Voting, Computers and the Future of Cybersecurity, November 9, 2012
Our Current Voting System is Broken.
Voting can be tedious. Between the “shade in the bubble” process, physical presence, and now, unforeseen natural disasters, actually getting out the vote can be difficult. Voting for a president is one of our greatest rights as American citizens. Today literally millions of us are excluded for the voting process for various reasons— some of course by choice. And while it is time for a change, the technology (or more accurately, the security) is not there yet.
If our intention is to enable more Americans to participate in elections, then the process needs to be quick, convenient and digitized. If we can do our banking online (even from our cell phones), store gigabytes of personal data online, and even conduct multibillion dollar deals online, why are we still voting in person or by using the postal service? The system is antiquated. Computer scientists, cybersecurity specialists, entrepreneurs and innovators need to continue to work together to improve computer and internet security, because we’re definitely not there yet.
Email Voting Begins…
This year we were faced with a natural disaster that prevented hundreds of thousand of people from getting to the polls. The Governor of New Jersey, Chris Christie, made the decision to allow registered voters displaced by Hurricane Sandy to vote electronically— i.e. by email. In a November 3rd statement from the New Jersey State government website, Lieutenant Governor Kim Guadagno is quoted saying:
“This has been an extraordinary storm that has created unthinkable destruction across our state and we know many people have questions about how and where to cast their vote in Tuesday’s election. To help alleviate pressure on polling places, we encourage voters to either use electronic voting or the extended hours at county offices to cast their vote…”
Not quite. Here’s the process:
While on the surface this seems like a tremendous step forward in voting technology, the process is not so simple.
“To vote electronically, displaced voters may submit a mail-in ballot application either by e-mail or fax to their county clerk. Once an application is approved, the clerk will electronically send a ballot to the voter by either fax or e-mail in accordance to the voter’s preference. Voters must return their electronic ballot – by fax or email – no later than November 6, 2012, at 8 p.m.”
…oh, and they forgot to mention the “Waiver of Secrecy” form which also needed to be returned by 8pm on Election day. More recent updates also necessitate that the online voter also send a physical ballot in for verification by Friday…after the election is over…
The voter needs a bunch of things at her disposal in order for this to work: a computer or fax machine, mailbox (or transportation to a public one), printer and quite a bit of time. Not easy if your house is gone, you have kids to take care of and you don’t have a computer or fax machine. While the effort was definitely a step in the right direction—and a decent test for the possibility of E-voting in the future, it was rushed and not sufficient. Countless Americans may have still been blocked from fulfilling their constitutional right to vote.
Why Email, Text or Online Voting Won’t Happen For a Long Time
The problem is that of security…hackers. Minor vulnerabilities in various stages of internet and computer security have major consequences on our ability to protect sensitive data and secure the online voting process (whether through a website, email or text message). Virtually any computer, company or server is vulnerable to cyber attack. Most big, “secure” companies (including banks, government even cybersecurity agencies!) have, or likely soon will be hacked. This is a serious issue. Even the Pentagon is not immune. Online spies have hacked top secret information from the Pentagon’s $300 billion Joint Strike Fighter Project, and even implanted bugs in American drones.
Professor J. Alex Halderman, a computer scientist at the University of Michigan, writes in the Freedom To Tinker Blog about Attacking the Washington, D.C. Internet Voting System Pilot in 2010:
“The specific vulnerability that we exploited is simple to fix, but it will be vastly more difficult to make the system secure. We’ve found a number of other problems in the system, and everything we’ve seen suggests that the design is brittle: one small mistake can completely compromise its security.”
A forum on E-Voting was held at Princeton University where panelists discussed the risks and opportunities associated with e-voting for more than three hours. The primary concern for all parties was security. The consensus? We’re definitely not there yet.
How to Address The Security Problem
“Everything should be made as simple as possible, but no simpler.” ~ Albert Einstein
Unfortunately, we need to reinvent the computer. Peter G. Neumann, a renowned 80-year-old computer scientist at SRI International, reasons that the only viable solution to the computer security crisis is to study all previous research, hand pick the best ideas and systems, and then rebuild something completely new from the ground up.
Is the reinvention of the computer, programing and the internet as we know it going to happen in this lifetime? Probably not. Is it possible? We should hope so.
