Monthly Archives: May 2004

Drupal Markdown plugin progress…

After spending a couple of days figuring out the drupal module engine, I think I do have a workable version of markdown plugin now ready. It works for me and a few others for now.

Some people have a concern for lock-in into a particular text format. This is because, in drupal, the data is stored in the text format (drupal/textile) and it is processed every time node is viewed. There are good and bad things about this: The good thing being, you are working at a higher level (really?) compared to raw HTML. So all of your modifications will be at that level. The bad thing is the lock-in: i.e. you are commited to markdown or textile format!

There are a couple of ways to counter this. One beauty of markdown is that there exists html2text which converts HTML to text... valid markdown text! But unfortunately
html2txt(markdown(txt)) != txt (it's close but not exact, it can never be)

So maybe we should store the markdown output to the database (instead of text format as now) and run html2txt everytime we want to edit/modify ?

Update: 2005/05/05 Recent versions of drupal already include markdown and textile plugin

How to chose good passwords ?

Came across this nice snippet on WSJ:
(via: Rajesh Jain of emergic.org)

I came across this article by Jeremy Wagstaff which is still as relevant today:

Base the password on mnemonics or acronyms, not words or names. Use your favorite song titles, movies, football teams as starters. It's got to be something that you know a lot about, but not something that other people can find out about you -- such as your birthday, your place of birth, or your kids' names. The first letters of the movie The Year of Living Dangerously, for example, could be used in conjunction with its two main stars, Mel Gibson and Sigourney Weaver, to read "tyoldmgsw."

That's just the start. Now you have something you can remember, but it's still just basic letters. You need to turn some of them into numbers, punctuation symbols and capitals. Try turning the "o" into a similar-looking zero, the "l" into a one and the "s" into a five. That would give you "ty01dmg5w" which is a lot better, and still easy to remember, since the numbers are similar to the letters they've replaced.

This, sadly, is still not good enough. The people who write hacking programs are on to this kind of trick, so your password is still vulnerable. It needs an extra trick or two. Try capitalizing the family-name letters, alter the 0 to similar-looking bracket marks (), and move the numeric characters one key to the left on your keyboard.

If your passwords are as good as that, then you should be safe. But there's still a weakness, and it's still human. Never give your passwords to anyone, don't reuse them for different accounts, and change them every few months. Store them on your personal digital assistant if you like, but remember that, even if it's in a well-encrypted file, all your valuable information is just one password away from being accessed by someone. If they steal your device, chances are they're eager enough to try to crack the password protecting all your passwords. Passwords are better kept in your head, triggered by things you'll never forget.

Contact me, but spam me NOT…

There is no mailto link on this website to contact me, the obvious reason being spammers who harvest the email addresses from webpages. Earlier they used to hound the newsgroups, then they turned to collecting mailto links, and now they are just scanning the pages to collect anything that looks like an email address.

One way to fight spam is to waste their resources. I had some hidden links on my pages which were not visible to "normal" visitors. (i.e. link in HTML comment or link with text of the same color as page background etc.) The only people who will access those links are spammers (and a few curious who want to view source of each webpage they visit ;-)) The link then takes them to a dynamically generated webpage, which contain a lot of links to similar dynamic pages and has plenty of meaningless email addresses. The intention is to just pollute the spam databases (i.e. making the value of the database less by adding lots of noise to the signal, if you know what I mean). Here is one example of such a scheme. You have to be careful though, to disallow search engine spiders fall into this trap.

I have now taken those links down. The benefits to me are minimal and spammers do get more powerful (by not following these links), this this is more of a cat and mouse game.

I am thinking of just adding a simple contact me form, using which people who do not know my email address can send email to me. To keep spammers away, it will have a simple puzzle (something like what day is today, which color is sky etc) selected randomly from a list and used to validate the form. I am sure there is something already existing to do exactly this...

