Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Ohio Audit Reveals More Diebold Problems

Posted by Zonk on Fri Apr 27, 2007 12:33 PM
from the must-offer-witty-comment-on-unsurprising-situation dept.
Government Security Politics
armb writes with a link to a Wired Blog entry about irregularities found in Diebold databases from the state of Ohio. The election in question here is November 2006, and the corruption of the entries may raise doubts about accurate tabulations. "Vote totals in two separate databases that should have been identical had different totals. Although Diebold explained that this was part of the system design for separate vote tables to get updated at different times during the tabulation process, the team questioned the wisdom of a design that creates non-identical vote totals. Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date. The database is built from Microsoft's Jet database engine. The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."
+ -
story

Related Stories

[+] IT: Diebold Security Foiled Again 201 comments
XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"
[+] Your Rights Online: Diebold Sues Massachusetts for "Wrongful Purchase" 422 comments
elBart0 writes "Diebold has decided to sue the commonwealth of Massachusetts for choosing a competitor to provide voting machines for the disabled. Diebold wants to force the state to stop using the machines immediately, despite the upcoming municipal elections in many towns. The commonwealth chose the competitor based on an open process that included disabled groups. Diebold executives appeared confused when encountering election officials who made an intelligent choice."
[+] News: Diebold Goes 0 For 3 In Massachusetts Case 119 comments
beetle496 writes "ComputerWorld reports that last week a judge denied Diebold's request to block ES&S pact with Massachusetts. This is a follow-up to the earlier discussion here after Diebold contended that the state had erred in selecting the machines of its rival, citing accessibility provisions of the HAVA law. Quoting: 'Diebold's request for an injunction to block the execution of the contract with ES&S was rejected... The judge also denied Diebold's request to have an accelerated discovery process and to keep the state's legal team from viewing internal Diebold documents... "The suit is still there, but they went zero for three yesterday," the spokesman said.' The actual accessibility concerns have been discussed over at the TEITAC listserv, including a few telling observations from experts familiar with accessible voting and at least one state insider."
[+] Diebold Rebrands What No One Wants 175 comments
Irvu writes "Diebold has apparently failed in their bid to sell their tainted elections systems unit. Unable to find a buyer the CEO of Diebold promised that the system will be run more 'openly and independently.' To prove that they are serious, they renamed it. Diebold Election Systems is now Premiere Election Solutions. They still sell GEMS, AccuVote OS and the ever-unpopular AccuVote-TSX which performed so disastrously in California's Top-to-Bottom Review under the same names. Apparently their rebranding effort only goes so far."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Ohio Audit Reveals More Diebold Problems 25 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Jet (Score:5, Insightful)

    by truthsearch (249536) on Friday April 27 2007, @12:37PM (#18902161) Homepage Journal
    I programmed with the Jet DB "engine" years ago. I wouldn't even run a web site with it. The only thing I found it useful for was business applications, such as connecting an Excel spreadsheet to Access. But that was years and years ago. Why would anyone write such a large and critical system using Jet today, when even Microsoft tells you not to? The only answer is incompetence.

    • Re:Jet (Score:5, Insightful)

      by lawpoop (604919) on Friday April 27 2007, @01:35PM (#18903361) Homepage Journal

      Why would anyone write such a large and critical system using Jet today, when even Microsoft tells you not to? The only answer is incompetence.
      There is another answer.

      If you wanted to make an insecure system that was easy to hack and manipulate, didn't have basic security features, data integrity, and no audit trail, and thus no record of how data was altered outside of specifications, you might use such a deprecated application.

  • JET?? (Score:5, Insightful)

    by revlayle (964221) on Friday April 27 2007, @12:39PM (#18902193) Homepage
    That is an old outdated desktop engine. Databases needs compressing and repairing all the freaking time - want to go multi-user? or over a network? forget it, it's have never performed well in that capacity in ANY version. Microsoft even advises not to use it anymore. They push desktop version of the SQL Server 2005 Engine (and now even have a version that just requires a couple DLLs in the application directory, however I do not know if that is available yet).

    • 2 databases?!? (Score:5, Insightful)

      by Artaxs (1002024) on Friday April 27 2007, @12:59PM (#18902565) Homepage
      Look, let's say I had hired an accountant. Then, let's say that I found out that he was keeping two separate databases of my finances. Let's also say that they had different totals in them, and he was only showing me one of them.

      Not only would I fire his ass, but I'd make sure to press criminal charges of fraud. Why are these creeps from Diebold, Sequoia, ES&S, et. all not in prison yet?

      Diebold makes ATMs; don't tell me that they can't get something as simple as a vote database right. Occam's Razor points to outright fraud, not to simple incompetence.

  • Jet Database Engine (Score:5, Interesting)

    by mypalmike (454265) on Friday April 27 2007, @12:39PM (#18902201) Homepage
    Jet Database Engine, a.k.a. Microsoft Access.
  • > The database is built from Microsoft's Jet database engine.

    Jet? Shit.

    I'm gonna submit proposals to program up a new Mars Rover using Visual Basic!

