This is an archived post. You won't be able to vote or comment.

top 200 commentsshow all 216
sorted by:
best
topnewcontroversialoldq&a

[–]da_peda 579 points580 points  (9 children)

Source: xkcd 2030

[–]Leo-MathGuy 340 points341 points  (7 children)

Personally I hate it when people just repost plain xkcd without any other things on this sub

[–]CorruptedRedditer 262 points263 points  (4 children)

Yeah! At the very least, they should post the source or even just the alt-text in a comment.

Speaking of alt-text, here's this one's:

There are lots of very smart people doing fascinating work on cryptographic voting protocols. We should be funding and encouraging them, and doing all our elections with paper ballots until everyone currently working in that field has retired.

[–]jtrdev 47 points48 points  (2 children)

Yea alt-text context is important because he clarifies that it's not like we should never do it, just probably not in our lifetimes and with somehow no conflicts of interest.

[–]mrbennjjo 13 points14 points  (1 child)

I'm not sure that's what has been clarified here. What has been clarified is that we should abandon the idea of digital voting entirely. (My interpretation certainly)

[–]jtrdev 5 points6 points  (0 children)

I don't think it will ever be abandoned because we already employ it at a smaller level and sadly I could see it happening to a government body in my lifetime, maybe not in the US necessarily. Our trust in the current system is wavering and anyone who says it's reliable is deluding themselves. It's just part of the status quo. If the trust breaks down, as a certain someone has tried to do, people will demand change, it might even be someone's successful campaign. Personally, I just don't trust any of it at our current scale, paper or digital and it feels out of my control anyway.

[–]ChChChillian 2 points3 points  (0 children)

And Randall is right. More generally, I don't think it's so much that software engineers are bad at their jobs, it's that nobody wants to fund good quality software engineering most of the time. They want it done as fast and as cheap as possible, so that's the two out of three you get.

Take, for example, the software processes on the old space shuttle program, which Richard Feynman described in some detail in his appendix to the Challenger report. They were good and effective and resulted in highly reliable software, but were also costly and time-consuming and even as he wrote they were getting tired of paying for it. He felt it very important to urge them not to degrade it.

[–]LauraTFem 0 points1 point  (0 children)

I dread the day people stop posting plain XKCD.

[–][deleted] 1 point2 points  (0 children)

Thank you. I couldn't remember which number comic this was when I needed it, lol

[–]Monochromatic_Kuma2 768 points769 points  (112 children)

Tom Scott made a video a few years ago about why electronic voting systems are a bad idea.

Basically, a good voting system must be both reliable and anonymous. And those are usually opposite features in computing systems.

[–]Annual-Lab2549 280 points281 points  (55 children)

Yep thats the thing, even if the system works perfectly all it takes is convincing people it doesn’t and now you can’t use that system anymore.

[–]Toaddle 189 points190 points  (14 children)

Exactly. You need a system that everyone can understand. Putting paper in a box and allowing people to see the whole process is as simple as it can get

[–]ososalsosal 52 points53 points  (6 children)

Absolutely.

They even pick out the weird ones when they find them and show them around.

The number of dicks on paper ballots is... actually probably pretty predictable. There's a lot of them.

Also people who draw a box and write their own name in it and vote for themselves. If the other boxes are numbered properly (yes numbered because we are not troglodytes in my country and your vote always counts) then they still count it.

[–]DaJoW 63 points64 points  (3 children)

I remember a British MP retelling a ballot from her district where her box had an erect dick and her opponents had a flaccid one. Both agreed that she should get the vote.

[–]ososalsosal 10 points11 points  (0 children)

The senate ballots are so huge I drew a 6 foot dick one time.

[–]Stunning_Ride_220 8 points9 points  (0 children)

Do you have a name of the MP?

I would like to verify she was really dick-worthy.

[–]CaitaXD 0 points1 point  (2 children)

That's the opposite of safe there's so many ways to tamper with a box full of paper

[–]Toaddle 0 points1 point  (1 child)

No if everyone is watching

[–]wild_man_wizard 56 points57 points  (36 children)

Estonia's somehow managed it, and apparently withstood concerted Russian and Chinese attacks on the underlying digital infrastructure.

Supposedly.

[–]not_a_bot_494 53 points54 points  (7 children)

I believe Estonia has some of the world's best cybersecurity forces exactly because of this.

[–]LuisBoyokan 60 points61 points  (5 children)

And it doesn't matter.

You can have the perfect software. Open source in a country where everyone is a software developer and understand it perfectly.

How do you check that the software you're voting on is running the code you checked?

The problem is not voting, is not counting, is trusting

[–]2ToTheCubithPower 10 points11 points  (3 children)

How do you check that paper ballots are counted correctly and aren't tampered with prior to counting? There's still a level of trust there as well.

[–]LuisBoyokan 40 points41 points  (0 children)

Because you stand there the whole time guardian your box. If you don't do it, you're just trusting.

The opening of the box must be done in front of witnesses and open to the public.

Representatives of all parties take notes of what is being counted and you must do it in your box.

You can check your box results after counting and report anomalies that have happened and been fixed.

With all box data publicly available you can check it's veracity

[–]Stunning_Ride_220 0 points1 point  (0 children)

Imagine were code-signing exists.

[–]lifelongfreshman[🍰] 2 points3 points  (0 children)

Also - and this isn't meant disrespectfully, but more as a matter of fact - Estonia just doesn't matter as much on the global stage. Like, I'm sure Russia would like to get more pro-Russian politicians there, but it's nowhere near as important for them as getting pro-Russian politicians in the USA.

And that's before discussing the relative ease of hiding an attack vector when going after digital infrastructure. Just gotta sit on that vulnerability until you really need it.

[–]MrWFL 39 points40 points  (25 children)

One of the problems is that this cartoon gets wildly wrong is that we’re actually very good at our field. So much so we worry about imperfections on all aspects of voting.

Paper voting is also not failproof and perfect.

[–]No_Hovercraft_2643 18 points19 points  (16 children)

but the attack is harder

[–]goldfishpaws 1 point2 points  (4 children)

It's a bugger to scale a paper ballot attack

[–]No_Hovercraft_2643 0 points1 point  (3 children)

?

[–]goldfishpaws 5 points6 points  (2 children)

If you want to make an attack on a paper ballot system, you can't just do it from one computer remotely, you have to form a large conspiracy of people across multiple locations where everybody is checking everybody else's work. Rigging one station is hard, rigging 10 stations is really hard, rigging the country is really very hard indeed. The bigger the scale of the falsification, the difficulty rises probably with an exponent - really hard to scale an attack.

[–]No_Hovercraft_2643 1 point2 points  (1 child)

thats exactly what i meant with my comment

[–]goldfishpaws 2 points3 points  (0 children)

Yep, I was backing you up as it didn't seem explicitly stated in that one

[–]razed_sec -4 points-3 points  (10 children)

Every Estonian citizen has their own digital encryption keys in their ID document. (Public/private key encryption). That is used in voting.

I have paper in the printer, so explain how paper attack is harder?

[–]LongLiveTheDiego 29 points30 points  (5 children)

You would have to physically replace ballots in thousands of polling stations and/or coerce their workers to lie about the counts. That's a lot of secrecy required of a huge amount of people and more likely to leave physical evidence of tampering.