India’s Electronic Voting Machines compared to Diebold…

Techaos: Indian EVM compared with Diebold

Indian EVM compared with Diebold
I am writing this while the results are coming out for the Indian Assembly
Election of 2004. 8 news channels are showing results updating like stock
prices on the screen. Yes a 3 second update. The counting is although very
simple and fast because Electronic voting machines were used. But counting from
1.5 Million voting machines is expected to take almost 3 to 4 hours, since, the
Electoral Process needs to be followed in all its bureaucratic steps. The
numbers tell that the ruling party (BJP) is trailing against its main
opposition (INC established by Gandhi). Nobody has doubts about the fairness of
the elections. Re-voting is announced in few stations, due to various reasons.
But over all the biggest democracy in the world has lived up to its
expectations. The ruling party, over-confident of its good economic track
record, declared the elections 8 months ahead of schedule, riding on the
general �feel-good� factor going on in the country these days. But now it
seems, the voters are not that gullible, the opposition INC has got 216 seats
out of 539 and will be invited to prove the majority and form a government.
Indian democracy is of the Parliamentary type, not the Jeffersonian Model
(Presidential type) practiced in America. In the Indian Equation, if a party
gets 272 seats out of 539, they can form a government. and guess what, we may
see an Italian born woman as Prime minister of India! If this is not democratic
then what is?

Last few months have brought very serious discussions on the Net regarding the
use of Electronic Voting, and the security of it. In the USA, the saga related
to Diebold and its opposition is well known. I do not know the electoral
process in the United States, but I attempt here to compare the Technology used
by the Indian Election commission and the Diebold AccuVote system. I present
here the Information I have about the Indian system, and the information about
Diebold got from the web.

Reading this article, some of you might remember that Cold war era joke, about
NASA and its multi million dollar experiment with a pen that can write in micro
gravity to solve the writing problems of astronauts, and the Russian solution
of using a Pencil to solve the same problem. IMHO, the Diebold system is too
complex for a simple and straight forward task such as voting. Windows CE,
Modems, PCMCIA storage cards, Touch screen GUI, On-screen writing facility,
Voice-guidance system, multiple language UI, DES Encryption, centralized voting
Server, a step-by-step wizard to cast a vote, Microsoft SQL Server to store
votes, Backup servers etc. are all unnecessary. All geeks know that a smaller
and simple system is more secure, more code means more cost, more chances for
bugs, more threats to security. You cannot make a system that is �guaranteed�
as secure. A lot depends on the electoral process and the integrity of election
officials.

The Indian Electronic Voting Machines (EVM) are designed and developed by two
Government Owned Defense Equipment Manufacturing Units, Bharat Electronics
Limited (BEL) and Electronics Corporation of India Limited (ECIL). Both systems
are identical, and are developed to the specifications of Election Commission
of India.

The System is a set of two devices running on 6V batteries. One device, the
Voting Unit is used by the Voter, and another device called the Control Unit is
operated by the Electoral Officer. Both units are connected by a 5 meter cable.
The Voting unit has a Blue Button for every candidate, the unit can hold 16
candidates, but up to 4 units can be chained, to accommodate 64 candidates. The
Control Units has Three buttons on the surface, namely, one button to release a
single vote, one button to see the total umber of vote casted till now, and one
button to close the election process. The result button is hidden and sealed,
It cannot be pressed unless the Close button is already pressed.

The voting unit has a list of candidate's names and their Party Symbols pasted
on the surface, and a Blue button to cast a vote faces ever candidate's name.
The Party Symbols (like a Lotus, an elephant, a horse etc.) are approved by the
election commission to be unique, All political parties use these symbols while
campaigning, and illiterate people can identify their candidates by looking at
his symbol, and pressing the blue button in front of his symbol.

Here is how the voting process goes,

  1. The Voter is Identified, by his Government Issued Voter Identity Card, or his
    Public Distribution System's Ration Card, when he enters the polling station.

  2. Voter's finger is marked with a special ink, in such a way that the ink spreads
    from finger skin to nail in a small dot. One cannot remove this Ink without
    hurting himself. The Ink washes away in two week's time.

  3. The Electoral Officer then Presses a button on his Control Unit, that releases a
    single ballot, for the voter to use, this of course is electronic so it just
    enables the Voting unit to register one Vote.

  4. Now Voter enters the voting Booth, and preses a Button in front of name and
    Election Symbol of the Candidate. This action blinks an LED in front of the
    candidate's name and sounds a loud and long Beep, that declares that the vote
    is casted.

Notes: The System accepts only 5 votes in a minute. The Indian Election process
is distributed in such a way that there are never more than 1500 voters for a
single polling booth. So, even if armed men capture the polling station, they
cannot cast 1500 bogus votes in less than 5 hours, and Indian police is not as
slow as the bollywood movies project them to be. No voter has to travel more
than 2 Kilometers to cast his vote. Its fairly easy for an election officer or
opposition political agents to identify people who attempt to appear twice with
different identity. (The Ink on the finger is the main reason).

And here is how the results are obtained from the machines.

