Ohio Audit Reveals More Diebold Problems 222
armb writes with a link to a Wired Blog entry about irregularities found in Diebold databases from the state of Ohio. The election in question here is November 2006, and the corruption of the entries may raise doubts about accurate tabulations. "Vote totals in two separate databases that should have been identical had different totals. Although Diebold explained that this was part of the system design for separate vote tables to get updated at different times during the tabulation process, the team questioned the wisdom of a design that creates non-identical vote totals. Tables in the database contained elements that were missing date and time stamps that would indicate when information was entered. Entries that did have date/time stamps showed a January 1, 1970 date. The database is built from Microsoft's Jet database engine. The engine, according to Microsoft, is vulnerable to corruption when a lot of concurrent activity is happening with the database, such as what occurs on an election night when results are uploaded and various servers are interacting with the database simultaneously."
I don't know anything about databases (Score:2, Informative)
Re:I don't know anything about databases (Score:5, Insightful)
Re:I don't know anything about databases (Score:5, Insightful)
Re:I don't know anything about databases (Score:4, Interesting)
But CLEARLY this kind of stuff is not because Diebold isn't capable of doing it properly. It's because they explicitly don't want to do it properly.
If we're going to have electronic voting machines, and I don't think that we should (not even optical scan), they should be developed, owned, and maintained by the government. Period.
Re: (Score:3, Funny)
As Hyneman would say..."There's your problem."
Re: (Score:3, Insightful)
Re: (Score:2)
Oh yes (Score:3, Insightful)
Different folks. (Score:4, Interesting)
Re: (Score:2)
I never knew they made vending machines! This is great! I mean, it's a shame we lost our democracy to trivial-to-compromise voting machines, but at least we all get free Cheetos!
1000?!?!? (Score:2, Insightful)
Jet is fine for what it is, but like any other tool it has a proper purpose and should not be mis-used.
I don't know the specifics of the Diebold stuff, it would seem to me though if you had one Jet DB on each machine along with a proper upload tool it should work just fine.... at the same time if I was building a voting machine process from scratch I wouldn't think of using it.
fwiw. ymmv.
Re: (Score:3, Insightful)
I bet it doesn't. It's really more of a single-user database engine. It's nice for redistributing with a single user application, but not appropriate in a network setting. Makes you wonder if they (Diebold) just didn't have anyone with any multi-user database experience.
You are wrong (Score:2)
Re: (Score:3, Insightful)
I think the term you are looking for is gross incompetence.
Maybe they're trying to convince people that even if they wanted to rig the election, they're too stupid to do it properly?
Re: (Score:2)
Microsoft Jet is a file-sharing database system. A file-sharing database system means that the processing of the file occurs at the client. When a file-sharing database, such as Microsoft Jet, is used in a multi-user environment, multiple client processes use file read, file write, and file locking operations on the same shared file across a network. If a process cannot be completed, the f
Re:I don't know anything about databases (Score:5, Informative)
Not quite. Exchange uses Jet Blue [wikipedia.org], as do AD and other things embedded in Windows (DHCP server, WINS, etc.). It was strictly for MS-only internal use until Windows 2000, when it was renamed Extensible Storage Engine and the API was made available.
Diebold is using Jet Red [wikipedia.org]. Jet Red is what MS Access uses, as well as the "Microsoft Jet DB Engine" ODBC source that many crappy third-party VB apps use.
Despite sharing the same name (though Jet Blue was renamed, Exchange still refers to it as simply "Jet" in a few places), there's almost nothing in common between the two. Blue/ESE is a lot more fault-tolerant than Red, but concurrent access must be provided by a server application running on top of it -- multiple apps can't open the database file directly at once. That's probably a good thing, since Red/MS Access's cooperative concurrency scheme is what's responsible for most of the corruption issues people have with it.
Jet Blue/ESE is nowhere near the design of say, Oracle or PostgreSQL, or even MSSQL for that matter. It's about on the level of version 3 or 4 of MySQL (using MyISAM, not InnoDB), or perhaps SQLite.
Jet Red/MS Access is just plain garbage and should never be used. Shame on you, Diebold. Shame!