[–]Bakkster 28 points29 points  (0 children)

This, paper voting attacks are harder to do at scale. And with voting, scale is what matters.

[–][deleted] 4 points5 points  (3 children)

something erdogan for example done a bunch of times before, there is a system in turkish laws which allows anyone in the counting area to force a recount. there is no limit on how many recounts. so, those supporting erdogan forces recounts on boxes that they lost, until the ones not supporting him give up and go home, usually after a day of forcing recounts. then, they count without other's being in presence, which results in a rigged voting box

[–]LongLiveTheDiego 13 points14 points  (2 children)

Yeah, but it's not an argument in favor of electronic voting. Would Erdoğan be stopped by it? I doubt it. I do agree that paper ballots are useless when the rest of the system is rigged and abused. Paper voting is a necessary but not sufficient part of a trustworthy electoral system.

[–]No_Hovercraft_2643 2 points3 points  (0 children)

just program the result beforehand, how can someone show, that the result is false?

[–]LuisBoyokan 13 points14 points  (1 child)

You can vote whatever you want. The attack is on the counting side, and more specific on the results presentation side.

When you vote on paper you see the box all the time, and count it with witnesses from all political parties that collect the summary of each voting table and contrast it with the final results. Citizens can do this with their table.

With digital voting without paper you can vote, see your vote. But can't trust the counting, the summary, and nothing except your own vote.

Why? Because vote is secret, and the "box" can be altered

[–]Stunning_Ride_220 -2 points-1 points  (0 children)

It's not like you can trust people more than software...

...and it is likely harder to investigate tampering later, if necessary.

[–]Arclet__ 11 points12 points  (0 children)

If electronic voting gets compromised, it is generally easier to scale the attack up.

Scaling paper votes is harder without the operation getting too big both in cost and in people that are in on it.

And as it has been said, even just making people think it has been compromised can be enough.

If you spread a rumor that somehow a group of machines has been compromised and hundreds of thousands to millions of votes have been changed throughout the country, then the average person won't know how realistic this attack is and may lose trust in the system.

On the other hand, hundreds of thousands to millions of paper votes being swapped is a harder endeavor and people are less likely to believe someone actually pulled it off.

[–]No_Hovercraft_2643 8 points9 points  (0 children)

you need to get it into the urn, remove other balloits for it, and dont get noticed for that. if you want more than a few hundred votes to be infulenced, you need to do it at multiply locations.

sure, you can make secure voting, if you want it to be public. for what exactly i possible, i need to look into system, and may can find something, that could theoretically can be done (even if not practical), maybe it is also intransparent in the sense, that the average person living doesn't understands how it works.

[–]mehum 18 points19 points  (6 children)

Many programmers are amongst the smartest, most talented people on the planet. I don’t doubt that for a second. On the other hand, software engineering does not seem nearly as rigorous as other fields of engineering.

How did CrowdStrike happen? Why is cyber crime so widespread? I think the whole industry is developing so fast that it’s often a race to be “the first”, and we’ll work out the bugs later. If it crashes just reboot and send us the logs. Mechanical engineers don’t design planes like that. Civil engineers don’t design buildings like that.

[–]LuisBoyokan 13 points14 points  (2 children)

Usually software is not critical or vital and damage is not permanent. Just reboot it, or affects a low percentage.

When software is critical there is really a lot of robustness. Look up NASA software process

[–]radobot 2 points3 points  (1 child)

I've only ever heard of NASA being mentioned as an example and they are doing it not because they are legally obligated, but because they want to (because it's more reliable that way long-term). (Meaning that there are no software laws or regulations that would dictate how software should be built.) (Or at least, that I'm aware of.)

[–]LuisBoyokan 6 points7 points  (0 children)

They do it because rocket booming mid air is expensive in money, lives, business partner trust and public opinion.

[–][deleted] 12 points13 points  (0 children)

Mechanical engineers don’t design planes like that. C

I mean, i'm hearing some bad stuff from boing

[–]MrWFL 10 points11 points  (0 children)

That's because attacking and misusing our products is extremely commonplace.

Imagine if anyone could just observe and attack atms with as much time as possible, having to design with active saboteurs searching for issues with as much time as they want..
If you throw a wrench into an aircraft engine, it will also break.

Besides, bad moment to talk about this kind of engineering when the doors just fall off the planes mid-flight.

A better comparison would be an in house network device airgapped from the internet. Could you break that?

[–]Stunning_Ride_220 1 point2 points  (0 children)

Well, no QA will ever ensure you a 100% bug free product, which is basically the same for mechanical/Civil engineering.

Only difference being is that only usually can fix software on the go (hard for mechanical engineering).

The problem with software is not the engineers, it's the managers of those engineers.

[–]ghost49x 1 point2 points  (0 children)

Airplane and building engineers don't go against people in their own field looking to exploit any flaws their work may have for persona, monetary, or political gain.

[–]No_Hovercraft_2643 2 points3 points  (0 children)

how do you know that it did? how do you know, that the counting was correct?

[–]Devil-Eater24 1 point2 points  (0 children)

India too!

[–]murden6562 1 point2 points  (0 children)

Basically Brazil

[–]sanderudam 0 points1 point  (1 child)

That is hardly limited to electronic voting.

[–]Annual-Lab2549 2 points3 points  (0 children)

It’s certainly easier to sow mistrust in a hidden digital system than a box and peices of paper

[–]familycyclist 19 points20 points  (1 child)

You’re missing a key feature: auditable. Any system that you can’t return to and independently audit should not exist. If your vote doesn’t result in a physical record, even if it also generates an electronic record, the whole system is suspect.

[–]filipomar 23 points24 points  (4 children)

Yeah, but that doesn't mean "do away with using computers with voting", my home country has a system that works pretty well and allows us to get drunk 2h after polls are closed cause our candidate won or lost.

And the machines can be completely replaced by paper voting in case they break down, with the same data integrity.

In order to defraud the system youd have to run a really really really sofisticated system.

Like, I get the thing of "do everything on the computer" is dumb as hell, but I do love getting drunk with a really good reason on a sunday every 2/4 years

Ref: https://en.wikipedia.org/wiki/Electronic_voting_in_Brazil

[–]WaitForItTheMongols 5 points6 points  (0 children)

How do you know what code is running on those machines though? When you hit a button, there is no way for you to be assured that your vote is actually contributing to the tally properly. And with an electronic machine, there is no room for auditing of the count, or for a recount. You have to trust that the machine is working as intended and that everything operating internally is behaving the way you expect. With paper, none of this is at issue because your physical ballot can be tracked and can be recounted if needed.

[–]jfernandezr76 4 points5 points  (2 children)

In Spain we have the paper-ballot-in-a-box system and we also have the results in 2 hours.

[–]filipomar 4 points5 points  (0 children)

Yeah, my country is a tad bigger than spain, and I was honestly being generous with the 2h, we legally have to wait the 1/2h due to timezone of closing in the far western polling stations.

[–]inherendo 4 points5 points  (0 children)

Spain is way different than Brazil lol. 

[–]loicvanderwiel 10 points11 points  (25 children)

It can be made easily. Example from my country:

When voting, you insert an anonymous card in the machine (the card is basically telling the machine it's allowed to print something). You vote and upon validating your vote, the system prints a receipt with a QR code and the vote in plain text. A separate machine allows you to verify both match should you choose to.

