Hacker News new | past | comments | ask | show | jobs | submit | s_q_b's comments login

This will be my final comment on HN.

As my parting words from this site, I would ask that you please pay close attention to what is happening politically with regard to the laws which shape technology: the First Amendment, Fourth Amendment, Criminal Rule of Procedure 41, PATRIOT Act 215, FISA 702, and Executive Order 12333, but just as importantly, the individuals in the NSC, DNI, DCIA, DNSA and DIA/DCS leadership positions.

Community members, remember it is crucial for engineers, scientists, and entrepreneurs to have a voice in the forthcoming discussions of digital privacy, the extent of state power, and the policies that will be chosen. If you wish to conduct this experiment, perhaps a different time period would be better, as these officials are being chosen now, and the policies will be decided very soon.

Moderators, I ask you to use your power judiciously, and allow the maximum free discourse that you feel appropriate. Remember that you yourselves are not immune to the cognitive defects inherent in human nature. If you do adopt a more narrow curation policy, please guard against those passions carefully. Protect well this place you have built. It is more special than you realize.

Founders, design your technologies with an eye to how they shape public discourse, promote fact, and expose deception. Be better than my generation. Pursue ideals more noble than mere monetary profit. Don't just make something people want. Make something that matters.

Build the change you wish to see in the world. You did not risk everything to sell digital sugar water.

Others of greater tact than I will shape these discussions as they evolve here. But I myself will not abet censorship without objection, particularly at this moment in time. The time has come to vote with my feet. It has been a pleasure to know you all.

I wish you well in the days to come.


I live in Northwest Washington, D.C. I am a technologist, a government contractor, and an HN member for many years under various accounts since 2008.

I respectfully disagree.

Yesterday someone motivated by the "Pizzagate" story, spread and enabled by the social media systems we designed, fired multiple shots from a semi-automatic weapon into a crowded restaurant near my home.

My partner and I passed the crime scene shortly thereafter on our way back to our apartment.

The new National Security Advisor, Lt. Gen. Michael Flynn, endorsed the totally false rumors that led to this shooting. He will soon be empowered by the full force of the nation's intelligence agencies.

I want you to very carefully consider the implications of what he could do with access to that power, and the potential result of blocking discussion of such issues, particularly at this moment in time.


I empathize with your view, but I very much disagree with you.

1) It's an experiment, there should never be any disagreement with an experiment unless the experiment itself can cause harm to someone/something. The results of this experiment should be evaluated closely, and if they make new guidelines for HN I'm fully onboard. But it's an experiment.

2) The person who shot the gun did not read HN, I may be wrong but I feel this is a fair assumption. I'm not saying no one here could shoot a gun in public, but they wouldn't come here as anything but a complete troll and shoot a gun based on some crap story like that. If I'm wrong in this then the experiment is terrible and stop it now. But I very much doubt it.

3) The issue is that news in general has degraded. This degradation of journalism has led to many of the issues we experience today. If experimenting on HN can lead to some sort of anecdotal evidence that Politics = bad for communities I'm all for it. I believe part of the issue is pointed to in this video. https://www.youtube.com/watch?v=PezlFNTGWv4 24 Hours news is the issue. 24 Hours politics is the issue. Taking a purge is a great idea.

4) HN should not be where you get your news about politics.


"The person who shot the gun did not read HN, I may be wrong but I feel this is a fair assumption"

The systems on which that person read the false information that drove them to shoot the gun were built by people who read HN. That may sound like a lot of levels of indirection, but to ignore politics for a week seems like a symptom of pretending that we are not a part of the problem.

I think the technology running the web needs to be thought of as a part of the fourth estate. We are not separate from the media which we have restructured.


While I think that we should use every tool at our disposal to work to mitigate disasters like the one you mention, I also don't think it's on Technology to fix this issue itself. Facebook isn't the cause of people being stupid, people are. This is not a new issue and it is not something that the people who read this site are responsible for.

It is also an experiment. I'd like to emphasize that. It is an experiment. It is OK to not get politics on HN for a week. It will not be the cause of a global meltdown in society.

