Jophiel wrote:
I know that Gbaji was comparing purely paper ballots to purely electronic ballots but why other states don't adopt the same system is beyond me.
Yup. Was mainly looking at the pure paper balloting systems that are used in most places (and are the primary targets for replacement with electronic voting machines). Optical scan voting boxes are a pretty good solution as well.
Um... You are aware that those machines (I believe the ones used in Illinois) are the same ones built by Diebold that everyone's complaining about, right? They changed their name to "Premier somethingorother", but these are the same machines that were demonstrated to be "hackable", and that use the database system mentioned earlier. Some mechanics are different, but they're the same on the backend.
So you basically responded to my arguments that electronic voting machines were more secure then paper ballots by providing an example of an electronic voting machine that you felt was secure...
Funny, huh?
And Paulsol? That's dev talk. The security is in the login access level. Seriously. The principle engineer guy knows what he's talking about. A disk is a read/write object. Period. There's no way around that. Whatever operating system you're using, the OS rights granted on login are going to determine whether someone can write to a file. Even if the database has an embedded password, that doesn't provide much extra security if I can simply write to the file anyway.
The embedded password is part of the application layer. Basically, the application looks for the password flag and if it's set, asks the user in the application for the password. If I access the same file in another application, I can read it just fine. Heck. If I know the format of the file (which I do, since it's a standard database format), I can simply dump it to another file that doesn't have the password bits set. Or I can simply copy another file on top of it that contains the information I want, or manipulate it in any way I want.
The answer he gave was correct. If you have read/write access to a data device at the OS level, nothing at the application level (except for encryption of the entire dataset) provides additional security. Not "real" security anyway. Also, this was a development project (duh!). They're working on the software on computers with normal login. So of course they have access to the database. The voting machines are much more stripped down. The security is that unless you exit out of the voting software, log out, change user to an administrator (and have the password), you don't have any ability to change the file other then through the software interface itself.
This is *not* an indicator of lessened security. Not at all.