a *.txt file is a flat human readable file with no embedded features to either block or detect manipulation of the data.
so anyone can change the numbers, which won't be detected unless there is an independent count of the physical ballots
I'm an election judge. one of the things we did was to package up all the ballots and put signed seals on all the envelopes. all it would take is a crooked head election judge to add a few hundred filled out ballots, and then modify the *.txt file to match the new count.
Not even a cryptographic signature of the generated report. Wow.
(Granted, if the machines were tampered with, cryptographic signatures probably wouldn't matter either. But that's also something that could be designed around in a secure system. Which it's not. Because why would we want our voting system secured?)
This is how hammmer and scccorecard work. They either catch and edit these txt files at the destination ftp folder or they just upload bogus txt files to the destination ftp folder.
Pull txt file from ftp folder used by michigan .
(they sit there until they are uploaded on a timed cycle).
change 6000 votes from trump to biden.
put file back in ftp folder.
profit.
Honest question here. I'm not tech savvy, but beyond the election fraud itself, is anyone concerned that voter information has been sold to foreign entities from information collected by these machines? Between that and all the DNA collection from covid tests, this is stirring up some odd & scary thoughts for me.....
If these results from the machines are formatted in a .txt file and then transferred to a USB stick to send to the county for official counts...then this would be the most easiest way to manipulate the results.
Open a text editor on your PC/Mac, you can type/edit whatever you want in clear text.
I kind of doubt that they use USB sticks. The txt files probably automatically move to an outbound ftp folder. They are automatically transferred (internet) in batches (every minute or two minutes) to the inbound ftp folder of the central counting system where they are uploaded in timed batches. It's probably at this inbound ftp (central) folder where the fuckery occurs.
If you had the location and password of the inbound ftp folder of the counting server you would have the keys to the kingdom. Dominion would have to have this password to upload the files.
Honestly that might even be worse. FTP is a terribly outdated and insecure protocol. A MITM attack against FTP uploads of plaintext files would be a much more subtle way to manipulate these results.
Well I know the basics of EDI communications and my knowledge is a few years old. We would regularly spoof files from spreadsheets to save data entry work. My knowledge is not that dated though and we used FTP folders to communicate between systems
Its in pure text and anyone with a keyboard on that machine can hit backspace and type in a new number. It's considered the most Insecure way to store information.
Well I think maybe we are talking about two different things. A txt report for local revue and a txt file sent from system to system to update the central tally. I think this report.txt is just a local human consumption thing.
You've got to be shitting me. If I designed it, it would upload the results to a database with stringent user access control as well as printing a paper report. The paper report would be used in case the database admins themselves did anything funny.
The fact that these are saved on a TXT file that a fucking fourth grader knows how to edit is a travesty.
Nothing against .txt files, they can be certified using digital signatures like any form of digital binary data. But the likelihood of inventing this protection when using such lazy technology is slim to none.
but who would validate it? i do this shit for a living, so i would need to understand the purpose and intended use of the report for figuring out how taking a checksum could help
Think about it - how do banks protect your account balance info? You have to be signed in to make a change, and they track every single change to your account balance including timestamp, source, etc.
Election counting info should be done using banking type security procedures or better. Banks have had decades to become very secure. Probably the only thing more secure is something like blockchain, but I belive the banking methodology would fit better.
Signed wouldn't work perfectly either, who stores the keys, how do we verify that they weren't shared. Verification of the signature would require sharing a public key too, how do we rule out which sets of data got fabricated.
I really don't know how you can safely integrate technology like this into our elections, block chain could help to secure it, but without a network to share and distribute it, it means nothing. Blockchain's safety comes from it's decentralized nature and high cost to Fake the work.
None of that is wrong, it's a difficult problem to solve. Also a major part of the solution is an actual physical chain of custody. The fact that you are expected to physically open the box of ballots that went through the machine as part of normal usage is bat-shit insane.
But signing would be a huge step in the right direction.
Of course there's something wrong here. These machines should be digitally signing every report they generate using a part of the machine that's not connected to the internet. Sure, that can still be manipulated, but no argument that it's 1, insecure to do it this way, and 2, way more secure the other way, right?
a *.txt file is a flat human readable file with no embedded features to either block or detect manipulation of the data.
so anyone can change the numbers, which won't be detected unless there is an independent count of the physical ballots
I'm an election judge. one of the things we did was to package up all the ballots and put signed seals on all the envelopes. all it would take is a crooked head election judge to add a few hundred filled out ballots, and then modify the *.txt file to match the new count.
Right and wrong is a fluid concept. You need to surround yourself with non-cis BAME and learn to fully comprehend your white guilt by birth.
Bigot.
TXT FILES MATTER
it's a 6 million dollar, proprietary .txt format that only news people can use.
Itβs actually illegal for us to talk about it, we have to wait for them to tell us about it.