I'm also pretty confident that if some ground breaking news broke about Donald Trump wanting to launch a nuclear weapon that dang would allow that, but the current noise that is happening can be removed for a week is a good experiment.


As an experiment it is interesting, and there certainly community management is hard. Also, I think that better community management is maybe some of the problem on Facebook and Twitter, so there is quite a bit of irony in me arguing against it.

But...

The media and technology revolution that we are both living through and shaping with the technologies that we deploy should be something that we actively discuss and wrestle with. I've recently been reading more history of the impact of the printing press (scientific revolution, monarchy => democracy, reformation, and a lot of war).

"This is not a new issue and it is not something that the people who read this site are responsible for."

I could not disagree more strongly. The web is quite new, and we don't understand its impact on society. Certainly the people on this site are not entirely responsible for it, but I think that we should feel some responsibility for it. I certainly do.


An experiment has clearly defined goals and a control. What are we testing here? Whether we are better educated when the week is over? Whether we feel better about what we read and how we participated here? What are the metrics?

HN might not should be or should strive to be the place where you get your news about politics - but it has certainly educated me about political positions and history in the past.


2) It's not relevant whether the shooter read HN, but there could be very fruitful discussions as to how this was instigated because of social media of which is mainly built by tech in the bay area.

3) 24 hour news may be an issue of degradation but fake news perpetuated within giant tech companies is also an issue. You cannot talk about fake news without going into the politics of it.


OK I'd go on and emphasize. 1) 1) 1) 1).

It is an experiment. That's a good thing. Let's talk about solving Fake News in a week. If they try to ban politics on HN in a week I'll get up in arms with you.

3) perpetuated by the users of software distributed by giant tech companies

To finish up: It is an experiment.


It's the evaluation of the experiment that I am most worried about. How do you evaluate a decrease in people being exposed to diversity of opinion? How do you evaluate how many articles are willfully suppressed but might have been lead to good discussion?

I am afraid that potential benefits of this policy are easier to measure (I.e. less flame wars) and the bad parts are not (less deep and critical discussion), we will lead to the conclusion that it is better to keep such a policy in place without a good sense of what we are losing in the process.


1. This experiment is directly harmful in that it is using living subjects, without ethics review.

2. The person who shot the gun was informed by Reddit, a company that had it's genesis here. The Y Combinator is a function that makes other functions.

The Internet is not like a blank canvas. The decisions we make about a platform, about news optimization, and about community structure affect our public discourse. If Twitter had set it's character limit at 280 characters, that would have had a profound effect on the marketplace of ideas in the public sphere.

3. The issue is that the particular forms of communication which enabled these thought-bubbles to exist were created by a handful of decisions by software developers.

4. HN is where I get my news about technology. Technology is a crucial area of political discussion, and right now the very basic freedoms of the internet are under direct threat from political forces.

Finally, how could anything be more crucial to technologists than discussion of those who will hold the reigns of the national security sector?


1) No it is not going to harm it's living subjects. That is complete hyperbole. You having to go somewhere else for your news for a week will not affect you. Sweet baby Jesus. Seriously?

2) The person was informed by the hive mind of a subreddit that reddit allows. I mean look at what happened when the Steve went and edited user data on Reddit. We talk about not wanting censorship, but then we blame technologies that don't sensor for having toxic communities. How do you find out if the community or the individual is to blame? Would you perform an Experiment?

3) Software has perpetuated the thought bubble issue, this is one thing I can think of being introduced to society purely by software so I agree on this point.

4) Which is why I think after the experiment we should go back to politics on HN.

> Finally, how could anything be more crucial to technologists than discussion of those who will hold the reigns of the national security sector?

I get my political news from other sources, I'd suggest anyone reading this does too.


I think the question is not whether the issues are important, it's whether they're on-topic right here. Your example is meaningful but that doesn't mean it should be discussed on Reddit under /r/comics or /r/cooking. Since HN doesn't have categories/subreddits, I think there's a diverging sense of what readers want to find when they come here.