    • [OT] Your .sig (Score:4, Interesting)

      by BandwidthHog (257320) <may_2007@ironicallyenough.com> on Friday April 27 2007, @01:39PM (#18903473) Homepage Journal

      Who the f*** decided that sentences on the Internet shall no longer be formatted with two spaces after a period?!

      It was always thus... Two spaces after a period is only appropriate in circumstances where all characters are the same width, such as an old-school typewriter. So nobody “decided” that it would be that way “on the Internet;” we just stopped using the special-case rules that sprung up a few decades prior when we were using technology that wasn’t capable of proportionally spaced type.

  • Don't ATMs access databases too? (Score:5, Insightful)

    by mdsolar (1045926) on Friday April 27 2007, @12:44PM (#18902293) Homepage Journal
    I've had very few banking errors using ATMs and I'm quite sure that I am not the only user on the system when I do use them. Why would this company have any trouble with this kind of operation? Is it because there is no accounting so they don't bother to get it right?
    --
    Vote with your roof! http://mdsolar.blogspot.com/2007/01/slashdot-users -selling-solar.html [blogspot.com]

    • Re:Don't ATMs access databases too? (Score:5, Insightful)

      by Ken Hall (40554) on Friday April 27 2007, @01:18PM (#18902899)
      A number of years ago, I was responsible for handling software problem reports for a couple of vendors ATM machines. (We were a third-party service company.)

      The things that went wrong with ATMs were both funny and scary. I have no reason to believe things have changed. The banks and manufacturers go to great lengths to satisfy customers without letting details of the problems get out, because this would undermine confidence in the devices.

      With ATMs, if you're smart, you have a slip of paper to verify a transaction. If there's a dispute with the bank, the bank will usually honor the paper documentation, and the customer has no reason to make an issue of the problem.

      With voting, there's no going back and fixing results after the fact. Often there's no piece of paper. And on top of that, the whole process is under fairly intense public and governmental scrutiny.

      So I wouldn't say there are less problems with ATMs. You just don't hear about them.

  • Next up on "Government Contracts!" (Score:5, Funny)

    by RyanFenton (230700) on Friday April 27 2007, @12:47PM (#18902351)
    In the last episode, the capitol building collapsed - and now, the following letter appeared on the broken stairsteps to the Ohio capitol:

    "We're sorry that the capitol building collapsed, but it ends up that we used Licoln Logs to build the dome, and it ends up that it collapses when the wind hits it from multiple directions at once.

    We've gotten some complaints that we should have expected this, and were "total morons" for choosing such a design. We think this is a gross oversimplification, and more than a little unfair. We used multiple layers of high-quality chewing gum to secure the dome, which required countless hours of chewing, along with thousands of gallons of spittle. When you complain against such a massive effort, you insult the sore mouths of our hard working employees.

    Sincerely,
    Halliburton CEO
    Bozo D. Clown"

    Next episode: FEMA picks up the pieces.

    Ryan Fenton

  • I was going to ask for the hahaha tag, but (Score:4, Insightful)

    by zappepcs (820751) on Friday April 27 2007, @12:49PM (#18902387) Journal
    this really isn't about MS having a shitty database. It's really about Diebold not knowing how to design a database application. Other than that, I'm just too shocked to say anything while quietly making a mental note to avoid all things called Jet from MS and anything that comes from Diebold.

  • So... (Score:4, Insightful)

    by Lithdren (605362) on Friday April 27 2007, @12:49PM (#18902397)
    When does someone bring them to court over SCREWING UP AN ELECTION.

    Seriously, I dont care if the errors caused changed the outcome or not, its fairly clear that they failed, in the worst possible way, to maintain the level of creditability needed for a damn election. This isn't a "oops, my bad" This should be a federal offence with manditory jail time.

    No system is perfect, but come on, JET!? Might as well have the vote counted in diffrent states by the party currently in power, would be just as accurate.

  • I smell fud (Score:5, Interesting)

    by ericlondaits (32714) on Friday April 27 2007, @12:51PM (#18902429) Homepage
    I smell FUD here...

    The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."


    Now, I'd never think about developing this on a Microsoft Jet DB, since it's been somewhat deprecated for the MS Desktop SQL Server (MSDE) and SQL Server 2005 Express, which are much better and lightweight enough for a current desktop.

    Nonetheless... what MS probably stated is that basically access to a JET Db is not thread safe, which means that concurrent access will cause corruption with a probability directly proportional to the amount of activity. YET if you serialize access to a Jet Db (which is a necessary and basic requirement given that it's not thread safe) there shouldn't be a fear of corruption, unless the API is buggy. If each voting station has a Jet Db and they all get exported to a central (thread safe) db then there's no need for concurrent access to any of the individual Jet DBs, and there shouldn't be a big fear of data corruption (which, anyway, can be verified somewhat easily).

    • Re:I smell fud (Score:5, Funny)

      by EvilTwinSkippy (112490) <yoda.etoyoc@com> on Friday April 27 2007, @01:08PM (#18902701) Homepage Journal
      That's a bit like saying you can run a traffic light with a Lego Mindstorms on a massive intersection where 8 lanes of traffic intersects another 8 lanes, with both right and left turns allowed.