  1. After the voting is over, electoral officer presses the Close switch on the
    Control Unit, after which no votes are registered by the unit. The total number
    of the Votes registered are noted by all stake holders (political party agents)
    and then the control units are put into its own special carrying case, and
    sealed for transport.

  2. Control Units from all Polling stations are transported to the nearest District
    headquarters.

  3. On the day of counting the seals of the Control Units are opened. The control
    unit has a Results Button which is physically secured by a protective seal,
    this button is pressed to obtain the results. The Machine gives the Serial
    number of the Candidate, and the votes that he has won.

  4. The Election commission takes a decision to ask for a re-election if the
    machines are found to be tempered with. Or if the count of signatures or thumb
    impressions (yes, India's illiterate also take part in the democracy) on the
    voter register do not tally with the number of votes registered by the Voting
    Machine. In this election, about a 100 polling booths, (I think) were asked to
    conduct the election again. This number is small, for the size of Indian
    elections.

  5. In case of disputes, the machines are preserved for the courts to decide upon,
    other machines are used for next election after reseting the memory.

Diebold system works on Microsoft software, it has no seals on locks and panels
to detect a tempering. It has a keyboard interface (!!!) and the server was
tested to have �Blaster� virus. One report on Wired says a lady stumbled upon
some files from Diebold, and found that the votes were stored in MS Access
files. It also has a PCMCIA SanDisk card for local storage. A touchscreen GUI
and a network connection to send the results to a server after encrypting it
with DES.

The Indian EVM is just plain circuit, with some assembly code. A few LEDs, and
two Seven Segment LED displays. One EVM can list 16 candidates, but up to 4
EVMs can be Linked to accommodate 64 candidates. (In a country of a billion
people its possible to have 64 candidates for one single constituency.)

Diebold has received its share of criticism from Techies and Paranoids. Techies
are Concerned about the vulnerability of the system. Some concerns are right,
like having a network to communicate votes to a central server, exposes the
system to unimaginable risk. I mean, we all know how safe is a windows box on a
network ;-). But, some criticism is just not right, like the keyboard
interface, and card reader jamming etc. No, electoral officer in his sane mind
would allow a voter to walk into a booth with a keyboard in hand, and would not
let him be inside the booth long enough to duplicate a smart card or to open
the voting machine to do some EPROM Programming, or to run a forceful algorithm
to break DES.

India's leading daily newspaper, carried an article on the eve of the elections,
saying that the microchip containing the code of the EVM machines can be copied
in minutes. The article was titled, �Winning Elections Made Easy�. The article
was written by an Indian Professor living and teaching in America. But I don't
think it is possible, as long as the Electoral system and Election officials
function to their expectations. Usually Indian elections take place during
school Vacations, and Teachers are recruited by the Indian Election Commission
to perform duty as election officers.

I guess, The differences in both technologies are as follows.

Device type
EVM: Embedded with Assembly code
Diebold: Embedded with Windows CE, and C++ code

Visual Output
EVM: Single LED against each candidate's name

Diebold: Color Touchscreen, with GUI software

Operating System/ Software
EVM: None, the Assembly code to register number of votes is all it has.
Diebold: Windows CE, and C++ code stored on the Internal Memory and
PCMCIA cards.

Records/ Audits
EVM: The Voting unit doesn't store anything, the control unit records
the number of votes casted for each candidate against his serial number. No
record to link person-to-vote.
Diebold: Internal ribbon printer. And PCMCIA storage for records and
audit trials. Additionally the GEMS server also stores the votes and audits.

Accessibility

EVM: Blind people are allowed to bring an escort into the polling booth
to help them vote.
Diebold: Optional Audio component to assist the visually impaired.
�Magnify� feature to enlarge the text. I guess all Windows CE Accessibility
features are available on these systems.

Control
EVM: Control Unit accumulates the votes, it is a device with flash
storage and seven segment LED displays. They are connected to voting units with
a 5 meter cable, the Unit has a switch to issue a ballot for a voter.

Diebold: Two GEMS servers one primary and a backup, for every polling
station, that connects to the voting units to �load the ballots� (!!) and then
voting units work independently. They are again connected at the time of
results.

Security of Access
EVM: Physical security is ensured by the electoral officers. Unit is
sealed during transport.
Diebold: GEMS servers have access through Supervisory Smart cards, and
PINs, some users have login and password access.