Right now we need:
- To promote open sharing of cyber vulnerabilities and emerging protective measures for our computers and servers.
- Provide authority to the National Cybersecurity Center to identify and mitigate cyber weaknesses specifically when attacks could result in gross loss of information, money or life.
- Build public-private partnerships and address these issues together
- To ensure that our own personal computers are as secure as possible. The folks at MIT have some good tips, or How to Device Passwords That Drive Hackers Away.
In the long term we need:
- New programming languages
- New security measures
- New innovative systems separating servers from computers from the internet
- Shape-shifting code
- Bold, scientific creativity
- More brilliant programmers working relentlessly on security
- Vigilance; Security is an on-going battle between computer engineers and those looking to capitalize on weak systems.
The consequences of maintaining both our antiquated system of in-person voting, and our current method of writing code using computers, and casually throwing personal data across the internet are serious. Security is at the heart of these issues— your security! This is your finances, personal information and data, emails, pictures, work documents and so much more at risk. Voting is just one more example of an outdated and broken system. The real issue is one of computer and internet security.
Thanks for reading!
Peter Walters & The SendHub Team
Friday Night Lights (I’m talking about the TV show, not the movie… duh) was a must-watch for a lot of people for the past years, and many (including myself… maybe) shed a tear during the season finale. Remember when Riggins skips practice because he thought it was cancelled, and Coach Taylor puts him in hell for it? Donald Engstrom, the Executive Director at DeBartolo Sports & Events shared a few tips with us on how he simplified communication.
DeBartolo Sports University, a subdivision of DeBartolo Sports & Events, is an amateur sports education organization. DSU was founded by former San Francisco 49ers owner, Edward DeBartolo Jr., and focuses on bringing young talent to the forefront by offering developmental programs as well as coaching & mentoring from Pro’s.
As the Executive Director, Donald is well aware of all the planning that goes into such events, but in his opinion, the execution & communication during these events is almost more important than the planning. One item that was a constant problem for him? Communication with the athletes. “Our events involve large groups of people - mostly High School & University age audiences. You’re lucky if they get the email, let alone consider reading it. If you call them, they won’t pick up since they don’t know the number.” he says. “But the response rate for text messages is amazing. It’s an instant call to action, and most of the recipients respond right away.”
A recent announcement, for the ‘Holiday Quarterback Academy’ called to action every HS football coach in Tampa. Yeah - that’s a lot. It gets better: each of the coaches submitted a list of eligible athletes who could participate in the event, and using SendHub, DSU contacted them all with an invite to participate. “Reply HQA to participate” was the call to action. “It’s the best way to communicate with large groups of people! Within 24 hours we had a dozen signups, which is quite a lot for such a short time period and it being summer…”, says Donald. “SendHub is also incredibly easy to manage. With 300+ participants, we’re still able to have only one person manage the account, and have multiple conversations going at once… it’s great!”
Fav tech gadget: iPod nano (I’m training for a marathon and tracking my runs is awesome!)
Fav part of SendHub: reliability & the ease of management
Fav type of event to attend: Nebraska Football games
Worst prank call: Dealing with high school athletes one could only imagine some of the shenanigans that we experience leading up-to, during, and after events. I’ll save some of those stories for another time… :-) However, the best prank that was ever pulled on me wasn’t actually a phone call or SMS Message but rather it was on a tour of Boston that was being given by my future sister-in-law. She was telling a long story about Paul Revere and a golden carrot that could be found in Boston and is symbolic of the famous “Midnight Ride” that alerted colonial militias of the British invasion. She led us on a long scavenger hunt to find this non-existent “golden carrot”. It wasn’t until she attempted to convince us that Paul Revere’s horse was named Hilton and was the basis for the famous Hotel brand that we figured out her entire story was a scam.
To learn more about DeBartolo Sports, or Donald, you can check out their website, and follow him. We hope you enjoyed our Spotlight, and if you (or your company) want to be featured, send us a txt or email and tell us how YOU use SendHub :)
Garrett & the SendHub Team
“Grayed out upgrade buttons on Heroku”
The number of concurrent users on our service has been growing by leaps and bounds. This is great news for our business but also means our primary database on Heroku keeps running out of cache. In our experience, Heroku’s Postgres databases see a significant performance drop when cache utilization exceeds 85%.