The topic of this thread is the policy of banning political comments for one week. I stated that the experiment should not be conducted at this time, due to the forthcoming appointment of a government official, which HN should discuss given yesterday's events. It was certainly relevant on this thread.


I didn't mean it wasn't relevant to this thread (which gets a pass for being meta), I meant "here" as in "would you submit a story about this on HN".


I want to be clear about three aspects of this:

1. Any views expressed here or elsewhere on HN are purely my own and not representative of the United States government or any other entity.

2. This is not about one individual act of violence. It is symptomatic of a culture created by the types of technology we discuss and implement. I happen to know many people within various spheres that do read HN, and are influenced by it.

3. This comment was flagged, which seems contrary to the purpose of inviting a public discussion, particularly on the thread regarding the appropriateness of such discussions on this site.

If we can't even express dissent that we can't express dissent, that is a problem.


Your comment was rightly flagged because it broke the rules, and in the thread about the rules to boot.

If you want to discuss whether this experiment is a good idea for HN, that's fine, but you need to do it without fighting a specific political fight at the same time. "The new National Security Advisor, Lt. Gen. Michael Flynn, endorsed the totally false rumors that led to this shooting" is the very thing we're asking you not to post this week.


You can't have a discussion about these issues without getting to brass tacks at some point.

Even setting aside how this effectively encourages the status quo: you are functionally telling women and minorities not to relate their own experiences for fear of being branded as "political" and getting flagged for it. That's bad. That's real bad. When somebody like 'tptacek says he's on-board with this because he thinks that 97.99% of politics on HN are alt-right trolling...maybe there's a problem here that isn't "politics".

I generally regard the proprietorship here with good faith even when I disagree 'cause you have always been fair and straight with concerns I've thrown your way, but this is an unmistakably dark message you're sending to your community--a message that works very much to the favor of the white supremacists who are actively pissing in your pool around here.


The community was asked whether there were specific concerns regarding the timing of the experiment. I expressed a particular, relevant, and time sensitive issue, which yes, happened to deal with a particular individual.

These issues can't be discussed in a vacuum. This is the person who is openly promoting a Muslim registry, and intends to use the technology we have built to do it. There is no ground to be apolitical in that context, particularly when you have just seen first hand evidence of the violence it portends.

I submit that, if people were firing assault rifles into pizza places in your neighborhood because of "politics," you might feel differently.

The controls on the usage of national security programs, as we know, are today largely governed by the discretion of the people in charge, much like your discretion governs comments here.

It's fine if you don't consider that acceptable discourse anymore. It's your sandbox. But if that's the case, I'm taking taking my toys and going home. I know what censorship looks like when I see it.

Worst of all dang, I though I could trust you guys to be better than this...


> Have at this in the thread

What rule was broken?


anthony bourdain was in rome telling an apolitical friend how america had embraced "fascism" by electing a leader who "promised to make america great again". she quickly reminded him that the last leader we elected did the exact same thing.


Amazon has the money to run the studies to prove whether it increases revenue. I suspect it wouldn't be too hard to both detect shoplifting and differentiate it from legitimate purposes using a modern high-end multisensor fusion machine learning system.

Better make sure to carefully balance the samples in your training set to avoid confounding variables though, or else your AI is going to get quite racist and sexist very quickly.


More importantly, where are they having this turkey?

In all seriousness though, if I were one of a handlful of people who understood a rising anonymous currency platform, I wouldn't want to be publicly exposed that way.


Indeed, even though a couple popular cryptographers have vouched, it's still not the classic definition of peer-reviewed for something that ground-breaking.

That aside, the MPC (Multi-Party Computation) setup is more of a security theater than actual security. It completely goes against of what cryptography is all about and I'm puzzled as to why any cryptographer would base their system's security in such a way.


It actually is the classic definition of peer reviewed! The paper on Zerocash (renamed Zcash) was published at the IEEE Symposium on Security and Privacy:

http://zerocash-project.org/media/pdf/zerocash-oakland2014.p...

