If we recall, idiot Bev Harris was claiming that a Diebold fueled conspiracy rigged the Ohio vote so that Bush would win in 2004. And the CT loons ate it up.

Now, how will she explain yesterdays results? Did someone accidently rig the machines the wrong way? I suspect Bev will be strangely quite on this.

Reminds me of the idiots who wail about how oil companies are colluding to make gas $3.00 a gallon. And yet, they can never seem to explain how the prices would ever fall? From what I read in the paper, prices have dropped like a rock recently. And the wailers are strangely silent. I guess their attention was diverted by Britney's divorce.

If we recall, idiot Bev Harris was claiming that a Diebold fueled conspiracy rigged the Ohio vote so that Bush would win in 2004. And the CT loons ate it up.

Now, how will she explain yesterdays results? Did someone accidently rig the machines the wrong way? I suspect Bev will be strangely quite on this.



You've not been spending enough time with CTers, if a CTer makes a prediction of what the NOW (or whoever) will do next, and then the prediction turns out to be wrong, the CTers claim that their "exposing" of the plot meant that the conspiracy had to change their plans.
Therefore blackboxvoting have prevented dibold from taking over the world. You should be praising them as heroes, but instead you mock them. How dare you. ;)

Hum, excuse me?

Unless I'm mistaken, blackboxvoting.org claim isn't that Bush has stole the elections, but that many of the electronic voting systems used around the US have serious security vulnerability, which is certainly not a "conspiracy" and in fact has been supported by close to the entire information security community.

It's not because vulnerabilities aren't exploited that we should simply ignore them.

Reminds me of the idiots who wail about how oil companies are colluding to make gas $3.00 a gallon. And yet, they can never seem to explain how the prices would ever fall? From what I read in the paper, prices have dropped like a rock recently. And the wailers are strangely silent. I guess their attention was diverted by Britney's divorce.
Naw. Prices fell because Big Oil wanted Bush to look better in the hopes that that might translate into more Republicans remaining in or being elected into office. They need to keep their patsies in place. I'm sure that, now that the election is over, oil prices will start rising again. Why not? Might as well get what they can before those evil Dems come after them.

:duck:

Unless I'm mistaken, blackboxvoting.org claim isn't that Bush has stole the elections, but that many of the electronic voting systems used around the US have serious security vulnerability, which is certainly not a "conspiracy" and in fact has been supported by close to the entire information security community.



No, BBV claimed that Bush stole the 2004 election and that it was a big conspiracy the media covered up. Then they simply removed the info from their web site.

Nowadays because of the EFF/Slashdot and other left leaning web sites and orgs giving them free press, they stay clear of their conspiracy roots to keep soaking people for donations.

I had some fun reading their forums once where Bev Harris was talking about how their janitor was actually an FBI spy and other looniness. The sad part is their grass roots efforts have paid off and people think they are legit.

No, BBV claimed that Bush stole the 2004 election and that it was a big conspiracy the media covered up. Then they simply removed the info from their web site.

Nowadays because of the EFF/Slashdot and other left leaning web sites and orgs giving them free press, they stay clear of their conspiracy roots to keep soaking people for donations.

I had some fun reading their forums once where Bev Harris was talking about how their janitor was actually an FBI spy and other looniness. The sad part is their grass roots efforts have paid off and people think they are legit.

Ok, I wasn't aware of this.

But still, Diebold's (and other vendor's) systems security vulnerabilities are real people. This isn't something that we took out of our asses.

Ok, I wasn't aware of this.

But still, Diebold's (and other vendor's) systems security vulnerabilities are real people. This isn't something that we took out of our asses.

Actually, Harris' people have had a tendency to overstate and dramatize things in the past. I've laughed at some of the "vulnerabilities" they came up with in the past.


There are three main types of evoting groups:
1. woo groups for/against it in general
2. reputable groups for evoting who want open systems and transparency
3. luddites who are blanket against it

BBV is in group 1.

Actually, Harris' people have had a tendency to overstate and dramatize things in the past. I've laughed at some of the "vulnerabilities" they came up with in the past.


There are three main types of evoting groups:
1. woo groups for/against it in general
2. reputable groups for evoting who want open systems and transparency
3. luddites who are blanket against it

BBV is in group 1.

I'll leave aside a historical lecture on why your use of the term luddite is wrong, and just call you on your "false trichotomy".
You leave no room for those who have legitimate concerns over electronic voting, and feel that those concerns so vastly outweigh any perceived benefits that the pursuit of electronic voting technology is a massive waste of public money.

Actually, Harris' people have had a tendency to overstate and dramatize things in the past. I've laughed at some of the "vulnerabilities" they came up with in the past.

BBV are far from the only group to have said there are serious problems.

For a start, you can read what Bruce Schneier has said on the topic over the past years:

http://www.schneier.com/cgi-bin/search/search.pl?Realm=whole+site&Terms=diebold

As I said, this isn't some kind of crap conspiracy. The problems are real.

Here in Quebec, the government has chosen to wait before adopting electronic systems on a large scale, part because the supposed benefices haven't been observed, but also because of the consensus in the infosec community regarding their security.

For a start, you can read what Bruce Schneier has said on the topic over the past years:


Yeah, but who is this Bruce Schneier to have an opinion? Aside from being arguably the top civilian cryptographer and computer security expert in the United States today, I mean.

Naw. Prices fell because Big Oil wanted Bush to look better in the hopes that that might translate into more Republicans remaining in or being elected into office. They need to keep their patsies in place. I'm sure that, now that the election is over, oil prices will start rising again. Why not? Might as well get what they can before those evil Dems come after them.

:duck:
Started here (Florida) yesterday (going up.)

Conspiracy nuts?

You haven't been paying much attention to the criticisms and who's been making them.

Democrats had a huge edge this year, so the problems weren't as obvious, but they are very real.

You've not been spending enough time with CTers

Exactly! This is just a meaningless election the Dems were gonna take anyway, so why bother -- by NOT swinging it to the Republicans in Ohio, it'll build confidence, false lying confidence, in the system, to be used in the 2008 election when it's really needed!

That it didn't happen is even stronger evidence for it!

I'll leave aside a historical lecture on why your use of the term luddite is wrong, and just call you on your "false trichotomy".
You leave no room for those who have legitimate concerns over electronic voting, and feel that those concerns so vastly outweigh any perceived benefits that the pursuit of electronic voting technology is a massive waste of public money.

I'm a snob and stubborn mule and choose to dismiss people who insist on paper ballots with a "bah".

I consider the belief that evoting is inherently flawed because it is electronic to be merely belief. I think that the only way to deal with beliefs like this is by ridicule. (because i am a prick)

Actually, Harris' people have had a tendency to overstate and dramatize things in the past. I've laughed at some of the "vulnerabilities" they came up with in the past.


There are three main types of evoting groups:
1. woo groups for/against it in general
2. reputable groups for evoting who want open systems and transparency
3. luddites who are blanket against it

BBV is in group 1.

Right now the evoting boxes are closed, security-by-obscurity systems. Which group do the supporters of the status quo fall into?

Remember that it was not just the retards at BBV - it was many of the retards in Congress - Rep. Conyers being the most obvious. He'll be chairing the House Committee on the Judiciary next year.

Both houses of Congress raised this conspiracy theory in 2004.

Yeah, but who is this Bruce Schneier to have an opinion? Aside from being arguably the top civilian cryptographer and computer security expert in the United States today, I mean.
Yes, but Schneier arguably fits into Corplinx's second category, because he's not against evoting per se, but simply points out flaws in the current implementation, and adevocates the steps necessary to make it secure -- ie. open-source code and transparency.

Right now the evoting boxes are closed, security-by-obscurity systems. Which group do the supporters of the status quo fall into?

People who work for the companies who make them?

I'm a snob and stubborn mule and choose to dismiss people who insist on paper ballots with a "bah".

I consider the belief that evoting is inherently flawed because it is electronic to be merely belief. I think that the only way to deal with beliefs like this is by ridicule. (because i am a prick)Now, see how easy it is:

For that to make any kind of sense, it needs is the phrase, "stupid and one-eyed" inserted immediately prior to the last word of the post.

You leave no room for those who have legitimate concerns over electronic voting, and feel that those concerns so vastly outweigh any perceived benefits that the pursuit of electronic voting technology is a massive waste of public money.
I am in that group.

DR

The same company, Diebold, make ATMs and similar stuff, with very few instances of "security problems" there. Even though there's far more private info running through them than a voting machine. Perhaps the ATM designers should get together with the voting machine designers over lunch, and exchange knowledge??

The same company, Diebold, make ATMs and similar stuff, with very few instances of "security problems" there. Even though there's far more private info running through them than a voting machine. Perhaps the ATM designers should get together with the voting machine designers over lunch, and exchange knowledge??

And don't ATMs actually have some sort of permanent record of the transactions? The banks were able to track down everybody who took money out of ATMs on 9/11.

Maybe the banking system should be some sort of model. Why even make a new machine? Just take the interface from the banking machine, leaving the safe/vault behind, modify it a little, and use that. Instead of money, it would count votes.

Naaah, that would be too easy. But would keep your money in a bank if their ATMs had a similar track record security-wise to the electronic voting machines?

People who work for the companies who make them?

You're right. That's hardly a "main" group at all.

The same company, Diebold, make ATMs and similar stuff, with very few instances of "security problems" there. Even though there's far more private info running through them than a voting machine. Perhaps the ATM designers should get together with the voting machine designers over lunch, and exchange knowledge??Yeah, ATMs hardly ever get hit by fraud:
http://www.google.co.nz/search?hl=en&q=%22atm+fraud%22&meta=

You've not been spending enough time with CTers, if a CTer makes a prediction of what the NOW (or whoever) will do next,

I think you mean the NWO...

I think you mean the NWO...I'm sure one of the "WW" wrestling troupes used to have a "New World Order". Are they really big guys with bad haircuts?

Yeah, ATMs hardly ever get hit by fraud:
http://www.google.co.nz/search?hl=en&q=%22atm+fraud%22&meta=

That's not the same thing, since ATM fraud typically relies on one of two techniques:

1. "Shoulder-surfing" to steal the user's PIN combined with theft of the card itself from the user.

2. Using an add-on card-reader disguised to look like part of the ATM, combined with either a camera to record the PIN being entered on the keypad, or a replacement keypad with a keystroke logger. This information is used with a card writer and easily-obtained blank "security" cards to create duplicate ATM cards, which are then used to make the withdrawl at a real ATM. More sophisticated version using fake stand-alone ATMs placed in public places (like shopping malls) have been used as well.

Either way, both require obtaining information or cards from the victim. I'm not aware of any case where a legitimate ATM has ever been hacked by a third party. You really should read your links before you post them.

Either way, both require obtaining information or cards from the victim. I'm not aware of any case where a legitimate ATM has ever been hacked by a third party. You really should read your links before you post them.

The threat model is also entirely different; it doesn't really matter much to me if Larry, Moe, and Curly get together to defraud the bank of several thousand pounds via ATM. Even several million pounds won't bother me; the bank carries insurance against such things, so it won't be out the money, and I certainly won't be out the money. I might even cheer on Larry, Moe, and Curly as they do it. ATM security isn't something that needs to be demonstrated to me, only to the bank.

On the other hand, I care very deeply if Larry, Moe, and Curly managed to conspire to defraud Tweedledee of several thousand votes, thereby giving Tweedledum the victory.

That's not the same thing, since ATM fraud typically relies on one of two techniques:

1. "Shoulder-surfing" to steal the user's PIN combined with theft of the card itself from the user.