Ten days ago our growth caught up with us and our app began to slow. Engineering isolated the cause of the slowdown to the database, and our cache utilization. We then upgraded to the next plan (Fugu) following the fast database changeovers procedure. The process required less than 90 seconds of downtime. The team rejoiced as we believed we’d found a relatively easy way to keep scaling Postgres, without application changes, for the near future.
Five days ago I checked our cache utilization. We were already at 2.3GB/3.75GB-. The data size was growing at more than 100MB per day. This meant that in less than 8 days we would already have performance issues again. I logged in to Heroku to initiate another fast-database-changeover, but to my surprise all further upgrades were grayed out (see image below).
After contacting support, I learned that SendHub was one of the very first clients to start using Heroku’s managed database services back in January 2012. It turns out that all early adopter Postgres instances are running on 32-bit Postgres, and we were already on the maximum plan available (Fugu). There is a binary incompatibility between the two architectures which renders the WALs (Write-Ahead-Logs) not interoperable, which means that a 32-bit database cannot have 64-bit followers. The end result was that a fast-database-changeover procedure was impossible. Heroku advised doing a “dump and restore” operation but this would mean 45 minutes or more of downtime. Even in the middle of the night SendHub has significant activity, making that option unacceptable.
The SendHub stack is homogeneous and straightforward, consisting of Python (Django/Celery), Postgres and RabbitMQ. All the database interactions use single statement autocommit (no multi-statement transactions). Since multiple concurrent sessions of transactions do not exist on our system, I thought that maybe the following replay scheme could work:
- Take the SendHub site offline and make a snapshot of the database
- Deploy a branch that will send all database queries to a logging server
- Turn the site back on and begin importing the snapshot to the new database
- When the import is finished, take the site offline
- Replay the collected queries
- Promote the new database
- Bring the site back online
When I first described the above approach to one of my co-workers, his first response was, “Jay, you’re crazy”; however, given that the only alternative was a massive amount of downtime, I decided to write a remote logger and test out my hypothesis.
I wrote a simple query log capturing and replay system in PHP. Then I modified the SendHub Django application to forward all of its data modification SQL statements to the capturing system. I had everyone at the office help test on staging and the results were promising—the replay system cleanly reassembled the data.
The end result was that Ryan (our engineering lead) and I teamed up to execute the changeover procedure on production with a total of only 6 minutes downtime instead of 45 minutes. There was one minor hiccup though—we learned that when “debug” mode is not turned on Django query logging is disabled, so that set us back one or two minutes. All in all, it was an incredible success.
Below you can find our process and code for performing the upgrade.
At SendHub, we streamline our production site maintenance by preparing a document with detailed instructions including all the commands which will be run. Here is the planning document we used for this procedure:
2. Merge latest master into branch jay/db-logging
git checkout jay/db-logging
git pull origin master
3. Turn on maintenance mode and scale down to 0
heroku maintenance:on -asendhug
heroku ps:scale worker=0 web=0 -asendhug
4. Create database snapshot on heroku.com, then deploy branch jay/db-logging, turn on debug mode (otherwise statements will not be logged), and wait until the snapshot completes
heroku config:add debug=true -asendhug
./deploy.sh prod jay/db-logging
5. Scale workers back up and turn off maintenance mode (db statements willl now be captured on dbupgrade.sendhub.com)
heroku ps:scale worker=50 web=50 -asendhug
heroku maintenance:off -asendhug
6. Download the snapshot and use pg_restore to load it into the new database
wget $(heroku pgbackups:url -asendhug)
PGPASSWORD=<password> pg_restore —verbose —clean —no-acl —no-owner -h <hostname> -U <username> -d <database> -p <port> <LOCAL_FILE_PATH>
7. Turn on maintenance mode and scale workers down to 0, wait until the app finishes flushing it’s async queue
heroku maintenance:on -asendhug
heroku ps:scale worker=0 web=0 -asendhug
8. Run the replay (either by curl or from the web interface at http://dbupgrade.sendhub.com/replay.php) and wait for the commits to completely flush
curl -v -vv ‘http://dbupgrade.sendhub.com/replay.php?sourceHost=sendhub.com&since=0&host=<hostname>&database=<database>&port=<port>&user=<username>&password=<password>’
9. Do a sanity check on the database info on Heroku
heroku pg:info -asendhug
10. Wait for commits to finish, then promote the new database
Prod: heroku pg:promote HEROKU_POSTGRESQL_GOLD -asendhug
11. Scale workers back up and turn off maintenance mode
heroku ps:scale worker=50 web=50 -asendhug
heroku maintenance:off -asendhug
12. Disable debug mode and deploy master back to the environment
heroku config:remove debug -asendhug
./deploy.sh prod master
… and now, back to Time Crisis!