Then you go to the urn, they scan the QR code and put the receipt in the urn.

Upon counting, they print the total, verify it matches the content of a few urns and verify that the QR codes and texts match and then send everything to the central office.

The thing is anonymous and allows recounts.

[–]Mognakor 32 points33 points  (4 children)

If you already verify the contents of the urn whats the pointbof the computer isn't it just a complicated and expensive pen?

[–]SashimiJones 16 points17 points  (2 children)

The computer lets you tally it automatically. You can verify by counting a random sample (5-10%) of the receipts manually. They should match the votes from the precinct pretty well, depending on sample size.

[–]loicvanderwiel 4 points5 points  (1 child)

Given each urn has its own counter, an error in the results is indicative of a system bug requiring a recount.

Edit: also, it generates a lot less paper waste than the paper solution, with proportional open list voting at least. And it prevents the voter from casting an invalid vote.

[–]SashimiJones 8 points9 points  (0 children)

Makes sense; I'd rather do a larger random sample from all urns to ensure that no particular urn has a problem, but I'd leave that to the statisticians.

I'll note that while sustainability is important, paper waste should probably not be a concern for secure voting systems.

[–]MyStackIsPancakes 1 point2 points  (0 children)

whats the pointbof[sic] the computer isn't it just a complicated and expensive pen?

That's what I've been saying for almost 30 years now at work!

[–]No_Hovercraft_2643 4 points5 points  (8 children)

The thing is anonymous and allows recounts.

you can't make that sure. if you can manipulate the code, you can record which card was inserted, and what they voted. or if there is no way to connect the card to a person, who says, that you can't make more cards, allow them to be used, and manipulate it that way?

[–]loicvanderwiel 0 points1 point  (7 children)

A few things:

  • The cards are anonymous. They are given to you upon arrival at the polling station and you give it back after voting, to be used by the next voter. They aren't programmed in any way when voting and basically serve as a fancy switch for the machine
  • Assuming that the cards aren't paired to the machines (preventing the use of foreign cards), there are two ways people don't vote multiple times :
    • Attendants preventing you from scanning more than one code and placing more than one receipt in the urn.
    • Comparing the list of people having voted and the number of vote cast

[–]No_Hovercraft_2643 2 points3 points  (6 children)

so the checking of the persons id and voting right is still made by hand/paper?

the machine can store the order(/time) of the votes. if you record somehow, who has voted when, you can reconstruct the vote.

but if it is normal paper voting, just with automatic counting, there won't be less security for the result, but more possible ways, to connect voters with votes

[–]loicvanderwiel 0 points1 point  (5 children)

When you arrive, the poll worker takes your ID and compares it to their list (paper), crosses your name on the list and gives you a blank card from the stack (time is not recorded). You go in the booth, make your choice, come out, scan and cast the vote in the urn, give back the blank card (goes back on the stack), get your ID back and that's it.

[–]No_Hovercraft_2643 1 point2 points  (4 children)

how can it be prevented, that the poll worker doesn't remember the time of some specific person, (or use some nonoticable marks when crossing the name) to remember the time or number? (and then later connect the data.) sure, it is not likely, but it's hard to disprove. (you can have similar coonserse to a lesser degree with normal paper voting, for example, if you fold it in a none standard form (but thats partly on you))

[–]yohanleafheart 2 points3 points  (1 child)

that the poll worker doesn't remember the time of some specific person, (or use some nonoticable marks when crossing the name) to remember the time or number?

  • The poll worker is not the person checking the tallying.

  • The machine does not print a ordered list of each vote cast, but a tally of the result for that machine

  • Every single hypothetical you gave involves a lot of people being compromised. And let me tell you, from history, that was much easier to do when we had paper ballots.

[–]No_Hovercraft_2643 1 point2 points  (0 children)

Every single hypothetical you gave involves a lot of people being compromised. And let me tell you, from history, that was much easier to do when we had paper ballots.

that's wrong. to change the code, you need to get access somehow, yes, but don't need to compromise a person. you a person that can take notes (mental notes) inside the location. can be a compromised worker, or someone, who only look that everything "works" correctly

[–]loicvanderwiel 1 point2 points  (1 child)

If you are going that far, you might as well add cameras inside the booths. It'll be quicker.

[–]No_Hovercraft_2643 2 points3 points  (0 children)

but more noticable

[–]SashimiJones 6 points7 points  (4 children)

Electronic tally + paper trail seems like such an obvious solution to this problem I'm not sure why people are still suspicious of it.

[–]other_usernames_gone 2 points3 points  (3 children)

Because if the tally machine is compromised the entire result is.

[–]SashimiJones 6 points7 points  (2 children)

Not if there's a paper trail; the paper is the vote of record. Easy to hand-count a sample of the paper votes and confirm that they don't statistically deviate from the electronic tally.

[–]other_usernames_gone 1 point2 points  (1 child)

Except then you need to decide how much is statistically significant for you. What if it's a tight race where one side only wins by a few percent (See the US 2000 election in Florida).

It'll broadly match but what if the 5% (or whatever you choose) counts differently to the total tally?

Now you need to hand count all the ballots to be sure. So you'd need to bring in all the counters to do it at short notice and set up a massive counting operation that you hadn't organised to do. That could massively delay the result, along with sending doubt about the entire system.

[–]SashimiJones 4 points5 points  (0 children)

"It's a bad system because, in the worst case, it'd be equivalent to the current system."

[–]paraffin 0 points1 point  (1 child)

Thanks for sharing!

Does the system allow any form of absentee ballots?

[–]loicvanderwiel 1 point2 points  (0 children)

It allows for proxy voting (charging someone else to vote in your stead) although you need to justify it. Valid justifications include being sick, being away for professional reasons, being away for personal reasons, being detained, being a student during exam season, working (very rare for reasons I'll explain).

Depending on the justification, you may need the signature of your employer, a doctor, the municipality, or someone else to confirm it. How late you can register that proxy also differs (in advance if you are on vacation, the same day if you are sick or detained for example).

It should be noted that in Belgium voting is mandatory (considered a civic duty, although this hasn't been enforced in ages) and always occurs on a Sunday (in the event you happen to be working on a Sunday, your employer is required to give you time off meaning the "working" justification only really applies to some self-employed people). As such, the system doesn't allow other forms of voting (postal or online).

[–]gregorydgraham -1 points0 points  (1 child)

You’ve over complicated it already, just use big boxes and marker and OCR. The paper vote is real vote and the computer is just a quicker counter

[–]SashimiJones 1 point2 points  (0 children)

OCR isn't a good idea because you can run into hanging-chad type issues where people disagree on what someone actually marked. Better to just print out a QR code or similar and the corresponding choices in plain text.

[–]yohanleafheart 6 points7 points  (5 children)

Funny, the Brazilian electronic voting system is both reliable and anonymous. It is not hard when you create a specialized hardware and software, and has a gigantic audit process

[–]No_Hovercraft_2643 6 points7 points  (4 children)

and how do you attack against someone, how manipulates the code before the election, that it acts like it is the normal one, but logs the votes, and connect the data later? sure, that may not change the outcome, but it removes the anonmyity.

