If you have concerns about whether our elections will be free and fair, I suggest you take some time and visit your local elections board and see for yourself how they operate and ask your questions and air your concerns. That is what I did, and I will tell you about my field trip in a moment. I came away thinking the folks that staff this office are the kind of public servants that demand our respect for doing a very difficult job, and doing it with humor, grace, and a sense of professionalism that usually doesn’t get recognized. Instead, these folks are vilified and targeted by conspiracies that have no place in our society.

First, some background. I wrote in August 2020 about the various election security technologies that were being planned for the 2020 election here. And followed up with another blog in December 2020 with the results that those elections were carried out successfully and accurately, along with another blog written last August about further insights about election security gleaned from the Black Hat trade show.

A few weeks ago, I was attending a local infosec conference in town and got to hear Eric Fey, who is one of the directors of the St. Louis County election board. He spoke about ways they are securing the upcoming election. The county is the largest by population in the state, home to close to a million people.

He offered to give anyone at the conference a tour of his offices to see firsthand how they work and what they do to run a safe, secure and accurate election.

So naturally I took him up on it, and we spent an hour walking around the office and answering my numerous questions. Now he is a very busy man, especially this time of year, but I was impressed that a) he made good on his offer, and b) was so generous with his time with just an interested citizen who didn’t even live in his jurisdiction. (I live in nearby St. Louis City, which has its own government and elections board.)

There are about fifty people in the elections board offices, split evenly between Democrats and Republicans. Wait, what? You must declare your affiliation? Yes. That is the way the Missouri elections boards are run. Not every county is big enough to have an elections board: some of the smaller counties have a single county clerk running things. And Fey is the Democratic director. He introduced me to his Republican counterpart.

Part of the “fairness” aspect of our elections is that both parties must collaborate on how they are run, how the votes are tabulated, and how ballots are processed. And doing this within the various and ever-changing election laws in each state. We went into the tabulation room, which wasn’t being used. There were about a dozen computers that would be fired up a few days before the election, when they are allowed to start tabulating the absentee and mail ballots. These computers are not connected to the internet. They run special software from Hart InterCivic, one of the  election providers that the state has approved. These machines are never connected online. Okay, but what about the results?  Fey says, “We us brand new USB’s for a single transaction. We generate a report from the tabulation software and then load that report on the USB. That USB is then taken to an internet connected computer and the results are uploaded. That particular USB is then never used again in the tabulation room.”

Speaking of which, when the room is filled with workers, the door is secured by two digital locks and must be opened in coordination. Think of how nuclear missile silos are manned: in this case though, as you can see in the above photo, a Democrat must enter their passcode on their lock, and a Republican must enter their different passcode on their lock.

The Hart PCs have a hardware MFA key and are also password protected and have separate passwords for the two parties. What happens when they need new software? The county must then drive them to their Austin offices, where they are updated, in one of their vehicles, with both parties present at all times. This establishes a chain of custody and ensures they aren’t tampered with.

The elections board office is attached to a huge warehouse filled to the brim with several items: The voting machines that will be deployed to each polling place of course. The tablets that are used by poll workers (as shown here) to scan voters’ IDs (typically drivers licenses) and identify which ballot they need to use. These ballots are printed on demand, which is a good thing because that process eliminated a lot of human error in the past when voters got the wrong ballots. And loads of paper: the board is required to keep the last election’s ballots stored there. And commercial batteries spare parts for all the hardware too: because on election day, they travel around to keep everything up and running. Why batteries? In case of power failure in the polling place. Don’t laugh – it has happened.

Getting the right combination of polling places is more art than science, because the county has limited control over private buildings. One Y decided they didn’t want to be a polling place this year, and Fey’s staff found a nearby elementary school. Public buildings can’t decline their selection.

One thing Fey mentioned that I hadn’t thought about is how complex our ballots typically are. We vote for dozens of down-ballot races, propositions, and the like. In many countries, voters are just picking one or two candidates. We have a lot of democracy to deal with, and we shouldn’t take it for granted.

So how about ensuring that everyone who votes is legally entitled to vote? They have this covered, but basically it boils down to checking a new registration against a series of federal and other databases that indicate whether someone is a citizen, whether they live where they say they live, whether they are a felon, and whether they are deceased. These various checks convinced me that there aren’t groups of people who are trying to cast illegal votes, or bad actors who are harvesting dead voters. Fey and I spent some time going through potential edge cases and I was impressed that he has this covered. After all, he has been doing this for years and knows stuff. There have been instances where green card holders registered by mistake (they are allowed to vote in some Maryland and California local elections, but not here in Missouri) and then called the elections board to remove themselves from the voting rolls. They realize that a false registration can get them imprisoned or deported, so the stakes are high.

Let’s talk for a minute about accuracy. How are the votes tabulated? There are several ways. In Missouri, everyone votes using paper ballots. This isn’t typically a problem to process them, because as I said they are freshly printed out at the polling place and then immediately scanned in. This is how we can report our results within an hour of the polls closing. The ballots are collected and bagged, along with a cell phone to track their location, and then a pair drivers (D + R) head back to the office. Fey said there was one case where a car was in an accident, and the central war room that was tracking them called them before they had a chance to dial 911. They take their chain of custody seriously on election night.

If you opt for mail-in ballots, though, the ballot quality becomes an issue. Out of the hundreds of thousands of ballots the county office received in 2020, about four thousand or so looked like someone tried to light them on fire. Each of these crispy ballots had to be copied on to new paper forms so they could be scanned. Why so many? Well, it wasn’t some bizarre protest — it turns out that many folks were microwaving their ballots, because of Covid and sanitation worries. It was just another day of challenges for the elections board, but they took it in stride.

The paper ballots are then put through a series of audits. First the actual number of ballots are counted by machine to make sure the totals match up. They had one ballot that was marked with two votes, with one crossed out. So the team located the ballot and saw that the voter changed their mind, and corrected their totals. That is the level of detail that the elections board brings to the final count. They also pick random groups of ballots to ensure that the votes match what was recorded.

As you can see, they do their job, and I think they do it very well. If you are thinking about your own field trip, ballotpedia.org is a great resource if you want more details about how your state runs its elections, where and how to vote, and contacts at your local election agency.

As an avid cyclist, I have collected a variety of tools to keep my tires inflated, both on the road and at home. These include:

• A floor pump that has a pressure gauge and fits both Presta and Schrader valve types. We have both here in my family. This is used most frequently, because high-pressure tires tend to lose air over time.
• A portable pump that has a Presta connection that I carry with me when I am riding. This is useful if I get a flat and have to inflate a new tire just enough to fit it on my rims.
• A collection of CO2 high-pressure cartridges that can inflate my Presta tires up to full pressure. These are good for a single blast of air.

My social feeds have been filled with various ads for portable electric air pumps. In the distant past, these things were portable in the same sense that the first portable computers were: they were bulky and you wouldn’t want to carry them very far. But the latest generation of pumps weigh about a pound and could easily be carried with you on a ride, or fit in your car’s glove compartment. They range in price from $40 to $120, mostly made in China, and resemble an old-style walkie-talkie in dimensions. I bought one of the cheaper ones on AMZ.

The features that I wanted included:

• Rechargeable battery via USB. The battery should last through a few inflations of your car tires, because you are pushing a lot more air. The unit that I got needed infrequent recharging. The pump’s screen should give you a rough idea of how much charge is available. Having a USB cable also makes recharging from your car simple, if you have the right cables.
• A long enough hose that fits between the tire and the pump, so you can maneuver the pump around the target tire more easily.
• Fits both kinds of tires. The way my pump does this is with a small and imminently losable adapter that screws on to the Schrader valve if you want to inflate a Presta tire. This adapter is very hard to fit on the valve stem, and gets tight enough to ensure you aren’t deflating your tire before you even start the inflation process. It took me a few tries to figure out the process of attaching and detaching the pump from both bike and car, and it would be easier if the vendor had two separate hoses, rather than the add-on adapter, but I didn’t find a unit that came that way.
• Easy operation and usable screen. My pump shows the existing pressure when attached, and you can set it to stop automatically at a given pressure for both bike and car scenarios. That is helpful, especially for bike tires that can be easily overinflated. It also shows battery status too.

One question was could the new electric unit replace both my hand pump and CO2 cartridges on my rides? Even the smaller units still weigh more than the combination, but it is possible, although you probably have to carry it on your person or if you have a big enough bag on your bike. (My hand pump has a bracket to fit on my bike’s frame ) However, this means using the new pump twice when fixing a flat during a ride: once to get some air in the tire before you put it on the rim, then re-attach for the full inflation. It would be nice if the new pump could snap on and off the valve like my other pumps, but I didn’t see any units that offered that kind of mechanism.

I am not recommending my specific pump, and am calling the whole genre a work in progress. Some of them get very hot as their tiny pump motors work overtime to push the air through, especially for car tires. Some weigh a lot more making them difficult to carry in the back pockets of your jersey. The attach/detach process can be tricky: one time I unscrewed my valve stem completely when trying to remove the short air hose. And there doesn’t seem to be any relationship between price, quality, and user satisfaction from what I could tell.

For the past couple of years, high school seniors have been part of an interesting experiment called direct admissions. Basically, there are systems that allow them to get conditional pre-acceptance offers, without having to fill out much of an application in advance, or even think about where they want to attend. What makes these offers interesting is that they arrive unsolicited. There are a few caveats, but hundreds of students are now attending college using this method.

Back in the pre-historic era when I was a high school senior when I had to walk uphill both ways to school, we had to fill out applications by hand. There was no CommonApp, a system by which a thousand or so colleges agree to basically open source the application process. They are one of the entities involved direct admissions, I’ll get to them in a moment. Each place had its own essay to write. You also had to take standardized tests from places like the College Board, the dreaded SAT or ACT. And then there were the application fees.

Direct admissions puts all that aside. You have to have good grades, of course, or good enough grades for the particular school that you want to attend. But that’s about it. No more stuffing silly clubs to pad your pre-college resume. No more parental nagging about whether you have written word one on your essays.

Not every college is on board, yet. But it clearly is the coming wave. As costs to attend college continue to rise, the onerous application process has to be simplified. One private venture is leading the charge called Niche. Their website has a portal for students to enter the direct admissions world and while there is some information to fill out, it doesn’t seem all that difficult.

There are several states that have signed up to include every graduating high school senior in the program. They notify all graduating seniors in the fall where they have been accepted, based on their GPAs. Minnesota, for example, has 55 two and four year colleges — both private and public — part of the program. Students then have to complete an application to the school of their choice. Missouri has several schools that take direct admissions, including probably one of the best engineering schools in the state.

CommonApp began testing direct admissions in 2021, and now has more than 70 participating schools. Niche began its program in 2022 and now has its own group of 100 or so schools. (Forbes has more details here.) The two have somewhat different qualification criteria. With CommonApp, students have to live in lower-income households to get app fees waived and be the first in their generation to enter college, and can only apply to in-state colleges. Niche doesn’t have any income or geographic threshold.

As the NY Times wrote earlier this year, colleges want more students and need more applicants to maintain their student population. Idaho, which is one of the states with a program, found that student enrollment increased by several percentage points in the first year.

Now, you might guess that the top tier Ivies aren’t on board with direct admissions: they get plenty of attention from the best students. But for many other schools, this could be a way to attract students that may have never considered or even heard of the school. And who doesn’t like getting a “you may already have been admitted” notice? It could be a big ego and motivational boost for some seniors.

If you have a kid that has used direct admissions, please post your experiences, I would be interested to hear from you.

I have been a casual camera user for decades, ever since I got a simple box camera in my teens. I actually had a job as a professional photographer when I got out of college, and built my own darkroom in several homes for printing black and white pictures. This obviously was during the pre-digital era. The past few years I have been enjoying my smartphone’s camera, which keeps getting more and more capable. Going digital meant no more darkroom, and being able to print to an online photo processor by uploading my images. Here is a photo that I took recently.

Well, I come bringing bad news, although it initially doesn’t seem that way. First, cameras are getting smarter. It isn’t just a matter of better resolution images, but better software. The new Google Pixel 9 has something called Reimagine, which has some very neat tricks for in-phone picture editing as shown in this threads post by Chris Welch..This used to be the domain of a skilled Photoshop operator. Now you just tap on the right buttons.

Second, AI is moving into more “original” photography. Google’s ImageFX is now available in preview here— you type in a description of a photo that you are interested in, and within a few seconds, it creates a few images that you can choose from. My prompt of a “high-resolution photo-realistic interior of ornate teal art deco living room” brought the following image:

That is a pretty nice setup. Note the lighting effects, and reflections in the glass table  and mirror are pretty darn good.

So what is the bad news you may ask? Well, as someone reminded me, what we are seeing here are the absolute worst images that AI has produced, and the quality will only get better, much better given the pace of AI development. Soon the lenses on the back of your phone will be redundant. Those travel photos that you took of your last trip to someplace exotic? Chances are someone else has been there, posted the pix, and some AI engine has gobbled it up. Just a few clicks and you can be added in the foreground. What about pictures of things? Now Google’s Lens has been improved: it is now part of the Android OS and you can do all sorts of tricks with it to identify what you are seeing on a web page or IRL. No need to set up a pesky set of lights or to compose the perfect image. Just crop with your finger.

While you mull that over, I want to leave you with one last image, of a real electric power station near Budapest. At least, I think it is real and not some AI construct. But soon, it won’t matter much, just as we have forgotten all about using stop bath and learning the zone system.

Many of us have a love/hate relationship with our GPS’s. We love the fact that they can tell us when a route is filled with traffic, or a better way to get from Point A to Point B. But we hate it when we are running late and when the GPS route is a convoluted series of seemingly contradictory turns down small side streets, or when we are somewhere where coverage is spotty or blocked.

That is fine when we are in a car, or using transit. But what happens, as I pose in the subject line, when you are flying a plane and its GPS quits working? It sadly is happening with increasing frequency, as the places around the world that are part of conflict zones continues to expand, and because spoofing or blocking GPS signals is one way to prevent military actors from getting precise positions. That link will document exactly what is happening, and you can click on other links at the end of that post to understand the different types of spoofing that have been observed. The number of incidents has risen alarmingly in the past several months, with as many as 1350 daily flights encountering spoofing, but averaging 900.

Now, that may sound like a lot of flights, but when you consider that these days about 100,000 flights fly every day around the world, it is admittedly still a small number. However, the spots where GPS signals are unreliable have expanded to ten distinct areas. Some of these you might suspect, such as around the Middle East and Russia for example.

(I wrote a few years ago about the Russian airlines. This is yet another reason to steer clear of any flights that come near the place.)

But there are several problems behind this data. First, flight crews are not trained to switch off their GPS when spoofing happens. In fact, they run a variety of automated systems that rely on the global GPS network with all sorts of acronyms. Some spoofing hits the autopilots driving the plane, some hit the ground collision radar that prevents planes from hitting the side of a mountain, others hit the transponders that broadcast the plane’s identity. Second, the symptoms aren’t consistent across all these systems: Each system exhibits different behavior when they get spoofed GPS signals. This means that aircrews are losing trust in their instruments, which is not a good thing. Third, the air traffic controllers — particularly the ones handling long-haul transoceanic flights — have to work harder to separate the planes flying a particular route which are in trouble, which means lower passenger capacity and more flight delays. In some cases, the situation happens close to a landing, which means some planes have to “go around” and take time and fuel to attempt a second landing. Finally, there are a bunch of aircraft-related international organizations that work together in a very delicate balance, and spoofing upsets that particular applecart. Imagine the UN, only worse.

GPS spoofing is now being used as a weapon of war, and it is sadly catching on as the investment in small armed drones is small but the damage that they can cause is great if they can rely on precise positioning for their targets. Sadly, it will take some time before the civil aviation industry can retool to work around spoofing in any effective manner.

An article in this week’s New York Times decries the end of the floppy disk. Its use as a medium of data transfer for Japanese government reports has finally been replaced with online data transfer. I read the piece with a mixture of sadness and amusement. The floppy was a big deal — originating from IBM’s big iron. It became the basic fuel of the PC revolution.

Before we had PCs, in the late 1970s, we had the first dedicated word processor machines coming into offices. I came of professional age  when these huge beasts, often built-in to office furniture. They were the domain of the typing pool of secretaries that would transform hand-written drafts into typed documents. These word processors had printers and ran off 8″ floppies that held mere kilobytes of text files. Those larger disks were a part of America’s nuclear control bunkers up until 2019 or so.

But back to the 1980s. Then IBM (and to some extent Apple) changed all that with the introduction of 5″ versions that were attached to their PCs. Actually, they measured five and a quarter inches. Within a few years, they became “double-sided” disks, holding a huge 360 KB of files. To give you an idea of this vast quantity of storage, you could save dozens of files on a single disk. But things were moving fast in those early days of the PC — soon we had hard-shell 3.5 inch floppies — the label remained, even though the construction changed — that could hold more than a megabyte of data. Just imagine: today’s smart watches, let alone just about any other smart home device — can hold gigabytes of data.

You would be hard-pressed to find a computing device that has less capacity these days. And that is a good thing, because today’s files — especially video and audio — occupy those gigabytes. But I just checked: a 5,000 MS Word file — just text — is only 35 KB, so things haven’t changed all that much in the text department.

The double-sided label sticks in my mind with this anecdote. The scene was a downtown office in LA, where I worked for the IT department of a large insurance company in the mid-1980s. We occupied three office towers that spanned several blocks, and part of the challenge of being in IT was that you spent a lot of time going around the complex — or at least for the times — debugging user’s problems. We would often tell users to send us a copy of their disk via interoffice mail and we would take a look at it if it wasn’t urgent. Soon after I got this call I got the envelope. Inside were two sheets of paper: the user had placed his floppy disk on the glass bed of their Xerox copier, and sent me the printouts. But this was a user who was paying attention: he noticed the “double-sided” designation on the disk, so flipped it over and made a copy of the back of the disk too.

The dual-floppy drive PC was a staple for many years: one was used to run your software, the other to store your data. The software disks were also copy-protected, which made it hard for IT folks to backup. I remember going over to our head of IT’s home one weekend to try to fix a problem he had with the copy-protected version of Lotus 1-2-3, the defining spreadsheet of the day.

Those were fun times to be in the world of PCs. The scene shifts to downtown Boston, at the offices of PC Week, back in early 1987. I had left the insurance company and taken a job with the publication. A few months into the job, I had gotten a question from a colleague who was having trouble with his PC, the original dual floppy-drive IBM model. I went over to his desk and tried to access his files, only to hear the disk drive grind away — not a sound that you want to hear. I flipped open the drive door and removed the offending disk. My colleague looked on with curiosity. “Those come out?” he exclaimed. No one at the publication had bothered to tell him that was the case, and he had been using the same physical disk for months, erasing and creating files until the plastic was so worn out that you could almost see through it. I showed him our supply cabinet where he could stock up on spare floppies.

Apple was the first company to sell computers sans floppies in 1998, and other PC makers soon eliminated them. Storage on USBs and networks made them obsolete.Sony would stop selling the blank disks in 2011, but they lived on in Japan until now.

Floppies were trouble, to be sure. But they were secure: we didn’t have to worry about our data being transmitted across the world for everyone to see. And while their storage capacity was minuscule — especially by today’s standards —  it was sufficient to launch a thousand different companies.

Self-promotions dep’t

Speaking of other things that have lived on in Japan, I recently wrote about the Interop show network and its storied history. I interviewed many of the folks who created and maintained these networks over the years, and why Interop was an innovative show, both then and now.

While lots of focus is on TikTok, I would argue that many of us are missing the influence and role played by the messaging network of Telegram. In this post, I explain why that could be a bigger threat to the online world.

Last fall, I wrote a post for SiliconAngle about how social media accounts are being used by pro-Russia misinformation groups. This was based on a report by Reset sponsored by the EU. One of the results from this report is that Telegram is very permissive in allowing hateful content and propaganda. A new report from  the Atlantic Council’s Digital Forensic Research Lab last week takes a deeper dive into how Telegram has been a communications kingpin for Russia’s war, and how effective and pervasive it is. The social network is not only being used for misinformation purposes, but also to recruit mercenaries, fund their purchases of tactical equipment and medical supplies, and serve as primary sources for Russian TV war coverage. The council calls it a digital front and another battlefield in the Ukraine conflict.

What surprised me was the huge audience that Russian Telegram has: with an estimated 30M monthly active users, billions of views and its cozy relationship with various Russian state-sponsored traditional TV channels. There are even channels run by the NY Times and Washington Post that were created to get around website and other internet content blocks.

By now, most of us are familiar with the term “catch and kill” as it applies to media buying stories that are never intended to run. Pro-Russia Telegram channels are paid not to mention specific persons or companies.

My analysis for Avast’s blog about data privacy of various messaging networks from early 2021 shows that Telegram isn’t as anonymous as many people first thought. The council’s report confirms this, finding government crackdowns on supposedly anonymous Telegram channels that have real-world consequences of arrest and prison terms for those channels that take these anti-government positions. Even so, there are many Telegram channels that continue to be critical of government policies and operations, such as those supporting last summer’s failed Wagner mutiny.  “While Telegram positions itself as a censorship-free platform, the available evidence demonstrates how the service is not a completely safe place for critics of the war,” they wrote. Wagner’s head Yevgeny Prigozhin discovered this first hand and died after declaring his mutinous intentions initially on Telegram.

Some of Russia’s military bloggers offer occasional criticism of the war, which adds to their credibility and popularity. “Users see their efforts as trustworthy and balanced, especially when compared to state media resources,” the council’s report wrote. That is not only insidious but dangerous, especially as many posts are widely shared and get millions of views.

As I mentioned earlier, many of the Telegram accounts openly ask for donations, providing bank account numbers and crypto wallet addresses, mostly in Bitcoin and Tether (ironically, one that is tied to the US dollar). The funds collected have been significant, in the equivalent of millions of dollars. They are also used for recruiting fighters and coordinating hacktivism efforts such as DDoS’ing Ukrainian targets such as civilian infrastructure, government data centers and banks. Ironically, Telegram is also used to help Russians avoid the draft with all sorts of tips and strategies on how to emigrate out of the country.

The final irony is that Telegram was created by two Russian brothers to get around government censorship, and was blocked by the government for several years. The brothers now live in Dubai and the Russian government has decided to leverage the network to amplify its propaganda and complement its communications.