If you have any questions or comments, send us a text or email!
Jay & the SendHub team
Remember the summers you spent at Camp Wannapeelyo (you know, that lake you still don’t know how to pronounce…)? Did your camp counselors seem organized, well on schedule and overall on top of things? I didn’t think so. Keeping the kids in line is one thing, but organizing the counselors can be an entire challenge in its own. No one has more experience with this than Jason Toff, a co-founder of Camp PALS in Radnor, PA.
Camp PALS is a place for young adults with Down Syndrome and their peers to have an experience of a lifetime. Campers are paired one-to-one with volunteer counselors and spend the week on teams as they grow in independence and build new friendships. Jason, who is a Product Manager at Google by day, co-founded Camp PALS in 2004.
With 9 summers as a camp director under his belt, he’s quite aware of all the scheduling, planning and grueling organizational tasks necessary to make a camp run as smoothly as possible. A techy on the side, Jason built a communication system on top of Twilio for the staffers last summer but it wasn’t quite perfect. This year, he discovered SendHub. “Reminding staffers that the trip leaves in 30 minutes, or that a location has changed is so easy to do via text“ says Jason, especially considering that many changes are done last minute.
With over 150 staff members, this year’s Camp PALS was the biggest one yet and we’re excited that SendHub was able to help make the communication more clear & organized. “It’s extremely reliable and so easy to use - it was perfect for us”, says Jason. “It worked so well for our daily staff meeting reminders, scheduling updates, etc. - we had constant communication with them.” Not that any kids have gone missing, but in a worst case scenario, Jason noted that SendHub could be used to alert everyone of a missing child, item or other general announcements.
Fav tech gadget: calculator watch (picture below)
Fav part of SendHub: the reliability
Texting pet peeve: When people send super long texts that need 2 or 3 messages…
Fav prank call made: oh boy… back when I was a kid my friends & I called random people from the phonebook and said really stupid things. One time, the police called us back and told my parents. Needless to say, the prank calls ended that day…
To learn more about Camp PALS, or Jason, you can check out their website, and follow him. We hope you enjoyed our Spotlight, and if you (or your company) want to be featured, send us a txt or email and tell us how YOU use SendHub :)
Garrett & the SendHub Team
Ben Jubas, User Support/Project Management Intern
Hometown: Stamford, CT
Unofficial job: Marketing agent for Wheaties: the Breakfast, Lunch, and Dinner of Champions!
Fun fact: I once helped break up a fistfight between a teammate’s father and the team bus driver.
Best prank call you pulled off (or want to pull off): I never really prank called, but when I was in elementary school I once or twice pulled a devious trick where I created AIM screennames that looked similar to other friends’ screennames (by switching a capital ‘i’ to a lower case ‘L’ or something along those lines). I would chat with other friends and get access to some interesting information. In hindsight, they should have noticed that I wasn’t on their buddy list.
What’s your biggest texting pet peeve?: When someone calls to make a short comment or ask a quick question when it would be easier if they just texted. Alternatively, when people want to have a lengthy, substantive discussions over text instead of calling or meeting in person.
What you say? Yes… it’s true. SendHub can help you get to Inbox Zero a little faster now, with the new Message Center.
You ask. We listen. Simple as that :-)
One of the features requested by many of you was the ability to separate your inbox, and see Unread Messages only, as well as the Scheduled Messages you have set up. Today, we’re really excited to release these new features, in the Message Center.
To change the Message Center - simply click the down-arrow next to “All Messages” and select one of the options from the drop-down menu.
This is one of our favorite features because we use it in the office for all of our team announcements, but also see a variety of ways you all use it, to make your lives easier.
Teachers use it to contact their students about homework, tests or schedule changes; health-care clinics & doctors use it to remind patients about appointments; and coaches send their players reminders to get to practices & games on-time.