It's a peer-reviewed conference and basically the top venue (along with Usenix Security and ACM CCS) for academic computer security.

I'm not sure what you mean by "for something that ground-breaking"?


Oakland is more of a systems security conference, so peer review here speaks more to the architectural thinking, and says little about the deeper math. Same thing for Usenix. I'd want to see somewhere like Crypto/EuroCrypt, or maybe IACR, to call it peer reviewed. Even then, it may pass largely on novelty & prestige.

(For background, I used to publish at this conference and others, did my share of paper reviewing, and my colleagues were working on e-cash crypto around the time of bitcoin's rise.)


zkSNARKS, the underlying tricky bit of crypto that Zerocash uses to make anonymous transactions, existed before Zerocash/Zcash. There is a bunch of work on them that was published in Eurocrypt/Crypto/TCC etc. For example [0] at Eurocrypt and [1] at Crypto. Page 37 of that last paper [2] has a summary of work on the subject, though it is now dated as the paper is from 2013.

SNARKs have gotten the appropriate peer review from the right parts of academia. To everyone else reading this: Of course, that doesn't make it secure and there are limmits to peer review. Just because 3 to 5 reviewers read the paper and thought it was publishable doesn't mean it's correct. However, those works were high enough profile that others have looked at the papers once they were published, which is the real meaningful part of peer review and that comes after publication.

None the less, snarks are one of the more sophisticated cryptogrphic techniques ever deployed. And peer review also says abosultely nothing about the security of the implimentations of software instantiating the cryptography. But the only way to remidy that is to build software, deploy it, and get people to look at it.

Zerocash itself is a fairly simple protocol built on top of SNARKs, so the fact that it was published at Oakland isn't the biggest worry. It's also gotten a bunch of scrutiny after that.

[0] http://link.springer.com/chapter/10.1007/978-3-642-38348-9_3... [1] http://link.springer.com/chapter/10.1007/978-3-642-40084-1_6... [2] https://eprint.iacr.org/2013/507.pdf


My impression with Crypto is that people who focus more on the applied side of cryptography have found it difficult to get papers accepted there.

[My own background is firmly in systems security – I've had papers at Oakland and CCS – and I'm not as familiar with the crypto side]


Do you mean to say the Zcash trusted setup shouldn't have used MPC? Or do you mean to say Zcash itself is fudnementally flawed due to the trusted setup?


The second one mainly. There is probably a way to do MPC in a truly trustless manner but that's another big challenge and Zcash investors were probably getting impatient so they pushed for a launch.


I have had four zero-days affecting 5.5 million devices sitting on a public code repository for two months now, for a project maintained by dozens of corporations employing high-end PHP programmers, who do write PHP for a living.

The fixes are code reviewed, but not merged, because the developers don't seem to understand PHP-into-C null string terminator vulnerabilities, or type juggling, or strict comparison, or... I could go on.

PHP is unsafe at any speed, because it almost invites arbitrary code execution through a number of vectors. It isn't inherently bad if used correctly, as most Facebook developers will tell you, but the language structure involves quite a number of insecure practices.

After all, most programmers don't expect:

<?php 0 == "string"; ?> to be true.


> After all, most programmers don't expect: <?php 0 == "string"; ?> to be true.

nobody would expect that


Experienced Perl programmers would, and PHP took inspiration (altough in crippled way) from Perl.


Anyone who ever programs in a weakly-typed language should be aware that comparing two values with different types will involve type coercion, that there are obviously strange edge cases when that happens, and that comparing with a strict comparison operator such as === is good defensive programming in those contexts.


Wait, is GP saying that IS true in php?!?!


My favorite is that two obviously different hexadecimal values in strings (e.g. checking password hashes) can be "equal" with the weaker == comparison.

This occurs if PHP thinks both strings could be numbers in scientific notation. "0e123" == "00e45"


It gets worse: https://3v4l.org/Slvpp

Note that PHP also has a JavaScript-style triple-equals comparison, which does not attempt type conversion and does not exhibit this bizarre behaviour.