Jet (Score:5, Insightful)
Re: (Score:2)
That, or the morass of our government dictated a few things that didn't make sense. They tend to be behind the times in terms of software/hardware advances.
Re: (Score:2)
Proper use of database technology can be difficult, but if a company is unable or unwilling to do it properly, they shouldn't be selling the product. Governments have a responsibility to the perople to slap down companies trying to
Re: (Score:2)
Re:Jet (Score:5, Insightful)
If you wanted to make an insecure system that was easy to hack and manipulate, didn't have basic security features, data integrity, and no audit trail, and thus no record of how data was altered outside of specifications, you might use such a deprecated application.
Re: (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Correction: Napolean (mea culpa): http://www.quotedb.com/quotes/2308 [quotedb.com]
JET?? (Score:5, Insightful)
2 databases?!? (Score:5, Insightful)
Not only would I fire his ass, but I'd make sure to press criminal charges of fraud. Why are these creeps from Diebold, Sequoia, ES&S, et. all not in prison yet?
Diebold makes ATMs; don't tell me that they can't get something as simple as a vote database right. Occam's Razor points to outright fraud, not to simple incompetence.
Re:2 databases?!? (Score:4, Interesting)
That's a bit like saying Panasonic would make a great a telephone carrier because they make phones.
I have bad news for you... (Score:3, Insightful)
Re: (Score:2)
Now if access couldn't handle a Jewel fan site how on earth could it handle an entire state's voting data? Switching to SQL Server and lat
Re: (Score:2)
Re: (Score:2)
The point is that this is cannot be just mere incompetence. As you say, even Microsoft, who wrote Jet and used it for years as the
Re: (Score:2)
I haven't seen a link posted for that yet. (Score:2)
...even Microsoft, who wrote Jet and used it for years as the basis of Microsoft Access and Visual Basic's database component, says not to use it 'cause it's crap.
Got a link for that?
There's always SQL Server 2005 Express/Compact/whatever Edition, and this is what Microsoft recommends today.
Hmmm, don't use our old product, it sucks, use our new product (which, of course, has no bugs whatsoever) available from us to you today! Have you driven a Ford... lately?
Jet Database Engine (Score:5, Interesting)
Re: (Score:2)
The software used to tabulate votes is build on an Access database!?!? holy crap! Talk about the mother of all bad ideas. There are so many know issues and so many better options that this should never have gotten this far. Who the crap was in charge of designing this system? Jim from Accounting?
-Rick
Re: (Score:2)
I'm leaving...on a Jet plane. Don't know when... (Score:3, Funny)
Jet? Shit.
I'm gonna submit proposals to program up a new Mars Rover using Visual Basic!
Reminds me of my plane (Score:2)
Then when it crashed, insist that it can only be fixed 'on site'.
[OT] Your .sig (Score:4, Interesting)
It was always thus... Two spaces after a period is only appropriate in circumstances where all characters are the same width, such as an old-school typewriter. So nobody “decided” that it would be that way “on the Internet;” we just stopped using the special-case rules that sprung up a few decades prior when we were using technology that wasn’t capable of proportionally spaced type.
Don't ATMs access databases too? (Score:5, Insightful)
--
Vote with your roof! http://mdsolar.blogspot.com/2007/01/slashdot-user
Re:Don't ATMs access databases too? (Score:5, Insightful)
The things that went wrong with ATMs were both funny and scary. I have no reason to believe things have changed. The banks and manufacturers go to great lengths to satisfy customers without letting details of the problems get out, because this would undermine confidence in the devices.
With ATMs, if you're smart, you have a slip of paper to verify a transaction. If there's a dispute with the bank, the bank will usually honor the paper documentation, and the customer has no reason to make an issue of the problem.
With voting, there's no going back and fixing results after the fact. Often there's no piece of paper. And on top of that, the whole process is under fairly intense public and governmental scrutiny.
So I wouldn't say there are less problems with ATMs. You just don't hear about them.
Re: (Score:2)
Re: (Score:2)
Yeah, accountability is key. If there's money missing from your account, you WILL raise a stink. If your vote wasn't counted, you won't even know about it.