I'm afraid that "wrong think" has already entered my mind at this point. I must report this to the right think authorities.
Not even a cryptographic signature of the generated report. Wow.
(Granted, if the machines were tampered with, cryptographic signatures probably wouldn't matter either. But that's also something that could be designed around in a secure system. Which it's not. Because why would we want our voting system secured?)
Oh my God the cringe on those possibilities!?!?
This is how hammmer and scccorecard work. They either catch and edit these txt files at the destination ftp folder or they just upload bogus txt files to the destination ftp folder.
Pull txt file from ftp folder used by michigan . (they sit there until they are uploaded on a timed cycle). change 6000 votes from trump to biden. put file back in ftp folder. profit.
Computer systems communicate using ".txt" files of various formats. (EDI, JSON, XML). These files are very easily faked.
Honest question here. I'm not tech savvy, but beyond the election fraud itself, is anyone concerned that voter information has been sold to foreign entities from information collected by these machines? Between that and all the DNA collection from covid tests, this is stirring up some odd & scary thoughts for me.....
You're right, Meatsuit. Buying politicians wholesale makes way more sense.... Peace, Pede!
Un fucking believable, man. This is seriously some insane shit.
Explain to me like I'm 5... please?
Thank you!
If these results from the machines are formatted in a .txt file and then transferred to a USB stick to send to the county for official counts...then this would be the most easiest way to manipulate the results.
Open a text editor on your PC/Mac, you can type/edit whatever you want in clear text.
This would help explain the failure of Bedford's law.
I kind of doubt that they use USB sticks. The txt files probably automatically move to an outbound ftp folder. They are automatically transferred (internet) in batches (every minute or two minutes) to the inbound ftp folder of the central counting system where they are uploaded in timed batches. It's probably at this inbound ftp (central) folder where the fuckery occurs.
If you had the location and password of the inbound ftp folder of the counting server you would have the keys to the kingdom. Dominion would have to have this password to upload the files.
Honestly that might even be worse. FTP is a terribly outdated and insecure protocol. A MITM attack against FTP uploads of plaintext files would be a much more subtle way to manipulate these results.
Well I know the basics of EDI communications and my knowledge is a few years old. We would regularly spoof files from spreadsheets to save data entry work. My knowledge is not that dated though and we used FTP folders to communicate between systems
Its in pure text and anyone with a keyboard on that machine can hit backspace and type in a new number. It's considered the most Insecure way to store information.
Well I think maybe we are talking about two different things. A txt report for local revue and a txt file sent from system to system to update the central tally. I think this report.txt is just a local human consumption thing.
But Twitter told me everything to do with the election is safe and secure?????
Results copied to Notepad, hmmmmm
You've got to be shitting me. If I designed it, it would upload the results to a database with stringent user access control as well as printing a paper report. The paper report would be used in case the database admins themselves did anything funny.
The fact that these are saved on a TXT file that a fucking fourth grader knows how to edit is a travesty.
Nothing against .txt files, they can be certified using digital signatures like any form of digital binary data. But the likelihood of inventing this protection when using such lazy technology is slim to none.
save and oh dear, if true
nothing inherently wrong with this
accurate username.
there is no unhackable file format. yall need to focus on real problems with this election.
No, but there are formats that any idiot can figure out how to change and formats that most people have no clue how to even open.
Any moron can change these files.
It's the equivalent of your bank sending you an official account statement handwritten in pencil on a sticky note.
you can checksum a text file
but who would validate it? i do this shit for a living, so i would need to understand the purpose and intended use of the report for figuring out how taking a checksum could help
Think about it - how do banks protect your account balance info? You have to be signed in to make a change, and they track every single change to your account balance including timestamp, source, etc.
Election counting info should be done using banking type security procedures or better. Banks have had decades to become very secure. Probably the only thing more secure is something like blockchain, but I belive the banking methodology would fit better.
sure, but this is just the reporting feature, not the db.
The fact that it's not cryptographically signed is a HUGE INHERENTLY WRONG with this.
Signed wouldn't work perfectly either, who stores the keys, how do we verify that they weren't shared. Verification of the signature would require sharing a public key too, how do we rule out which sets of data got fabricated.
I really don't know how you can safely integrate technology like this into our elections, block chain could help to secure it, but without a network to share and distribute it, it means nothing. Blockchain's safety comes from it's decentralized nature and high cost to Fake the work.
None of that is wrong, it's a difficult problem to solve. Also a major part of the solution is an actual physical chain of custody. The fact that you are expected to physically open the box of ballots that went through the machine as part of normal usage is bat-shit insane.
But signing would be a huge step in the right direction.
its just a report. it is not used in official talleys.
Of course there's something wrong here. These machines should be digitally signing every report they generate using a part of the machine that's not connected to the internet. Sure, that can still be manipulated, but no argument that it's 1, insecure to do it this way, and 2, way more secure the other way, right?