2. Using an add-on card-reader disguised to look like part of the ATM, combined with either a camera to record the PIN being entered on the keypad, or a replacement keypad with a keystroke logger. This information is used with a card writer and easily-obtained blank "security" cards to create duplicate ATM cards, which are then used to make the withdrawl at a real ATM. More sophisticated version using fake stand-alone ATMs placed in public places (like shopping malls) have been used as well.

Either way, both require obtaining information or cards from the victim. I'm not aware of any case where a legitimate ATM has ever been hacked by a third party. You really should read your links before you post them.I read them alright - I didn't suggest ATMs could be hacked - clearly, without a card, they can't, but their security was brought up so I showed that they aren't at all 100% secure. Nobody's suggesting the same types of fraud will occur with electronic voting, just that if there's sufficient incentive, people will try.

Don't try and tell me that bank accounts and credit cards don't get hacked into, because they do. The stakes might be a little higher again when it's not just money at stake.

The threat model is also entirely different; it doesn't really matter much to me if Larry, Moe, and Curly get together to defraud the bank of several thousand pounds via ATM. Even several million pounds won't bother me; the bank carries insurance against such things, so it won't be out the money, and I certainly won't be out the money. I might even cheer on Larry, Moe, and Curly as they do it. ATM security isn't something that needs to be demonstrated to me, only to the bank.

On the other hand, I care very deeply if Larry, Moe, and Curly managed to conspire to defraud Tweedledee of several thousand votes, thereby giving Tweedledum the victory.
Ah, you see, if I'd come and read the posts first, I could have just copied yours and said "ditto"!

Well, some people here are clearly misstating the issue, perhaps deliberately. The complaint that I have, as a programmer, is that public elections are being counted by private, proprietary software. Because of that, our elections are being entrusted to a private party who could cheat, simply because the public has no way to audit what is going on in the so-called "black box". Our elections should not be subject to the good will of the counters.

The solution, and I see no rational objection to this, is that all election software should be open source, subject to the rigors of independent testing and improvement, and every action should be traceable by creation of a detailed log file and a paper printout of those logs, so that elections can be audited for fairness and accuracy.

George Allen would probably have liked to ask for a recount, but since there is no paper trail, all the machine does is re-run the same totals, which won't do anything to determine whether or not there were any bugs, fraud, or cheating going on in a given precinct.

In my line of work, every project I make is incessantly tracked for usage "metrics" so that the client can see a postmortem. Why don't we demand the same thing from our most important element of democracy?

It's easy to ridicule the "CT'ers", but that does nothing to address a real problem.

George Allen would probably have liked to ask for a recount, but since there is no paper trail, all the machine does is re-run the same totals



Which is ideal in my opinion. We should know who winners are and shouldn't subjected to hanging chads, dented chads, stray marks or any of that other nonsense we american are so fond of forgetting.

Which is ideal in my opinion. We should know who winners are and shouldn't subjected to hanging chads, dented chads, stray marks or any of that other nonsense we american are so fond of forgetting.

But the point is that voting machines are so badly programmed that lots of things can go wrong, from human error to hacking to people inserting bogus votes.

At least, based on the limited information we have, they seem to be badly programmed. Diebolt and other companies are making it very difficult to find out for sure.

What is the advantage of having an evoting? Seriously, I don't get it.

What is the advantage of having an evoting? Seriously, I don't get it.

Oh, I'm not against E-voting. The advantage is that if done properly, we can avoid the human error aspect of it. My objection is that we've allowed "proprietary" software in something that belongs to the public.

Our elections are not private, they are the most public thing we have. They should be 100% transparent.

Which is ideal in my opinion. We should know who winners are and shouldn't subjected to hanging chads, dented chads, stray marks or any of that other nonsense we american are so fond of forgetting.

I agree. However, the software absolutely must not be private. It must be open source, and leave copious, redundant, and ridiculous logs of any and all activity.

Half my job is reading through logs to verify programming tabulations when end-users complain about bugs.

At least, based on the limited information we have, they seem to be badly programmed.


The movement against evoting is one that plays with fear, uncertainty, and doubt in large. I suggest not succumbing to those tools.

The movement against evoting is one that plays with fear, uncertainty, and doubt in large. I suggest not succumbing to those tools.

Phrases like "the movement" are vague generalities and don't do any service towards the issue.

The objection is clear. The software is secret and that is unacceptable.

Phrases like "the movement" are vague generalities and don't do any service towards the issue.

The objection is clear. The software is secret and that is unacceptable.I agree. Reasonable objection is reasonable objection, regardless of whether any so-called movement exists, and whether the supposed movement happens to support, to whatever degree, the reasonable objection.

I agree. Reasonable objection is reasonable objection, regardless of whether any so-called movement exists, and whether the supposed movement happens to support, to whatever degree, the reasonable objection.

Yes, and to offer some explanation, IIRC, Diebold is using Perl and MS Access to record the votes. MS Access is kind of like the ugly step-child to SQL Server, which keeps no log files for transactions. I'm not really a DB software guru, but I am told that MS Access is very hackable.

Diebold's early code had silly errors like leaving the password as "1111" and other laziness, it's loaded onto the Windows boxes using Flash cards, and in many instances different machines are using different versions, all of which makes me doubt Diebold's ability to handle this job correctly, either by choice or by stupidity.

Furthermore, a voting system is just not that hard to make, and the idea that we need some sort of private firm to handle what any halfway decent coder could do much better, and certainly a team of university scientists could nail, is laughable.

What we need is across the board faith in our elections and secret software, built to leave no trail and open to fraud, just ain't it.

Wait, wait. There is actually an e-voting system running on an ACCESS DATABASE?
Oh...
my...
:dl:


Over here, we have a very primitive system. We go to the polls, we show identification, our names are struck out from the list, we are given a piece of paper with the names of the candidates, we go behind a booth, we check the name we want, we fold the paper, we put it through the slot in a box.

I realize that Canada's population is smaller, but this usually has worked fine for the past decades or so, fine enough that we are done counting the same night. :rolleyes:

http://www.wired.com/news/evote/0,2645,61243,00.html?tw=wn_polihead_1

"Among revelations contained in the memos was information that the Microsoft Access database used by the Diebold system to collect and calculate votes was not protected by a password. This meant someone could alter votes by entering the database through physical access to the machine or remotely using the phone system."

Actually this article is a real hoot. Who would trust this software with his life savings?

Access is not a database. The database engine is called "Jet". Access is just one of several tools that use it.

If you are going to pretend to be a technology and open source bigot, at least have a faint clue what the hell your talking about.

Wow... Just did a quick bit of reading about this thing as I wasn't familiar with it, and it's baffling me. I knew US elections were a joke, but I never knew it was that bad. Namely, that Diebold higher-ups were involved in fraud, that they have had affiliations with politicians, that a Diebold spokesman's "refutation" of the "fearmongering" is that he doesn't believe people are so evil as to rig elections, and last but not least that their system is using the crappiest kind of database in existence and is so full of bugs and security holes that it'd make Microsoft blush. And this is used to count around EIGHTY [rule 8]ING PERCENT of the votes?!

I don't understand. I don't understand how the American can tolerate this parody of democracy.

Um, Access IS a database, genius. It can be a database frontend AND even a backend (though that'd be the worst idea ever). Either way, it sucks complete ass.

Hahaha! This amused me.
Check out Diebold's website (http://www.diebold.com/dieboldes/) with either Opera or Firefox. You can see small snippets of ASP code. It's nothing in and of itself, but sure shows how sloppy they are. As a web developer (and a bigot, apparently), I reserve the right to mock a so-called serious company who sells the most important kind of software that could be if they can't even make a proper website.

Um, Access IS a database, genius. It can be a database frontend AND even a backend (though that'd be the worst idea ever). Either way, it sucks complete ass.

This is Jet:
http://en.wikipedia.org/wiki/Microsoft_Jet_Database_Engine

No, Access is not a database. Its a database program that used underlying tech as the actual database.

No, it is not the worst idea ever. Applications have been developed with Jet databases fine in the past and still continue to be. Its if you have an app that needs a small embedded database, that is its target usage.

Really, take the anti-MS everything MS sucks trolling and go play on slashdot or something.

Right. It's not a database, it's a "database program". Who cares? This is semantical nonsense. You can open up Access and create your own little database directly in it, without even a server. Calling it an "Access database" would not be all that inaccurate, it's a matter of phrasing. :rolleyes:

And yes, I suppose Access is fine for "small embedded databases". I've had to work with it in the past (creating the db schema and programming Access forms that manipulated the data with form controls programmed in VBA... it was a nightmare), and even for a small app it was a completely buggy, unstable, hellish cluster[rule 8], but I suppose it could work if your needs are really, really minimal. Like creating a database of your CD collection, maybe.

But we're talking about A VOTING SYSTEMS for crying out loud! Possibly the most important kind of software one may need, to gather huge amounts of data and requiring the most extensive security! Using anything LESS than something on par with Oracle is completely idiotic and irresponsible (hell, I wouldn't even encourage using MySQL, even if I love it and it's used for enormous projects).

Anyway, it appears you're only interested in nitpicking small details and flaming people. That's twice in a row you've called me names, so I've taken the liberty to report you. Good day.

Right. It's not a database, it's a "database program". Who cares? This is semantical nonsense.

No, its not semantical nonsense. Its called an error. There are many database design, query, form, and high level tools. Access is not a database and comparing it to mysql or postgres or DB2 is an error.

This is the part where you agree that you are wrong and move on.

Diebold is using ... MS Access to record the votes. MS Access is kind of like the ugly step-child to SQL Server, which keeps no log files for transactions. I'm not really a DB software guru, but I am told that MS Access is very hackable. Odin help us all. It is fantastically unbelievable that they would use a piece of unsecure, unreliable, prone to data corruption piece of garbage such as Access.

Microsoft themselves would not be so unrelentingly stupid to store important data in Access.

Are you sure? Do you have a cite?

If we recall, idiot Bev Harris was claiming that a Diebold fueled conspiracy rigged the Ohio vote so that Bush would win in 2004. And the CT loons ate it up.

Now, how will she explain yesterdays results? Did someone accidently rig the machines the wrong way? I suspect Bev will be strangely quite on this.
There is a lot of speculation (and of course, without paper trails, that's all it can ever be) that the vote in Virginia was in fact rigged, but since the riggers didn't know in advance how big the Democratic wave was going to be, they didn't rig it enough to overcome that wave. Rigging too obviously gives the game away. The reason this speculation is even happening is because of how fast Allen conceded even though he was entitled to a recount -- which might have revealed skulduggery.

Frankly the problem with those machines is and always has been the lack of transparancy -- thus the term "black box voting." That's not "loony" and not "woo-ism" and your characterization of it as such is insulting, especially to anyone even modestly familiar with how computers work. In fact, the more techie people are, the less they trust computerized voting. And it seems after the rash of extreme problems (which you probably studiously ignored in order to maintain your thesis) that affected BOTH Republican and Democratic voters on Tuesday, we are likely to see the end of Diebold machines in our voting booths forever. They are flaky and balky, insecure, and not trustworthy. The most machinery we need in our voting booth is a scanner to read our filled-in oval bubbles. Dumb-simple technology that's been in use for the better part of the last 40 years or so, if not longer.

Reminds me of the idiots who wail about how oil companies are colluding to make gas $3.00 a gallon. And yet, they can never seem to explain how the prices would ever fall? From what I read in the paper, prices have dropped like a rock recently. And the wailers are strangely silent. I guess their attention was diverted by Britney's divorce.Maybe you need to get a different paper. Prices did drop prior to the election. And about 40% of the public believed that oil companies were manipulating those prices to keep oil-business-friendly Republicans in power. This impression was further reinforced on ELECTION NIGHT as it became apparent that the R's were going to get rinsed away, people in many states, including myself, noticed very abrupt increases ranging from 30 to 90 cents.

Explain to me exactly how far-fetched it is that oil cartels manipulate prices? With consolidation in the oil biz going the way it is there are only about five or six actual people who have to agree.

Corp is right (ouch, that hurts :) ) that jet is really the db engine. It might be a viable tool for the evoting machines if implemented properly. But using it without invoking multiple layers of security is just stupid.

IOW, it is not the technology that is the problem, it is the application specific iimplementation of that technology that sucks.

That said, I agree with Morrigan that ALL evoting software must be public and must be based on fully public technology. Under this criterion, Access is out.

No, it is not the worst idea ever. Applications have been developed with Jet databases fine in the past and still continue to be. Its if you have an app that needs a small embedded database, that is its target usage. You have utterly no idea of which you speak. Jet is a flimsy piece of crap that even Microsoft wouldn't touch with a 10 foot pole (for internal use). And this is not speculation.

I can back this up until the cows come home but the discussion should probably take place in the computer section. Be prepared -- I'm an expert in this field.

Corp is right (ouch, that hurts :) ) that jet is really the db engine. It might be a viable tool for the evoting machines if implemented properly. But using it without invoking multiple layers of security is just stupid. Yes, it's a phenomally unreliable, unsecure DB engine. It would be apt to call it a Database Corruption Engine. To store important data in Jet requires unrelenting ignorance.

You have utterly no idea of which you speak. Jet is a flimsy piece of crap that even Microsoft wouldn't touch with a 10 foot pole (for internal use). And this is not speculation.

I can back this up until the cows come home but the discussion should probably take place in the computer section. Be prepared -- I'm an expert in this field.

Access/Jet was a simple 'database' application Microsoft bought off a third party. It lacks many of the features that a 'real' (There are numerous academic debates of what actually makes up a technically correct database system) commercial database has. It is a toy, a useful one for many applications, but not the sort of thing you would put something as important as the count of an election in.

Access/Jet is more or less a dead for Microsoft. It is putting all it's work into SQL Server and cut down versions of SQL server are available for free that would be much more suitable for this purpose.

If the application is written in Access VBA, that is also a serious concern. Error handling and stability are once again lacking that more advanced languages implement.

Yes, it's a phenomally unreliable, unsecure DB engine. It would be apt to call it a Database Corruption Engine. To store important data in Jet requires unrelenting ignorance.

Your just being a technology bigot. I don't have time for people with religion-like technology beliefs like MS won't touch Jet with a 10 foot pole.

They did touch it with a ten foot pole obviously.

I would think a jet database would be fine for a single user app like a voting software where you store names and votes. My guess is the typical machine stores 3000 sets of votes?

Voting machines don't need an Oracle 10g grid. I doubt they need an SQL server of any type.

I agree. However, the software absolutely must not be private. It must be open source, and leave copious, redundant, and ridiculous logs of any and all activity.

Half my job is reading through logs to verify programming tabulations when end-users complain about bugs.

Why open source code? Wouldn't it be better to keep the code secret?

Wow... Just did a quick bit of reading about this thing as I wasn't familiar with it, and it's baffling me. I knew US elections were a joke, but I never knew it was that bad. Namely, that Diebold higher-ups were involved in fraud, that they have had affiliations with politicians, that a Diebold spokesman's "refutation" of the "fearmongering" is that he doesn't believe people are so evil as to rig elections, and last but not least that their system is using the crappiest kind of database in existence and is so full of bugs and security holes that it'd make Microsoft blush. And this is used to count around EIGHTY [rule 8]ING PERCENT of the votes?!

I don't understand. I don't understand how the American can tolerate this parody of democracy.

Here is a less alarmist but more deep account of the issue:

http://money.cnn.com/magazines/fortune/fortune_archive/2006/11/13/8393084/?postversion=2006110309

Folks, please keep in mind your membership agreement concerning civility.

Thanks.

Now - out of moderator mode - discussions of a database's flaws and strength's have to be one of the least subjective topics I can imagine; there's tons of documentation for both sides of the argument.

I would expect skeptics in a skeptics forum to make use of that information rather than simply taking sides and providing weak evidence via anecdotes. :)

Your just being a technology bigot. That could be partially true.

I don't have time for people with religion-like technology beliefs like MS won't touch Jet with a 10 foot pole. They did touch it with a ten foot pole obviously. LOL. Rest assured that Jet is not used internally at Microsoft to store important data. And rest assured that if anyone at Microsoft were to store important data in Jet, it would be a rogue effort and they'd get fired or at least spanked hard. Microsoft isn't a complete idiot. They know that Jet is crap. If you want to know how I know this, drop me a PM.

I would think a jet database would be fine for a single user app like a voting software where you store names and votes. My guess is the typical machine stores 3000 sets of votes? Let's hope the database is compressed periodicaly. If you insert 3000 rows, delete them, insert them, delete them, repeatedly over time, you can watch the disk file grow and grow and then, all too often, become corrupted. For a database to (frequently) corrupt data is a fatal flaw.

Voting machines don't need an Oracle 10g grid. I doubt they need an SQL server of any type. The only flimsy leg you have to stand on in defense of Jet is it may be there are/were no decent alternatives for an embedded database.

Just the fact that Jet logs nothing, whereas a robust DBMS systematically logs every transaction (insertions, edits, deletions) should be cause for skepticism. (With Jet or the like, it is up to the application programmer to implement logging. Not wise.)

Why open source code? Wouldn't it be better to keep the code secret?

No. Keeping the code secret just means that (some) honest people don't know about the flaws in your software.

It's called "security through obscurity" and it has a long track record of failing miserably. A good example is how Matt Blaze cracked the LEAF field of the Clipper phone.

I would expect skeptics in a skeptics forum to make use of that information rather than simply taking sides and providing weak evidence via anecdotes. :) And I would expect skeptics in a skeptics forum not to be so vague.

Why open source code? Wouldn't it be better to keep the code secret?

Well, I'm not a security expert, but I do write code and I think open source, in this case, performs two functions. First, it opens the code to public inspection, which removes any doubt about cheating on the part of the software writers, which is especially important when the head of Diebold was making bold promises to "deliver Ohio to George Bush". Why have that as a possibility at all? Secondly, while may not be a security expert, there are plenty of people who are, and nothing would solve security flaws faster than a community of people devoted to finding hacks.

As flaws are discovered and agreed upon, fixes can be put in place. And I'm not an open source partisan, as some have asserted in this thread. I love MS products, and in my job I use vb.net and MS servers and SQL Server 2005.

However, I also use open source stuff, and there are great benefits to that as well. But in this case we aren't talking about my private business and private clients and private software.

We're talking about public elections, and IMO, that requires public methods and precludes a company like Diebold suing people like Bev Harris over leaking their code and pointing out flaws, even if she were a nut or a "CT" or whatever.

No. Keeping the code secret just means that (some) honest people don't know about the flaws in your software. Correction:
No! Keeping the code secret just means that (some) honest people don't know about the flaws in your software.

If we recall, idiot Bev Harris was claiming that a Diebold fueled conspiracy rigged the Ohio vote so that Bush would win in 2004. And the CT loons ate it up.

Now, how will she explain yesterdays results? Did someone accidently rig the machines the wrong way? I suspect Bev will be strangely quite on this.

Reminds me of the idiots who wail about how oil companies are colluding to make gas $3.00 a gallon. And yet, they can never seem to explain how the prices would ever fall? From what I read in the paper, prices have dropped like a rock recently. And the wailers are strangely silent. I guess their attention was diverted by Britney's divorce. Britney is getting divorced? Britney Spears?

If we recall, idiot Bev Harris was claiming that a Diebold fueled conspiracy rigged the Ohio vote so that Bush would win in 2004. And the CT loons ate it up.

Now, how will she explain yesterdays results? Did someone accidently rig the machines the wrong way? I suspect Bev will be strangely quite on this.

Reminds me of the idiots who wail about how oil companies are colluding to make gas $3.00 a gallon. And yet, they can never seem to explain how the prices would ever fall? From what I read in the paper, prices have dropped like a rock recently. And the wailers are strangely silent. I guess their attention was diverted by Britney's divorce.

By the way, I decided to check and see if your premise was correct that Harris would be "strangely quiet" about this, since the Democrats won, and you are just plain wrong about that.

http://www.blackboxvoting.org/

There is plenty of activity on their part. They filed thousands of FOIA requests and are documenting statistical anomalies which suggest that further inquiry is warranted. Do you now reconsider your thesis?

Do you contend that statistical anomalies should be ignored, based on whose party wins?

The open/closed source question related to electronic voting isn't a real security issue. Diebold could perfectly ask a third party to perform a security review of its code without having to "open" it to everyone. Plus, what does it change if the code is open or not? You can review their code all you want prior to the election, but until you're certain that the voting machines are really using that same code, it doesn't change anything to the risks (and you can't really ever be certain of that)

The open/closed source question related to electronic voting isn't a real security issue. Diebold could perfectly ask a third party to perform a security review of its code without having to "open" it to everyone.

... assuming, of course, that Diebold can find a third party that everyone agrees is both fair-minded and omniscient. If I don't trust Diebold's choice for the reviewer, either due to competence issues or potential bias, third-party review buys little.

I would like to point out that secret third-party review behind closed doors is exactly the security-through-obscurity system that was proposed to protect the Clipper secure phone system.

The "closed-door" review found no security holes.

Matt Blaze, an outsider, found one in something less than a week.

Plus, what does it change if the code is open or not? You can review their code all you want prior to the election, but until you're certain that the voting machines are really using that same code

.... which is more or less a solved technological problem Audit the voting machine software and confirm its identity via checksums.



.it doesn't change anything to the risks (and you can't really ever be certain of that)

No, but with a system like MD5 and proper audit trails, we can confirm that the probability of software corruption is less than 2^(-128) or something.

... assuming, of course, that Diebold can find a third party that everyone agrees is both fair-minded and omniscient. If I don't trust Diebold's choice for the reviewer, either due to competence issues or potential bias, third-party review buys little.

If Diebold can't be trusted to chose one, then a law could assign one to them. It'sa pretty common occurance anyway. My point is just that there are plenty of alternatives to opensourcing.

I would like to point out that secret third-party review behind closed doors is exactly the security-through-obscurity system that was proposed to protect the Clipper secure phone system.


The "closed-door" review found no security holes.

Matt Blaze, an outsider, found one in something less than a week.

So they didn't performed their review correctly. Plenty of open sourced code have also exhibit security vulnerabilities years after their release - it obviously doesn't mean that open sourcing is bad for security.

The problem is when people RELY exclusively on security by obscurity - then this strategy becomes a bad idea. But in the context of a defense in depth, it can make perfect sense. Open Source isn't the end-all solution to security problems.

.... which is more or less a solved technological problem Audit the voting machine software and confirm its identity via checksums.

No, but with a system like MD5 and proper audit trails, we can confirm that the probability of software corruption is less than 2^(-128) or something.
How do you want to audit thousands individual machines? How do you want to verify their checksum? And even then, you need to trust the tools you use to make your audit. The logistical implications are very important.

If Diebold can't be trusted to chose one, then a law could assign one to them.

What makes you think that the law is better at finding an omniscient reviewer than Diebold would be?


So they didn't performed their review correctly.

Um, yeah. That's my point. Some cynics claim that they were paid to, others point out that reviewers are human, too, and that some rather Nixonian "mistakes were made." You can take either side of that argument; I have no dog in that particular fight.

A different group might have -- demonstrably did have, in fact -- different results.

The advantage of open source is that you can do as many reviews as you like with as many people as you like. Multiple independent eyeballs are almost better for finding things than single eyeballs The "multiple eyeball" effect has been demonstrated many times to outweigh any advantages gained from "defense in depth" by keeping code secret.

There are indeed plenty of alternatives to opensourcing. Unfortunately, they're empirically demonstrated to be inferior.


How do you want to audit thousands individual machines? How do you want to verify their checksum? And even then, you need to trust the tools you use to make your audit. The logistical implications are very important.

No greater than they are for a closed-source, or even a non-electronic system.

For example, you're worried that someone might install a rogue version of the open-source voting software on a machine somewhere in the delivery or installation chain. And I agree, that's a possible, if somewhat far-fetched, threat that should be addressed.

But, of course, that's exactly as big a risk for a closed-source system as for an open-source system. No matter what Diebold provides, they need to have some way of confirming that the software running during the election is the right version that they thought they were shipping from the factory.

What makes you think that the law is better at finding an omniscient reviewer than Diebold would be?

? I don't understand your question. There are many companies out there who do this for a living. It is very common for the government (or for any other entity paying another one to develop a software) to request a third-party security verification. And what do you mean by "omnicient" reviewer? Nobody is expecting anyone to be perfect. Security never, ever is.

Um, yeah. That's my point. Some cynics claim that they were paid to, others point out that reviewers are human, too, and that some rather Nixonian "mistakes were made." You can take either side of that argument; I have no dog in that particular fight.

A different group might have -- demonstrably did have, in fact -- different results.

Agree.


The advantage of open source is that you can do as many reviews as you like with as many people as you like. Multiple independent eyeballs are almost better for finding things than single eyeballs The "multiple eyeball" effect has been demonstrated many times to outweigh any advantages gained from "defense in depth" by keeping code secret.


While the "multiple eyeballs theory" is true, it remains efficient as long as competent individual actually review the code - being "open" and "available" isn't good enough. That's exactly why many open source projects have ended up with vulnerabilities years after their initial deployment, and that's why people serious with code security never put their trust entirely on open-source. It's far, far from being sufficient.


There are indeed plenty of alternatives to opensourcing. Unfortunately, they're empirically demonstrated to be inferior.

I would trust a competent team of security programming experts with access to the closed source over open sourced code "reviewed" by the public any day of the week, and I'm pretty sure the rest of security community would do the same. I have no idea where you got that this has been "empirically demonstrated to be inferior" - this is clearly false.


No greater than they are for a closed-source, or even a non-electronic system.

Indeed. So how exactly is open source better, if you're stuck with an unauditable system aterward?


For example, you're worried that someone might install a rogue version of the open-source voting software on a machine somewhere in the delivery or installation chain. And I agree, that's a possible, if somewhat far-fetched, threat that should be addressed.

Not only is this not far fetched, but it's probably the most probable attack vector possible. In fact, plenty of demonstration of Diebold security shortcommings have exactly use these scenarios (see the Princeton video for example).

But, of course, that's exactly as big a risk for a closed-source system as for an open-source system. No matter what Diebold provides, they need to have some way of confirming that the software running during the election is the right version that they thought they were shipping from the factory.
Agree. So, why would open source be "better" if in both cases there's no certification process for any user to make sure the voting machine they are using is the right one?

? I don't understand your question. There are many companies out there who do this for a living. It is very common for the government (or for any other entity paying another one to develop a software) to request a third-party security verification. And what do you mean by "omnicient" reviewer? Nobody is expecting anyone to be perfect.

.... which is why you want to get as many reviewers as possible. See "eyeballs, multiple."

Keeping source code a secret merely acts to reduce the number of potential eyeballs. It's been demonstrated repeatedly that it has very little ability to prevent hostiles from determining the contents of the system. Closed-source keeps honest people from seeing the flaws in your system.


Indeed. So how exactly is open source better, if you're stuck with an unauditable system aterward?


Because someone is more likely to spot this particular flaw. See "eyeballs, multiple."


Agree. So, why would open source be "better" if in both cases there's no certification process for any user to make sure the voting machine they are using is the right one?

Because someone is more likely to spot this particular flaw. See "eyeballs, multiple."

Let me put it to you this way. There is no flaw you can cite in an open-source system that is not equally likely to occur in a closed-source system, with the single (and empirically negligible) possbility that closed-source can prevent reverse engineering by the bad guys.

Open-source is therefore Pareto-superior to closed-source.

Keeping source code a secret merely acts to reduce the number of potential eyeballs. It's been demonstrated repeatedly that it has very little ability to prevent hostiles from determining the contents of the system. Closed-source keeps honest people from seeing the flaws in your system.


This comment is very "consumer computing" centric. Voting machines are used in vastly different contexts, where you are much more limited in your scope of inputs. What is true for Linux isn't necessarely so for a very speciliazed system like these.

But all this isn't very important, because I think I found the primary source of our disagreement:


Because someone is more likely to spot this particular flaw. See "eyeballs, multiple."

Did you use the word "flaw" on purpose? I think there may be a little misunderstanding here:

The problem related to Diebold voting machines isn't in its software flaws. It's not that their system may have unpatched buffer overflows, waiting to be exploited by a hacker. Of course they would be cause of concerns, but these kinds of flaws aren't an important threat vector in the usage context of voting systems. If a potential attacker succeed at gaining sufficient access to the machine to exploit the software flaw, he will also probably have access to the hardware anyway, so the system is toast regardless. As of the possibility of exploiting a flaw directly from the system primary interface (the touch screen), I think this is very, very remote.

The reason why a complete code review linked to a serious certification process is necessary is to guard against logic traps implemented by Diebold themselves. Those would be much, much dangerous, and opening the source code wouldn't help to discover them at all.

Reread my original comment; that's what I ment by "The open/closed source question related to electronic voting isn't a real security issue". Making Diebold open source won't fix the security problems security professionals believes these kinds of system have.


Because someone is more likely to spot this particular flaw. See "eyeballs, multiple."

Let me put it to you this way. There is no flaw you can cite in an open-source system that is not equally likely to occur in a closed-source system, with the single (and empirically negligible) possbility that closed-source can prevent reverse engineering by the bad guys.

Open-source is therefore Pareto-superior to closed-source.
There are many reasons why a company would have legitimate reasons to keep their code closed source. Diebold are far from alone in this game ;-)

Did you use the word "flaw" on purpose?[/QUTOE]

I did.

[QUOTE] I think there may be a little misunderstanding here:

I don't think so. I don't consider "flaw" to necessarily be "accidental"; it's very difficult to distinguish between sufficiently cunning malice and mere incompetence. That's part of why the software security community doesn't usually make that distintion, either. A flaw is simply that permits the system to work in a way other than the one the consumer wants.

In this case, of course, the "consumer" is the voting public, and what they wants is a system that counts votes accurately. Whether the inaccuracy is introduced by incompetence or malice -- it's still a "flaw."


The problem related to Diebold voting machines isn't in its software flaws. It's not that their system may have unpatched buffer overflows, waiting to be exploited by a hacker. Of course they would be cause of concerns, but these kinds of flaws aren't an important threat vector in the usage context of voting systems. If a potential attacker succeed at gaining sufficient access to the machine to exploit the software flaw, he will also probably have access to the hardware anyway, so the system is toast regardless. As of the possibility of exploiting a flaw directly from the system primary interface (the touch screen), I think this is very, very remote.

The reason why a complete code review linked to a serious certification process is necessary is to guard against logic traps implemented by Diebold themselves. Those would be much, much dangerous, and opening the source code wouldn't help to discover them at all.

Huh? You mean to say that opening the source code wouldn't make it easier to find statements like


if (selected_candidate.getParty() != REPUBLICAN) {
if (random()%100 != 0) {
selected_candidate = NULL;
}
}


Or are you suggesting that there are no ways that someone could rig up a logic trap so that it looked like a simple program bug, of the sort that a single code review might not catch?

In either case, the more eyeballs look at the code, the better the chances of something being found; what Dorothy Denning misses, Matt Blaze might find.

Of course, we'd have to confirm that the source code as released actually corresponded to the executable code that was shipped --- but that's a fairly easy problem to solve (compile in a known auditable environment and cross-validate). We'd also have to confirm that the software as shipped was the same as the software installed, et cetera. None of which is either particularly difficult or an artifact of open source.


Making Diebold open source won't fix the security problems security professionals believes these kinds of system have.

Fix by itself, no. But making it open source introduces no new vulnerabilities and closes several. It's therefore Pareto-superior, as I wrote earlier.


There are many reasons why a company would have legitimate reasons to keep their code closed source. Diebold are far from alone in this game

What Diebold wants is largely irrelevant. If Diebold finds that the burden of producing a publically verifiable election system is too onerous, it is of course at liberty not to bid on the contract. There are any number of other people who would be happy to bid to supply such software.

By the way, I found something even funnier than the exposed ASP code snippets from Diebold's website (Firefox and Opera):
http://www.diebold.com/dieboldes/news.htm
An exposed SQL query. :wackylaugh: So, a company with this kind of quality assurance has so much control over the votes of American citizens. Yeesh.... What's next, I'll find some code exposing a database login, maybe? :D

You have utterly no idea of which you speak. Jet is a flimsy piece of crap that even Microsoft wouldn't touch with a 10 foot pole (for internal use). And this is not speculation.

I can back this up until the cows come home but the discussion should probably take place in the computer section. Be prepared -- I'm an expert in this field.
Thank you. I know you are just stating the obvious, but sometimes I guess it's necessary.

Your just being a technology bigot.
:rolleyes: "You disagree with me! You're a bigot!"

I would think a jet database would be fine for a single user app like a voting software where you store names and votes. My guess is the typical machine stores 3000 sets of votes?
You would guess wrong. A voting software needs to do a hell of a lot more than just "storing names and votes".

Voting machines don't need an Oracle 10g grid. I doubt they need an SQL server of any type.
You accuse others of not knowing what they're talking about because of a small semantical difference (or error, if you insist - I still maintain it's a matter of phrasing, even if it might be technically incorrect - many people in the field call them "Access databases" - hell even a Wired article referred to it as that, it's no big deal), yet you make ridiculous assumptions like that?

Oracle's strengths are found in its robust security, stability, volume handling, and last but not least, audit trails. It doesn't have to be Oracle per se, but it needs those things, and more. We're not talking about building a homepage or a small inventory app here.

Huh? You mean to say that opening the source code wouldn't make it easier to find statements like


if (selected_candidate.getParty() != REPUBLICAN) {
if (random()%100 != 0) {
selected_candidate = NULL;
}
}


Or are you suggesting that there are no ways that someone could rig up a logic trap so that it looked like a simple program bug, of the sort that a single code review might not catch?

Jeez, are you being obtuse on purpose? No, of course i'm not suggesting that. I'm saying that the issue of having open or closed source software voting is a red hearing. It won't significantly affect the security of the system compared to other controls that are much more important, such as proper certification, users training, paper audit trails, etc etc etc. There's no reason why someone should be more confident of Diebold's systems if their source were opened tomorrow morning because of the absent or severly broken chain of custody involved in the deployment of these systems. And it may even provide a false sense of security to the large crowd of technology-aware individuals who may appreciate the difference between open and closed sources, but who may fail to understand the real place of this decision in the overall debate.