Yeah, go check in a sandbox.


Can I see a link? Just curious about the vulnerabilites. What's a PHP-into-C null string terminator vulnerability?


Google null-byte injection.

As for the framework, that's RDK-B. http://rdkcentral.com http://code.rdkcentral.com https://github.com/rdkcmf

The deeper you look, the worse it gets. Those php issues are very trivial, first glance type stuff. Some need a bit of a twist to make exploitable, but another will strip the encryption right off the hidden network.

I have others I wish to disclose, but I can't seem to get them to respond to my requests for a PoC. Quite frankly, I'm shocked that I can't seem to get anyone to realize how serious the impact of an RCE vulnerability in a framework fielded that widely truly is.

If you find any of more serious things I'm talking about on your own, wait for the vendors to fix them. Please don't brick the world.


>PHP-into-C null string terminator vulnerabilities

They should still be fixed, but I believe these bugs are no longer an issue in PHP after 5.3.


> It isn't inherently bad if used correctly

Is BAD. Imagine if a car was made with the same "design".

A tool is BAD if the user must patch to overcome the inherent behaviour it show.


The parent poster already referenced "unsafe at any speed" so I think they are already aware of the car analogy :)


The parent poster already referenced "unsafe at any speed" so I think they are already aware of the car analogy :)


That's silly. It's the same logic that got us criminal sentences in the DMCA for copyright violations, since movies, music, and television are a massive part of the American economy.

Federal sentences for bank robbery are 5-10 years.


I mean, bank robbery directly affects $X. It is more difficult to determine how much money is "stolen" when someone violates copyright law, but ultimately if it is more than $X why shouldn't the sentencing be on par with or more than that of bank robbery?


Because a bank robbery is a robbery, not mere theft. In a robbery, you make a credible threat to use force against another human being. That's hopefully still worse than stealing $x.


You would have other charges added in addition to the actual taking of the money which related to how threatening you were at the time of the robbery. I'm saying the actually robbery charges being on par with distributing copyright content and ultimately taking money out of the pockets of the content creators are, at the end of the day, both the same if the same amount of money is taken.


A bank robbery still has about as much in common with copyright violation as with pirating actual ships. I am not threatening anyone when committing copyright violations

A much more convincing argument could be made that theft and copyright violations are the same. Buy theft has quite low punishments (at least in California).


Unauthorized use or reproduction is not theft, as it does not deprive or interfere with use of the original copy.

Stealing your furniture is theft. Taking a look at your furniture, and carving another set exactly like it is copyright infringement.


..if that argument were not destroyed by the Supreme Court many years ago. Infringement is not theft, no matter how much big businesses want to equivocate the two in people's minds.


>It is more difficult to determine how much money is "stolen" when someone violates copyright law

You may violently disagree with this, but if you're struggling to figure out at least a lower bound for how much damage might have been done, the answer is probably "almost none".


I mean if it helps you sleep at night after you pirate a bunch of stuff sure, but ultimately there are people out there who want a digital thing and have the money to buy it. Some percentage of those people pirate the thing and money is lost for the content creator.


After a few years around Gartner, Deloitte, and Accenture I have learned that consulting reports are usually PR thinly disguised as analysis.


There's plenty of things in this industry that are PR disguised as analysis.

Look at security breakdowns of security flaws from outside firms that end with 'you don't want to get fucked by this, buy our services'


Mmm hmm[1]. Though this article is decidedly bearish on VR.

[1] http://www.paulgraham.com/submarine.html


This is ofter quite true. However have you read this thing? It's a pretty good balanced analysis. Also I think they anonymise vendor names to avoid promoting one vendor over the other


If it's free, it's selling you something.


But if what it's selling you is a good impression of the depth and quality of the author's analysis, that's not necessarily a bad thing. I've not read it in detail, so I can't give any view on that.


They're probably trying to sell a self-fulfilling prophecy.


You oughta extract some semblance of narrative from all the work put into powerpoint slides for clients


The race for the smart home "IoT" is in full swing, and once again Amazon is ready to sell Levis to the prospectors. They don't even need to win, so long as they can make themselves the most convenient backend solution.


