Thousands of H-1B Workers Are Underpaid, GAO Reports
by Deborah Rothberg in eWeek June 26, 2006
Our guest was Auri Rahimzadeh, author of "Hacking the PSP...Cool Hacks,
Mods and Customization". PSP refers to the Sony Playstation Portable. His
web site is www.hackingpsp.com and he
gladly accepts email.
A Play Station Portable starts at $200. Among it's pre-hacked features are:
it can be an RSS reader, it can get online via WiFi wireless networks and it
supports both the popular encryption schemes WEP and WPA. It comes with a full
play DVD movies, but not on DVD discs, they have to be transferred to MPEG4
format on either a proprietary Sony cartridge or a Sony memory stick. Sony sells
movies on their proprietary cartridges, but this market has not been very
The PSP runs a proprietary Operating System from Sony, but it's been hacked.
Sony does not want "home brew" software written for their OS to run on
the PSP, but there is much such software. Hackers have also succeeded in running
Windows 95 and Linux on a PSP. Keep in mind though, the processor is from ARM
running at abut 333Mhz, the screen is about 4 square inches, there is no
keyboard for a PSP and it has only 32MB of ram. The ARM processor is also used
by Pocket PC PDAs and by some Palm Pilots.
Much of the add-on home-brew software is free, such as a WiFi sniffer. There
is even a home brew version of Office. You can stream live TV from home to a
PSP. Auri wrote a Shoutcast client for the PSP.
In the not to distant future we will review Xandros, a new distribution
(flavor, release, version) of Linux. What makes this particular Linux variant
interesting is the effort that went into to make it look and act much like
Windows. A picture is worth a thousand words so see the Xandros
Desktop 4 Screenshot Tour at osdir.com.
Below is an interesting email exchange from a listener interested in
electronic voting with a reply from our frequent guest Dr. Rebecca Mercuri.
I'm a new listener in Reno, Nevada. Been catching up on some of your past shows. Good stuff! Of particular interest are some of your shows featuring electronic voting. With all due respect to Dr. Rebecca Mercuri voter verifiable paper trails still do not insure against vote fraud.
A voter verifiable paper trial is useless for establishing vote tabulation accuracy when the software code is untested by an independent authority. Furthermore, coupled with the fact that each machine has multiple databases recording each vote, from which the verifiable paper trial is generated, the possibilities for tampering is incalculable.
Briefly, touch screen voting machines have three redundant databases all running at the same time. In case of a database crash, redundancy is a good thing in all mechanical systems. However, in voting, redundancy may compromise accuracy and certainly invites tampering. Therefore, because the software code is proprietary, if Sequoia or anyone with access to the code wishes to manipulate the election here's what CAN happen: database one records your vote and prints the paper record. Database two and three record whatever the hacker wishes it to record.
Thus, playing an elaborate shell game of statistics, sampling and etc., with all of the above variables the security of the election can easily be compromised in a multitude of ways.
And, most alarming, very close to or on the eve of the election Sequoia representatives program all of the machines with final software 'updates' (source, Dean Heller, Nevada Secretary of State).
Who verifies what these updates and patches are? Are all the machines checksum tested after Sequoia updates them? It appears to me from the statutes and codes below that the answers are: no one and no.
Why do they need to update the machine just before the election? Perhaps they need the latest poll statistics if they plan to throw the election via software manipulations. It does not take a lot of tampering to change the results by a percentage point or two.
The only way to keep the elections honest is open source software not the proprietary code in use in all touch screen voting systems in the US, or a return to the old marked paper and hand count ballot.
Here's a good radio show on this topic featuring an IBM computer security
At the root page, www.ernesthancock.com,
you can find other shows on this topic near the bottom of the page.
June 25, 2006
Thanks for writing to the PC Radio Show about my reports on electronic voting issues. I appreciate your interest in this subject and would like to address some of your remarks here with regard to paper ballots and electronic voting systems.
I see that you are using the phrase "voter verifiable paper trails" to which I disagree, as the word "verifiable" means that the ballots may or may not be verified by the voters and may or may not be used as the official record of the election. I am a proponent only of voter VERIFIED paper-based balloting systems, which require that the voter indicate their consent with the printed (or hand-prepared) ballot through a casting action that confirms that they agree with the contents of the paper ballot, and also that these cast paper ballots be used as the official record of the election.