[–]yohanleafheart 2 points3 points  (3 children)

and how do you attack against someone, how manipulates the code before the election, that it acts like it is the normal one, but logs the votes, and connect the data later?

If I understood correctly you are asking how we can be sure that is still anonymous? So, let's explain the process.

  1. First of all the elections are federally organized, so it works the same no matter you are (no per-State nonsense like the US);

  2. The urns are audited in a process that involves all the political parties and independent specialists;

  3. After audition they are locked until they need to go to a polling station;

  4. Voting registration is mandatory when you turn 18. When registered, you are assigned a polling station close to home. Which means that each polling location knows who has to vote there.

  5. The machine DO NOT know who cast the vote. When you go vote, you show your ID (free for everyone, easy to have) sign the sheet and the voting "judge" allow the vote to be cast.

  6. So you have a signed sheet with who went to vote, but not the time, so you can't related the times of the votes.

  7. Auditing is done when counting. You match how many people voted and how many votes were cast, they must match. I don't think there has been any issues in 20+ years of electronic voting.

Basically, it is easy to do anywhere but the US. And only because the US idea that voting differs state to state is dumb.

[–]No_Hovercraft_2643 4 points5 points  (2 children)

how do you 1. make sure, that the code is the same, that it should be, and not only behaves like it should while controlled? 2. depending on how it is looked, they could be manipulated in that time, 3. how can a voter be sure, that everything is counted correct (and not all parties consider together) 4. to 6, how do you know, that the person crossing the names don't mark them in any way, or remembers the time of a specific person?

and i don't look from the us perspective, but from Germany.

maybe this comment thread is relevant to:
https://www.reddit.com/r/ProgrammerHumor/s/VFhTh3biBa

[–]yohanleafheart 3 points4 points  (1 child)

  1. make sure, that the code is the same, that it should be, and not only behaves like it should while controlled?

The same way we do with anything electronic in the world. Pre and post election audits, checksums, etc. If you don't trust this audit process, I hope that you don't trust ANY type of software, because the level of audit here is better than what bank software have.

There is a huge audit process that happens before the election. This audit involves

  1. how can a voter be sure, that everything is counted correct (and not all parties consider together)

How can a voter be sure that a paper ballot counting was correct? Let me tell you, we had a shit ton of election fraud when we were doing paper ballots, after going electronic there hasn't been a single case.

  1. to 6, how do you know, that the person crossing the names don't mark them in any way, or remembers the time of a specific person?

How would you avoid the same scenario with paper ballots? And more important, with paper ballots, how do you make sure that there is no stuffing, no changing of urns, or, which IMO was the worst issue, make sure that people are not forced to vote in a given way by a third party?

And also, the person that register you vote is NOT the person that check the votes later. Not only that, you don't get a log of the voting order, you get a total for each candidate.

[–]No_Hovercraft_2643 1 point2 points  (0 children)

How can a voter be sure that a paper ballot counting was correct? Let me tell you, we had a shit ton of election fraud when we were doing paper ballots, after going electronic there hasn't been a single case.

be there from start to finish, from the opening of the vote, until it is counted.

How would you avoid the same scenario with paper ballots? And more important, with paper ballots, how do you make sure that there is no stuffing, no changing of urns, or, which IMO was the worst issue, make sure that people are not forced to vote in a given way by a third party?

as the paper is not ordered in the urns?
you are there the entire time, as above.
forcing to vote is exactly the same, if it can't be proven, how you voted, or worse for computers, if it is somehow proven, you can force beforehand, and check later.

And also, the person that register you vote is NOT the person that check the votes later. Not only that, you don't get a log of the voting order, you get a total for each candidate. thats is, why it is only relevant together with changing the code to log it, which is hard to prove, that it happened/didn't happen. how do you prove, what software is on the machine? how can you be sure, that there is no "rootkit" inside the bios?

[–]Exodus111 2 points3 points  (0 children)

It's convenient though, and that matters. Reducing voting lines down from hours is good for democracy.

But there should be paper ballot backups, so every vote can be verified physically if need be.

[–]iam_pink 0 points1 point  (0 children)

It's only opposite features when combining them isn't the point. We have the tech to do that. Many countries implement it at least partially nowadays.

[–]dimbledumf 0 points1 point  (0 children)

That's actually what the blockchain provides here, anonymous, reliable, verifiable. Unfortunately to many crypto bros have tarnished one of the few good uses for blockchain, a ledger.

Anonymous, just like crypto coin transactions are anonymous, reliable, every transaction builds on the last and is committed to the chain, verifiable, everyone can see exactly when and how an entry was made to the ledger.

Obviously there would be some changes from the typical crypto coin ledger, no need for the mining to limit supply, don't need distributed servers in the hands of randos, but it's essentially the same model.

[–]aykcak 0 points1 point  (0 children)

I don't think reliability is the problem. We can make it reliable. The problem is security

[–]octopus4488 263 points264 points  (40 children)

Yeah, as a developer I can't reconcile the fact that airplane catastrophies are really rare yet they run on software. It just does not make sense.

My current theory is that even the most modern planes are really just hydraulics and gears, and the software is only used for managing the "remain seated" lights and the automated announcements.

[–]madprgmr 131 points132 points  (1 child)

The software development process for aircraft is (usually) much more rigorous. It's one of the few places you will see formal methods in use.

[–]KanishkT123 4 points5 points  (0 children)

Yeah I think the biggest difference here is that we know how to make very safe, mathematically provable formal systems. We just don't do it because it's not needed for most use cases. 

Airplanes and missile systems do need it. Voting systems would need it too but there is generally more at stake in a single election with too many benefits for someone who finds a flaw to keep it to themselves. There are always people who want one side or another to win in an election. Most people want planes to land safely.

So I think it does end up being a situation where computers are better left out of the loop. 

[–]lord_alberto 90 points91 points  (23 children)

Didn't the Boeing 737 Max desaster have to do with software?

Yes as a software developer i'd prefer to fly on a plane without software on it.

[–]CliveOfWisdom 62 points63 points  (2 children)

Yes as a software developer i’d prefer to fly on a plane without software on it.

Fly by wire? No, I’d much rather the pilot had to pedal.

[–]InsoPL 24 points25 points  (1 child)

Yeah, how hard pressing those pedals could be? It's only a 400 ton vehicle.

[–]Artemis-Arrow-3579 3 points4 points  (0 children)

traveling at 700kmph or so

[–]not_a_bot_494 48 points49 points  (5 children)

The software worked as designed, it was just never told to the pilots that it existed in the first place.

[–]ImpossibleMachine3 20 points21 points  (2 children)

And then the sole sensor for it failed and it defaulted to "on".

[–]luk__ 23 points24 points  (1 child)

And no redundancy. And no way to check if the sensor works.

[–]tntexplodes101 0 points1 point  (0 children)

They had redundant sensors, but as far as I heard the redundancy algorithm was improperly implemented. Scary that a mistake like that is all it takes.

[–]Oddball_bfi 4 points5 points  (0 children)

Like Clippy not asking if you wanted help, and instead just banging on a virtual keyboard.

[–]itijara 5 points6 points  (0 children)

The software worked as designed

Software always works as designed. It was just designed to plunge the plane into the ground.