      You just have to boost the 5v output using an op-amp, and secure the lead with a clamp or some electrical tape so it won't wiggle out.

    • Re:I smell fud (Score:5, Insightful)

      by sholden (12227) on Friday April 27 2007, @01:18PM (#18902909) Homepage
      1. The data is corrupted (totals are different)
      2. There's a known data corruption issue in the engine caused by concurrent activity

      A reasonable conclusion is that the programmers were idiots and wrote an non-thread safe application with multiple threads. Another conclusion would be they intentionally attempted to fix the election. Incompetence before dishonest is the usual way to approach those things...

  • Isn't democracy mission critical? (Score:5, Interesting)

    by MosesJones (55544) on Friday April 27 2007, @01:07PM (#18902693) Homepage
    Reading this made me think about my time doing safety critical systems (it fails, someone dies) and its really stunning to think that something like voting in a democracy isn't considered mission critical to the country.

    There really is no excuse for voting to not be done on a comparative basis e.g. every vote to be checked via 3 different software lines (this isn't rocket science) and a voting system to then confirm that the vote is being applied correctly. This vote should then be written to two (at least) data sources to enable reconciliation at the end.

    This is a freaking implementation of a check-box system where is the sodding complexity that means its expensive to be professional.

    Voting in a democracy is mission critical, to not consider it that way is to say that voting doesn't matter.

    • Re:I don't know anything about databases (Score:5, Insightful)

      by codepunk (167897) on Friday April 27 2007, @12:41PM (#18902229) Homepage
      Jet is damn lucky to scale to 10 much less your claimed 1000. I have never seen 1000 concurrent users in a jet database. Not that it matters, I cannot believe anyone would trust it to tabulate election results.
      • I agree. With a plethora of free or easily liscensed SQL databases out there, and the fact that ODBC data sources are every bit as easy to connect as Jet, there is NO excuse. The only reason to drop something like Jet into a production system is to make it crippled by design.

          • Re:I don't know anything about databases (Score:4, Interesting)

            by aichpvee (631243) on Friday April 27 2007, @03:32PM (#18905593) Journal
            And never attribute to incompetence what is clearly not. Diebold makes TONS of other electronic transaction machines (include, probably, your bank's ATM machines) and they don't have these kinds of problems. Perhaps they do it on purpose to give them a cover of incompetence. Perhaps it really is incompetence on the part of the guy they get to write this stuff since whoever is hiring him doesn't care if he's incompetent because they're going to fool with the results anyway and it will only add cover for them.

            But CLEARLY this kind of stuff is not because Diebold isn't capable of doing it properly. It's because they explicitly don't want to do it properly.

            If we're going to have electronic voting machines, and I don't think that we should (not even optical scan), they should be developed, owned, and maintained by the government. Period.

      • Re:I don't know anything about databases (Score:5, Informative)

        by quantum bit (225091) on Friday April 27 2007, @01:55PM (#18903801) Journal
        Exchange still uses the Jet engine. Its limit is 1,900 concurrent connections.

        Not quite. Exchange uses Jet Blue [wikipedia.org], as do AD and other things embedded in Windows (DHCP server, WINS, etc.). It was strictly for MS-only internal use until Windows 2000, when it was renamed Extensible Storage Engine and the API was made available.

        Diebold is using Jet Red [wikipedia.org]. Jet Red is what MS Access uses, as well as the "Microsoft Jet DB Engine" ODBC source that many crappy third-party VB apps use.

        Despite sharing the same name (though Jet Blue was renamed, Exchange still refers to it as simply "Jet" in a few places), there's almost nothing in common between the two. Blue/ESE is a lot more fault-tolerant than Red, but concurrent access must be provided by a server application running on top of it -- multiple apps can't open the database file directly at once. That's probably a good thing, since Red/MS Access's cooperative concurrency scheme is what's responsible for most of the corruption issues people have with it.

        Jet Blue/ESE is nowhere near the design of say, Oracle or PostgreSQL, or even MSSQL for that matter. It's about on the level of version 3 or 4 of MySQL (using MyISAM, not InnoDB), or perhaps SQLite.

        Jet Red/MS Access is just plain garbage and should never be used. Shame on you, Diebold. Shame!

        • Different folks. (Score:4, Interesting)

          by pavon (30274) on Friday April 27 2007, @03:10PM (#18905241)
          Diebolds electronic voting division was purchased wholesale from Global Election Systems in 2002. GES produced crap back then and it is no suprise that they continued to produce crap under new management. Their incompetence shouldn't reflect poorly on the ability of the engineering staff in the ATM division, although it does say quite a bit about the top-level management.

        • Re:here we go again (Score:4, Funny)

          by rlp (11898) on Friday April 27 2007, @12:56PM (#18902503)
          > Do you honestly think that no one ... cares about how electronic
          > voting is implemented, and are only upset that a democrat wasn't
          > elected in the last election?

          Yes, next question.

          BTW, when Bush came into office the solar system had nine planets ...

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.