Systems implemented in this fashion can include optically scanned paper ballots that are independently audited, or entirely hand prepared (with mechanical assistive devices for the disabled) and counted paper ballots that do not involve electronic computation at all. Since the paper that the voter VERIFIED is the actual ballot used for counting the election, the scenario that you described (where there are additional electronic databases that are allowed to be used to calculate erroneous vote totals) cannot occur.
Please note that I have never said that paper-based voting systems in and of themselves can totally insure against vote or election fraud. All voting system types, whether they be fully paper or fully electronic (or a mix) require auditability throughout the process. With the fully electronic devices, though, there is no way that a voter can independently confirm that their vote has been recorded correctly from the start (on any of the multiply redundant databases). In fact, there is a growing list of instances where it has been confirmed that votes have been irretrievably lost from such fully electronic systems (see the list of mess-ups by vendor maintained at
So, if the first step of auditing, that by the voter at the time of casting the ballot, is not possible, the system is inherently flawed. My belief is that computers can be appropriately used with paper to help ensure that ballots are not altered or removed, and to assist in the public audit of the ballots at the end of the election day, but my suggestions in this regard have yet to be adopted.
Even if we set aside the initial audit of the ballot by the voter, it is not possible to entirely test or examine the software of the complexity of that which is used to run an election system. In fact, all of the manufacturers have employed commercial-off-the-shelf (COTS) software (such as operating systems, compilers, applications programs, and so on) in their voting systems, and these are entirely exempted from examination by the federal testing program.
Despite the numerous objections by scientists (including myself) to this blatant loophole in the so-called "independent" examination process, this use of COTS and other proprietary unexamined software has been allowed to persist in voting systems. When software "updates" (such as you mentioned) involve the COTS components, or when they are applied to ballot layout or database templates, this may be allowed without examination (even though these exchanges could adversely affect the operation of the devices or interpretation of data), depending upon state law. I have long called for the abolishment of this practice, with little success.
As for open source software, unfortunately this is not a viable option either. It can be mathematically proven to be infeasible to check a program of the complexity of an election system thoroughly enough to ensure that no backdoors exist that allow it to be compromised. The manner in which this could occur, even with open source code, is eloquently described in the classic paper
"Reflections on Trusting Trust"
written by Ken Thompson (one of the "fathers" of UNIX), in 1984.
Were this problem solvable, we could eradicate viruses, etc. in open products, but this is not possible. I have further explained this situation with respect to voting machines in an article that quoted me in Harvard Magazine
I hope that this helps your understanding of the subject. Considerable additional material regarding my position and research on these matters can be found on my website
www.notablesoftware.com/evote.html, which is also linked to the PC Radio Show website.
June 26, 2006
We are giving away two belated Fathers Day gifts. ATI TV Wonder
USB 2.0. Its a hardware device that plugs into a USB port and does video
capture. That is, convert any analog video to a digital format. Send Alfred an
email message explaining why you or your father deserves a gift. The deadline is
Monday June 26th at midnight ET.
Bill Gates is leaving Microsoft. Many people think this is a
good thing. Alfred pointed out that Martin Taylor is also leaving. He is
said to be a key adviser to CEO Steve Ballmer and was in charge of their anti-Linux crusade.
are two very recent bugs in Excel
- New Excel zero-day flaw used in attacks CNET News.com June 16, 2006
- Second zero-day Excel flaw emerges CNET News.com June 20, 2006
Alfred discussed the Verbatim “Store ‘n’ Go”, a 4GB USB
hard disk based thumb drive. It's tiny (less than 2 square inches) and is
powered exclusively by the USB port. Alfred said it works best with USB 2.0. It
retails for about $100. www.verbatim.com/hddrive
Alfred also discussed Migo synchronization software, that lets you take data from your computer and use it on other computers.
However, it requires that the application to process that data be installed on
the other computer.