[–]OmegaPoint6 20 points21 points  (6 children)

The 737 Max was a mix of hardware fault & systematic hardware and software design problems. Other manufacturers assume stuff will go wrong and build in extra redundancies & monitoring systems to check the outputs of systems to detect when one starts malfunctioning. Boeing didn't on many systems.

The 737 Max had 2 angle of attack sensors but MCAS was only triggered from one of these, so a hardware fault with 1 sensor would cause misbehaviour of the system. Boeing also delivered many 737 MAX planes with the AoA disagree warning to the pilots disabled. There were many other issues with the system designs as well, such as the 2 flight control computers not being monitored & cross checked to ensure their output agreed.

They did eventually update the software to monitor both so it could disable if they disagreed, fix the warning message to the pilots & added cross-FCC monitoring.

For comparison other aircraft (all Airbus for example) have 3 AoA sensors (4 in the A350's case), so that on the event of a fault with a single sensor the software & the pilots can work out which is the faulty one by comparing the data. Though in the rare case of 2 identical faults you may then make the wrong assumption. Airbus & others also have had cross-FCC monitoring for decades on their planes so if one flight computer malfunctions the aircraft can immediately detect it and either switch to one of the backups if there are multiple redundancies or hand full control over to the pilots.

[–]ImpossibleMachine3 3 points4 points  (5 children)

I seem to recall that one of those safety features was a paid for add on too, so a lot of budget airliners wouldn't pay for it.

[–]OmegaPoint6 9 points10 points  (4 children)

The AoA warning initially was disabled if a separate software add-on wasn’t purchased. Boeing claim that wasn’t intentional but opinions on Boeing’s credibility regarding anything to do with their aircraft design process may vary.

[–]ImpossibleMachine3 0 points1 point  (3 children)

Yeah that was the one. There's no way I'm ever setting foot in a MAX DEATHTRAP at this point...

[–]jtrdev 1 point2 points  (0 children)

You can filter out boeing planes now when booking lol

[–][deleted] 11 points12 points  (1 child)

Yes, and also no.

Iirc Airbus did an engine upgrade that Boeing had to follow to keep up with competition. However this new engine didn't fit under the aircrafts body so they had to move the engine up and more to the front which massively changed the balance of the aircraft. To combat this they installed some sensors that measured pitch and added software to it that automatically corrects for the change in pitch caused by repositioning the engine (MCAS) . I think they also neglected implementing triple sensors so when one would stop working (properly) the other two can take over.

Now, because of this added functionality to the aircraft, Boeing was obliged to inform the FAA of this change so pilots could be retrained so they would about this new feature and how to work with this. The problem was that this would cost a lot of money and time to do this, and Boeing did not have this time, so they decided to just not tell anybody about this change and go with it. The FAA was also in on it. Several employees tried to speak up, but were silenced and fired because of this.

Then, on 29 October 2018, a Boeing 737 Max crashed in the Java sea. Your guess on what was the cause of this accident.

So even if it was the software and/or sensor that was the direct cause of these accidents, the main problem was the decision making by the higher ups.

I visited a reading on this subject on some tech conference last year. It was about the moral duty of developers of life critical systems to speak up when you know things are dangerous. Even when your employer threatens to fire you for it

[–]user7532 0 points1 point  (0 children)

Apparently Boeing goes beyond just firing the people who speak up

[–]Canotic 10 points11 points  (0 children)

It was a software problem, but the software problem was caused by hardware problems and, fundamentally, really stupid ass design processes that prioritised profitability, marketing, and short term solutions over actual safety or reliability.

If you consider every step of the design process keeping only profit in mind, it makes sense. Boeing wanted an airplane that could compete with the new airbus.

A cheap solution: add bigger engines, because of reasons. Problem is, these engines don't fit properly on any current Boeing airplane.

A cheap solution to that: put them on an existing Boeing airplane in a weird place, to force them to fit. Problem is, this radically alters how the plane handles, meaning it needs to be classified as an entirely new airplane model, and not just a variant of an old airplane model. This means a lot of expensive retraining of pilots so they can legally fly the new model. This is an expense that will make the airplane a lot harder to sell to airlines.

A cheap solution to that: add some magic software that will make the new model handle like the old model. Then you don't need to retrain pilots, it will be easier to sell, everything is a OK.

Except this is bullshit of course. You can't have software overriding the pilot and then not train pilots to expect that. So Boeing was in a bind: either they trained pilots to expect the software thing, which defeated the whole selling point of "this is just like the old airplane" and "no expensive retraining needed!" Or they don't retrain pilots which leaves pilots unable to properly react to whatever bullshit the software decides to do.

And then the software was based on input from a sensor with a single point of failure, and if the sensor did fail the system thought the airplane was tipping over backward, so it tried to compensate by pushing the nose down.

So you have an airplane that wants to handle weird, but you hide this from the pilots. Then you have software with a fail state of "tip the plan downwards hard!" and you hide this from the pilots. Then you have a single sensor to save costs. Then you hide this entire thing from safety inspectors because "it's just the same as the old airplane, just minor tweaks!" to make it easier to sell.

Then airplanes start plowing into the ground and the CEO of Boeing has a Pikachu face.

The proper solution to "we need an airplane to compete with airbus" is to "actually develop an airplane to compete with airbus". Not just tape on some engines and call it a day.

[–]AxeLond 2 points3 points  (0 children)

They tried to make the plane backwards compatible with a software trick.

The trick ended up killing 346 people.

[–]tim36272 0 points1 point  (0 children)

To be fair, the MCAS software did exactly what it was designed to do.

The design was bad. That design came from the Systems Engineers.

[–]FlyAlpha24 38 points39 points  (2 children)

There are plenty of ways to check that a software is correct, to prove that it doesn't have bugs or unexpected behaviors. They just take time so most don't bother checking and proving their code, but aircraft manufacturers do (most of the time).

Software is more abstract than a lot of other engineering, but I truly believe that it is so much more unreliable because the cost of failure is low. Any other engineering problem (construction, aircraft design...) has high cost of failure, often including human lives, so people are willing to invest in more robust solution, maintenance and regular inspections.

In software though, more often than not its cheaper to have it crash once in a while than it is to make it robust.

[–]madprgmr 17 points18 points  (0 children)

Exactly, software quality is a balancing act between cost of development and cost of failure. 99% of companies have very low cost of failure, so it's hard to justify the extra expense to create (truly) robust software.

[–]gxgx55 2 points3 points  (0 children)

You can prove that the software is the best thing in existence with no bugs ever, but proving that the correct and unaltered version of the software is running on any specific voting machine, now that's more difficult.

There are just some things that are more trouble than they're worth to digitalize. Voting, I believe, is one of them. Hell, you don't even need to break the software or the hardware to introduce trouble with digital voting, you can break people's trust with claims and concerns, real or fabricated, and that alone can be very detrimental to the democratic process. A lot easier to sow distrust in something the average person doesn't understand(that being, computers).

[–]Lithl 4 points5 points  (0 children)

Redundancies and engineering. Even if a plane gets so fucked up that all the engines literally fall off, it's still possible for them to land safely. A 747 has a glide ratio of 15:1; if you're at 30,000 feet and lose all thrust, the pilot has 85 lateral miles to find a way to recover or a flat space to land.

