The Personal Computer Radio Show  WBAI-FM 99.5
New York City


June 2006  Show Summaries

Show Summaries Below
June 28, 2006  Electronic Voting  June 21, 2006  June 14, 2006  June 7, 2006   
 June 28, 2006 Show AudioArchives   TOP 
 

Thousands of H-1B Workers Are Underpaid, GAO Reports by Deborah Rothberg in eWeek June 26, 2006

Our guest was Auri Rahimzadeh, author of "Hacking the PSP...Cool Hacks, Mods and Customization". PSP refers to the Sony Playstation Portable. His web site is www.hackingpsp.com and he gladly accepts email. 

A Play Station Portable starts at $200. Among it's pre-hacked features are: it can be an RSS reader, it can get online via WiFi wireless networks and it supports both the popular encryption schemes WEP and WPA. It comes with a full featured web browser, one that supports both JavaScript and Flash. A PSP can play DVD movies, but not on DVD discs, they have to be transferred to MPEG4 format on either a proprietary Sony cartridge or a Sony memory stick. Sony sells movies on their proprietary cartridges, but this market has not been very popular.  

The PSP runs a proprietary Operating System from Sony, but it's been hacked. Sony does not want "home brew" software written for their OS to run on the PSP, but there is much such software. Hackers have also succeeded in running Windows 95 and Linux on a PSP. Keep in mind though, the processor is from ARM running at abut 333Mhz, the screen is about 4 square inches, there is no keyboard for a PSP and it has only 32MB of ram. The ARM processor is also used by Pocket PC PDAs and by some Palm Pilots. 

Much of the add-on home-brew software is free, such as a WiFi sniffer. There is even a home brew version of Office. You can stream live TV from home to a PSP. Auri wrote a Shoutcast client for the PSP. 

In the not to distant future we will review Xandros, a new distribution (flavor, release, version) of Linux. What makes this particular Linux variant interesting is the effort that went into to make it look and act much like Windows. A picture is worth a thousand words so see the Xandros Desktop 4 Screenshot Tour at osdir.com. 

 

 Electronic Voting AudioArchives   TOP 
 

Below is an interesting email exchange from a listener interested in electronic voting with a reply from our frequent guest Dr. Rebecca Mercuri.


Hi guys!

I'm a new listener in Reno, Nevada. Been catching up on some of your past shows. Good stuff! Of particular interest are some of your shows featuring electronic voting. With all due respect to Dr. Rebecca Mercuri voter verifiable paper trails still do not insure against vote fraud.

A voter verifiable paper trial is useless for establishing vote tabulation accuracy when the software code is untested by an independent authority. Furthermore, coupled with the fact that each machine has multiple databases recording each vote, from which the verifiable paper trial is generated, the possibilities for tampering is incalculable.

Briefly, touch screen voting machines have three redundant databases all running at the same time. In case of a database crash, redundancy is a good thing in all mechanical systems. However, in voting, redundancy may compromise accuracy and certainly invites tampering. Therefore, because the software code is proprietary, if Sequoia or anyone with access to the code wishes to manipulate the election here's what CAN happen: database one records your vote and prints the paper record. Database two and three record whatever the hacker wishes it to record.

Thus, playing an elaborate shell game of statistics, sampling and etc., with all of the above variables the security of the election can easily be compromised in a multitude of ways. And, most alarming, very close to or on the eve of the election Sequoia representatives program all of the machines with final software 'updates' (source, Dean Heller, Nevada Secretary of State).

Who verifies what these updates and patches are? Are all the machines checksum tested after Sequoia updates them? It appears to me from the statutes and codes below that the answers are: no one and no.

Why do they need to update the machine just before the election? Perhaps they need the latest poll statistics if they plan to throw the election via software manipulations. It does not take a lot of tampering to change the results by a percentage point or two.

The only way to keep the elections honest is open source software not the proprietary code in use in all touch screen voting systems in the US, or a return to the old marked paper and hand count ballot.

Here's a good radio show on this topic featuring an IBM computer security expert. At the root page, www.ernesthancock.com, you can find other shows on this topic near the bottom of the page.

In liberty,
Bob Tregilus  
June 25, 2006 


Hi Bob,

Thanks for writing to the PC Radio Show about my reports on electronic voting issues. I appreciate your interest in this subject and would like to address some of your remarks here with regard to paper ballots and electronic voting systems.

I see that you are using the phrase "voter verifiable paper trails" to which I disagree, as the word "verifiable" means that the ballots may or may not be verified by the voters and may or may not be used as the official record of the election. I am a proponent only of voter VERIFIED paper-based balloting systems, which require that the voter indicate their consent with the printed (or hand-prepared) ballot through a casting action that confirms that they agree with the contents of the paper ballot, and also that these cast paper ballots be used as the official record of the election. 