If for example, you use Outlook Express for email,
you can put your OE email messages on any thumb drive (a.k.a flash drive, USB
drive) and then go to any other computer that has Outlook Express installed. The
interesting part is that the Migo software will zap Outlook Express on the
foreign computer with all of your email settings, so it works and acts just like
your copy of Outlook Express. When you are done using the foreign computer, Migo
restores Outlook Express to the state it was in before you started using
Depending on the version, Migo costs $30 to $50. www.migosoftware.com/why_migo/overview.php
Migo may sound like the U3 system, but it is
something totally different. For an introduction to U3, see Travelers have a great new alternative
by Andy Ihnatko in the Chicago SunTimes June 8, 2006.
Hank also discussed his experience with a small 6GB hard disk based thumb drive,
this one from Seagate.
Our guest was Randy Copeland, the founder and president of Velocity
They are a small computer manufacturer based in Virginia specializing in really fast PCs. As
they put it:
"Velocity Micro is a fast-growing manufacturer of computer systems, focusing mainly on the demands of gaming enthusiasts and
digital-content-creation professionals who want the best performance that they can get from their systems, as well as on business owners who want a
more personalized, hands-on buying and support experience than they typically get from the major PC makers."
Among other things, we discussed the challenges and advantages of being a small company in the land of giants, competing
with Dell and HP. Michael owns a Velocity Micro computer and offered his
In the next version of Office, Microsoft was going to include the
ability to create PDF files. No more. Adobe didn't like it.
Google just released an online spreadsheet to compliment their online Writely
word processor. It's not as full featured as Excel (no macros) but it can read
and write Excel spreadsheets and allows for multiple people to update a
spreadsheet concurrently. Currently though, it's only a limited release
Best Buy Boo Boo: Squad: Be careful with your data. A couple took their
computer to Best Buy to have the hard disk replaced. They were assured by the
store that their old hard disk, which was full of personal and sensitive
information, would be physically destroyed. Not true. A few months later a total
stranger calls to say he just bought their hard disk at a flea market.
Joe attended a preview of the upcoming DataLife show where he and Dave Chan
saw a product from a company called Tzero designed to replace audio-video cables
with a wireless network. The network is 100Mbps and is good for use with remote
speakers. The realistic distance is 30 meters but it can go up to 100 meters.
Basically, it competes with WiFi, and like WiFi can be used with computers. The
product is scheduled to be released in July.
A caller asked about wiping sensitive files off their computer. This is not
something Windows can do, even the Format command in DOS and Windows does not really
erase files. For totally erasing a hard disk of all traces of all files, you can
use the free Darik's Boot and Nuke.
On the show Dave mistakenly referred to this program as NukeIt.
Next week our guest will be the President of boutique computer vendor
Velocity Micro. We mistakenly said on the air that Alienware would be on.
Hank gave a presentation on the Remote Control of computers at the NYACC meeting
on Thursday June 8th.
- Interactive with remote desktop terminal
- Traffic routed through URL
- Reboot remote desktop terminal
- Free-no file transfer
LogMeIn Pro - Full function
- LogMeIn Pro Monthly, Per PC Annual
- Single PC $12.95 /month, per PC $69.95 /year
- 2-10 PCs $9.95 /month, per PC $59.95 /year
Microsoft Remote Desktop Terminal
- Dedicated remote computing
- Direct communications
- Disconnect remote desktop terminal
- Complete access to local resources
Open Secure Shell
Demo of Remote Desktop
- Set Up Remote Computer (the one being controlled)
(Must use password for USER on the remote computer)
What Is My IP www.whatsmyip.net
CONTROL PANEL -> SYSTEM -> REMOTE tab
check mark ALLOW REMOTE ASSISTANCE
check mark ALLOW USERS TO CONNECT REMOTELY [XP Pro only]
select remote users [optional]
use Tunnelier 3.28b if Remote Terminal is non XP Pro
- Open listening port
How to change the listening port for Remote Desktop
- Setup static internal IP
CONTROL PANEL ->
NETWORK CONNECTIONS ->
- Set Up Router
To determine default gateway or Internal IP of router
in Command Prompt -> IPCONFIG
Enter gateway or router setup
in advance mode - Port Forwarding 3389 … 3399
Reboot router [turn off and turn on]
- Set Up Client
START -> ALL PROGRAMS ->
REMOTE DESKTOP CONNECTION