Miscellaneous Links

Here are a few miscellaneous interesting links. I don't agree with everything in every link, but I often learn about interesting pages, and this page links to those other interesting pages.

Far too many programs have a horrendous user interface; I'd like to see more programs pay more attention to usability. This is a problem for both proprietary and OSS/FS programs. User Interface Design for Programmers by Joel Spolsky is a very good description about user interface design. Improving Usability: Principles and Steps for Better Software by Seth Nickell is interesting too. The Nielsen Norman Group has an extensive list of usability reports, user research, and design guidelines. Interestingly enough, useability guidelines are actually very stable (probably because humans don't change much, even though the technology does); about 90% of usability guidelines from a 1986 Air Force report are still valid; several guidelines (about 20%) are less important because they relate to design elements that are rarely used today, but that still leaves about 70% that are valid and relevant around 20 years later. In the OSS/FS world, The Luxury of Ignorance: An Open-Source Horror Story (Eric S. Raymond) is an example of what can go wrong; here's the follow-up, and here's an interesting article on usability by Havoc Pennington. OpenUsability.org is a site on OSS/FS usability. I'm told that "The Inmates are Running the Asylum" is good too. Here are some specific user interface guidelines:

  1. GNOME's Human Interface Guidelines (HIG) (version 2.0 is here)
  2. KDE User Interface Guidelines
  3. The Apple Human Interface Guidelines
  4. Microsoft Windows Official Guidelines for User Interface Developers and Designers

Cluetrain Manefesto.

Free Web Pages.

OpenPKG (packaging system, extends RPM). Interview with Con Kolivas, a practicing doctor who managed to develop a useful kernel benchmarking system (showing that non-programmers can seriously contribute).

Al Viro's description of recovering a seriously hosed Linux system

Unix Code Migration Guide by Larry Twork et al was developed by Microsoft Corporation, and is intended to help developers move from Unix-like systems to Windows systems. However, Wine developers have found that it's also helpful when converting Windows programs into Unix-like programs.

MacOS X tips for Unix geeks

Slashdot discussion of U.S. government development of GPL vs. BSD software

Sweetcode reports on innovative programs; many are interesting, a few are goofy. For example of the latter, see Evil Finder - it creates (silly) numerological proofs of evil.

There are lots of ways to vote (say, for public office or a group decision) where there must be a single winner. The traditional, most widely used, and simplistic approach is when each person votes once for a single choice, and the choice with the largest count wins. This is called plurality voting. The problem is that if there are more than 2 choices, this can product undesirable results (Duverger's law asserts there can only be two parties with plurality voting). For example, a party split can mean that the choice least liked is the one selected! For many circumstances, more sophisticated voting methods can represent far more accurately the will of a group. It can't be perfect; around 1950, Stanford economist Kenneth J. Arrow proved that a completely ideal election method can't exist. The proof is called Arrow's Theorem, and he won the Bank of Sweden Prize (the "Nobel prize in Economics") for the proof. However, although the Arrow theorem is an important theoretical result, Arrow's definition of an ideal voting mechanism is extremely restrictive; less restrictive criteria that are very desirable can be satisfied. Thus, various voting schemes are far better than simplistic alternatives when there are 3 or more options, even though they can't achieve a theoretical perfection. There's lots of information on various voting mechanisms; Electorama links to voting methods. After reading the literature, I think there are basically two especially useful methods: approval voting and Condorcet-based voting schemes.

There are other systems, but they're really not as good. instant runoff voting is relatively simple to explain, but instant runoff has many of the same flaws as the traditional approach. There's another system called Borda counting, but Borda has significant problems with "tactical voting" -- it can encourage insincere voting -- and in some cases Borda counting can fail to elect a candidate selected by a majority as their favorite. Basically, I don't think Borda is a good choice at all. Basically, you shouldn't use instant runoff or Borda; use approval voting or Condorcet systems instead. This technical evaluation of voting methods is very enlightening. I'm looking forward to seeing more Condorcet-based systems; they're currently rare, but they have a lot of advantages in accurately capturing the will of a people.

To Build a Better Ballot shows various voting system options - with interactivity!

News about geeks getting political

"Rock, Paper, Scissors" describes how we used to vote - and why secret ballots (by the public) eventually gained hold.

The law of copyright is valuable, but it currently lacks balance. Phyllis Schlafly's article "Copyright extremists shouldn't control information" One study of copyright found that the mathematically optimum length of copyright is 14 years. And there's an epidemic of copyfraud - fraudulently claiming copyright (there are even people fraudulently claiming copyright over Shakespere's work!). The Center for the Study of the Public Domain has put out Tales from the Public Domain: BOUND BY LAW? -- a comic book that manages explain copyright, and its issues, in a far clearer manner than many dry textbooks. A Fair(y) Use Tale is a video made entirely out of clips of Disney movies, as a way of exposing the nonsense of some of Disney's claims. The Computer and Communications Industry Association (CCIA), a trade group representing Google, Microsoft, Yahoo, etc., has issued a report on fair use; it found that fair use exceptions add more than $4.5 trillion in revenue to the U.S. economy and add more value to the U.S. economy than copyright industries contribute. Cory Doctorow comments about copyright. 750,000 lost jobs? The dodgy digits behind the war on piracy "Were we smarter 100 years ago..?" from PublicDomain.org argues that "100 years ago we were smarter about copyright, about disruptive technologies, about intellectual property, monopolies and network effects than we are today". One small ray of hope is the Righthaven vs. Democratic Underground — companies had been trying to get separate attack dogs to sue those who used material under fair use, while keeping themselves out of the justice system. The Righthaven ruling shows that if you have a problem, you have to show up in court and justify your claims yourself. But that doesn't deal with the fundamental problems.

A matter of trust - a very nasty flaw in Microsoft Windows has Microsoft suggesting not to trust Microsoft. Also, it notes that "Microsoft revealed for the first time that desktop Windows makes a profit margin of more than 85 percent. To put this in personal terms, for every dollar you spent licensing the OS last year, Microsoft spent less than 15 cents on all Windows packaging, marketing, and, oh yeah, improving the product."

There are some interesting pages available on cross-platform GUI toolkits, including this list at atai.org This Slashdot comment, One thing that everyone agreed on was that you should look at wxWindows if you're doing it. Mozilla XUL should be examined too.

If your GUI needs are very simple (e.g., you don't need full event-driven development), there are some nice toolkits that can make it easy. Zenity (for bash) and easygui (for Python, see this article) are two approaches. For more sophisticated needs, glade (possibly combined with autoglade) can help.

Programming cross-platform GUI applications, and the simple "dialog" options don't work? There are many options, which can be grouped on the basic toolkit or language. Many people are moving away from using GUI builders that generate code; instead, people use GUI builders to build data structures and call-outs, and then create a very small program that loads the GUI builder's data structures (this simplifies changing things). Here's some info I found:

  1. wxWidgets: This is the cross-platform GUI library I hear the most about. It's implemented in C++, but the wxPython interface lets you use Python (which is much simpler). For wxWidgets form-building, there's wxFormBuilder and wxGlade. This page provides "HelloWorld" for Python + wxFormBuilder + wxWidgets. Here's more about wxPython + XRC (XML Resource). If you want a full IDE that supports wxPython, PythonCard and spe do that (and there are yummable Fedora packages). PythonCard says that it is "for you if you want to develop graphical applications quickly and easily with a minimum of effort and coding." There's also Boa Constructor, which supports wxPython, but no Fedora package.
  2. GTK+: In the GTK+ world, Libglade to GtkBuilder F.A.Q. explains that libglade is getting replaced by gtkbuilder. Basically, libglade's dynamic loading capability is getting moved into GTK+ itself as GtkBuilder, and some cleanup was done for the transition. Glade will generate gtkbuilder XML directly, but in the meantime, you need to run a converter program (not a big deal). Here's a GTK+ and Glade tutorial.
  3. Java: Java has some extra decisions. For Java-native interfaces you can choose Swing (reference GUI for J2SE) or Standard Widget Toolkit (SWT), developed by IBM as part of Eclipse. There's also the older AWT. Here is developer.com's comparison of SWT and Swing, and IBM developerWorks' article on SWT, Swing, and AWT. SWT tries to be close to the native platform; Swing tries to abstract away from it. AWT is much older; it's a simple toolkit with limited capabilities, but it does have the advantage of stability.
  4. Qt: "Qt Jambi" is an interface to Qt for Java. Qt has had licensing issues in the far past, but it's now released under the LGPL which I think should be great for everyone. Qt is implemented in C++ with several non-standard extensions, an implementation approach I don't like, but there are certainly many happy developers.

The Wikipedia is developing an entire open content Encyclopedia (and a related dictionary, too) by intentionally working to form a community to build it. This is a very intriguing project. Critical decisions that have enabled them to form this community are the Wiki approach (where anyone can edit anything), a neutral point of view, and the GNU Free Documentation License (GFDL) which ensures that the resulting text is available for any purpose in perpetuity. The entire encyclopedia database can be downloaded, too. Some interesting Wikipedia statistics are available. There are problems when you start using Wikipedia, though....

A Group Is Its Own Worst Enemy is an excellent piece about how groups are different than individuals, and what software that supports groups needs to consider. The OpenSuSE code of conduct references it.

Interesting paper: Creation Myths: Does innovation require intellectual property rights? By Douglas Clement

IPv4 is running out of address space - here's a map of the used IPv4 space.

Here's a great review of the Konami Combat DigiQ remote controlled tanks - I want a pair!

For an up-to-date high-level view of attacks and vulnerabilities, you might want to look at Qualsys Vulnerability RV10 (Real-Time Top Ten Vulnerabilities). RV10 is a dynamic list of the ten most critical and prevalent security vulnerabilities, updated automatically and continuously from a sample of a few thousand networks. The Internet Storm Center tracks which ports are most attacked, and divides attacks by geographic regions.

A history of Murphy's law.

Some projects appear to be impossible, such as solving "NP-complete" problems for a large number of items ("large n"). In contrast, some projects are possible - but unaffordable. Since the late 1980s, I and some co-workers have had a phrase for unaffordable projects: "GNP-complete" problems. They're solvable, but they require a country's entire Gross National Product to solve. Thankfully, many GNP-complete problems can be reduced or simplified so they become affordable, and there's always hope for a breakthrough.

An excellent way to take over a democracy is take control of its voting system. Stuffing ballot boxes isn't new, but now we have a high-tech way to control every ballot box in a country: electronic voting machines. Stuffing physical ballot boxes requires a lot of dangerous work and is hard to to do undetected; changing an electronic value to a "desirable" value can be done by one person in microseconds. And given some of today's unverifiable electronic voting systems, it's impossible to detect that someone has stolen the elections. I'm very concerned about unverifiable electronic voting systems, especially since the manufacturer's leaders appear quite partisan. On November 9, 2003, Boone County received 144,000 votes cast from a pool less than 19,000 from a MicroVote system. They say they found the new numbers - but why are those trustworthy? Independent analysis of Diebold found numerous problems, and internal memos had a number of scary statements. Scott Granneman's "Electronic Voting Debacle" documents many of the concerns. These unverifiable systems are also called "Direct-Recording Electronic (DRE) systems", because they record vote results directly into an electronic system (with no possibility of independent verification or real trustworthiness). Security Analysis of the Diebold AccuVote-TS Voting Machine by Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten did a fully independent security study of a Diebold AccuVote-TS voting machine, and proved that it is very vulnerable to extremely serious attacks. Computer security expert Harri Hursti revealed serious security vulnerabilities in Diebold's software, ones that Michael Shamos (a computer scientist and voting system examiner in Pennsylvania) described as "the most severe security flaw ever discovered in a voting system." Diebold included a "back door" in its software, allowing anyone to change or modify the software, and there are no technical safeguards in place to ensure that only authorized people can make changes. A malicious individual with access to a voting machine could rig the software without being detected. A report on the Nedap/Groenendaal ES3B voting computer found that anyone given brief access to the machine can gain complete and virtually undetectable control over election results - and how radio emanations from an unmodified ES3B can tell who voted what from several meters away. Diebold / Premier Election Systems got mocked in xkcd, and Bruce Schneier had a simple comment on xkcd's analysis: "Absolutely correct".

HBO's "Hacking Democracy" ( "Hacking Democracy" summary here) is a documentary that helps explain the issue to the non-technical. For a silly view, "The Onion" has spoof story about a voting machine winning the 2008 presidential election. The Ink Tank also makes fun of electronic voting machines.

There's a solution, and that's verified voting - see the verified voting site. The Verified Voting Foundation advocates the use of voter-verified paper ballots (VVPBs) for all elections (so voters can inspect individual permanent records of their ballots before they are cast and so meaningful recounts may be conducted), insists that electronic voting equipment and software be open to public scrutiny, and that random, surprise recounts be conducted on a regular basis to audit election equipment. I would add three things: (1) there must be separate voting stations and ballot readers, where the ballot reader totals are the only official votes (this prevents a collusion by the voting station), and (2) there should a standard paper ballot format; this makes it possible to have independent recounts using equipment from different manufacturers, as well as making it possible to mix-and-match vendor equipment (lowering costs for everyone); (3) there should a standard electronic formats for defining elections and producing results, again to make it possible to dramatically reduce costs by enabling mixing and matching of equipment. The Open Voting Consortium (OVC) is a non-profit organization dedicated to the development, maintenance, and delivery of open voting systems for use in public elections. OVC is developing a reference version of free voting software to run on very inexpensive PC hardware, which produces voter-verifiable paper ballots. Another relevant system is the Open-Vote Foundation; they maintain an OSS/FS program that's already been used for national elections in Australia (under the name eVACS), and they plan to add a voter verified receipt (a critical need). Another interesting article is Bruce Schneier's "The Problem with Electronic Voting Machines" Building a Better Voting Machine (Wired, Oct 18, 2006) has some great suggestions. This article (among many) recommends open source software for voting systems. Indeed, in 2008 California Secretary of State Debra Bowen argued that open source software can help fix some of the flaws in electronic voting systems. A 2008 e-Voting Wrapup with Dr. Barbara Simons notes that OSS voting systems is no panacea - which is absolutely true, but that doesn't mean it's not worth considering. The current shameful system - where counting is done by unaccountable, unreviewable machines - is the kind of system that Stalin would have created.

It's pretty scary that the U.S. protects voting for academy award winners more than voting for U.S. president. David Carr's January 8, 2008 "The Carpetbagger" article "Nice to Know, Not Need to Know" explains how the academy awards counts votes. Their system is "designed to make sure each Academy member’s vote is accurately represented". In particular, "It is totally analog, and will remain so, in part because the Academy believes that anything that is in a computer will eventually be hacked." What, exactly, does that say about the country? Why do we protect the selection of Oscar winners more than presidential winners?

In a Slashdot discussion about electronic voting machines, an anonymous reader observed that, even though Diebold had horrifically bad security, there are financial and political incentives for it. "Unfortunately, you're not Diebold's customer. The elected officials who in turn buy the machines responsible for reelecting themselves are Diebold's customers." (Anonymous Coward, "Re:My Perception Has Changed Again", September 5, 2006, 12:51PM). One reply was "It's kind of like television. You are not the networks' customer. The ad companies are the customer; you are the product that is sold to them. Everything else is just flim-flam designed to keep you in front of the tube." (Grendel Drago, "It's like television.", September 5, 2006, 01:24PM).

"Paper Ballot Has Md.'s, Va.'s Vote: 2 States Plan to Ditch Electronic Machines, Part of a Rapid National Reversal" By Christian Davenport Washington Post Staff Writer (Thursday, October 30, 2008; Page B01) reports that Virginia and Maryland are switching back to paper. The counts will still be done electronically, but the voters will get to use paper directly.... which eliminates many (though not all) of the risks of computerized voting. This is good news, especially if they standardize the paper so that you can recount with independently-developed systems. The shame is that these states were fooled into buying voting machines that weren't adequately secure in the first place; in my mind, the states should get their money back.

Matt Blaze's testimony to the US House of Representatives Committee on oversight and government reform, subcommittee on information technology and subcommittee on intergovernmental affairs, Hearing on Cybersecurity of Voting Machines November 29, 2017 is an excellent summary on cybersecurity of voting machines. He made three key points (and in the details he noted that they have to be secure against nation-states, not just criminals):