That's not just Amazon's strategy, that's most cloud providers.


Right now, Google has no credible open competitor to Android, and not for lack of trying. If Android wants to be the Windows to iPhone's Mac, it will have to get serious about security, or be swept away by the competitors which will inevitably emerge.

I also want to say that voting machines run unsupported Android builds. If Google is derelict in that duty... well, that's a much bigger deal than some compromised Google accounts.


I never heard that about voting machines. Do you have a source for that? I'm not sure why that's more surprising than hearing that they run Windows XP...


These are the certified electronic voting machines (DREs) for Pennsylvania:

http://www.dos.pa.gov/VotingElections/OtherServicesEvents/Pa...

The Android device in use is the EA Tablet. The certification tests are listed in "EA TABLET FOR ANDROID WITH JELLYBEAN 4.2.1 ELECTRONIC Test Report," dating from 2013.

To be fair, it's probably the best of the horrible lot in security, but that ain't saying much.

For example, the iVotronic systems contain a readily accessible compact flash card right on the top, which stores the election returns. Demonstration machines are set up in each county, so I went to see one in person. Unsurprisingly, the demo machine's card wasn't even covered with a tamper-evident seal.

The devices, including the compact flash cards and the PEBs, are reused from year to year because the legally required certification for the device is very narrow. As the demo machine compact flash cards and PEBs are re-used in each election, at any time prior to the election, infecting the demo machine can be used as a vector to attack the entire county voting total.

Since the demo machine is not sealed, its compact flash can be accessed. If the compact flash card is compromised, the system can be quickly owned. From there, the malware can spread rather trivially to the PEB unit used as a secure token by the election workers, and from there to the county's Unity system at Election Central, allowing the entire county's vote to be altered. So instead of the 4,500 machine compromises PA is claiming would be necessary to influence a state election, it would probably only take 6-7 people any time in the past ten years planting their malware in a few key counties.

All one would need to do to untraceably change the vote totals would be walk in to the county election commission, swap the compact flash out for your malware, and leave. If you do this at any point prior to the election, the malware can spread from the demo machine, to a live voting machine, and finally, when the compact flash cards are entered into the Unity system for final tally, the malware can compromise the whole lot. Then the malware would self-delete, leaving no reliable paper audit record.

Interestingly, from a legal perspective, the Secretary of the Commonwealth's certification for these machines is contingent upon the locking mechanism preventing access to the compact flash card. The machine that I saw, the most common model in use in the state, physically could not be secured that way. The plastic cover mechanism to which the lock is affixed simply doesn't cover the flash card slot well enough.

Under the PA election code, if a specific requirement of the Secretary's certification is not met, the law would invalidate the votes cast through all the iVotronics as a matter of law. As the machines were not configured as approved, they aren't approved for casting ballots, which would throw the PA recount into chaos. It's probably the only judicial avenue left to sue for a state-wide recount that might actually have a chance of being considered.

Nobody tell Jill Stein. In all liklihood, the PA legislature would just send the current electors anyway, as is their prerogative.


Now I really want to post this to /r/politics or one of the jill stein subs, with a title like "PENN VOTING MACHINES COULD HAVE EASILY BEEN HACKED, THE VOTES ARE INVALID".

It would get upvoted, perhaps to the front page, and then news outlets would likely pick up the story.


The iVotronics hacking part is very public. The legal aspect may not be as well-known.

The iVotronics vulnerabilities were documented in a lawsuit joined by the Commonwealth's own Deputy Commissioner of Elections. See Banfield v. Cortes [0]

The Election Code specifies that the Secretary of the Commonwealth shall certify electionic voting systems, and issue directives and instructions upon which such approval is conditioned, with which counties are required to comply.

§ 3031.5. Examination and approval of electronic voting systems by the Secretary of the Commonwealth

(a) The Secretary of the Commonwealth may issue directives or instructions for implementation of electronic voting procedures and for the operation of electronic voting systems....