Jeez, are you being obtuse on purpose? No, of course i'm not suggesting that. I'm saying that the issue of having open or closed source software voting is a red hearing. It won't significantly affect the security of the system compared to other controls that are much more important, such as proper certification, users training, paper audit trails, etc etc etc. There's no reason why someone should be more confident of Diebold's systems if their source were opened tomorrow morning because of the absent or severly broken chain of custody involved in the deployment of these systems. And it may even provide a false sense of security to the large crowd of technology-aware individuals who may appreciate the difference between open and closed sources, but who may fail to understand the real place of this decision in the overall debate.

I agree with you. My feeling is that the solution is not to abolish touch screen voting, but to institute all the the anti-cheating and logging methods one might expect with something like banking, and also make the source code open to public inspection, just as the physical lever machine's might be open to inspection by an engineer, should one side suspect trickery.

Also, a simple anti-cheat method could be that you have voters swipe a card going in and out of the booth. This timestamps a voter session, independent of the machine in question. Then you have a ticker print out a record of every db write, read, or delete.

That way, post election, you could carefully check for any event that happens outside a "session", any event where a "session" results in no votes, and any event that happens without any trace in the system.

The paper trail can then also be used to recount the votes.

Off the top of my head, anyway...:-)

Well, it's a thought ain't it?

I have several problems with touch-screen voting but one obvious one is that a precinct can be shut down by a power failure. Of course, this could be mitigated by having a UPS but that raises the costs of implementation and maintenance.

I prefer a "fill-in-the-bubble" scheme with instant scanning to verify that the ballot is valid. Even if the power goes out, voters can still vote with the verification process delayed. The other advantage is that anybody who has gone past 3rd grade has experience with this type of marking of choices so it comes with the smallest confusion factor.

There are indeed plenty of alternatives to opensourcing. Unfortunately, they're empirically demonstrated to be inferior.

That seems like a very bold statement to me. Where/when has this been empirically demonstrated?

Wait, wait. There is actually an e-voting system running on an ACCESS DATABASE?
Oh...
my...
:dl:


Over here, we have a very primitive system. We go to the polls, we show identification, our names are struck out from the list, we are given a piece of paper with the names of the candidates, we go behind a booth, we check the name we want, we fold the paper, we put it through the slot in a box.

I realize that Canada's population is smaller, but this usually has worked fine for the past decades or so, fine enough that we are done counting the same night. :rolleyes:

Why do it that way though when you can vote on a high powered pentium PC running the latest MS technology on a shiny new flatscreen monitor?

No, its not semantical nonsense. Its called an error. There are many database design, query, form, and high level tools. Access is not a database and comparing it to mysql or postgres or DB2 is an error.

This is the part where you agree that you are wrong and move on.

Could you be any more pedantic? I know a few computer programers and IT people, and all of them refer to it as a database.

By the way, I decided to check and see if your premise was correct that Harris would be "strangely quiet" about this, since the Democrats won, and you are just plain wrong about that.

http://www.blackboxvoting.org/

There is plenty of activity on their part. They filed thousands of FOIA requests and are documenting statistical anomalies which suggest that further inquiry is warranted. Do you now reconsider your thesis?

Do you contend that statistical anomalies should be ignored, based on whose party wins?

What a bunch of kooks! They want access to this technology and want to know how it operates? They want transparency and a way of auditing the results!

As Corps said so convincingly, wackos, nutjobs! bigots! You cannot argue with the kind of logic this man offers us. Its actually a Jet database after all, not Access! And if its a jet database, its gotst to be good!

:wackylaugh:

Candidate gets zero votes (http://abcnews.go.com/US/wireStory?id=2646802&CMP=OTC-RSSFeeds0312)
Wooten got the news from his wife, Roxanne, who went to City Hall on Wednesday to see the election results.

"She saw my name with zero votes by it. She came home and asked me if I had voted for myself or not. I told her I did," said Wooten, owner of a local bar.

However, Poinsett County results reported Wednesday showed incumbent William H. Wood with 18 votes, challenger Ronnie Chatman with 18 votes and Wooten with zero.
If true, this is rather troubling. Voting was on a computer.

Not having voted by computer, I'm curious. How does one cast a write-in vote? By paper ballot? Or does the computer put up an image of a keyboard to use for spelling the name?

As Corps said so convincingly, wackos, nutjobs! bigots! You cannot argue with the kind of logic this man offers us. Its actually a Jet database after all, not Access! And if its a jet database, its gotst to be good!

Bev Harris claimed that after the 2004 election there was evidence of that the election was rigged, a congressman had told her, and that the media was being ordered to keep it hush hush.

Bev Harris claimed on the BBV forums that FBI personel had replaced their trash person and window washer so they could be monitored.

Your strawman only serves to make you look like a fool. Nobody claimed electronic voting machines are perfect yet. I just reject the luddite nature of people who want us to regress to paper ballots instead of going through an adjustment period where we have glitches like this to make progress. I also never said that using a Jet database made something good. Your mockery could at least try to be honest and not a simple flame.

Renfeld, I feel insulted by your representation of me but I pity you for making it. If you think that Bev Harris and her people aren't kooks, speak up and stand up for them but don't attack the people who point them out for what they are.

If you defend the kooks when they support causes you like, you've still thrown in with kooks. There are evoting watchdog groups out there that didn't make false claims of voter fraud, claim they have proof, collect more donations, and then just remove the information from their web site claiming they have it.

The Democratic Underground people have thoroughly in my opinion exposed what kind of phony Bev Harris is, and the sad part is she has ridden the angst at election results to legitimacy in some quarters.

Shun the kooks, but support your causes. And don't shun the people who out the kooks.

You have been dressed down, good day.

No, Bev and the gang aren't being quiet. Check out this blurb:


Defense Secretary Donald H. Rumsfeld will resign, reportedly to be replaced by former CIA director Robert Gates. Did you know that Robert Gates was involved in the voting machine industry?

Gates was on the board of directors of VoteHere, a strange little company that was the biggest elections industry lobbyist for the Help America Vote Act (HAVA). VoteHere spent more money than ES&S, Diebold, and Sequoia combined to help ram HAVA through. And HAVA, of course, was a bill sponsored by by convicted Abramoff pal Bob Ney and K-street lobbyist buddy Steny Hoyer. HAVA put electronic voting on steroids.


Does that sound like a bunch of people interested in evoting or like a CT group?

Here are some choice threads from their forums:

this one manages to talk about shadow goverments and the trilateral commission
http://www.bbvforums.org/forums/messages/44341/45164.html?1163353422

And heres the wonderful thread the first blurb was from, with a choice quote of Bev Harris letting the inner woo out some more:

By the way: the scientific community has been complicit in cover-ups of the truth, and makes errors -- as you just did when you asserted that VoteHere code did not need to be stolen because it was public, without doing your homework on the dates or running a simple media search. RABA technologies head Michael Wertheimer withheld crucial information from his report, supposedly because he was told to by Diebold lobbyists and people in Lamone's office. Scientists have yet to acknowledge the very real and continuing issues with GEMS, WinEDS and the other central tabulating programs.

To say that Black Box Voting has a "reputation" for making assertions is an elitist bit pushed by the scientists and their followers. You just made an assertion, about VoteHere. The scientists have made several incorrect assertions -- at one point, one of the very well known ones tried to get Hursti to CHANGE HIS REPORT so as not to expose an incorrect assertion this guy had been making.

http://www.bbvforums.org/forums/messages/1954/45174.html?1163408357


Science is bad, Scientists are bad, and conspiracies. Before you flame me for calling these people kooks, why don't you try doing a friggin google search sometime.

delete

Renfeld, I feel insulted by your representation of me
Because referring to people who mocked the use of an Access, pardon, Jet database, as "anti Microsoft trolls" and "bigots" is, of course, the epitome of civility, intellectual honesty and serious debating... :rolleyes:

Because referring to people who mocked the use of an Access, pardon, Jet database, as "anti Microsoft trolls" and "bigots" is, of course, the epitome of civility, intellectual honesty and serious debating... :rolleyes:

It is bigotry. Statements like "MS won't touch it with a 10 foot pole" from varwoche and your own "intellectual" arguements were just fanboi-ism like I see on tech sites.

I mean really, db4 (berkeley), a small jet database, or even a flat csv file should be fine for a voting machine with the typical number of votes they process on election day (altough a csv file wouldnt hold up in some larger districts). Your looking at a low transaction rate per hour single user "database" on an appliance type machine with restricted access and no keyboard/mouse. Lines get added at the end of the file/database and at the end of day you run totals.

Im not that worried about the security of the format of the database since if the person gets to the point where they are really looking at the security of the format, they pretty much already have the keys to the kingdom so to speak.

You flamed on much like I see on the BBV forums about how these machines were running Access and I pointed out that not only was it silly but the rhetoric itself was flawed.

Its easy to adopt a mantra like "waaaaa, these guys are amateur hour, they use Access" and close your mind off to reason, rationality, empiricism, or skepticism. You will grow in your critical thinking once you shake off these knee-jerk software religious beliefs.

As for me, I have patches in Mozilla and the Linux kernel. I have used free software since 1994. I am in the credits file for one niche Linux distribution. I am however a software pragmatist and not a fanatic. As much as I love the free software model I don't use thinly veiled guises like evoting transparency to push my own agenda. ATMs for the longest time ran mostly OS2. Usually, despite what we say about every vote counting the one vote rarely makes a difference. However, losing 20 bucks is always a loss. We don't see large campaigns to use only open source/free software on ATMs.

I am dismayed that I see some people use evoting as a way to push the agenda of free software. If some company makes a vxworks, windows CE, etc based voting machine so be it. I would like the voting app itself to be open but I will settle for thoroughly tested (some districts don't do enough testing apparently from some of the post mortems I've been reading.)

I defended Jet as:
A. not Access
B. reasonable for small single user databases

Responding to this with saying "I love Access" is a bit of geek hazing that some here on the forum won't understand. For the laymen among us, its basically a strawman. If someone honestly loved Access and thought using the underlying database for complex, large, or multi-user databases was a good idea, you would write them off immediately as a not very knowledgable person in the realm of databases and/or computers in general.

I'm late to this thread. I'm very interested in this topic and am currently volunteering a few hours a month in a grassroots effort to urge the New York City Board of Election Commissioners to select paper ballot optical scanners over DREs (e.g. touch screen voting systems). As of now, they will be making this decision sometime in February 2007.

I'm going to be lazy (because I'm short on time this week) and just post a cut and paste from an article I wrote for a newsletter about this topic, instead of posting something from scratch.

The article includes reasons why I believe PBOS voting systems are a better choice over DREs (some of these reasons have already been posted by others), and at the end gives date and location info for voting systems' demos happening this Wednesday and Friday.


Here's the cut and paste:

This December, the NYC Board of Election Commissioners are choosing what type of voting machines we will be using for many years to come.

Why are they making this decision? The Federal Help America Vote Act (HAVA) requires one voting device per poll site to assist voters with disabilities to cast a private, independent vote. New York's Election Reform and Modernization Act (ERMA) bans mechanical lever machines as of September 1, 2007 and requires each county to choose a new voting technology. (New York City has five counties and will be choosing a new voting technology as a unit.)

What are the choices? There are two:
PBOS (Paper Ballot Optical Scanners) (http://www.newsreview.com/binary/06b14586/news-17580.jpeg)and DRE (Direct Recording Electronic) (http://media.collegepublisher.com/media/paper281/stills/6g409541.jpg) voting machines. (Click on the links to see examples of a PBOS and DRE voting machine. These are examples only, they are not the exact models that the BOE is choosing from this December; I did not have those jpegs files available to me.)

