A lot of folks unfortunately think open-source software is much more vulnerable than closed-source software because anyone can inspect it. The great irony of it, as everyone here knows, the opposite is actually often true.
No Stupid Questions
No such thing. Ask away!
!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must be legitimate questions. All post titles must include a question.
All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.
Rule 2- Your question subject cannot be illegal or NSFW material.
Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding META posts and joke questions.
Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.
On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.
If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.
Rule 7- You can't intentionally annoy, mock, or harass other members.
If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.
Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- Majority of bots aren't allowed to participate here.
Credits
Our breathtaking icon was bestowed upon us by @Cevilia!
The greatest banner of all time: by @TheOneWithTheHair!
Our society is not able to understand modern technology. Most people haven't even heard of concepts such as Open Source or Free Software. They have only been around for over 30 years, but ok.
I see people here are cheering for some proprietary app for Lemmy called Sync. It just makes me sad. I guess they don't want security on their devices.
Everything made by the government should be Free Software. Public money, public code: https://publiccode.eu
unfortunately people are in general only smart about one or two subjects, and morons about everything else. i include myself in this assessment.
This is true. It’s also why nuclear power plants aren’t a lot more common.
Do you think most of the people in government know what open source means? The concept of facebook confuses them lol
does the open source connect to the WiFi? yes or no
Why Electronic Voting ls Still A Bad ldea, a video by Tom Scott:
Electronic voting could use open source software, but so can a machine that scans a marked ballot. The best practice is to have voters mark a physical ballot, then have them put it in a machine (running open source software) that scans and tabulates the results. If there's a question about the integrity of the results, we can go back and count physical ballots.
I absolutely agree. Vote counting & tallying machines are fine, but you always want that paper trail.
Mail in voting baby! I want every U.S. citizen to have this right.
That's how they do it where I live!
this video has 3 years.
3 years is a lot to somethings to be mature. He tells about Trust & Anonymity. You can't trust anonymity 'coz you can trace the vote and bla bla bla. Well, you can trace the regular method too. Trust, you can't trust the way the vote leaves the booth to the central. You know the Hash initiative? Even a small number change will be shown to everyone.
This video is 3 years old, Brazil's electronic voting system is 27 years old and there hasn't been anyone proving that it is a bad idea, unsafe, tamperable or anything of the sort.
I like Tom but this video really irritates me. It just seems like he's pulling generic arguments out of his ass without any actual research.
Well, you can trace the regular method too.
Not as efficiently and in mass. It's like saying "you could gather personal data before the internet/social media". Sure, there were mailing lists and some companies had personal data manually gathered but that was 0.00001% of what you can gather today for like 5$.
When it comes to data, scale and efficiency matter. As someone from a low trust country(Greece), any electronic voting is literally a threat to democracy, society and pretty much opens the window for a civil war. Which is why no political party even dares suggesting it.
And it doesnt take much for a society to become low trust, you only need 1 bad actor(game theory). Though Greece was never not a low trust society. But i think all countries would benefit from an electoral system like the greek one, where all political parties can have representatives on every ballot, there is tight control for ballot envelopes, everything is opened and counted in front of everyone, basically all political parties keep their own tallies, at a local and national level.
So if there is something fucky with the official results, it will be easily tracked and noticed. At least as long as you can have party representatives on every ballot. Obviously smaller parties cant do that. There have been conspiracy theories about neonazi votes not being counted, because literally all other parties despise them. And when i say neonazi, i dont mean "neonazi", i mean literally a parliamentary party that had this as their symbol
https://en.wikipedia.org/wiki/Golden_Dawn_(Greece)#/media/File:Meandros_flag.svg
And their second in command has a huge swastika tattoo, etc. At least their party became illegal and its leaders spent some time in prison but that only happened after they murdered a greek. As long as they were beating and killing immigrants, they were fine.
The issue isn’t trust. It’s the same as anything else electronic such as having a backdoor to encryption.
Anything physical requires a certain amount of effort to break in such a way that is widespread and without making it obvious.
But purely digital/online means that any bad faith actor with enough resources (such as nation states) can scale up the means and methods to manipulate it or break it.
I’m all for electronic voting for tallying with physical paper trails that can be used to verify the integrity of the digital results.
Brazil has changed to electronic voting since 1996 and faces none of these issues.
the only issue it faces is fascists trying to sow distrust.
Exactly. Every election you see a handful of right wingers claiming that the machines and/or code is unsafe and can be easily tampered with, but have absolutely nothing to back that up, and yet another election passes without anyone anywhere proving that our system is unsafe/a bad idea.
This Tom Scott video is terrible, should be renamed "why electronic voting is a bad idea (for fascists)
Importantly, Open Source is not feasible as a safeguard because there would be no way of verifying that the voting machine is running a build from the public source.
XKCD put it really well years ago here
I know it's supposed to be a joke, but all I feel when I stumble upon this one is guilt. I mean... if a doctor did what we're doing in IT on a daily basis, it would be classified as a criminal ofense.
Because there is too much money to be made in the business. Vendors are selected through a political process which is decided by what politicians benefit from the selection.
Don't kid yourself - the people screaming about rigged elections don't actually care about solving the problem. They know they lost and they are happy for the excuse to continue grandstanding.
Heck, they even complain about riggory when they win. It's literal rabble-rousing.
Always say it is all rigged, never let the people think anything different than what you want them to think.
I think this is closer to the real answer than the comments about "so and so will still complain." That said, does anyone know if there is any companies making open source machines? Cause if not, there's our primary reason why elections don't use them.
Voting machines are the most utterly stupid thing ever created. Why don't you use papar ballots as other countries do?
We do, there are very few counties in the US that are actually fully digital (stupid idea IMHO). The majority are paper ballots which are scanned into the machine for fast counting. The original paper the voter filled out is then stored in case it needs to be checked against the machine count for accuracy.
Interesting that it takes so ridiculously long to count then, in Germany the votes are counted on paper by hand and they’re down within maximum 3 days.
In Washington we have all early voting results and some of the early results from that day by the time polls close on election day. Then an update each day with those processed that day with the remainder that trickle in over the next couple of weeks (e.g., mail in ballots from overseas, challenged ballots that need to be "cured") until the election is certified.
Most places where there is a delay, it is intentional and written into law/regs--like, that each ballot and its signature has to has to be verified by a human before it can be scanned. And, if, hypothetically, a party wanted to cast doubt on an election, they could send representatives to challenge each and every ballot and slow the process down--and simultaneously cry foul that the process is taking so long. But no one would do that, right? /s
...does it take ridiculously long? I'll admit I'm not usually on the edge of my seat waiting for election results, but it's usually just a couple days after voting closes I think. Some places accept mail-in voting way after the election technically closes so they technically take longer to count votes, but that's more the exception than the rule.
My state only does paper ballots and voting by mail. I completely agree that voting machines are completely unnecessary.
I'm with you, The Tom Scott Video @puppy linked is amazing, goes over good reasons against electronic voting machines. Paper Ballots are great because the counts are done in the presence of all parties and by multiple people. It takes a while, but it's a good example of technology not always being a viable option for everything.
As said in the video, not everyone would understand code. The only reason why people vote is because they trust in the system. If they don't trust in the system they don't vote. They could open the code up and show people, but it wouldn't dispell fears of those who aren't knowledgeable about computers.
How do you know that what's open sourced is what's installed and running? Someone should verify it and then you'll have to trust that person as well.
This still adds another moving part to duping people. It's much, much easier to independently verify the software if it's open source.
Both open and closed source software share this problem, so this doesn't really answer the question.
I meant to say that open sourcing doesn't make it immediately trustworthy. You have to place the trust somewhere. If you can't trust that the open sourced code is what's running, it is effectively the same as running closed source software.
It sounds too sketchy to the old people who make the rules.
How do you prove that the software installed is the same software the source code of which is available to the public?
@rockslice addressed this in another comment - you use signing certificates to verify it's the correct code, which is a widely accepted method.
Just to be clear: People will argue bad actors whether it's paper or electronic. I have not seen a single election since I became able to vote where the votes were not disputed.
Assuming you're talking about America, before 2000 votes were never closely scrutinized or thought of as fraudulent. In Florida there was the hanging chads thing in 2000, and a fringe clings to the idea that there was chicanery in 2004, perhaps in Ohio. But the 2008, 2012, and 2016 elections weren't seized on as needing to be "investigated," although the Republican candidate in 2016 declared that if he didn't win the forthcoming election, it'd be due to widespread fraud and he might not accept the result. In 2020, that came to pass, with a clear and validated loss and he didn't accept the result, infusing his supporters with the idea that there was massive fraud despite the lack of any evidence or verifiable documentation of it. Now, of course, we do have one party that seems perpetually trapped in a cycle of questioning all election outcomes that don't align with their political goals, and it seems likely to only get worse.
It’s because the government likes to corporatize everything. It should be open source and supported by several companies who all update the software and keep it bug free.
If you had open-source voting machine code, you would get people on Fox News saying something along the lines of, "We've looked at the code, and we found that the machines are rigged to give extra votes to the Democrats." and all their viewers would believe them and start repeating that "fact" on social media forever and ever. At this point it is nothing short of naive to think that actual facts matter to these people.
They can say that anyways with poll stations stuffing ballots. How is that different?
ok, hear me out... could it be capitalism?
We use paper ballots that are scanned by machines and then kept if needed to check or recount.
I don’t know that that’s the reason, but I have an intuition from having been an election judge here in Illinois.
A voting machine is a closed-circuit system that just counts votes and prints the tally. It is not connected to any network, and getting its software upgraded requires a key that only the voting machine company has, and a seal that is unique and that can only be replaced by that voting machine company.
To make it clear with an example: a judge ruled in Illinois that ballots that would be in either English or Spanish were now void, they all had to be in both language at the same time. Because that didn’t use to be the case, the election judge has to choose for each person between “English”, or “Spanish”, or both in the UI, and if they don’t choose both, the ballot is void. It’d be a trivial UI fix, and critical enough that you’d think it would be a priority. And yet the past elections still had the old UI, because updating the software on there is that hard.
So my intuition: if a CVE was found in one of the open-source solutions on there right before the election, the voting company would have to patch it, except it couldn’t realistically be done in time, so the election would be canceled until there is enough time without a CVE. Which of course doesn’t typically happen for very long. But if it’s all closed-source and the voting machine company is on the line for it, therefore that problem doesn’t exist.
security through obscurity is a terrible idea - the problem is still there, and a determined attacker will find it anyway
There are probably two reasons:
-
It wouldn't change how the public thinks about them. People wouldn't understand how voting machines work, even if they were open source. Do you expect normal people to look at and understand code? Also people who have lost hope in democracy and want to believe that the election was a hoax will continue to do so anyway.
-
It's probably more comfortable for the manufacturers of those machines to keep them closed source. Why would they show the world how they work? That would disclose potential flaws which is bad for their reputation. And it would make it easier for competition to emerge.
p.s. I agree that voting machines are bollocks.