With the updated feature you can now see all of your upcoming scheduled messages, as well as edit or delete them, right up until they get sent. Remember: the time you schedule is in the time zone your computer is in. (Psst: read more about scheduled messages here)
We’re really excited to share these news with you. If you have any suggestions for features, do let us know - we’d love to hear your feedback. Email, or text us: (650) 830-5662 :-)
Garrett & the SendHub team
Lucas Ellgran, Software Engineering Intern
Hometown: Maple Grove, MN
Unofficial job: Captain Major Double Extreme Gunnery Sergent of Mountain Dew Consumption
Fun fact: I was actually born in Colorado and moved to Minnesota when I was about 12. I grew up on the slopes and learned how to ski not long after I could walk.
Best prank call you pulled off (or want to pull off): One of my friends once managed to get a hold of the phone number for the White House. He and I called them up and played whale sounds into the receiver. (It seemed really funny at the time//alcohol may have been involved)
What’s your biggest texting pet peeve?: When people abruptly stop responding during a text conversation. If you’re going to take three hours to respond to my last message, the least you could do is say “talk to you later” first.
Everyone is talking about the olympics right now - and why shouldn’t they, it’s a once-every-four-years-event and seeing these superhumans compete is the closest we get to having real superheroes, but today’s spotlight is focused on a different type of olympics… the annual Amateur Athletic Union Junior Olympic Games. Organizing this event can be quite a challenge and headache - between the officials, coaches, parents and 13,000 athletes who came in from all over the nation, it’s hard to stay on track and make sure everyone is informed. No one has more experience with this than Coach Oliver, the founder & meet director of CoachO.
CoachO is a one stop shop for the Track Community - the company handles the event registration, all of the event management, and is the leader in their space. While organizing the AAU Junior Olympic Games, CoachO has decided to use SendHub to help keep things on time, and organized. The biggest benefit? According to Coach Oliver, “time management and efficiency”.
“The most important thing is keeping everyone in the loop - that means a lot of calls, and reminder emails”, says Coach Oliver. “The problem I always had was the resulting phone tag - they called my landline, I tried them at home, but everyone is always on the go. No one checks their email from the track… but everyone gets text messages. It doesn’t matter where they are, and I don’t have to waste time tracking people down anymore. I just send one text message to the SendHub group and I know everyone is in the loop.”
At the Junior Olympics specifically, CoachO has been using the SendHub platform to communicate with the officials on their private channel, as well as send updates for the different events that are easily followed by coaches & parents with the text-to-join feature. “If the 100m dash is delayed, they send out a text message which is so great for the athletes… they don’t waste time warming up” says Carlene, mother of one of the competing athletes. “My grandparents found out via text that I broke a record, within a few minutes of me finishing the race - it’s so cool because they couldn’t be here but feel like they are” said Tyler Mapson, who broke the 100m dash record yesterday.
Fav tech gadget: my Motorola Droid X
Fav part of SendHub: broadcasting & being able to organize contacts through text-to-join
Fav track story: I started running track my senior year of high school - 2 months later I was the state champion, and undefeated school record holder (I still hold the school record… 30+ years and counting)
Embarrassing prank call you fell for: oh boy…. one of athletes pranked me real bad once. I’d rather not tell. My wife will be mad if she has to relive it… he got us pretty good.
To learn more about CoachO, check out their website. We hope you enjoyed our Spotlight, and if you (or your company) want to be featured, send us a txt or email and tell us how YOU use SendHub :)
Garrett & the SendHub Team
Zach Segal, Product Designer
Hometown: Naples, FL
Unofficial job: Author of the ‘How To Read For Dummies’ book series & Senior National Executive Director at Pixel Engineering
Fun fact: If you brought the Sun down to the size of a white blood cell, and then brought everything else down to scale, our galaxy (the Milky Way), would be the size of the continental United States.
Best prank call you pulled off (or want to pull off): In middle school, I bought a programmable TV remote control watch that could turn on/off TVs, adjust volume, and a host of other tricks. My school only had Sony TVs, so my watch would control every TV in the school. Needless to say, I never told a soul, no one ever suspected anything or found out, and people thought the school TVs were haunted.
What’s your biggest texting pet peeve?: when people don’t finish their thou-