The other reason: the ATM company doesn't actually maintain the database, the bank does t
Re: (Score:2)
Different People (Score:3, Informative)
The purchase
Dumb Idea (Score:2)
Of course, the part that gets me angriest, as a former poll worker, is the fact that there are people who will mess with someone else's vote. You don't do that.
Next up on "Government Contracts!" (Score:5, Funny)
"We're sorry that the capitol building collapsed, but it ends up that we used Licoln Logs to build the dome, and it ends up that it collapses when the wind hits it from multiple directions at once.
We've gotten some complaints that we should have expected this, and were "total morons" for choosing such a design. We think this is a gross oversimplification, and more than a little unfair. We used multiple layers of high-quality chewing gum to secure the dome, which required countless hours of chewing, along with thousands of gallons of spittle. When you complain against such a massive effort, you insult the sore mouths of our hard working employees.
Sincerely,
Halliburton CEO
Bozo D. Clown"
Next episode: FEMA picks up the pieces.
Ryan Fenton
Re: (Score:2)
I was going to ask for the hahaha tag, but (Score:4, Insightful)
Re: (Score:2)
The fact that it was built with Jet suggests that it was initially designed as a non-networked, single-user system initially. Votes were probably uploaded one machine at a time (batch style) for counting purposes. What happened next was "organic growth" of the product. Let me speculate (harp music plays) . . .
Along comes the idea that they need to network the voting machines
So... (Score:4, Insightful)
Seriously, I dont care if the errors caused changed the outcome or not, its fairly clear that they failed, in the worst possible way, to maintain the level of creditability needed for a damn election. This isn't a "oops, my bad" This should be a federal offence with manditory jail time.
No system is perfect, but come on, JET!? Might as well have the vote counted in diffrent states by the party currently in power, would be just as accurate.
Feel free to ... (Score:2)
can't believe they're still used (Score:2, Insightful)
I do understand why Republicans get so defensive about this,but these machines have to GO.
The
I smell fud (Score:5, Interesting)
Now, I'd never think about developing this on a Microsoft Jet DB, since it's been somewhat deprecated for the MS Desktop SQL Server (MSDE) and SQL Server 2005 Express, which are much better and lightweight enough for a current desktop.
Nonetheless... what MS probably stated is that basically access to a JET Db is not thread safe, which means that concurrent access will cause corruption with a probability directly proportional to the amount of activity. YET if you serialize access to a Jet Db (which is a necessary and basic requirement given that it's not thread safe) there shouldn't be a fear of corruption, unless the API is buggy. If each voting station has a Jet Db and they all get exported to a central (thread safe) db then there's no need for concurrent access to any of the individual Jet DBs, and there shouldn't be a big fear of data corruption (which, anyway, can be verified somewhat easily).
Re: (Score:2)
-Rick
Re: (Score:2)
Re: (Score:2)
During the voting, assuming each station has it's own Jet db, then the db is hit with a single INSERT every N minutes. Hardly critical. It could be trusted to a simple comma separated file as well. The fact that the jet db doesn't keep a log only means that a vote might be lo
Re:I smell fud (Score:5, Funny)
You just have to boost the 5v output using an op-amp, and secure the lead with a clamp or some electrical tape so it won't wiggle out.
Re: (Score:2, Informative)
FUD for sure (Score:2)
Re: (Score:2)
A simple C# code fragment to serialize access to the Jet DB can go like this.
-----
// NOTE: To Diebold -- Please copy and paste this into your application. Thank you.
public class DbWriter
{
private static object _sync = new object();
public static void WriteSomeData(/* args
{
lock(_sync) {
}
}
private DbWriter() {/* hidden ctor
Re: (Score:2)
Sure, you could lock the database on the server every time a client updates a record. And you could make sure that the clients know how to wait and retry if the server table is locked. In theory, that works fine. In practice, though, the clients probably update the server tables piecemeal, not nice atomic commits. So we'd have a recipe for deadlock.
You are correct that it could be done, but with the amount of work it would t
Re: (Score:2)
Re:I smell fud (Score:5, Insightful)
2. There's a known data corruption issue in the engine caused by concurrent activity
A reasonable conclusion is that the programmers were idiots and wrote an non-thread safe application with multiple threads. Another conclusion would be they intentionally attempted to fix the election. Incompetence before dishonest is the usual way to approach those things...
