Some folks at Princeton's CS department have done a good analysis of a Diebold voting system, the kind used in many elections across the country. They've done a good job of presenting their findings in several different forms, for various audiences ("executive summary", a video, an in-depth technical whitepaper). There's ways for anyone with web access to really grasp the content of their research, which i find pretty admirable.

Folks who know me know my personal preference is for the technical whitepaper, which was actually a great read. It's very clearly explained, sober and direct, and points out the wide range of potential vulnerabilities that the machines share with most commercial PCs, in addition to a series of vulnerabilities specific to the Diebold-proprietary software. If you have any interest in computer security, do yourself a favor and read it. They're thinking about these things the right way.

A friend just sent me a link to an article about using the socratic method to teach third-graders binary math. It's a pretty fun read, and neat to see the kids in the article pick up 1's and 0's.

The author, Richard Garlikov, also has more thoughts about the socratic method, its usefulness in teaching, and how much work it actually is to get right. He also has a number of other interesting philosophy/politics/education/math/science articles, written in a fairly dry, geeky tone.

i just stumbled across an article titled emacs keybindings make you stupid. I am officially way way stupid. when i accidentally put too much of some ingredient in a sauce i'm cooking, i feel my fingers twitch for C-_ (or C-a C-k if i want to start over). I just pressed M-b to go back a word to edit this entry and brought down the bookmark menu of my web browser instead. i must do that a dozen times a day.

and sadly, my impulse is to want to "fix" the parts of the world that don't use emacs keybindings instead of retraining myself. i'm excited by the possibilities presented by MozEx, a mozilla extension that lets you edit a textarea in an arbitrary external text editor, for example.

jamie and i just sorted out how to get notifications working on this noesis installation. The problem appears to be that the cronjob wasn't running properly, mainly because it was being kicked off by php4-cli, and php4-cli's configuration (/etc/php4/cli/php.ini in a sarge system) didn't have the mysql.so extension loaded.

Since the notifications are normally kicked off by drupal's cronjob, and the cronjob couldn't access the database, nothing was happening. frankly, i think this should have generated an error condition that alerted the sysadmin that the cronjob was not being run somehow. perhaps that's a bug in the debian packaging of the cronjob?

Also from Joey Hess comes moreutils, which looks to be an awesome package of glue utilities. As the README puts it:

This is a collection of the unix tools that nobody thought to write thirty years ago.

I look forward to this propagating into etch.

Joey Hess has an interesting blog post about the relationship between security models, group empowerment, and bitter strife within the debian project. His basic idea is that if strict permissions models can be relaxed (and security is not degraded somehow), people will be more excited about working on a project, they'll contribute more freely, and the work will flow smoother and simpler.

The idea isn't terribly shocking, of course, but he ties it into ideas about Wikis, and proposes some interesting things learned from wikis (and proto-wikis like the Debian Bug Tracking System). The basic idea is: anyone should be able to contribute easily and simply, but important changes and modifications should be trackable, have full review, be straightforward to revert, and authorship should be apparent (at least pseudonymously).

I just had a nasty experience that was compounded by a number of factors. Here's what i figured out had happened:

i put squeak (my computer) to sleep so i could go out for the evening last night at around 18:30. what i didn't notice was that /var was full, and mysqld was choking, waiting for disk space to get freed up. Somehow, this interrupted my sleep request, and squeak stayed awake (though unplugged). for some reason, squeak also decided to try to use the wireless card at about 22:30, and couldn't get the connection he wanted. Since squeak was awake and unplugged, he ended up draining both batteries, and ran out of juice at 3:30 the next morning (on a positive note, that's 9 hours of battery life!).

i've been dealing with a large sketchy, disreputable hosting company (iPowerWeb) for one of my clients recently. Some of their frustrating practices that i've encountered are:

• providing webapps (phpbb in this case) that they are not willing to maintain or take any responsibility for. This resulted in a compromise of a section of my client's web site. The company had basically installed an old version of phpbb for my client and never updated it, never applied security patches, and never indicated to my client that any sort of maintenance was needed. it's no surprise that the site was compromised.

So i recently came across an article titled Unexpected Increased Mortality After Implementation of a Commercially Sold Computerized Physician Order Entry System. It makes me shudder to think about it. i'm glad i don't work in healthcare IT.

However, there are a number of flaws in the analysis (not the least of which is the sample size: n = 1). But it does raise the question: given the supposed culturally-ingrained scientific methodology in allopathic medicine, why are these IT systems implemented without wider study? Or are there wider studies that i just don't know about?

i recently upgraded the linux kernel on an old workhorse of a machine ("grunt"). i got grunt in a yard sale back in 2000 for ~$35, and he has worked splendidly and untiringly since then, even moving across the country with me.

sometime between 1 or 2 years ago, i put a large extra disk into grunt, and i've been using that disk as a massive filestore since then. (it's not so massive now, of course, because disks have gotten larger, but...)

anyhow, grunt is running debian linux ("sarge"), which is normally incredibly stable and robust. I upgraded the kernel recently because there was a raft of security updates recently released for sarge. patching is good computer hygiene, and this particular kernel upgrade was probably a bit overdue. However, this was grunt's first reboot in over 6 months, and when he came back up, his initscripts wanted to fsck the huge disk. This fsck run took well over 10 minutes: the ATA bus is an old, slow one, and the disk is massive. It didn't help things that i panicked in the middle of it and tried hard-resetting the machine because i couldn't tell what was going on. This just caused the fsck to restart from the beginning again, of course.