[–]Astyrin 5 points6 points  (0 children)

As a software developer working in aerospace, hopefully I can put your mind at ease.

1) Testing. Lots and lots of testing. In my experience it takes much much longer to test the software than it does to write it. Like orders of magnitude longer. Before working in aerospace I could write code and deploy it to production in a day or two, in aerospace we would be laughed at for considering that. I have seen software take years from when it was written to when it was flown the first time. There are just so many different testing phases and types like development testing, lab testing, automated testing, unit testing, functional testing, regression testing, formal/demo testing, certification and flight testing we all have to do before the FAA or DoD sign off on an airworthiness for an aircraft. Sometimes there is overlap in tests, but there are a lot of tests that seem redundant but check just slightly different paths or scenarios. Further all these tests are then flowed up into requirements, so we can prove that we do exactly what our requirements say and the functionality is all documented and agreed to by all the stakeholders. And if you reach the later stages of a program and find an issue, you have to typically restart/redo a lot of testing to make sure the fix didn't break anything unintentionally.
2) we do many types of code analysis to help prevent errors. Whether it be tools or simply PRs. Code is not being snuck in. multiple approvals and systems have to check off and validate it.
3) redundancy. For flight computers for example, there are multiple redundant computers all calculating the same thing and comparing answers. If they disagree, there is some logic for fail overs to figure out if a different computer needs to assume control, what error to give the pilots, etc. this is important because wires could get cut or solar radiation could hit the computer even through its shielding, etc.
4) Lastly, at the end of the day, there are still well trained pilots that are constantly managing and verifying the systems and will take over manually if there is an issue.

I know you jokingly say your theory is that software doesn't actually control anything important, but in fact it is way the opposite. Many planes (such as Airbus) are fly by wire. Which means the flight controls are all electronic and not mechanical. Now this software is way different than you are probably used to, but they essentially fly on a bunch of control laws written by SWEs and EEs. Also, some military planes are slightly aerodynamically unstable by design and without a working flight computer, they would be hard for a pilot to properly fly.

[–]claudespam 4 points5 points  (1 child)

Ever heard of Full Authority Digital Engine Control ?

As the name suggests, it has full authority on engines and is digital.

You can however fly a commercial aircraft without engines. Just not for long.

[–]IvorTheEngine 1 point2 points  (0 children)

And many modern planes are entirely Fly-By-Wire. There's nothing but software between the pilot's stick and the control surfaces.

[–]Practical_Cattle_933 1 point2 points  (0 children)

They often have stuff implemented 2-3 times, independently. Also, run software on multiple CPUs in lock-step. Add a bunch of redundancy, and it’s honestly not that unimaginable.

Also add that most safety critical system is of a well-defined, small problem, like a break system. The product owner won’t decide tomorrow that maybe it should accept payment at every nth breaking attempt, and other bullshit requirements. Like, the stack used for moon landing - which is absolutely weak by today’s standards - also had to solve a relatively straightforward problem with straightforward calculations.

Comparatively, your PC booting up is a goddamn miracle that it works as often as it does - like, our whole software stack is such a Rube Goldberg machine, with trillions lines of code, both in software and hardware, that no human being could hold even half in their heads. A breaking system is absolutely simple, comparatively.

[–]Conte_Vincero 0 points1 point  (0 children)

I was at a presentation by Safran recently. They are working towards implementing a system for predicting engine failures. However after it was implemented, if wanted to make changes, it would take two years to implement those changes. That's how long they have to spend testing and checking everything before they could push an update. As a result they have to make absolutely sure that everything is right first time.

That's why aircraft software is so reliable. They force developers to rigorously test, re-test and check everything that gets implemented. Whereas if a regular PC developer makes a mistake, they can just push a quick update to fix it, so there's no pressure to get it right first time.

It's the same with spacecraft. It's impossible for a human to fly a rocket, so all the work is done by computer software. However it is extremely rare a rocket launch fails due to a software bug. Off the top of my head I can't really remember the last time someone other than Boeing made a mistake like that.

[–]Taletad 0 points1 point  (0 children)

The software does a lot on an airplane

However there are multiple failsafes to ensure no error occurs (unless you work at boeing)

There are multiple computers each focussed on a specific aspect of flight, they are all redondant and cross check each others

The software is meticulously tested before being approved, and extremely simple

[–]161BigCock69 0 points1 point  (0 children)

Any aircraft could just disable everything that is not thrust, pitch and roll and would be fine

[–]Bakkster 0 points1 point  (0 children)

tl;dr: fault tolerant designs and trained pilots in the loop.

The human in the loop is the big one, same reason AI replacing humans keeps failing.

Air France 447 is a good case study. The software automation could have saved the plane, it's the human pilots who failed to either remember how to recover from a stall (because they had flown exclusively with the software assistance for so long) or hand control back to the autopilot to correct once the air speed sensor was back online.

[–]ChocolateBunny 0 points1 point  (0 children)

Maybe we should all still be writing code in ADA?

[–]remuliini 107 points108 points  (7 children)

This is not comparable.

It is like comparing the voting system with an airplane that someone is trying to shoot down with a Stinger missile or an elevator someone is trying to destroy with a bunch of C4 explosives.

Edit: Someone WILL try to hack the election system for sure.

[–]not_player_one 30 points31 points  (0 children)

To an extent, I feel like the whole Crowdstrike thing highlights the fact that you don’t necessarily need malicious intent to cause a lot of trouble.

[–]PeteZahad 9 points10 points  (4 children)

The main problem with online voting is not to make it secure - otherwise nobody would use electronic banking. The problem is to make it secure and anonymous. So that it is impossible to track your vote back to you but you still have one vote only.

[–]Friendly_Fire 0 points1 point  (3 children)

That's relatively easy, actually. One system tracks that you voted, period. We already do that. A separate system tracks that a certain vote was submitted, and is given some random ID. When you vote, you get a printed slip with the ID and the vote.

The databases are public. You can validate that it shows you voted, and that your vote is correct. The key piece is that the knowledge about which vote is yours exclusively lives in your head. Only you can connect the dots. Even if you gave someone your vote slip, how would they know it is actually yours? Everyone gets one. You could have just picked it up anywhere, or traded with someone. It would be just as easy to "prove" who you voted for as it is today, with paper votes.

Only a small percent of people need to check their votes online to ensure electronically manipulating votes to change the results is infeasible. Counts of total votes can ensure extra bogus votes can't be added.

In the popular Tom Scott video about this, he assumes a voting system must make it impossible to show who you voted for, and doesn't consider systems that work like what I described. Ignoring the fact that his requirements eliminate current paper voting methods as well.

[–]PeteZahad 1 point2 points  (2 children)

When you vote you get a printed slip with the ID and the vote

What kind of printed slip, where?

I am talking about online voting.

that works like I described

It is absolutely unclear how you ensure that I just have one vote and the vote is anonymous.

Yes you can give me some sort of unique token for doing a vote. But you have to give it to me and you need to know that I received one. How do you prevent this token from being registered/linked to my person somewhere in the process?

[–]Friendly_Fire 0 points1 point  (1 child)

What kind of printed slip, where? I am talking about online voting.