Systems implemented in this fashion can include optically scanned paper ballots that are independently audited, or entirely hand prepared (with mechanical assistive devices for the disabled) and counted paper ballots that do not involve electronic computation at all. Since the paper that the voter VERIFIED is the actual ballot used for counting the election, the scenario that you described (where there are additional electronic databases that are allowed to be used to calculate erroneous vote totals) cannot occur.

Please note that I have never said that paper-based voting systems in and of themselves can totally insure against vote or election fraud. All voting system types, whether they be fully paper or fully electronic (or a mix) require auditability throughout the process. With the fully electronic devices, though, there is no way that a voter can independently confirm that their vote has been recorded correctly from the start (on any of the multiply redundant databases). In fact, there is a growing list of instances where it has been confirmed that votes have been irretrievably lost from such fully electronic systems (see the list of mess-ups by vendor maintained at www.votersunite.org). 

So, if the first step of auditing, that by the voter at the time of casting the ballot, is not possible, the system is inherently flawed. My belief is that computers can be appropriately used with paper to help ensure that ballots are not altered or removed, and to assist in the public audit of the ballots at the end of the election day, but my suggestions in this regard have yet to be adopted.

Even if we set aside the initial audit of the ballot by the voter, it is not possible to entirely test or examine the software of the complexity of that which is used to run an election system. In fact, all of the manufacturers have employed commercial-off-the-shelf (COTS) software (such as operating systems, compilers, applications programs, and so on) in their voting systems, and these are entirely exempted from examination by the federal testing program. 

Despite the numerous objections by scientists (including myself) to this blatant loophole in the so-called "independent" examination process, this use of COTS and other proprietary unexamined software has been allowed to persist in voting systems. When software "updates" (such as you mentioned) involve the COTS components, or when they are applied to ballot layout or database templates, this may be allowed without examination (even though these exchanges could adversely affect the operation of the devices or interpretation of data), depending upon state law. I have long called for the abolishment of this practice, with little success.

As for open source software, unfortunately this is not a viable option either. It can be mathematically proven to be infeasible to check a program of the complexity of an election system thoroughly enough to ensure that no backdoors exist that allow it to be compromised. The manner in which this could occur, even with open source code, is eloquently described in the classic paper "Reflections on Trusting Trust" written by Ken Thompson (one of the "fathers" of UNIX), in 1984. 

Were this problem solvable, we could eradicate viruses, etc. in open products, but this is not possible. I have further explained this situation with respect to voting machines in an article that quoted me in Harvard Magazine www.harvardmagazine.com/on-line/110471.html.

I hope that this helps your understanding of the subject. Considerable additional material regarding my position and research on these matters can be found on my website www.notablesoftware.com/evote.html, which is also linked to the PC Radio Show website.

Sincerely,
Rebecca Mercuri
June 26, 2006 
  

 
 June 21, 2006 Show AudioArchives   TOP 

 
We are giving away two belated Fathers Day gifts. ATI TV Wonder USB 2.0. Its a hardware device that plugs into a USB port and does video capture. That is, convert any analog video to a digital format. Send Alfred an email message explaining why you or your father deserves a gift. The deadline is Monday June 26th at midnight ET. 

Bill Gates is leaving Microsoft. Many people think this is a good thing. Alfred pointed out that Martin Taylor is also leaving. He is said to be a key adviser to CEO Steve Ballmer and was in charge of their anti-Linux crusade. 

There are two very recent bugs in Excel 

  • New Excel zero-day flaw used in attacks CNET News.com June 16, 2006
  • Second zero-day Excel flaw emerges CNET News.com June 20, 2006

Alfred discussed the Verbatim “Store ‘n’ Go”, a 4GB USB hard disk based thumb drive. It's tiny (less than 2 square inches) and is powered exclusively by the USB port. Alfred said it works best with USB 2.0. It retails for about $100.  www.verbatim.com/hddrive 
 
Alfred also discussed Migo synchronization software, that lets you take data from your computer and use it on other computers. However, it requires that the application to process that data be installed on the other computer. 

If for example, you use Outlook Express for email, you can put your OE email messages on any thumb drive (a.k.a flash drive, USB drive) and then go to any other computer that has Outlook Express installed. The interesting part is that the Migo software will zap Outlook Express on the foreign computer with all of your email settings, so it works and acts just like your copy of Outlook Express. When you are done using the foreign computer, Migo restores Outlook Express to the state it was in before you started using it. 