The county board shall comply with the requirements for the use of the electronic voting system as set forth in the report by the Secretary of the Commonwealth...

(c) No electronic voting system not so approved shall be used at any election... [1]

The Secretary alone determines the method of certification.

While the Legislature mandated that an electronic voting system must comply with specific federal testing and performance standards and the requirements set forth in the Election Code, it does not prescribe a particular testing procedure to govern the manner in which the Secretary is to perform the examination, but ultimately left this discretion to the expertise of the Secretary, who is tasked with implementing the Election Code. [0]

However, counties must still comply with the implementation "directives and instructions" issued by the Secretary.

Section 1105-A of the Election Code, 25 P.S. § 3031.5 requires that the Secretary of the Commonwealth examine all electronic voting system used in any election in Pennsylvania and that the Secretary make and file a report stating whether, in her opinion, the electronic voting system can safely be used by voters and meets all of the applicable requirements of the Election Code...

The Secretary of the Commonwealth certifies the iVotronic Voting System in accordance with the conditions detailed in the reports... and the following conditions. [2]

The certification of the iVotronics system implemenation directives and instructions include a the specific provision that counties "must install the locking mechanism over the serial port and compact flash memory in a manner to prevent access to the compact flash card."

3. Pennsylvania counties using the iVotronic Voting System must install the locking mechanism over the serial port and compact flash memory in a manner to prevent access to the compact flash card. [ibid.]

As the construction of the locking mechanism itself renders the compact flash accessible regardless of the physical lock used, as determined by multiple audits in academia as well as other states, the iVotronics system in question was not certified in accordance with the requirements of the statute.

The Secretary put a caveat on the certification of the iVotronics with which the counties did not comply. This is physically analogous to requiring that a tenant "must install a lock on this door which prevents access to the inside of this room," but the door cannot latch no matter which lock is used. If instead of repairing the latching mechanism, the tenant merely replaces the lock, he would not be in compliance with the directive.

Rather than work with the manufacturers to create a locking mechanism that complied with the Secretary's directive (changing the latch), the counties merely changed the locks used. These locks do not prevent access to the compact flash card, and thus Secretary's implementation requirements were not met by the counties which used them. The counties failure to meet these directives was not due to lack of ability, as the requirements of the iVotronics maintenance contracts include modifications necessary to comply with state law, or lack of knowledge, as they were disclosed during Banfield, cited by the certification report itself.

The counties simply failed to ensure that the locking mechanisms were updated subsequent to the Secretary's report. Each county board is required to submit their vote totals to the Commonwealth in accordance with the Election Code. As the Election Code requires counties to comply with the Election Code, a county's failure to meet the Secretary's certification requirements disqualifies its reported vote totals.

It's pretty telling about the seriousness of the recount effort that nobody has even bothered to sue a county that used these machines. The Commonwealth's Election Code is not a mere recommendation to the county. Its provisions regarding DREs are specifically intended to punish counties that do not comply with the Secretary's requirements for certification, which many did not.

But please don't cross post me. You won't accomplish anything, except maybe landing me in DHS lockup for ten days for no reason.

[0] http://caselaw.findlaw.com/pa-supreme-court/1692529.html

[1] https://govt.westlaw.com/pac/Document/NE9287BF0343011DA8A989...

[2] http://www.dos.pa.gov/VotingElections/Documents/Voting%20Sys...


That sounds so... horrendously awful.


Self-domestication is one of the current leading theories for the evolutionary history of dogs. Under that theory, wolves would scavenge scraps around the periphery of human encampments. The more pleasing a wolf was to humans, the closer it could get to the settlement. The closer it could get to the encampment the more food the wolf would receive, and the more it received the more likely it was to reproduce.

Over time, the differential rate of reproductive success emphasized traits that were not only useful but pleasing to human emotions and actions, in particular those related to our social interaction, bonding, and nurturing instincts. Dogs may not even be "domesticated" in the strictest sense of the word, but rather a symbiotic species that co-evolved with humans.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: