1. Biden and Trump to Meet at the White House: Live Updates  The New York Times
2. Biden, Trump Set For White House Meeting After Harris Election Loss  NDTV
3. Biden-Trump White House meeting revives presidential tradition skipped 4 years ago  Fox News
4. Trump and Biden to meet at White House as Senate GOP holds leadership election  CNN

1. Why is Elon Musk becoming Donald Trump's efficiency adviser?  BBC.com
2. Elon Musk, Vivek Ramaswamy to lead Trump's Department of Government Efficiency  Fox News

Personality. You’ve got one; your friends have one—everyone has one! But what does it say about you and your social tendencies? In the early 1900s, Carl Jung coined the terms “introvert” and “extrovert” to describe personality traits and behaviors. Introverts tend to be more reserved, whereas extroverts thrive on social interaction. So, where do you fall? Are you an introvert, extrovert, or something in between? Answer these questions about what you would do in any given situation to find out.

Falling in love is beautiful, earth-shattering, magical, and sometimes really hard. Whether you're struggling to get over negative patterns, meet new people, or create a deep connection, your feelings are completely normal. So many people all over the world are asking themselves the same question: how can I finally find a deep, meaningful love? And luckily, there are tons of changes you can make today to raise your chances of romance—and, enjoy yourself more along the way, too. Let's get started.

Looking to improve your looks? Good news: there are actually tons of ways to become more attractive instantly, without too much work. Plus, at the end of the day, confidence and self-love makes anyone beautiful. From hair, to makeup, to clothes, to charisma, read on for our in-depth guide to becoming a more attractive person.

Weird Al Yankovic, Alicia Keys, and Jodi Foster. What do all of these celebrities have in common? They were all valedictorians of their class. Though being valedictorian won't make you a supermodel or singer, it can set you on an impressive path that can lead you to succeed in your college career and in the world at large. All you need is to have mental toughness, endurance, and an unbeatable work ethic. So how do you do it? Just follow these steps.

Hoping to learn more about the world of palmistry? The love (or heart) line is a great place to start. Often considered one of the 3 most important lines on your palms, the love line provides a valuable glimpse into a person’s romantic and emotional tendencies. We’ve covered everything you need to know about this essential line, so you can have an easy time reading someone else’s palm—or even your own!

The report includes a list of the nation’s wealthiest real estate investors. The figures for wealth and value represent a snapshot of May 31, 2024. “We are extremely proud and honored to reaffirm our long-standing partnership with Hurun India for … Continue reading →

Bengaluru’s rental housing market saw an average price correction of 5-10% during the April-June quarter of the current calendar year, according to local brokers who spoke with HT.com. This news should cheer up tenants in the city. The primary reasons … Continue reading →

Finance Minister Nirmala Sitharaman is scheduled to present Budget 2024 today, and the real estate industry anticipates that the government will prioritize affordable and middle-class housing in the plan. To increase affordability, it has advocated for an enlargement of the … Continue reading →

This year’s budget, which sets up the housing sector, will not only help the one crore urban poor and middle-class families who lack a place to reside.  It will also boost the real estate market and open new doors for … Continue reading →

The real estate industry in Mumbai has suffered the most as a result of the heavy rains and the numerous cases of waterlogging that have been reported. Real estate experts claim that between July and August, during the monsoon, walk-ins … Continue reading →

This budget’s extensive measures demonstrate the government’s dedication to the real estate industry’s overall growth, which makes it a major driver of the country’s economic expansion.  The Finance Minister, Nirmala Sitharaman, unveiled the 2024 Union Budget, which includes some ground-breaking … Continue reading →

Approximately 32 kilometers from the Goa International Airport in Dabolim, the opulent project will have 62 villas atop Reis Mago, a hill in Goa.  In the second half of the 2024-2025 fiscal year, 62 ultra-luxury villas in Goa, priced between … Continue reading →

Before purchasing, buyers should confirm that a property is free from legal issues. They must comprehend ideas from the Code of Civil Procedure (CPC), such as “Attachment of Property,” to do this. Attachment is the legal term for taking possession … Continue reading →

Godrej Properties Ltd has announced the acquisition of a roughly 46-acre land parcel in Indore. According to the company’s July 31 regulatory filing, the development on this land will mostly consist of plotted residential units and offer an estimated saleable … Continue reading →

Are you trying to find a cozy haven with a view of the city skyline? The desire for luxurious living is growing, and renowned builders like Nitara Projects are fostering this desire by offering strong, innovative, and tastefully designed premium … Continue reading →

However, the Delhi Development Authority (DDA) is making a groundbreaking shift in how it handles property documentation. Starting in September 2024, buyers will receive their flat documents in a sophisticated, customized folder. This change comes after concerns raised by Lieutenant … Continue reading →

The Beats Solo 4 features enhanced sound quality, up to 40 hours of battery life, and seamless Apple device integration. These on-ear headphones combine style with premium audio performance in a striking Cloud Pink finish. Reasons to Buy What Makes It Stand Out The Solo 4 improves upon its predecessor with enhanced audio quality and stronger build […]

The Epson EcoTank ET-2800 features cartridge-free printing with supersized ink tanks and wireless connectivity. This all-in-one printer delivers exceptional value with up to two years of ink included in the box. Reasons to Buy What Makes It Stand Out The ET-2800 revolutionizes home printing with its refillable ink tank system. The included ink equivalent to about 90 […]

The Samsung EVO Select 1TB microSD features ultra-fast 160MB/s transfer speeds, comprehensive device compatibility, and Samsung’s 6-proof protection system. This high-capacity card provides reliable storage for mobile devices, gaming consoles, and cameras. Reasons to Buy What Makes It Stand Out The EVO Select combines massive storage with Samsung’s reliability. The included full-size SD adapter extends compatibility to […]

The XFX SPEEDSTER MERC319 features 16GB GDDR6 memory, advanced RDNA 3 architecture, and premium triple-fan cooling. This high-performance graphics card delivers excellent 1440p and 4K gaming capabilities. Reasons to Buy What Makes It Stand Out The MERC319 model represents XFX’s premium cooling solution. The triple-fan design and extended heatsink ensure lower temperatures and quieter operation compared to […]

The Nikon Z50 Two Lens Kit features a 20.9MP DX-format sensor, 4K video capabilities, and two versatile zoom lenses. This mirrorless camera kit provides a complete solution for both photography and videography. Reasons to Buy What Makes It Stand Out The Z50 combines Nikon’s mirrorless technology with a practical two-lens solution. The included VR (Vibration Reduction) lenses […]

The Sony XG300 Portable Speaker features IP67 waterproofing, powerful X-Balanced speakers, and up to 25 hours of battery life. This premium speaker combines durability with Sony’s signature sound quality. Reasons to Buy What Makes It Stand Out The XG300 delivers exceptional sound through Sony’s X-Balanced speaker units and dual passive radiators. The combination of MEGA BASS, ClearAudio+, […]

Trump's flying car initiative gains momentum as UFO expert Dr. Michael Salla signals potential involvement, bringing advanced aerospace expertise to ambitious urban development plan.

The National Governors Association has created an archive of historical information about state governor's going back to colonial times. Or at least it will. Currently the archive contains information on all current governors and historical data on governors from Alabama...

An eVoting pilot that would allow miltary staff stationed overseas to cast their ballots electronically has been postoned. The pilot program was scraped due to security concerns - concerns not just about the pilot, but the security of the Internet...

The 2005 U.S. federal budget includes just $5 million for the eGov fund. The amount requested for the year was $45 million. Last year the fund received just $3 million, which means over the last two years just $8 of...

Over the weekend the democratic party in Michigan used an eVoting system for its primary. According to their reports, things went off without a hitch. In response to reports (reported here below), about the Pentagon scrapping their eVoting initiative, a...

"The Industry Advisory Council’s (IAC) eGov Shared Interest Group (SIG) and the Federal CIO Council, in partnership with E-Gov, today announced the Federal agency programs selected as the “Top 5” within the Excellence.gov awards program. These prestigious programs were selected...

I've mentioned in the past the number of people Googling to the site to find information about felony offender registries and the official Tennesse (a misspelling of Tennessee) state site. Since then, the new common search is for the Tennesse...

The Electronic Records Policy Working Group is inviting interested persons to provide their written views on issues relating to implementing section 207(e)(1)(A) of the E-Government Act of 2002. That section calls for ``the adoption by agencies of policies and procedures...

Critics of the Diebold touch-screen voting machines turned their attention Wednesday from the machines themselves to the computers that will tally the final vote, saying the outcome is so easy to manipulate that even a monkey could do it. And...

Canada becomes the first national government to roll out an integrated RSS-syndicated eNewsroom.

Summary: The abundance of X.509 certificate authorities who already perform identity proofing for businesses provides a rich resource that can be leveraged to boot the verifiable data ecosystem.

When you used a verifiable credential to prove something about yourself, the verifier can know cryptographically: (1) the identifiers for the issuer, (2) the credential hasn't been tampered with, (3) the credential was issued to you, and (4) the credential hasn't been revoked. These four checks are important because their establish the fidelity of the data being transferred. They don't, however, tell them whether they can trust the issuer. For that, they need to take the issuer's decentralized identifier (DID) that they got from credential presentation and determine who it belongs to.

At the most recent Internet Identity Workshop, Drummond Reed gave a session on how X.509 certificates could help with this. The first step, like always, is to resolve the DID and retrieve the DIDDoc that associates keys and endpoints with the DID. The endpoint can be an HTTP server and, of course, should have an X.509 certificate providing TLS security. That certificate, at the very least, has a a domain name to bind that to the certificate's public key. It can, if you pay for the feature, also include information about the entity that applied for the certificate. The certificate authority proofs that information and is vouching for it when they sign the certificate.

The key to making the X.509 certificate useful for checking the provenance of a DID lies in one key change. X.509 certificates can contain and extended field called a Subject Alternative Name. This following figure shows how it can help.

In this figure:

1. The issuer (Attestor) creates the DID they will use to issue the certificate along with its associated DIDDoc, including an HTTP endpoint for DID verification.
2. Attestor applies for a X.509 certificate for that endpoint, including in the application the DID they created in (1).
3. The certificate authority does it's usual proofing of the application and issues a certificate that includes the DID in the Subject Alternative Name field.
4. The issuer creates a credential definition in the usual way that includes their DID and writes it to whatever Verifiable Data Registry their DID method dictates.
5. Attestor issues a credential to a holder (Alice) using that credential definition.
6. At some later time, Alice presents the credential to the verifier (Certiphi).
7. Certiphi resolves the DID to get the DIDDoc and retrieves the verfication endpoint from the DIDDoc
8. Certiphi retrieves the certificate for that endpoint¹.
9. Certiphi verifies the certificate by checking it's signature and ensures that the DID in the DIDDoc for the credential matches the one in certificate.²

The issuer's DID has now been tied in a verifiable way to whatever information is in the certificate. Provided the certificate includes information about the entity beyond the domain name, the verifier can use that information to determine whether or not the credential is authentic (i.e., issued by who the credential definition purports issued it). That might be all the evidence they need to determine whether to trust the entity. Certificate authorities could also issue verifiable credentials to the customer attesting the same verified claims—after all, it's one more product they can offer.

The benefit of doing issuer validation using X.509 certificates is that there are already many trusted X.509 certificate authorities in business who already do proofing of attributes about businesses. That's a huge chunk of the verifiable data ecosystem that doesn't need to be built because it can be leveraged. To make this work, digital certificate authorities would need to start offering to validate DIDs and include them in a certificate as a Subject Alternative Name. I don't discount that this will take some bureaucratic maneuvering. Certificate authorities will need to see a business opportunity. I'd love to see Digitcert or someone do a pilot on this.

Notes

1. Note that this step might be combined with the previous step if the Verifiable Data Registry is the same server as the endpoint, but that's not necessarily going to be the case for a number of reasons.
2. Note that this does not create a call back wherein Attestor can determine which credential was used, preserving the privacy of the presentation. Attestor does know one of its credentials has been presented to Certiphi. If this information leakage bothers you, then any web-based DID method is potentially a problem.

Tags: identity ssi decentralized+identifiers verifiable+credentials x.509

Summary: This spring's IIW was full of interesting people and interesting discussions with people from around the globe.

We recently completed the 38th edition of the Internet Identity Workshop. We had 330 people from around the world who called 169 sessions. As usual there was lots of energy and thousands of side conversations. IIW is a place to get things done and it showed in the energy and the comments people made to me about how much they enjoyed it.

As you can see by the pins in the map at the top of this post, there were attendees from all over the world. Not surprisingly, most of the attendees were from the US (241), followed by Canada (11). Germany, India, and Switzerland rounded out the top five with 9, 8, and 7 attendees respectively. Attendees from India (5), Thailand (3), and Korea (3) showed IIW's diversity with attendees from APAC. And there were 4 attendees from South America this time. Sadly, there were no attendees from Africa again. Please remember we offer scholarships for people from underrepresented areas, so if you'd like to come to IIW39, please let us know. If you're working on identity, we want you there.

For states and provinces, California was first with 122. Washington (16), Utah (10), Texas (10) and New York (10) rounded out the top five. San Francisco (14) Oakland (13), San Jose (12), Seattle (11), and New York (9) were the top cities.

In addition to sessions, we have a demo hour on Wednesday that is a little like speed dating. There were 20 different projects highlighted. There's always more than one session that I want to attend in any given time slot and choosing is hard. That's a common refrain. Luckily we have sessions notes that we publish in a Book of Proceedings.

Here's pictures from all three days courtesy of Doc Searls

You belong at IIW! IIW is where you will meet people to help you solve problems and move your ideas forward. Please come! IIW 39 will be held October 29-31, 2024 at the Computer History Museum. We'll have tickets available soon.

Tags: identity iiw

Summary: We know that LLMs hallucinate. And we know that we can overcome some of that problem with better prompts. But can LLMs provide references for their work? I conducted an experiment.

Recently my friend Scott Mace asked this on X in response to a post about the evolution of software and how LLMs will likely follow that same trajectory:

Yes, but how trustworthy will it be? Can I at least see the links it used to create its response?

From X
Referenced 2024-05-21T18:09:06-0400

The short answer is "no", but the real answer is a bit more nuanced because of how LLMs like ChatGPT work. First the short answer: LLMs don't understand what they're saying so they can't reference the material that it used to create a response. They don't work like that. They don't go out, do a bunch of research and then create a response. Instead lots (and I mean LOTS) of material is fed into the program that creates the model, a multi-dimensional matrix of word orders. Then when you ask a question ("give it prompt" in LLM-speak), it processes the question and generates text based on the probabilities of words in its model¹. There's no way it can satisfy Scott directly because the model doesn't—can't, as far as I know—include the references that it used to create the text because it's generating it on the fly from material that has been thoroughly blended together.

But, in fairness, that's not what people do most of the time either. If you asked me over lunch or at the end of a tech presentation to describe zero trust and its pros and cons, I'd start talking. I wouldn't start looking up things on the web and somehow weave them into text complete with references. I'd go look for references if you asked me to back up something I said. So, let's try that with ChatGPT 4o. I gave it the following prompt:

You are a writer for a website focusing on technology. Your specialty is security. Write a 150 word explanation of zero trust with three pros and three cons.

ChaptGPT answered with this text:

Zero Trust is a security model based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside the network is safe, Zero Trust assumes that threats can exist both inside and outside the network. It requires strict identity verification for every user and device attempting to access resources, regardless of their location.

Pros:

1. Enhanced Security: By continuously verifying users and devices, Zero Trust reduces the risk of breaches and unauthorized access.
2. Minimized Attack Surface: It limits access to only what is necessary, reducing potential entry points for attackers.
3. Improved Compliance: Helps meet regulatory requirements by ensuring strict access controls and logging all access attempts.

Cons:

1. Complex Implementation: Deploying Zero Trust can be complex and time-consuming, requiring a significant overhaul of existing systems and processes.
2. Increased Costs: The initial investment in technology and training can be high.
3. User Experience Impact: Continuous verification can lead to friction and inconvenience for users if not implemented smoothly.

Zero Trust is essential for modern cybersecurity, but it requires careful planning and resources to implement effectively.

That's pretty good. But what if we need some references to other material to back up the pros and cons? I asked ChatGPT to supply them:

Now repeat that task, but this time include references as hyperlinks to back up each pro and con.

ChaptGPT answered with this text:

Zero Trust is a security model based on the principle of "never trust, always verify." Unlike traditional security models that assume everything inside the network is safe, Zero Trust assumes that threats can exist both inside and outside the network. It requires strict identity verification for every user and device attempting to access resources, regardless of their location.

Pros:

1. Enhanced Security: By continuously verifying users and devices, Zero Trust reduces the risk of breaches and unauthorized access (CSO Online).
2. Minimized Attack Surface: It limits access to only what is necessary, reducing potential entry points for attackers (NIST).
3. Improved Compliance: Helps meet regulatory requirements by ensuring strict access controls and logging all access attempts (Gartner).

Cons:

1. Complex Implementation: Deploying Zero Trust can be complex and time-consuming, requiring a significant overhaul of existing systems and processes (Forrester).
2. Increased Costs: The initial investment in technology and training can be high (ZDNet).
3. User Experience Impact: Continuous verification can lead to friction and inconvenience for users if not implemented smoothly (TechRepublic).

Zero Trust is essential for modern cybersecurity, but it requires careful planning and resources to implement effectively.

That looks great! Nice references for each bullet. There's just one problem. All the links, except the NIST reference, are dead. I don't know if they're wrong, made up, or stale. I tried finding content on a few of the sites by searching and came up dry. As I heard Johannes Ernst say once, ChatGPT is a "large language model" not a "large fact model" and this bears that out.

Still, asking for references or evidence for statements is something people are going to want. So, I tried a different tack. This time I asked this:

Why do you say complex implementation is a problem for zero trust? Can you give me a few references on that I can read myself?

ChatGPT responded with this:

Implementing a Zero Trust security model can be challenging for several reasons:

1. Overall Complexity: Zero Trust requires a comprehensive understanding of your network's intricacies, including users, devices, applications, and data. This can involve significant changes to existing infrastructure, which can be disruptive and costly. Organizations need to be prepared for the extensive planning and resources required for successful implementation​ (Help Net Security)​​ (Enterprise Networking Planet​).
2. Legacy Systems: Many organizations have legacy systems that are not designed to operate within a Zero Trust framework. These systems might require different security measures or even complete replacement, adding to the complexity and cost (Help Net Security)​​ (Enterprise Networking Planet​)
3. Cultural Shift: Zero Trust is not just a technological shift but also a cultural one. It requires continuous verification and strict access controls, which can lead to user frustration and resistance if not managed properly. Ensuring user buy-in and minimizing disruption to workflows through training and communication is essential (Deloitte United States)​​ (Guidehouse).
4. Resource Intensive: Implementing and maintaining Zero Trust can put a strain on IT resources due to the need for continuous monitoring and management. The need for advanced security tools and ongoing updates further adds to the resource demands (Help Net Security)​​ (Enterprise Networking Planet​).
5. Stakeholder Alignment: Achieving buy-in from all stakeholders and aligning them with the Zero Trust principles is critical. This requires a coordinated effort to educate stakeholders, prioritize gaps, and ensure consistent understanding and application of Zero Trust principles across the organization (Deloitte United States)​​ (Guidehouse).

These challenges highlight the importance of a phased and well-planned approach to Zero Trust implementation, considering both technological and human factors. For more detailed insights, you can refer to articles from Help Net Security and Guidehouse.

Much better. The links in the bullets all work, but the ones at the end don't. The articles it references aren’t very detailed, so I wouldn’t say they’re stellar references, but at least there’s a pointer to outside material that discusses similar challenges. So, partial success.

I've found that when you're using ChatGPT to do research, treating it like a librarian and asking questions that follow up are the best way to gain confidence that the material is correct and find the supporting material, just as I did above. I'm sure you could wrap additional helper functions around an LLM to make getting references easier. But for now interrogation through chat is the best way to get comfortable with the results.

Notes

1. Yeah, this is really simplified and thus wrong, but it's directionally correct. For a better explanation, see What Is ChatGPT Doing … and Why Does It Work?.

Photo Credit: Older Man Talking to Robot Librarian from DALL-E (public domain) Prompt: draw me a rectangular picture of an older man talking with a robot librarian. Use earth tones.

Tags: genai llm chatgpt prompt+engineering

Summary: I'm fairly certain that what I write here won't change the minds that need changing. But I feel like I need to make a statement anyway: your vote is secure.

There's a lot of fear mongering about the security of elections. I've wanted to discuss this for a while. I have several things in my background that have given me insight into how elections work. I was the CIO for the State of Utah. I was a member of the Lt Governor of Utah's voting equipment selection committee. And I've been involved in identity and security for several decades.

Let me give you the headline up front: committing election fraud in a way that changes the result is difficult, nearly impossible. Let's examine how elections are run and how fraud could happen to see why.

First a caveat: there is no single way that US elections are run. Elections in the US are quite decentralized. Each state has different election laws and in most cases the mechanics of running an election are given over to county clerks who must follow state law, but also have freedom to create their own workflows and processes within that law. There are 3244 counties in the US. The analysis that follows is generalized and likely more true of Utah, which I'm very familiar with, than other places. Still, I think the big ideas are largely the same everywhere.

The process of voting is divided into two parts: (1) voter registration and (2) voting. This is important because most people who make up scenarios to convince you that voting is insecure usually ignore voter registration. Registration requires that you provide an address. This is an important piece of information because if you're voting by mail, it's where the ballot will be mailed. If you're voting in person, you need to vote at a specific polling place depending on your address.

When you vote, you either mail back the ballot that was mailed to you at the address you provided or you go to your assigned polling place and fill out a ballot (usually via a voting machine). In either case, the ballot presented to you depends on your address since the candidates listed on your ballot depend on your voting precinct. Also, as of 2024, 35 states require voters to present identification at the polling place in order to vote. Of those that don't, many require it for voters who are voting for the first time after their registration.

Now, let's examine voting fraud and how it might work. One important factor is scale. You need to commit fraud at a scale necessary to impact the outcome. For small elections (say a single state legislative race or a small school board election) you don't need to change a lot of votes to change the outcome in a tight race—hundreds of votes might do it. For larger elections, like the presidential election, scale is a significant issue. I'm going to focus on presidential elections since they are the most consequential. Less consequential elections are not likely to attract the kind of money and talent necessary to commit election fraud.

A second factor is stealth. You have to keep the fraud from being discovered so that it's not reversed. Proving consequential fraud would likely result in the election being challenged and rerun. You don't have to identify who did it, just prove that it was done. So election fraud is much more dependent on not being discovered than commercial transaction fraud where the loss is likely to only be recoverable if the identity of the perpetrator is known.

The nature of presidential elections is greatly influenced by the electoral college system. You need to influence the votes in enough states to swing that state's electoral votes to the candidate you favor. You don't want to commit fraud where it's not needed because you'll waste money while increasing your chances of discovery. So, selecting the states where you want to commit fraud is critical. Each of those states will have different requirements, so you'll have to tailor your attack to each of them. Furthermore, you'll have to tailor your attack to each voting precinct within the counties you determine are the most likely to impact the election.

There are a few ways to attack an election:

• Sending your people to vote—for this to work, your fake voters have to have been registered and, in most cases, provide some form of ID. To register, they need a plausible address. The election office might not notice if one or two extra people with different last names are registered at a specific address, but they might if this is systematic or if an unreasonable number of people register at the same address. Remember that elections are run at the county level, so you have to assume that the election workers have a good understanding of the local environment. These fake voters now have to go to many different polling locations and cast a vote. They can't easily cast multiple ballots at the same polling location since the poll workers might remember them. So, you need lots of people going to lots of different polling locations.
• Intercepting mail-in ballots—for this to work, you have to register at someone else's home address and then get to the mail before they do or steal their ballots after they've filled them in and change the vote. This requires lots of people. You can't do this remotely. It requires "boots on the ground" as the saying goes. Furthermore, those people are exposed since they're looking in mailboxes in neighborhoods where they don't live. Doable, but not very stealthy.
• Paying people to vote—for this to work, you have to contact a lot of people, convince them to commit fraud, and then be satisfied with the fact that you'll never know if they voted for your candidate or not because ballots are secret. They could take your money and vote for whoever they want. Or just not vote at all unless you're supervising them, an activity that will call attention to you and your agents.
• Replacing real ballots with fake ones—for this to work, you have to create realistic facimiles of real ballots for many different polling places (remember they're different because of overlapping jurisdictions), intercept the ballots somewhere in transit or on delivery, and replace the real ballots with ones that you've filled out for your candidate. This likely involves subverting county election workers. Not just one, but many. Again, the risk of discovery goes up with each contact.
• Destroying ballots—for this to work, you need to destroy ballots that are for the candidate you don't want to win. You could simple destroy ballots without regard to how they're filled, but this won't assure you'll meet your goal. To be effective, you have to just destroy the ones for the other candidate and leave the ones for your candidate. Again, you will have to subvert election workers to get your hands on the ballots and determine who the ballot is for.
• Changing the results after the ballots are counted—for this to work, you have to either hack the machines that record the vote or hack the machines that are tabulating the vote. Hacking the machines won't work if the machines keep a paper audit trail and it's used to audit results. Hacking the tabulators means getting access to those machines. Recall those are kept at the county level, so you have to hack many in different locations unless a single county can swing the election your way.

I hope all of this has at least given you a feel for the scale and scope of the problem. Pulling it off successfully without anyone knowing it happened is a difficult problem. Each method involves many people being let in on the secret—in some cases a lot of people. This isn't an operation that a small group of hackers can reliably pull off. Having lots of people involved increases the chances that you'll be discovered. The decentralized and distributed nature of how elections are run is a feature and makes elections more secure and trustworthy.

On top of all this, election officials aren't stupid, lazy, or inept. Sure, you're going to find a few who are. But as a rule the elections officials I've interacted with at the state and county level are professionals who are attuned to these dangers and take active steps to protect against them. They are usually happy to talk about how they operate and will respond to polite requests for information about how they audit systems and the processes they have in place to protect the vote.

As an aside, do you know what's easier than committing election fraud? Using social media to convince people that election fraud is happening to reduce confidence in the election and sow discontent. Then you can use that discontent to challenge a legitimate election and maybe change the outcome. Ask yourself which is more likely.

Successfully changing the results of a presidential election isn't impossible. But the odds of doing so and not leaving any evidence—the perfect crime—are vanishingly small. I have confidence in the security of the US election system.

Photo Credit: Voting from DALL-E (public domain) Prompt: Draw a horizontal picture of a woman casting a ballot with a ballot box

Tags: voting identity security government

Kyra Wilson, Aylin Caliskan, Proceedings of the AAAI/ACM Conference on AI, Ethics, and Society, Nov 13, 2024

The topic of AI-based recruitment and hiring has been discussed here before and research continues apace. This item (13 page PDF), despite the characterization in GeekWire, is a fairly narrow study. It looks at three text-embedding models based on Mistral-7B-v0.1, and tests for gender and racial bias on applications containing name and position only, and name and position and some content (the paper discusses removing the name but does do it). The interesting bit is that intersectional bias (ie., combining gender and race) is not merely a combination of the separate biases; while separate biases exaggerated the discrimination, "intersectional results, on the other hand, do correspond more strongly to real-world discrimination in resume screening." Via Lisa Marie Blaschke, who in turn credits Audrey Watters.

Helen J. DeWaard, Canadian Journal of Learning Technology, Nov 13, 2024

I enjoyed the lavish illustrations in this article, a rarity in academic publications. After anm introductory section, the paper offers what is essentially a dialogue around the topic of sharing and openness in education. This bit from  the abstract resonated most with me: "It is becoming ever more important to share expertise as practitioners, researchers, and theorists in the field of education by making explicit what is often tacit and unspoken, and when sharing knowledge, reflections, and actions. By actively thinking-out-loud through blogs, social media, and open scholarly publications, educators can openly share details of what, how, and why they do what they do." This is the space where OLDaily operates - a somewhat middle ground between full academia on the one hand and the popular press on the other.

Paula MacDowell, Kristin Moskalyk, Katrina Korchinski, Dirk Morrison, Canadian Journal of Learning and Technology, Nov 13, 2024

This paper reports on a process where thirty-five teachers enrolled in an elective three-credit multimedia design course "engaged in experiential activities focussed on developing artificial intelligence (AI) literacy, alongside a collaborative assignment to co-author an open-access textbook, Teaching and Creating With Generative Artificial Intelligence." In the process, "the Student Artificial Intelligence Literacy (SAIL) framework was developed (illustrated)." The paper concludes with the usual recommendations ('do no harm', 'develop communication skills', etc.). Each participant wrote a chapter, though a common template was used. I very much like the idea of producing a useful open resource as part of class activities. Oddly, the article doesn't provide a link to the textbook, but I found it here. It's a nice selection of 'how-to' articles that readers, I think, will find useful. One chapter (chapter 20 1/2?) is missing.

Jared Cooney Horvath, Nov 13, 2024

Obviously you can't simply cite some PISA scores to show that 'ed tech is failing'. Minimally, it may well be that schools today are teaching less of what PISA is testing (eg. computer and information literacy). Additionally, there is a drift in what PISA tests for one year to the next (they don't test against curricula, they test against what PISA test designers believe a 15-year old should know, independently of curricula). There are additional factors, such as the pandemic, but not just that, also war and political change. And a final challenge is that most 15-year olds aren't actually taught using ed tech.

Paul Sawers, TechCrunch, Nov 13, 2024

According to this article, "Meta has launched a new partnership with a slew of universities in the U.S. and U.K., as it looks to ingrain VR across the education system." I guess it's a big deal (per Mixed, Upload, Social Media Today, Technopedia, ReadWrite, etc etc) but it's hard for me to stifle a yawn. It's not simply that I was here for the Second Life hype, it's that their product is a "digital twin" of the university - "environments that directly replicate their real-world campus counterparts" - the least imaginative use of any media ever. I think there's a lot of room for VR in education, but this announcement isn't it.

Digital Education Council, Nov 13, 2024

Members of the Digital Education Council (mostly from business and management schools) have signed this short declaration (5 page PDF) following their inaugural meeting this week. Most interesting is their desire to "commit to developing strategies to maintain curricula relevance, at speed with the rapidly-evolving pace of industry."

The Dutch Ministry of Transport, Public Works and Water Management (Ministerie van Verkeer en Waterstaat) announces their new RSS news feed. It is a noteworthy model for other governmental agencies to emulate.

Government Computer News reports that the Navy is building a business case for using weblogs for project management. Enterprise blogging software by Traction Software, Inc. called TeamPage was selected for evaluation for being one of the first weblog systems designed for business use.

Beginning Monday, November 22, UtahGov Search will include a search of Spanish language government produced information and publications. Just click on "en Espanol" and enter search terms in Spanish.

Salt Lake City and 17 other Utah cities are planning to construct the largest ultrahigh-speed data network in the country using fiber optic cables. The project to complete a direct fiber optic connection to homes is considered by The New York Times as one of the most ambitious of its type in the world.

MIT, Harvard, and the Commonwealth of Massachusetts announce the formation of a loose association of interested U.S. state and local governments to promote sharing of software under open source licenses.