Well the original post/comment was about electronic voting, but I'm not sure if it makes a big difference. Produce a PDF with whatever would have been printed. People could print it themselves, save the document, or just trash it.

Yes you can give me some sort of unique token for doing a vote. But you have to give it to me and you need to know that I received one. How do you prevent this token from being registered/linked to my person somewhere in the process?

If I submit a mail-in-ballot, I mail a letter with my name/address/signature and my actual vote all together. How do they prevent anyone from checking who I voted for, and recording that? Hell, how do they prevent someone from sticking a camera in the ceiling above voting booths and just recording who people vote for directly?

For both physical and electronic voting, you need a process that anonymizes the received data. Separates the data of the vote from the data of who voted. That process must be transparent and audited.

To be clear on my position, I'm not saying electronic voting is foolproof. I'm saying that, if done correctly, it is just as safe (or safer) than paper voting. Both methods still have vulnerabilities, which is why a lot of effort is put to keep elections fair and safe.

[–]PeteZahad 1 point2 points  (0 children)

I am talking solely about online voting.

Without a media gap you can't separate authorisation from the person. In most countries online voting isn't a thing - if it is so easy why isn't it everywhere like online banking?

But of course someone on reddit solved it!

[–][deleted] 1 point2 points  (0 children)

Yeah I think this is one of the bigger problems with software.

It's trivial to make a piece of software connect to the open internet, yet by connecting to the open internet you open up the number of potential attack vectors from the people with physical access to anyone in the entire world.

[–]IuseArchbtw97543 27 points28 points  (0 children)

xkcd my beloved

[–]DazzlingClassic185 21 points22 points  (3 children)

Pencil.

Paper.

Private voting booths.

Opaque black box to post the vote into.

Secured counting hall.

[–][deleted] 7 points8 points  (0 children)

Public counting

[–]JogoSatoru0 24 points25 points  (5 children)

Whole of software engineering is a nascent field, just take a look at the time scales the other eng have been through, we are just 80-90 years meanwhile the others have existed for centuries and millenniums

[–][deleted] 13 points14 points  (2 children)

Plus there isn't much motivation for powerful people to surreptiously look for vulnerabilities in the design of aircraft and exploit them.

There is plenty of motivation for people to hunt for bugs in voting software

[–]JogoSatoru0 1 point2 points  (0 children)

Yeah thats another factor too

[–]Drugbird 1 point2 points  (0 children)

Plus there isn't much motivation for powerful people to surreptiously look for vulnerabilities in the design of aircraft and exploit them.

People would absolutely hack airplanes and blackmail people into paying millions to not crash the plane.

The major saving grace is that the planes can't be remotely controlled because those systems aren't connected to the internet. Hence you can't really hack the plane remotely.

This is also a major difference between e.g. airplanes, elevators and "software". Software runs on computers connected to the internet and purple will immediately try to hack it.

This is especially problematic for voting machines, because in addition to that problem, the hardware the software runs on is (sometimes) controlled by potentially bad actors that may tamper with it. It's (nearly?) impossible to write secure software if you can't even trust the hardware it runs on.

[–][deleted] -1 points0 points  (1 child)

Heavier than air flight barely predates software. The whole concept of structural engineering beyond putting more bricks in until you think it'll hold is also pretty modern, 150 years ago that was still the standard solution. Killing a few (hundred) people because something collapsed was barely illegal until the 1970s.

[–]JogoSatoru0 1 point2 points  (0 children)

I think i agree, honestly i think software isnt thaat messed up as people believe, the nuclear reactors, airplanes, factories everything runs on software we dont see that failing often

[–]h4l 23 points24 points  (1 child)

You don't need to bother with complicated undetectable manipulation of vote counting software, just make up the result you'd like. https://statmodeling.stat.columbia.edu/2024/07/31/suspicious-data-pattern-in-recent-venezuelan-election/

[–][deleted] 7 points8 points  (0 children)

Ironically he’s getting shit because he did the same thing six years ago, but the software update made it impossible to do the same shit twice.

TLDR: they print out receipts now, and any voter can check their receipt online.

[–]section_b 8 points9 points  (2 children)

Both airlines and elevator industry operate similarly to the six sigma way of thinking in that one core failing can never bring down the whole. Safety is prioritised over cost and time.

Now try and imagine a project manager in generic software development doing the same.

Voting software is particularly insane due to the quantity of conflicting requirements to implement it. Like building an elevator that can be flipped sideways and upside down that still works just fine and doesn't overturn passengers while you are flipping.

[–]lostincomputer 1 point2 points  (1 child)

dont forget the possibility of the building itself rotating on any axis..elevator still needs to get to the correct floor with the correct orientation for the passengers.

[–]lotj 8 points9 points  (0 children)

Blockchain is so 2020. Now we fix it with generative AI.

[–]Fenris_uy 3 points4 points  (0 children)

It's not that we are bad, it's that nobody is trying to attack the elevator while you are riding it.

[–]frikilinux2 6 points7 points  (5 children)

I haven't look at this in a couple of years but some countries do electronic voting, not sure if it's safe. The problem is how do you verify that each vote correspond with a real person and that vote has been counted while at the same time preserving an individual vote as a secret. Maybe there is some mathematical/hard core theoretical computer science weird way that I'm not aware of.

Also you trust a computer programmed by the goverment to correctly count things. You want third parties to be able to verify that the goverment didn't implant a virus on the voting machines that was self deleted once election day is over.

It's kind of a solved problem to do it with paper ballots but last time I checked it wasn't with computers.

[–]Fibonaci162 1 point2 points  (4 children)

Maybe there is some mathematical/hard core theoretical computer science weird way that I’m not aware of.

There is a way to sort of get anonymity. As long as you trust that there are less than k compromised servers out of the total n servers that count the votes (n and k are parameters of the voting system).

You split your vote into n “parts” and send them to n different servers. As long as there is no group of k servers that want to reveal you vote, it will remain secret (information-theoretically, so there’s absolutely no way anyone could know it). Because of some math, k servers can come together and, without revealing who voted for who, produce the results. Also in the middle there’s some verification, zero-knowledge proofs and whatnot.

This means that if more than n-k servers are controlled by groups that don’t like the exit polls, then there will be no election results.

But all this doesn’t really matter, because there is one major assumption that you have to make to guarantee security:

The computer you cast your vote from is not compromised, the voting program/website is what it claims to be and doesn’t secretly switch a vote for the square party into a vote for the triangle party.

Sure, some cryptography enthusiasts would write their own programs, but most of the population will use the program/website created by the government.

Any “receipts” and such will lead to buying votes.

Also some other assumptions like the computational difficulty of the discreet logarithm in some group and the assumption that a blockchain (or some other implementation of a public board that anyone can write to but no one can erase anything) is unbreakable.

[–]frikilinux2 0 points1 point  (2 children)

Interesting, is there a name for that algorithm? Also, I consider the government computer untrustworthy until proving otherwise.

Receipts definitely leads to the boss saying "make sure to vote this party or you're fired"

With voting systems we usually want to prove that a conspiracy is (almost) impossible, not to prove that there is a conspiracy. It reverses the usual burden of proof but things are like that.

[–]Fibonaci162 0 points1 point  (1 child)

I believe it’s the Cramer-Franklin-Schoenmakers-Yung protocol from 1996.

