Language Selection

English French German Italian Portuguese Spanish

CAVO encouraged by—and encouraging—state and local governments’ open source elections systems.

Filed under
OSS

According to CAVO, the PAVE Act, tendered by United States’ senators Ron Wyden of Oregon and Kamala Harris of California, includes provisions to address financial barriers that could be incurred by state and local governments evaluating open source options for their elections systems.

CAVO communications director Brent Turner explained, the PAVE bill sets a variety of cybersecurity standards, and requires every voting machine used by a state or local government to undergo testing to affirm those requirements are met. In addition to the standards set forth in PAVE, The Department of Homeland Security (DHS) also has their own requirements. PAVE directs DHS to undertake this testing, of both the standards included in PAVE and their own, on behalf of the state or local government.

Turner added, “Local and state governments are of course also free to set their own additional cybersecurity standards for voting machines used in their jurisdictions beyond those identified in PAVE and by DHS”. Section 2216 of the PAVE bill states that DHS will cover the costs to test any open source technology against state or local voting standards. Turner noted this is critical for the adoption of open source options as “proprietary providers of voting technology can easily foot the bill themselves to have their product tested for compliance with those state or local standards, but open source projects may not have the resources to fund the certification process, thus eliminating themselves from consideration by state and local jurisdictions.”

“In essence, the PAVE bill makes it easier for state and local governments to use open source technology, or, at least, to make sure the cost of certification doesn’t get in the way.”

Read more

Also today: Microsoft and the Pentagon Are Quietly Hijacking U.S. Elections

More in Tux Machines

Arc Menu Extension Now Lets You Pin Your Fave Apps to the Sidebar

If you’re a fan of the Arc menu extension for GNOME Shell you may be interested to hear that an update is on the way. A new version of the traditional-style app menu, which is particularly popular with Dash to Panel users, is currently pending approval over the GNOME Extensions website. What does it bring? Personalisation. Arc Menu replaces the full-screen app launcher in GNOME Shell with a more traditional ‘start menu’ design. It’s searchable, has bookmarks for important folders, shortcuts for key system actions, and lets you manage your session. It also lets you browse installed applications based one their category. The whole of the left-hand sidebar is dedicated to this purpose. Read more

Audiocasts/Shows: mintCast, Test and Code, LINUX Unplugged

Security: Mozilla Patch for Firefox and Getting Started with OpenSSL

  • Zero-Day Flaw In Firefox Is Getting Exploited By Hackers; Update Now!
    Mozilla has issued a warning of a zero-day flaw in Firefox browser that is currently being exploited in the wild. But the good news is that an emergency patch has been released for the same so you should update your browser now! The vulnerability was discovered by Google’s Project Zero security team...
  • Security vulnerabilities fixed in Firefox 67.0.3 and Firefox ESR 60.7.1
    A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.
  • Getting started with OpenSSL: Cryptography basics
    This article is the first of two on cryptography basics using OpenSSL, a production-grade library and toolkit popular on Linux and other systems. (To install the most recent version of OpenSSL, see here.) OpenSSL utilities are available at the command line, and programs can call functions from the OpenSSL libraries. The sample program for this article is in C, the source language for the OpenSSL libraries. The two articles in this series cover—collectively—cryptographic hashes, digital signatures, encryption and decryption, and digital certificates. You can find the code and command-line examples in a ZIP file from my website. Let’s start with a review of the SSL in the OpenSSL name.

Python: Leading, Developing for Android and New RCs

  • Leading in the Python community
    Naomi began her career in the Classics; she earned a PhD in Latin and Ancient Greek with a minor in Indo-European Linguistics, as she says, "several decades ago." While teaching Latin at a private school, she began tinkering with computers, learning to code and to take machines apart to do upgrades and repairs. She started working with open source software in 1995 with Yggdrasil Linux and helped launch the Fort Wayne, Indiana, Linux User Group.
  • What’s the Best Language for Android App Developers: Java or Python?
    Few things can be so divisive among developers as their choice of programming languages. Developers will promote one over the other, often touting their chosen language’s purity, speed, elegance, efficiency, power, portability, compatibility or any number of other features. Android app developers are no exception, with many developers divided between using Java or Python to develop their applications. Let’s look at these two languages and see which is best for Android app developers.
  • Python 3.7.4rc1 and 3.6.9rc1 are now available
    Python 3.7.4rc1 and 3.6.9rc1 are now available. 3.7.4rc1 is the release preview of the next maintenance release of Python 3.7, the latest feature release of Python. 3.6.9rc1 is the release preview of the first security-fix release of Python 3.6. Assuming no critical problems are found prior to 2019-06-28, no code changes are planned between these release candidates and the final releases. These release candidates are intended to give you the opportunity to test the new security and bug fixes in 3.7.4 and security fixes in 3.6.9. We strongly encourage you to test your projects and report issues found to bugs.python.org as soon as possible. Please keep in mind that these are preview releases and, thus, their use is not recommended for production environments.