Sunday, October 29, 2006
We are ordering lot of things (clothes, books, kids' toys) online. Which leaves me with the task of paying the bills found in the parcels. That's not too bad because I can do it onine. The only thing that annoys the hell out of me is transcribing all those numbers (account, bank, customer, invoice) from the paper copy into my web browser.
I don't have anything against typing numbers in general, but why don't they group them e.g. by 4? With hyphens in between? Most likely because the wise programmers of the severly fucked up web-frontend to my bank decided that anything but numbers in most fields is a bad thing. Therefore don't even allow such a readability-increasing method in their various number-eating input-boxes. Oh, and please somebody explain to me why a invoice number has to be 15 digits? Especially when paying a bill from a relatively small german publisher who - for sure - has less than 1015 customers whom to bill. Suddenly typing in microsofts 8x4 character license keys does not look like a bad amusement at all.
Wednesday, October 25, 2006
Friday, October 20, 2006
Thursday, October 19, 2006
Thursday, October 05, 2006
Wij vertrouwen stemcomputers niet have analysed the election computers that are used in the netherlands and found out that they have a huge number of security flaws. Their great publication is a very detailed description of all the shortcomings they found up to now, it shows some possible attacks they have implemented and describes few more that are now known to be feaseable.
Those machines are basically a overpriced version of the Amiga 500, with less RAM and without the nice sound and video capabilities -- in a huge box. There is not a single feature built in to try to counter vote forgery, it's really just a plain 68k computer without any cryptographic or trusted-computing capability.
Those voting-machines are very simmilar to the computers that are used in some regions of germany. Of course they have been thoroughly examined; in germany (where I live) by the PTB which is responsible to maintain precise clocks (a task it does very, very good) or to provide standard-weights so that scales at the grocery-store measure the correct amount of vegetables you buy. I'm sure our election computers are really precise in this regard.
It's noteworthy that the german BSI (the authority for security in information processing, who really are knowledgeable about computer and IT security) have not been ordered to evaluate those computers (who said bribery?)! And of course the report on the test done by the PTB is confidential not to compromise the valueable 1980's technology trade secrets of the supplier. What a joke.
In the Netherlands they have been checked by the authority responsible for the safety of cars or electrical installations in bildings. No one will ever get a electric shock or be injured by a hard edge on those machines -- correct counting oviously was of no concern to the testers.
The computer magazine c't recently had an article about that e-voting-mess in general (issue 16/06, page 54), and after reading few reports about how that works in the USA I honestly was not really surprised about what the dutch hackers had found out. Maybe that's also why I quicky got distracted from studying the NEDAP-hardware to find this little gem: