:

 Hmmm? See time stamp 15:05. After that they are called 'bdale',
 'Branden', and 'Raphael'

Ahh. I see. I only looked at the first page and saw the aliases. Silly me...

-- 
\\//
peter - http://www.softwolves.pp.se/
  Statement concerning unsolicited e-mail according to Swedish law:
  http://www.softwolves.pp.se/peter/reklampost.html


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Election status

2002-04-05 Thread Sven 
On Wed, Apr 03, 2002 at 02:27:28PM -0600, Manoj Srivastava wrote:
 Sven == Sven  [EMAIL PROTECTED] writes:
 
  Sven Was this md5sum not supposed to be sent in the aknowledgement
 
   ``Supposed'' to be? I don't think that it was decided to
  modify the vote system, no. The best I recall is some discussion last
  year about secret ballot protocols, but that is as far as it went.

Well, i did not yet receive any kind of aknowledgement for my vote, but as i
understood, it should contain some kind of id or something which i can use to
check that the voting script did its job right.

And the problem is not so much to check that there is not some evil intention
on the vote-master's part or something such, just to check that the voting
script did not misfire.

  Sven mail of the ballot, so it would only be comparing two md5sums,
  Sven quite easy to do. Two cutpastes should do the job, nothing
  Sven arcane involved here ?
 
   And, of course, you then lose the benefit of having the
  md5sums, since I could slip the same md5sum to more than one
  person. I guess it would still be a deterrent, since I would never
  know who all did not really check the md5sum.

Yes, sure, but that is the real problem.

   Is it really that hard to run md5sum? Can we really survive as
  a project if the developers feel that way? 
 
   Allow me to demonstrate. (Note: since my userid is
  srivasta, and if my secret token was 0123456789ABXDE, then i get:
   -
   % echo srivasta 0123456789ABXDE | md5sum
   f305c07513500e690a7f98f10c52a7fc
  --
   I can even do this:
  % egrep $(echo srivasta 0123456789ABXDE | md5sum) tally.txt
 and see that my vote is valid.  

Ok, no problem, 

The difficulty is that we are speaking about id + vote + secret word, and that
the way of concatenating them is not clear.

There would be a difference between :

% echo srivasta 0123456789ABXDE | md5sum
f305c07513500e690a7f98f10c52a7fc

and

% echo srivasta0123456789ABXDE | md5sum
3fd531504123df0165a3be23f4d8a33d

Now, what about the vote part, should i use the whole text of my signed
ballot, the unsigned version, (which will yield a multiline text part to
md5sum) or a simple shortcut thereof. Or maybe we should forget about this
part ?

   How hard was that?
 
   I guess I'll change the ack to put i a command line. I am not
  going to ship the md5sum in the ack, so there. 

The main problem here is what exactly we are to md5sum, not the fact that we
shall md5sum something.

Friendly,

Sven Luther


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Vote verification --- a futile exercise?

2002-04-05 Thread Jeff Licquia 
On Fri, 2002-04-05 at 04:51, Richard Braakman wrote:
 Oh... I just realized that per-day batching would still not work.
 Suppose the vote taker's favourite candidate does something really
 unpopular halfway through the vote (such as revealing his Secret Master
 Plan to Take Over the World).  In that case, dropping votes from the
 second half of the voting period could affect the outcome.

You'd have to be able to predict that the candidate would have such a
plan, and would reveal it in the middle of the election.  This might not
be a problem if the CTF is also the Second-In-Command, Evil Plot, Inc.

The general problem still remains, however: if the CTF can drop random
unknown votes, and if the CTF can correlate any outside event with
probabilities in voter activity times, then the CTF can exert influence
on the election results.  Even something like a popular tech conference
(Euro voters are all at CeBIT this week) or a holiday (all the Irish
developers are too busy partying to vote on St. Patrick's Day) could be
used.

Using this protocol, the best solution to all these problems is voter
vigilance.  If enough voters threw a fit that their votes weren't being
published, then (as you pointed out), the whole election process could
be stopped pending an investigation.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Election status

2002-04-05 Thread Manoj Srivastava 
Sven == Sven  [EMAIL PROTECTED] writes:

 Sven Well, i did not yet receive any kind of aknowledgement for my
 Sven vote, but as i understood, it should contain some kind of id or
 Sven something which i can use to check that the voting script did
 Sven its job right.

I suspect you have gotten the ack now.

 Sven And the problem is not so much to check that there is not some
 Sven evil intention on the vote-master's part or something such,
 Sven just to check that the voting script did not misfire.

And now you know what your vote was parsed to be.

 Sven The difficulty is that we are speaking about id + vote + secret
 Sven word, and that the way of concatenating them is not clear.

And you also now know that the ack said specifically what
 command line to use:
  % echo sven 0123456789ABCDE | md5sum
 This instruction shall also be repeated on the final tally sheet.

 Sven The main problem here is what exactly we are to md5sum, not the
 Sven fact that we shall md5sum something.

The main problem is that you are not giving anyone but
 yourself any credit for intelligence.

manoj
-- 
 I will make no bargains with terrorist hardware. Peter da Silva
Manoj Srivastava   [EMAIL PROTECTED]  http://www.debian.org/%7Esrivasta/
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]