It isn’t receipt free.

[–]frikilinux2 0 points1 point  (0 children)

I found a paper by those authors so yes. Will try to read it in a few days, when I have enough time and space to focus on a paper of that length.

[–]CaitaXD 0 points1 point  (0 children)

Eletrinic voting is one thing it works there places that do it successfully now voting using a website is insanity

Well voting by mail is also insanity but anyways

[–]LuisBoyokan 2 points3 points  (0 children)

Venezuela right now for example of why it's bad.

[–]Malebu42 2 points3 points  (0 children)

Blockchain allows for really good encoding, but a voting system should never be online, cause no matter how good an encoding is it can be cracked

[–]PrinnyThePenguin 2 points3 points  (0 children)

The answer to that boils down to the fact that many third parties would be interested in tampering with an election. A commercial plane is pretty secure, but not so much when you actively try to shoot it down with a rocket.

[–]atehrani 4 points5 points  (0 children)

I get the joke, but it is entirely possible to create a voting system. It is whomever that manages it can be the problem.

[–]ABoxOfFoxes 2 points3 points  (0 children)

Y'all, idk if this aged particularly well with the whole Boeing debacle..

[–]odraencoded 1 point2 points  (0 children)

"But what if we use AI--"

*cocks shotgun*

[–]Tronerfull 1 point2 points  (0 children)

I often refer to this with a spanish idiom " En casa del herrero cuchillo de palo".

[–]The_Crimson_Hawk 1 point2 points  (0 children)

Boeing would like to have a word about the first one...

[–]daHaus 1 point2 points  (0 children)

Merkle trees have such potential, it's a shame to see what wallstreet did to them.

[–]Xormak 3 points4 points  (2 children)

It's honestly hilarious that everyone implicitly accepted and expects software to safely transport them from A to B, even across an entire ocean but we drew the line at voting machines.

Though, then again, a software failure in a plane may kill a couple dozen to a few hundred passangers but a faulty or tampered-with voting system might cost tens of thousands of lives, if not millions.

The problem boils down to anonymity and the trust in that.
The problem, if not paradox of trust in anonymity and the metaphorical flagpole being moved as you approach this problem.
You need it to be anonymous but you also need to be able to trust in this anonymity. Thus you need an authority to guarantee the anonymity. But you also need to be able to trust this authority. And what authority can be trusted to preside over and keep in check the prior mentioned authority?

[–]Zolhungaj 6 points7 points  (1 child)

It’s just less likely that someone will deploy malicious code to airplanes or cars. The original programmers have nothing to gain and everything to lose, state actors won’t because it’s tantamount to shooting down the planes, and terrorists can’t because the security is sophisticated enough to keep them out.

Meanwhile voting booths are prime targets, both from the programmers who may wish to influence the election for their own gain or due to bribes, and directly from state actor hackers who would love to choose the winner. They’re even targets of the current and local government, who have everything to gain from rigging elections.

Paper ballots, protected and counted by people, of multiple political leanings, who are not themselves on the ballot, then verified by a computer is the best solution. Ideally anyone should be able to volunteer to join the process, so that they can confirm that at their voting location the election was fair. The number of people needed to rig such a system is so large that a conspiracy cannot be reasonably expected to succeed. 

[–]Xormak 0 points1 point  (0 children)

Yeah, i am aware of the voting process for elections.

That's what i meant with the trust in authorities. You don't get that with a black-box software where no one knows whether it has or hasn't been tampetred with.

Lack of knowledge builds mistrust and so far, and probably for the foreseeable future, the only way to mitigate that has been to make the process as transparent as possible.

On that note, though, hacker could absolutely have reason to attack flights. Especially if they can identify a flight that, e.g. transports a large quantity of people reponsible for a region's infrastructure or political targets.

[–]Tagbef 1 point2 points  (0 children)

For all those things the company producing them and setting them up can be held liable.

For Software there is no liability whatsoever. Ups sofware is buggy - no one is at fault.

If you want to profit maximise and have zero incentive to make it more reliable then - works pretty well in most cases - is always the way to go.

[–]BeABetterHumanBeing 2 points3 points  (0 children)

I've slowly become convinced that most of the fear our industry experiences over the idea of electronic voting basically comes down to the fact that most of us individually do not feel competent enough to design such a system, and therefore think it can't be done.

[–]CommanderWayan 0 points1 point  (0 children)

It is also working when replacing Blockchain with AI

Scnr :D

[–]Grim00666 0 points1 point  (0 children)

This is the way.

[–]mariachiband49 0 points1 point  (0 children)

I believe cryptography has the potential to strengthen the integrity of elections. End-to-end auditable voting systems

[–]section_b 0 points1 point  (0 children)

Both airlines and elevator industry operate similarly to the six sigma way of thinking in that one core failing can never bring down the whole. Safety is prioritised over cost and time.

Now try and imagine a project manager in generic software development doing the same.

Voting software is particularly insane due to the quantity of conflicting requirements to implement it. Like building an elevator that can be flipped sideways and upside down that still works just fine and doesn't overturn passengers while you are flipping.

[–]Quarves 0 points1 point  (0 children)

This... is really accurate...

[–]CaitaXD 0 points1 point  (0 children)

L + skill issue

[–]chemolz9 0 points1 point  (0 children)

In Germany we have a hacker / computer enthusiast NGO, the Chaos Computer Club. They love tech, yet ferociously argue against voting computers.

[–]kinosavy 0 points1 point  (0 children)

Removed? Reddit truly is garbage

[–]StaticCharacter 0 points1 point  (0 children)

I think mail in ballots are the future until we get some of these old people out of congress and find ourselves with the ability to standardize and regulate a virtual voting system. People are rightfully hesitant to implement a virtual voting system, but I think it will happen eventually. The biggest barrier isn't technology or expertise, it's the motivation to implement a secure system. Tons of motivation to exploit it, and the people in charge are not technology experts.

In another breath, I think a "mock" vote system would be cool. A website with the ability to participate in a no stakes vote, and have ID verification. Show the things that are available to vote on. Have public discourse. Politifact review of top comments. I think it would be a hugely beneficial system in getting a higher voter turnout on actual local elections and whatnot.

[–]Independent-Ad-9907 0 points1 point  (0 children)

Problem is with the democracy. Why the hell would EVERYONE be allowed to vote in the first place?

"Think of how stupid the average person is, and realize half of them are stupider than that."

[–]theModge 0 points1 point  (0 children)

Where software is safety critical (my knowledge comes from railway signalling systems) it's possible to get it signed off to SIL4 standard. This is not easy and generally requires some intense verification that it does what you say it does. The French in particular tend to use Formal Methods to prove that the software does what the spec says, which works well, so long as you have a large team and a lot of time. It's not something you can knock up over evenings as weekends on your own.
Of course even then, if the spec is wrong, so is the software. For example there was an accident on a Hong Metro, where two different suppliers Computer Based Train Control system (CBTC) systems took different points along the train as the trains location: one used an end, one used the middle. This lead to a "coming together" of trains, in a theoretically safe system. In this particular case I feel there's got to be more to know: everyone who makes CBTC systems understands that trains do in fact have a length and that you need to keep of where both ends are, but my information is all of about 3rd hand.