PBOS uses a paper ballot that is hand marked by the voter in a marking booth. It's hand marked the same way a high school student would mark their SAT test, or the way voters in New York State currently mark their absentee or affidavit paper ballots. The paper ballot is then walked over by the voter to the PBOS machine. After the ballot is scanned, it's dropped into a locked box where it remains available in the event that the election results are audited.

DRE voting machines operate with a touch screen. ERMA requires that DRE print a voter verified paper trail, which is suppose to provide a paper trail for each of the voters' choices. However, the machine being considered by the BOE has its printer located in an awkward position and the print is small. There have been documented cases where voters in mock trials have not caught the discrepancies between their actual selections and the selection recorded by the machine on the machine generated paper tape. Also there have been documented cases where up to ten percent of the machine-generated tapes were not readable when an attempt was made to audit the election results.

Does it matter what machine the Board of Elections Commissioners choose? Many organizations and individuals think so including:
The League of Women Voters, The New York Times, New York Attorney General Eliot Spitzer, Representatives Carolyn Maloney and Jerrold L. Nadler, and NYC Council Member Gale A. Brewer. They are endorsing PBOS technology over DRE.

Here are some reasons why PBOS is the superior choice over DRE:

Per New Yorkers for Verified Voting, PBOS have been successfully used in about 30% of the counties in the United States and have been successfully used for over 20 years. (http://nyvv.org/doc/OptScanAdvantages.pdf) New York currently uses PBOS technology to count absentee and affidavit ballots. Conversely election precincts that use DRE have encountered many serious documented problems. Votes reported by a DRE system may not accurately reflect the votes actually entered. In addition, most DRE have wireless technology, but regardless, are more subject to tampering, fraud and hacking than PBOS systems. Holland just had their DRE voting machines hacked into this past October.
PBOS legal ballots are voter generated and available in the event that the election results needs to be audited. DRE legal ballots are machine generated and resides in memory. The results cannot be audited.
If a machine breaks down in precincts with a PBOS system the election can continue; the ballots can be stored in a locked box and counted later. If a machine breaks down in precincts with a DRE system, the election cannot be continued.
DRE technology is more expensive to install and maintain than PBOS systems. It's estimated that for every four mechanical lever machines currently used, they could be replaced by one PBOS machine for a cost of $3,000 versus being replaced by twelve DRE machines for a cost of $96,000. Real world maintenance fees have been higher than suggested by the vendors; Maryland faced cost overruns of 1,000%.
PBOS technology is simpler to implement and maintain then DRE technology. Local Boards of Elections using PBOS technology can and do maintain control over the election process. With DRE technology the election process is outsourced to private vendors who have successfully maintained their right to code secrecy over the public's right to know and observe election results.And who owns those technology companies running our local elections? Sequoia, the largest DRE supplier in the USA is owned by a Venezuelan company, Smartmatic. Smartmatic has partnered with another company, Bizta, which is partially owned by the Venezuelan government. (Source: http://www.votetrustusa.org/index.php?option=com_content&task=blogcategory&id=73&Itemid=162).

Would you rather have your election monitored by officials appointed by local elected politicians, or by technicians hired by a foreign government?

Where can you get more information?

You can subscribe to:
Daily Voting News from www.VotersUnite.org (http://www.VotersUnite.org)
Election Integrity News from www.VoteTrustUSA.org (http://www.VoteTrustUSA.org) (one issue weekly)
News and alerts from New Yorkers for Verified Voting www.nyvv.org (http://www.nyvv.org)


You can visit this web site: www.wheresthepaper.org (http://www.wheresthepaper.org)which also has information specific to New York City. That web site was created by Teresa Hommel, a voter's advocate and the Chair of Task Force on Election Integrity.
View a demonstration of the new voting machines for yourself. <snip> The dates are: Demonstrations of New Voting Equipment:

WEDNESDAY, NOVEMBER 15, 5:00 -10:00 PMLittle Theatre, LaGuardia Community College
31-10 Thomson Avenue, Long Island City
718-482-7200

Directions from Manhattan:
Take the 7 train to 33rd Street Station. Walk 2 blocks westbound (the direction the train came from) on the left side of Queens Blvd. When Queens Blvd forks off to the right (near the corner of Van Dam St.), keep walking straight ahead and you will be on Thomson Avenue. Continue to the Main Building down the block.
Additional directions are available on web site: www.lagcc.cuny.edu/visit/ (http://www.lagcc.cuny.edu/visit/)


2. FRIDAY, NOVEMBER 17, 5:00 -10:00 PM
Savoy Multipurpose Room, Hostos Community College
120 Walton Avenue, Bronx
718-518-4444

Directions:
Take the 2, 4, or 5 trains to 149th Street and the Grand Concourse. (149th Street is also called Eugenio Maria de Hostos Boulevard). Walk on 149th Street one block to Walton Avenue. The college is on the corner.
Additional directions are available on web site: www.hostos.cuny.edu (http://www.hostos.cuny.edu)


<snip>

The source for most of the information in this article is from www.wheresthepaper.org (http://www.wheresthepaper.org).

I don't have time for people with religion-like technology beliefs like MS won't touch Jet with a 10 foot pole. How about from the horse's mouth (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/data_mdacroadmap.asp)? Microsoft recommends that when you develop new applications, you avoid using these components. Additionally, when you upgrade or modify existing applications, remove any dependency on these components.
...
Starting with version 2.6, MDAC no longer contains Jet components. In other words, MDAC 2.6, 2.7, 2.8, and all future MDAC releases do not contain Microsoft Jet This is ancient news and should not be at all surprsing to anyone who has followed the sordid history of Jet. Microsoft was keen on jettisoning this turd for years before the heave-ho finally took place several years ago -- a challenge what with the huge installation base (of rubes).

Add: An old article from Microsoft How to keep a Jet 4.0 database in top working condition in Access 2000 (http://support.microsoft.com/kb/300216) contains this pearl of wisdom: Back Up Your Microsoft Jet Database File on a Regular Basis LOL.

No, its not semantical nonsense. Its called an error. There are many database design, query, form, and high level tools. Access is not a database and comparing it to mysql or postgres or DB2 is an error.

This is the part where you agree that you are wrong and move on.

False. Access is a database. Whether it is as good a database as others is open for debate, but to say it isn't a database is rather ignorant.

I've commented that Access/Jet databases are prone to corruption. ("duh" being the appropriate response for anyone even vaguely knowledgable about this lame, obsolete technology) How prone? Fixing Jet corruption is a thriving mini-industry, with numerous companies specializing in this service.

Such as: here (http://www.atroplan.com/), here (http://www.arc24.com/), here (http://www.datarevive.com/), here (http://www.accessdatabaserepair.com/), here (http://www.msaccessrepair.com/), here (http://everythingaccess.com/)

How about from the horse's mouth (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/data_mdacroadmap.asp)? This is ancient news and should not be at all surprsing to anyone who has followed the sordid history of Jet. Microsoft was keen on jettisoning this turd for years before the heave-ho finally took place several years ago -- a challenge what with the huge installation base (of rubes).

Add: An old article from Microsoft How to keep a Jet 4.0 database in top working condition in Access 2000 (http://support.microsoft.com/kb/300216) contains this pearl of wisdom: LOL.

I guess you must be one of us anti technology ludites. Welcome to the club!

Maybe you need to get a different paper. Prices did drop prior to the election. And about 40% of the public believed that oil companies were manipulating those prices to keep oil-business-friendly Republicans in power. This impression was further reinforced on ELECTION NIGHT as it became apparent that the R's were going to get rinsed away, people in many states, including myself, noticed very abrupt increases ranging from 30 to 90 cents.

Of course you have evidence for that. You just forgot to post it.

In the event Corplinx is still reading this thread, I highly recommend the book (http://www.amazon.com/Practical-Issues-Database-Management-Practitioner/dp/0201485559/sr=1-1/qid=1163790126/ref=sr_1_1/104-0331714-5472744?ie=UTF8&s=books) Practical Issues in Database Management: A Reference for the Thinking Practitioner by Fabian Pascal as a primer on the advantages of a robust RDBMS, and in particular the advantages of systematic enforcement of data integrity (versus enforcement by the application, a fool's errand). And I especially recommend it to Diebold.

Corp, you made a point earlier that text files would be sufficient for this application. I'm dubious, but I don't know enough about the app, the platform, or the technology alternatives to say. But I will say that text files would probably have been a sounder approach than Jet, as they are not prone to corruption at the slightest hiccup, such as power surges/failures.

How about from the horse's mouth (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/data_mdacroadmap.asp)? This is ancient news and should not be at all surprsing to anyone who has followed the sordid history of Jet. Microsoft was keen on jettisoning this turd for years before the heave-ho finally took place several years ago -- a challenge what with the huge installation base (of rubes).

Add: An old article from Microsoft How to keep a Jet 4.0 database in top working condition in Access 2000 (http://support.microsoft.com/kb/300216) contains this pearl of wisdom: LOL.
Clearly you are a bigot!

Could you be any more pedantic? I know a few computer programers and IT people, and all of them refer to it as a database.A telephone book is a database (http://en.wikipedia.org/wiki/Database). The term simply means a collection of records. It has come to mean any number of programs otherwise called a DBMS (Database management System).

Of course it depends on who you talk to but a "database" is simply a program to manage a collection of data. There are many kinds of DBMS programs AKA databases. They include free form test based programs like Google and structured databases like spreadsheets (yes they are DBMS programs but they are not refered to as such and they should not be as that causes confusion) and what we typically consider a database like DBase, RBase, FileMaker Pro, Acess, etc. There are also many proprietary DBMS programs that most people don't even know are databases. The address book in your email program, accounting programs, etc.

Of the structured databases there used to be two main divisions. Single or "flat" file and relational. Due to the inherent limitations of the early PCs most if not all DBMS programs were flat file. Today most DBMS programs are to some degree relational. Careful though, the term is somewhat controversial and many programmers don't consider a DBMS to meet the qualifications of relational unless it meets most or all of the standards that are accepted in the industry. There are many, many terms and definitions for "database" and many different arguments as to what constitutes a flat file or relational data or whether a database meets any number of other standards including CODASYL, SQL and or ODBC.

I could right for days on this. I am a database programmer though I don't do it too much these days.

In any event, Access is ODBC/SQL compliant (yes there is some small controversy) and it meets Codd's definition of a relational model database using predicate logic and set theory.

I have to disagree with Corplinx (if for no other reason than he is in error to focus on the use of the word "database" since that is a misnomer) Access is considered a relational database management system by every database programmer that I know of and I know a lot of them. Anecdotal I agree but Access looks like and quacks like a DBMS even if it has many limitations and many if not most database programmers don't take it too seriously for large applications but many would use it for small ones where the cost of a large solution is prohibitive.

How about from the horse's mouth (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnmdac/html/data_mdacroadmap.asp)? This is ancient news and should not be at all surprsing to anyone who has followed the sordid history of Jet. Microsoft was keen on jettisoning this turd for years before the heave-ho finally took place several years ago -- a challenge what with the huge installation base (of rubes).

Add: An old article from Microsoft How to keep a Jet 4.0 database in top working condition in Access 2000 (http://support.microsoft.com/kb/300216) contains this pearl of wisdom: LOL.

I was wondering when someone would ping me on this. Jet has been superceded by newer technology. Saying that Access is the same as MSDE or its ilk would be the same kind of error of course.