Re: (Score:2, Interesting)
i wonder if, to encourage problems, either diebold, or the government contracts with diebold, deliberately enshrined incompetence in some way via timelines, pricing, obtuse/antiquated software requirements.
Re: (Score:2)
In a Republican fund raiding letter, the president of Diebold indicates his bias by saying that he is "committed to helping Ohio deliver its electoral votes to the president next year."
Re: (Score:2)
Any system can and will have bugs and weak areas... What makes this scandalous is that Jet (MS Access) is literally THE crappy database engine and everyone knows/knew this.
If a DB admin or programmer is going to make a joke about a farked-up database project the db will be ms-access.
If you are going to mock a competitor you might suggest that they build their software using visual basic and a JET database.
None of this is
What always amazes me (Score:2, Insightful)
Voting machines need to be an open-source project anyway. We ALL need to know what's going on in those things.
Isn't democracy mission critical? (Score:5, Interesting)
There really is no excuse for voting to not be done on a comparative basis e.g. every vote to be checked via 3 different software lines (this isn't rocket science) and a voting system to then confirm that the vote is being applied correctly. This vote should then be written to two (at least) data sources to enable reconciliation at the end.
This is a freaking implementation of a check-box system where is the sodding complexity that means its expensive to be professional.
Voting in a democracy is mission critical, to not consider it that way is to say that voting doesn't matter.
Re: (Score:2)
Your paper ticket has a barcode on it. The nice people at the turnstile scan it, the number is checked in the database and you get a nice instant feedback if the ticket has been used or is totally bogus. They handle thousands of people crushing into the gate in the space of minutes, on the outside hours. And they use off the shelf equipment and standard DSL or T1 lines.
No, it isn't (Score:3, Insightful)
You are incorrect on both counts.
First, if something is "mission critical" do you entrust it to people who have no idea of the necessary details, or will just use a default position to produce the end result as opposed to careful thought and analysis? No.
Perhaps you don't understand what "mission critical" means. I'll clue
Fraud (Score:2)
Calling something a voting machine AND selling it, when it isn't a voting machine fit for that purpose at all.
It's as much a voting machine as my bedsheet is a certified parachute fit for skydivers.
They're lucky they're in the USA. In other countries they might actually get lynched by angry voters or executed (for treason?) if they escape the mob.
But it'll be hard to convince the rest of the world that the US is interested in democracy and fair elections in Iraq if this sort
Audits can be done using real database engines (Score:3, Insightful)
Which is why when explaining a result matters, you use a real database engine, not something like jet, which is simply a library to maintain indexed files.
Even Microsoft Says No! (Score:2)
Why would they do this? If cost was the issue, Jet vs SQL server say, then why not go with PostgreSQL, MySQL, or other free alternatives? Even if you're a Microsoft shop, it isn't that hard to make MS stuff interface with OSS DB ba
the winner of the 2008 presidential election is.. (Score:2, Insightful)
Transparency is the issue (Score:2)
MS Database - ROFLMAO! (Score:2, Funny)
Why not just put a degaussing coil in all the door frames?
The JET engine is not the real problem... (Score:3, Insightful)
Back in 1995 I came in touch with the JET engine for the first time. It was used in a database application for a commercial aircraft carrier (!) Databases were corrupt all the times. It was obvious that the technology was a mess. At that time, much better alternatives were available for a little more $$. Hence I could not understand why anyone would spend time and money with such broken technology.
Now we see the use of this technology again, and in an application that is crucial to the future of the U.S and to the future of many other countries... the same mistakes are being made again.
But that is not the real problem. Yes, we know that electronic voting machine manufacturers have a long record of being lazy, careless, and incompetent. The actual problem is with the opinion of the decision makers in the administration and with the opinion of the public. Information technology is widely accepted as a means to make collecting, sorting, and counting, of numbers, names, addresses, etc. more reliable and more efficient. So why not use it also to collect and to count voter ballots?