Ballot Issue
EVM: Ballot is issued by Electoral officer by pressing a button on the
Control Unit. It allows the voter to press one button on the voting unit.
Diebold: Voter access smart card is issued in an envelope for a
terminal. Voter can put it in the assigned terminal and cast his/her vote.

Storage of Votes

EVM: In Internal Non removable memory of the Control Units. All control
units are transported physically to the counting center.
Diebold: In a PCMCIA card hidden in the Voting Unit. Results are
�transmitted� using modems to the counting center.

Cost of the System
EVM: About 10500 Rs. (230$) for 1 control Unit + one voting unit.

Diebold: About 3300$.

Power Supply
EVM: 6V alkaline batteries
Diebold: electricity

Capacity
EVM: 3840 Votes (the electoral process distributes one polling station
for not more than 1500 voters) so its large enough.
Diebold: Over 35000 votes.

Localization/Languages

EVM: The Voting unit has a Non tear-able printed sticker, which is
printed in any of the 18 (yes 18) constitutional languages, spoken in the
region. The Election Symbol of the candidate allows people who cannot read that
language or cannot read any language at all to vote by pressing the button
against the symbol.
Diebold: Supports more than 8 different languages using GEMS software.

Developed by
EVM: State owned Defense Equipment manufacturing units.

Diebold: Private company.

Buyer/ Owner
EVM: Election commission of India buys it and ownes it to conduct
elections everywhere in India.
Diebold: Individual states / counties buy the systems, and use it to
take part in elections, each state can decide based on its law, which system to
adopt.

Links

How E-Voting
threatens democracy [Wired]

Indian
Electronic Voting Machine

Presentation on EVM [Election Commission of
India]

Election Commision of India

Bharat Electronics Limited

BPO to help BPL (Below Poverty Line) families in Kerala…

NASSCOM - Using BPO to help BPL families IN Kerala

A BUNCH of women from Below Poverty Line families in Kerala may well be competing with `hot and happening' BPO companies elsewhere if a plan by the State to take business process outsourcing to the grassroots takes off.

Kerala plans to set up BPO units by bringing under one roof the `Kudumbashree' IT units spread across the State. Kudumbashree is a project to encourage local entrepreneurs, mostly women, with the goal of eliminating poverty.

Under this project, there are 58 IT units functioning across the State, employing about 600 women.

They undertake data-entry work, desktop publishing and impart basic computer training. Most of their work comes from the Government, which outsources data-entry work to these units.

Now, the Kudumbashree Mission plans to bring together select IT units under one roof to achieve a critical scale required for a BPO unit. Five units in Ernakulam district who have performed well have been identified to do the pilot, official sources told Business Line.

Each of these units would buy 50 computers so that collectively they can boast of 250 seats. "This centre can work on three shifts, thereby having virtually 750 seats a day," a project official said.

It is estimated that each unit can go for a loan of Rs 15 lakh to buy the computers. "These units have taken loans to set up their existing operations.

Many of them have already paid off their loans. So getting financial support from banks will not be a problem," the official said.

There are hardware units functioning under the Kudumbashree Mission itself and computers can be sourced from these units, which assemble desktops and take up maintenance work.

The BPO unit can take up large-scale data-entry work to begin with and eventually handle more sophisticated areas, such as medical transcription and e-mail processing. "Once we have the scale, then we can pitch for larger projects. We have already got some informal feedback on this project from the US," the official said. In the initial phase, the focus would be on the domestic market and government sector.

After Ernakulam, similar projects will be replicated in Thiruvananthapuram and Kozhikode districts, giving jobs to over 2,000 people. As for the necessary manpower, the plan is to hire from those trained by the IT units.

The Kudumbashree Mission is hopeful that the first BPO unit would come up by December this year.

Markdown plugin for drupal

I use drupal as the content management engine for some of my community websites that I maintain. I think drupal is one the best CMS engines out there. The recent versions using xtemplate theme look very pleasing to the eyes.

Unfortunately to add new content you have to type in HTML, and most of the HTML editors produce non-compliant HTML. I was looking for a way to type in simple formatted text which will be picked by some drupal module and entered as compliant HTML into the database ready to serve! I came across something called markdown which is exactly what I need. There is additional software called html2text which takes html and converts to markdown format. It should be possible (and dare I say easy) to integrate these two little beasts into drupal. I do definitely want to work on this in my spare time.

Few links:
How to create modules

Macrotags comes very close to description of my job, maybe should try to reuse its code base

drupal textile plugin

Markdown PHP
Continue reading Markdown plugin for drupal