Since I didn't know which exact database they were using, I said Jet since its still slang for the non-server engines.

Cheers.

Randfan: Access can use MSDE or SQL Server as its backend. Jet is just the bundled backend. Now matter how many of your friends think Access is a Database, it doesn't make them correct. Saying it is a "Database Management System" is however more correct. However, usually when one refers to DBMS or RDBMS like Oracle (which ive used), Informix (which ive used), Sybase (which ive used) or DB2 (which ive used) they are referring to an intergrated database _and_ management system.

what we typically consider a database like DBase, RBase, FileMaker Pro, Acess, etc. Not a very good list.

List of object-oriented database management systems (http://en.wikipedia.org/wiki/List_of_object-oriented_database_management_systems)
List of relational database management systems (http://en.wikipedia.org/wiki/List_of_relational_database_management_systems)
List of truly relational database management systems (http://en.wikipedia.org/wiki/List_of_truly_relational_database_management_syste ms)

IRandfan: Access can use MSDE or SQL Server as its backend. Jet is just the bundled backend. Now matter how many of your friends think Access is a Database, it doesn't make them correct. Saying it is a "Database Management System" is however more correct. However, usually when one refers to DBMS or RDBMS like Oracle (which ive used), Informix (which ive used), Sybase (which ive used) or DB2 (which ive used) they are referring to an intergrated database _and_ management system. And your declaring that it Microsoft Access isn't a database doesn't make it so and it is a bit silly. Like I said, a telephone book is a database.

The question becomes, what is a DBMS and why do you say that Access isn't one. Why must a DBMS only have a certain set of parameters?

Let me digress here for a moment. This is a pet peve of mine that words can only mean certain things. Words mean what people mean them to mean. The word database is clearly a misnomer but it has come to mean programs that manipulate data. Access is such a program.

If people suddenly started using the word dog instead of rose to refer to a rose then dog would mean rose. It's that simple. Now, if dog is not really the proper usage for rose then you would have a point. However the developers of these programs call themselves "databases" and for good reason. Many non programers are concerned with whether the program store and manipulate data. People who use them call them databases. That in and of itself is enough to qualify them as databases.

That being said, such programs are databases and also DBMS programs.

The truth is that there is controversy for just about every standard and what constitutes what a DBMS, RDBMS, and true RDBMS is. That you have some definition of "database" which is a misnomer doesn't make all of the others wrong.

I honestly don't know why you are so insistent on what the generic misnomer must mean. If you wanted to argue what is and is not a truly relational database management system (http://en.wikipedia.org/wiki/List_of_truly_relational_database_management_syste ms) I could at least understand the reason behind the argument. I may or may not agree with your reasoning but I could understand it. This is just silly and doesn't even rise to the level of being pedantic since database is a misnomer which I think even you would agree with, right?

In any event, stop appealing to your own authority and I will stop appealing to mine and my friends, tell us what constitutes a "database".

To be fair I do know people who don't consider Access a database. These same people bicker about what constitutes a truly relational database. To what end? When I go to the computer store and ask the clerk to see the databases he will show me Filemaker, Access, Foxbase and other programs that some people wouldn't consider databases. Who cares?

Access is a database frontend. Nothing more and nothing less to me. There are other programs out there that can frontend the design of a database yet are not databases. There are RAD tools that can design access like programs and forms. These are not databases either.

In my opinion, a "database" is a "database". Berkeley DB is a database even though it doesn't quality as a DBMS in my opinion. However, it comes close to being "just a database". When MYSQL and Postgres had less management features they were more strictly databases than DBMS.

Access is a "database program" but not a database.

Btw, this thread has been completely derailed from the fact that Bev Harris is a kook.

And your declaring that it Microsoft Access isn't a database doesn't make it so and it is a bit silly. Like I said, a telephone book is a database. Though it's a semantic distinction that I don't consider hugely important in the context of the thread, Corplinx is most certainly correct based on: (1) the historical definition of the word database, (2) how database experts use the word to this day, and (3) the root of the word -- a front-end program, unlike a phonebook, is not a base of data.

This clarification is not intended for you Randfan, but for less technical readers: Access is a program that is used to interact with databases that are external to the program. Jet is the database engine that used to come bundled with Access. The Access + Jet bundle is/was commonly referred to as simply Access or else an Access database.

Let me digress here for a moment. This is a pet peve of mine that words can only mean certain things. Words mean what people mean them to mean. The word database is clearly a misnomer but it has come to mean programs that manipulate data. Access is such a program. The word database is devalued by conflating it with a front-end program. If it's acceptable to call a front-end program a database, then we need a new word for the thing that used to be called a database. Otherwise we're unable to communicate on these matters meaningfully and precisely, as skeptics should strive to do.

Here's another example: Consider the terms republican and conservative (or democrat and liberal). The general public often uses these words interchangeably. In my view, the words are devalued by conflating them. Do you agree?

Access is a database frontend. Nothing more and nothing less to me. There are other programs out there that can frontend the design of a database yet are not databases. There are RAD tools that can design access like programs and forms. These are not databases either.

In my opinion, a "database" is a "database". Berkeley DB is a database even though it doesn't quality as a DBMS in my opinion. However, it comes close to being "just a database". When MYSQL and Postgres had less management features they were more strictly databases than DBMS.

Access is a "database program" but not a database.

Btw, this thread has been completely derailed from the fact that Bev Harris is a kook.Fine, you have shared your opinion and made some assertions. You've not made any argument as to why anyone should agree and you have not addressed any of my arguments but that is fine.

I hate to keep repeating myself but a database is, by definition, simply a collection of records. The tables in Access are by definition databases.

In any event I'm happy to move on.

I agree that Bev Harris is a kook.

Though it's a semantic distinction that I don't consider hugely important in the context of the thread, Corplinx is most certainly correct based on: (1) the historical definition of the word database, (2) how database experts use the word to this day, and (3) the root of the word -- a front-end program, unlike a phonebook, is not a base of data. I'm sorry but this is just an assertion on your part. You don't give any reason why anyone should agree with you.

da‧ta‧base (http://dictionary.reference.com/browse/database)
a comprehensive collection of related data organized for convenient access, generally in a computer.

Database (http://en.wikipedia.org/wiki/Database)
The term database originated within the computer industry. Although its meaning has been broadened by popular use, even to include non-electronic databases, this article takes a more technical perspective. A possible definition is that a database is a collection of records stored in a computer in a systematic way, so that a computer program can consult it to answer questions.

I studied computer science at the University of Utah and I spent 15 years as a database programmer. I know what a "database" is.

This clarification is not intended for you Randfan, but for less technical readers: Access is a program that is used to interact with databases that are external to the program. Jet is the database engine that used to come bundled with Access. The Access + Jet bundle is/was commonly referred to as simply Access or else an Access database. This is overly and unnecessarily pedantic. Access IS called a database by the makers of Access and it is called a database by those who market it and those who use it. What do you propose, arrest them? Start a massive public relations campaign?

The word database is devalued by conflating it with a front-end program. If it's acceptable to call a front-end program a database, then we need a new word for the thing that used to be called a database. Otherwise we're unable to communicate on these matters meaningfully and precisely, as skeptics should strive to do. I couldn't disagree more. The only thing necessary is that we understand what the hell it is we are trying to communicate. Most people who use the term "database" mean a program that is used to manipulate data.

Here's another example: Consider the terms republican and conservative (or democrat and liberal). The general public often uses these words interchangeably. In my view, the words are devalued by conflating them. Do you agree?No, of course not. Words don't have any such inherent value. Words are for communicating, nothing more and nothing less. And there is nothing you can do to stop the vast majority of people from using the word database to describe the program Access. It meets the general criteria. It has utility and function and the people who use it understand what is meant by it. So I can't for the life of me see why anyone would have a problem with it.

In truth, I think to be so pedantic is to actually make things more difficult. Language is akin to the ocean. We might not like words like "ain't" but if the general public and popular culture decide to use it as such then you might as well decide to hold back the tide. It ain't going to happen. Purists might not see Access as a "database" but they don't have a hope in hell of stopping such a usage anymore than those who dislike the butchering that Americans have done to the English language are going to be able to put Humpty Dumpty back together again and get us all to use the Queens English.

Finally, words have no such inherent value. The only value that words have is that which societies give them. No more and no less.

That is why Red Vines are now Licorice. Screw those who can't take a joke.

I'm sorry but this is just an assertion on your part. You don't give any reason why anyone should agree with you. I disagree.

da-ta-base... a comprehensive collection of related data organized for convenient access, generally in a computer. You are supporting my argument because this fails to describe a front-end program such as Access entirely. (other than the lower case "access" ;) )

I studied computer science at the University of Utah and I spent 15 years as a database programmer. I know what a "database" is. If you want to play dueling database experience, know in advance you are playing a losing game by no small degree.

Access IS called a database by the makers of Access I doubt it.

The only think necessary is that we understand what the hell it is we are trying to communicate. Most people who use the term "database" mean a program that is used to manipulate data. Yes, and many people conflate the terms republican and conservative. And I notice that you ignored the one and only one question that I posed to you.

Words are for communicating, nothing more and nothing less. Agreed! That's why we should be precise in the way we communicate.

In truth, I think to be so pedantic is to actually make things more difficult. I already said this isn't an important issue in the context of the thread, before it digressed into database talk.

That said, the difference between a front-end program and a back-end database is huge and should be well understood by database practitioners and by end-users who have to make technology decisions. In fact, understanding the distinction could even be useful when trying to assess Diebold's technology. Using one term as a sloppy catch-all leads to confusion.

To repeat, if you want to call a front-end program a database, then we need a different word for the thing that used to be called a database.

(We're rather derailed here. Maybe this should be continued in the computer section.)

If it really is "security by obscurity", how did these guys get a hold of one to test (and they show how to hack one very easily):
http://video.google.com/videoplay?docid=8673726680080882009&hl=en

Consider the terms republican and conservative (or democrat and liberal). The general public often uses these words interchangeably. In my view, the words are devalued by conflating them. Do you agree?

No, of course not. What do you think of the job that conservative (not) mayor Michael Bloomberg is doing in NYC?

If you think this bad, give me two beers and mixup the terms hacker/cracker.

Since I didn't know which exact database they were using, I said Jet since its still slang for the non-server engines. I've confirmed that Diebold's system (named GEMS) in fact uses Jet. Here (http://www.sos.state.oh.us/sos/hava/diebReassesAdd012605.pdf) is a study that was commissioned by the state of Ohio containing: GEMS uses the MS database Jet engine Unreal.

I disagree.Gainsaying. You are simply contradicting me.

You are supporting my argument because this fails to describe a front-end program such as Access entirely. No, it does not make your argument. The term database has come to mean many different things. Database in the strictest sense is a collection of records. It is also loosely defined as a program to manipulate data in a what we would strictly define as a database. Though I have conceded from the ver start that this is a misnomer. That it is does not negate the fact that it is used that way. You and I might not like it but we would just as likely to hold back the tide than get everyone to stop using the word in such a manner. In any event this has nothing to do with corplinx's contention that Access isn't a database and MySQL is.

If you want to play dueling database experience, know in advance you are playing a losing game by no small degree. Ego isn't an argument. I've been a database programmer for 15 years. One of my clients is UCLA. I do know what I'm talking about.

I doubt it. You "doubt it"? Come on Varwoce, you are using the Internet. You don't need take my word for it, why not just find out?

It took me less than a second to google the answer.