There is this subtle difference between paper and electronic storage. If you write something on a paper or make a hole, then it will be very difficult and time-consuming to remove the writing or the hole. In any case, too much work to alter ballots in significant numbers! And, if you still do, you leave a trace to be discovered by the forensic experts. In contrast, the information stored on a hard disk, in a flash ram, or transferred via network, can be altered very quickly and, if done well, without leaving any trace. Hence it is by nature that electronic voting machines are insecure and unreliable.
Badly designed and badly implemented electronic voting machines just add up to the insecurity and the lack of reliability that this technology has by its virtue. On the other hand, measures like paper audit trails are certainly very helpful, but these are mere attempts to improve a technology that is bad from the outset.
Looking at people's difficulties in understanding and dealing with today's computer security threats, I guess that it will take a lot of time until the aforementioned difference is in the heads of majority of the public and of those involved in the voting process. In the meantime, we will have many more "voting machine news": For every major election where electronic voting machines will be used, there will be stories about malfunctioning machines, missing audit trails, about elections being stolen, and so on. This is the wrong approach to "strengthen the democratic tradition".
My credo is that running a democracy has a prize that is called "counting by hand".
Plausible deniability (Score:2)
M$ Liability (Score:2)
--
Rent solar power: http://mdsolar.blogspot.com/2007/01/slashdot-user
Re: (Score:2, Funny)
Is not!
You may win but you're still retarded.
I know you are, but what am I?
Re: (Score:2)
Re:here we go again (Score:4, Funny)
> voting is implemented, and are only upset that a democrat wasn't
> elected in the last election?
Yes, next question.
BTW, when Bush came into office the solar system had nine planets
The Democrats Did Win (Score:2)
Re: (Score:2)
This is about the 2006 election. To remind you, that's when Ohio went Blue.
Don't get me wrong, there are many cases where 'sore looser leftie' is a potentially valid complaint. This isn't one of them.
Re: (Score:2)
It's just people who found screwups in Dibold voting devices.
Re: (Score:2)
Re: (Score:2)
Re:Problem-free election? (Score:5, Insightful)
In point of fact, there is a difference between "requiring perfection" and "avoiding obvious incompetence". Just, y'know, for future reference.
Re: (Score:3, Insightful)
Coincidence? Gee, I wonder...
Re: (Score:3, Insightful)
Re:Problem-free election? (Score:4, Insightful)
Mob, Press and Documentary video TV accusations do not constitute legitimate evidence unless they have facts to back up their claims (not saying they don't).
Guilt by association is one Logical Fallacy which is throw around a lot these days.
Re: (Score:2)
Re: (Score:3, Informative)
The public is allowed to watch at every step of the process (especially counting).
Voting times are staggered across the country so that everyone learns what happened at the same time.
All the ballots *are* exactly the same. This is not a difficult task.
The ballots have only the name of the candidate and the name of the
Re: (Score:2)
By getting repeatedly fucked by the other party?
Re: (Score:2)
It's funny that these guys think that while you can be charged with conspiracy, you can't be charged with stupidity. Actually you can: it's called reckless endangerment. There is also the civil charges of malpractice. Since there is public money involved: Fraud. (Using substandard materials when you know it's completely inappropriate for the job at
Re: (Score:2)
While I agree that it will get interesting, if the Democrats knew about this problem and then used it, doesn't that make them just as criminally liable for misuse and voter fraud as the people who caused the problem in the first place?
I can see it now... Democrats are going to lambaste me, Republicans are going to deny there's a problem, and anyone w
Re: (Score:2)
What you want is the ability for the system to prove to you that it tabulated your votes correctly, but to do it in a way that you can't use that proof to convince a third party.
There's a whole lot of other niggling problems that are desirable and seem to oppose each other. Voting is a tough nut to crack correctly.
Re: (Score:2)
Someone always brings this up, and I just don't buy it. For one thing, the ticket doesn't need to be stamped with any clear-text identifying information, so you can know that I possess a ticket that proves that someone voted a certain way, but you don't know how I got that ticket. Secondly, if I wanted verifiable proof, I can think of plenty of ways of doing that more reliably. For example, a cell phon
Yes, only ... (Score:2)
Yes, only it'd be a little tough for the entire nation to simultaneously slap Walden O'Dell's face. I humbly offer my services as the nation's representative in this matter.
Would someone like to claim dibs on Ken Blackwell?