Depending on the version, Migo costs $30 to $50. www.migosoftware.com/why_migo/overview.php 

Migo may sound like the U3 system, but it is something totally different. For an introduction to U3, see Travelers have a great new alternative by Andy Ihnatko in the Chicago SunTimes June 8, 2006. 

Hank also discussed his experience with a small 6GB hard disk based thumb drive, this one from Seagate.  

 

 
 June 14, 2006 Show AudioArchives   TOP 


Our guest was Randy Copeland, the founder and president of Velocity Micro

They are a small computer manufacturer based in Virginia specializing in really fast PCs. As they put it: 

"Velocity Micro is a fast-growing manufacturer of computer systems, focusing mainly on the demands of gaming enthusiasts and digital-content-creation professionals who want the best performance that they can get from their systems, as well as on business owners who want a more personalized, hands-on buying and support experience than they typically get from the major PC makers."

Among other things, we discussed the challenges and advantages of being a small company in the land of giants, competing with Dell and HP. Michael owns a Velocity Micro computer and offered his experiences.  

 

 
 June 7, 2006 Show AudioArchives   TOP 
 

In the next version of Office, Microsoft was going to include the ability to create PDF files. No more. Adobe didn't like it. 

Google just released an online spreadsheet to compliment their online Writely word processor. It's not as full featured as Excel (no macros) but it can read and write Excel spreadsheets and allows for multiple people to update a spreadsheet concurrently. Currently though, it's only a limited release beta. 

Best Buy Boo Boo: Squad: Be careful with your data. A couple took their computer to Best Buy to have the hard disk replaced. They were assured by the store that their old hard disk, which was full of personal and sensitive information, would be physically destroyed. Not true. A few months later a total stranger calls to say he just bought their hard disk at a flea market. 

Joe attended a preview of the upcoming DataLife show where he and Dave Chan saw a product from a company called Tzero designed to replace audio-video cables with a wireless network. The network is 100Mbps and is good for use with remote speakers. The realistic distance is 30 meters but it can go up to 100 meters. Basically, it competes with WiFi, and like WiFi can be used with computers. The product is scheduled to be released in July. 

A caller asked about wiping sensitive files off their computer. This is not something Windows can do, even the Format command in DOS and Windows does not really erase files. For totally erasing a hard disk of all traces of all files, you can use the free Darik's Boot and Nuke. On the show Dave mistakenly referred to this program as NukeIt. 

Next week our guest will be the President of boutique computer vendor Velocity Micro. We mistakenly said on the air that Alienware would be on.


Hank gave a presentation on the Remote Control of computers at the NYACC meeting on Thursday June 8th. 

LogMeIn

  • Interactive with remote desktop terminal
  • Traffic routed through URL
  • Reboot remote desktop terminal
  • Free-no file transfer

LogMeIn Pro - Full function

  • LogMeIn Pro Monthly, Per PC Annual 
  • Single PC $12.95 /month, per PC $69.95 /year
  • 2-10 PCs $9.95 /month, per PC $59.95 /year

Microsoft Remote Desktop Terminal

  • Dedicated remote computing
  • Direct communications
  • Disconnect remote desktop terminal
  • Complete access to local resources

Remote Desktop 

Open Secure Shell

Demo of Remote Desktop 

  1. Set Up Remote Computer (the one being controlled)
    (Must use password for USER on the remote computer) 
    What Is My IP  www.whatsmyip.net or www.whatismyip.com 
    CONTROL PANEL -> SYSTEM -> REMOTE tab 
    check mark ALLOW REMOTE ASSISTANCE
    check mark ALLOW USERS TO CONNECT REMOTELY [XP Pro only]
    select remote users [optional]
    use Tunnelier 3.28b if Remote Terminal is non XP Pro
  2. Open listening port
    How to change the listening port for Remote Desktop

    START -> RUN -> REGEDIT
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
  3. Setup static internal IP
    CONTROL PANEL -> NETWORK CONNECTIONS -> PROPERTIES -> INTERNET PROTOCOL
  4. Set Up Router
    To determine default gateway or Internal IP of router
    in Command Prompt -> IPCONFIG
    Enter gateway or router setup
    in advance mode - Port Forwarding  3389 … 3399
    Reboot router [turn off and turn on]
  5. Set Up Client
    START -> ALL PROGRAMS -> ACCESSORIES -> COMMUNICATIONS -> REMOTE DESKTOP CONNECTION
    Set parameters 

 

 
 XML  Webmaster:  Michael Horowitz       Last Update:  July 4, 2007 2 PM