Microsoft Office Access 2007 (http://office.microsoft.com/en-us/access/default.aspx)
What is a database? (http://office.microsoft.com/en-us/access/HA100644501033.aspx)
Marketers of Access call it a database. (http://www.accesstogo.org.uk/index.html?utm_source=google&utm_medium=cpc&utm_term=access+database&utm_campaign=rmdbUSA)
Distributors of Access call it a database. (http://search.mysimon.com/search?pgtpid=4012&tag=srch.glnav&editionid=4&qt=database&nodeid=5)
Independent consultants call Access a database. (http://www.blueclaw-db.com/)
Microsoft Help Center calls Access a database. (http://www.access-programmers.co.uk/)
Database discussion forums call Access a database. (http://www.dbforums.com/)

Yes, and many people conflate the terms republican and conservative. Many conservatives are republicans. Not all republicans are conservatives.

You make my argument. If I was an auto broker who dealt in autos, trucks, trailers and tractors and a customer called and said he wanted to purchase a vehicle I would simply ask him what kind? A truck? A sports car? An SUV? A compact? A sedan?

I'm not a car salesman, I'm a database consultant. When a potential client calls and says that he or she needs a database I simply ask some questions. What is it you intend to do with it? Will it be networked? Do you have diverse data that needs to be cross referenced? What are your security needs? Redundancy (Backup and replication)? Persistence? Query needs? Reporting needs? Concurrency? Rule enforcement? Among just a few.

For the record, I always inform my clients that what they are really looking for is a database management system and not simply a database. I don't always educate them about front ends because it is often something they don't even need to know. If they simply want to a system to store records in order to perform mail merge to send form letters then I keep it simple and set them up on something simple. It makes little sense to sell them something for thousands when they can have it for hundreds.

Agreed! That's why we should be precise in the way we communicate. Yes, when I want a vehicle, to avoid confusion, I should tell my sales person what kind of vehicle I want. However, if I'm not certain then I should consult an expert in the field of automobiles much like my clients consult me.

That said, the difference between a front-end program and a back-end database is huge and should be well understood by database practitioners and by end-users who have to make technology decisions. In fact, understanding the distinction could even be useful when trying to assess Diebold's technology. Using one term as a sloppy catch-all leads to confusion. But that only comes into play when such decisions must be made. If I decide to purchase securities I can tell my broker that I want to purchase securities. He can provide me information about various securities so I can make my decision.

To repeat, if you want to call a front-end program a database, then we need a different word for the thing that used to be called a database. No, this is silly. We just need to make clear what is meant by database when the rubber meets the asphalt.

What do you think of the job that conservative (not) mayor Michael Bloomberg is doing in NYC? Database is to Access as Vehicle is to Ford Truck as Republican is to Michael Bloomberg.

You are making my argument.

Gainsaying. You are simply contradicting me. Nonsense of a high order. And look in the mirror.

Ego isn't an argument. I've been a database programmer for 15 years. One of my clients is UCLA. I do know what I'm talking about. Then you should stop brandishing your credentials. Either that, or concede that someone with superior credentials may have more insight than you.

You "doubt it"? Come on Varwoce [sic], you are using the Internet. You don't need take my word for it, why not just find out? It took me less than a second to google the answer. I can't debate with a list of links. Please cite the specific words that you think make your case*. (Be careful. Landmines await you.) And by the way, I did some checking before I replied "I doubt it" so you can drop the condescension.

Many conservatives are republicans. Not all republicans are conservatives. I know. You seem to have changed your mind about the answer you gave me earlier (http://forums.randi.org/showthread.php?postid=2108778#post2108778).

And while many conservatives are republicans, no front-end programs are, per your cite... a comprehensive collection of related data organized for convenient access

* Add: I hate it when someone sends me on a research task in a debate, I come back with proof, and they reject my proof on different grounds. I want to give you a heads-up that even if you are right on this point, which I still doubt, I will claim it is the equivalent of the way the public conflates conservative with republican, and I will point out that marketers conflate terms to suit their purpose and/or because they are clueless doofuses.

Then you should stop brandishing your credentials. Either that, or concede that someone with superior credentials may have more insight than you. Our egos will not get either of us anywhere. Perhaps we should both dispense with them.

I can't debate with a list of links. Please cite the specific words that you think make your case*. (Be careful. Landmines await you.) And by the way, I did some checking before I replied "I doubt it" so you can drop the condescension. You are right, the condescension was uncalled for and I apologize.

Before I go on, let's get something clear. I have from the very beginning stated that the term "database" was a misnomer and that Corplinx was wrong to use it as he used it. I stand by that.

That being said, it is clear that Microsoft sees it's product as a DBMS and that distinction is proper. In its product tour (http://www.microsoft.com/office/previous/access/2000Tour/default.asp) Microsoft lists Access 2000 as a "Database Management System". So, we can both agree that Access is a DBMS correct?

To explain what a "database" is Microsoft states:

This article provides a brief overview of databases — what they are, why you might want to use one, and what the different parts of a database do. The terminology is geared toward Microsoft Office Access 2007 databases, but the concepts apply to all database products. It is my contention that Microsoft is liberal with their definition and does not differentiate between access and the so called "access database".

To prove my point Microsoft lists what parts constitute an Access database.

Tables, Forms, Reports, Queries, Macros, Modules.

From Wikipedia: (http://forums.randi.org/showthread.php?t=68150&page=3)
The computer program used to manage and query a database is known as a database management system (DBMS). Microsoft makes explicit that a "database" is not simply a collection of data but also the means to manage and query the data. It is clear that Microsoft does not see Access separate from the tables (data) as a database but includes the entire solution or system as a database.

Also, please note, Microsoft does not distinguish between the database and the program "Access" in the following links.

Microsoft Access Development (http://www.access-programmers.co.uk/services2/development.htm)Discover how our team of programmers can help you create your very own, custom designed database.

Microsoft Access Training (http://www.access-programmers.co.uk/services2/training.htm)Learn how to use the most popular database of all time. Onsite training courses are available for beginners to advanced, including VBA programming.

Microsoft Access Tutorials (http://www.vtc.com/?dealercode=A41) (Online Video tutorial)
Learn how to use your MS Access database using these inexpensive online tutorials. I contend that if Microsoft truly saw Access as separate from any associated databases then they would not use the above language.

I know. You seem to have changed your mind about the answer you gave me earlier (http://forums.randi.org/showthread.php?postid=2108778#post2108778). I don't understand your point. I have been consistent from the beginning that I personally see the term "database" as separate and distinct from a DBMS. I have said from the start that when the term "database" is used to describe or refer to a DBMS it is a misnomer (see my linked quote below).

And while many conservatives are republicans, no front-end programs are, per your cite... Yes, and I stand by that. Please note that in my very first post on this subject I said the following:

I have to disagree with Corplinx (if for no other reason than he is in error to focus on the use of the word "database" since that is a misnomer).So let me make clear my position.

Microsoft Access is a DBMS.
Using the term database to refer to a DBMS is a misnomer.
However, the term "database" has in the common vernacular come to mean a DBMS.
That it has does not cause undue confusion since anyone using a DBMS often refers to the database as a "data table(s)" or "data file(s)" or simply data.
Database can be used generically because consultants and programmers understand the difference and it is really they who need to understand the difference when speaking esoterically about DBMS programs and data modeling.* Add: I hate it when someone sends me on a research task in a debate, I come back with proof, and they reject my proof on different grounds. Could you clarify? I don't understand, what proof?

I want to give you a heads-up that even if you are right on this point, which I still doubt, I will claim it is the equivalent of the way the public conflates conservative with republican, and I will point out that marketers conflate terms to suit their purpose and/or because they are clueless doofuses. From the beginning I have maintained that the term "database" is a misnomer. As to the reason marketers and non-technical people use it I don't think it has anything to do with anyone being a doofus. It is simply the habit of economizing terms. The acronym DBMS has simply not caught on with the public. It doesn't quite roll of the tongue like SQL, API, OOP, OLAP (though to be sure the last three are a bit more esoteric than SQL though I'll bet less than 10% of the population even know what SQL stands for. A marketer is more likely to have far more success with the word "database" than "DBMS" because "database" has come to mean both "DBMS" and the "database".

I know it's wrong. You know it's wrong. However there is nothing that you or I can do about it and it really doesn't matter. If some average Joe wants a "DBMS" and asks the clerk at the local computer store for a "database" he will get it. It's really not all that confusing.

I'm a snob and stubborn mule and choose to dismiss people who insist on paper ballots with a "bah".

I consider the belief that evoting is inherently flawed because it is electronic to be merely belief. I think that the only way to deal with beliefs like this is by ridicule. (because i am a prick)

That's an admission of willful ignorance if ever there was one.

That being said, it is clear that Microsoft sees it's product as a DBMS and that distinction is proper. In its product tour (http://www.microsoft.com/office/previous/access/2000Tour/default.asp) Microsoft lists Access 2000 as a "Database Management System". So, we can both agree that Access is a DBMS correct? By most definitions though not all (based on inadequate transaction control (http://www.soi.city.ac.uk/%7Etony/dbms/transaction_control.html) for instance). But still, calling it a DBMS isn't the same as calling it a database.

This article provides a brief overview of databases — what they are, why you might want to use one, and what the different parts of a database do. The terminology is geared toward Microsoft Office Access 2007 databases, but the concepts apply to all database products. Realizing that we are now quibbling over fine semantic points where we both apparently understand what is actually what, a Jet database created with Microsoft Access is commonly referred to as an Access database. That doesn't make the Access the front-end a database. And the concepts surely do not apply to all database products because "real" database servers don't intermingle everything the way that Access and other desktop products do.

To prove my point Microsoft lists... I don't buy that these links support your original contention. And yes, this time I'm gainsaying however I don't think we're accomplishing anything at this point seeing as we both know that a program is not a database, and we both know that people sometimes call programs databases, and both should know that marketers aren't an ideal data source.

That it has does not cause undue confusion since anyone using a DBMS often refers to the database as a "data table(s)" or "data file(s)" or simply data. Database users and technology decision makers are often confused by these and other distinctions that you and I take for granted, sometimes to their extreme detriment.

I don't understand, what proof? Pardon my clumsy wording. My comment had nothing to do with anything you posted. I was trying to extend a courtesy.

I will read and consider anything more you might post but I plan on not replying due to time constraints. Maybe we can resume some day in the computer section.

By most definitions though not all (based on inadequate transaction control (http://www.soi.city.ac.uk/~tony/dbms/transaction_control.html) for instance).

But still, calling it a DBMS isn't the same as calling it a database. Realizing that we are now quibbling over fine semantic points where we both apparently understand what is actually what, a Jet database created with Microsoft Access is commonly referred to as an Access database. That doesn't make the Access the front-end a database. And the concepts surely do not apply to all database products because "real" database servers don't intermingle everything the way that Access and other desktop products do. From a technical standpoint I agree. The point I'm making is that our opinions are meaningless. Over the years there have been attempts to disambiguate certain terms. AFAIK, they have all failed. In the end it's not up to you or I.

I don't buy that these links support your original contention. And yes, this time I'm gainsaying however I don't think we're accomplishing anything at this point seeing as we both know that a program is not a database, and we both know that people sometimes call programs databases, and both should know that marketers aren't an ideal data source.

Database users and technology decision makers are often confused by these and other distinctions that you and I take for granted, sometimes to their extreme detriment.

Pardon my clumsy wording. My comment had nothing to do with anything you posted. I was trying to extend a courtesy.

I will read and consider anything more you might post but I plan on not replying due to time constraints. Maybe we can resume some day in the computer section.Cool, no, we don't need to belabor the point. We have a point of agreement and also some disagreement but that's fine.

Thanks.