Investigation Finds ‘Little Oversight’ Over Crucial Supply Chain for US Election Software
For example, to replace New Hampshire’s old voter registration database, state election officials “turned to one of the best — and only — choices on the market,” Politico: “a small, Connecticut-based IT firm that was just getting into election software.”
But last fall, as the new company, WSD Digital, raced to complete the project, New Hampshire officials made an unsettling discovery: The firm had offshored part of the work. That meant unknown coders outside the U.S. had access to the software that would determine which New Hampshirites would be welcome at the polls this November.
The revelation prompted the state to take a precaution that is rare among election officials: It hired a forensic firm to scour the technology for signs that hackers had hidden malware deep inside the coding supply chain. The probe unearthed some unwelcome surprises: software misconfigured to connect to servers in Russia [“probably by accident,” they write later] and the use of open-source code — which is freely available online — overseen by a Russian computer engineer convicted of manslaughter, according to a person familiar with the examination and granted anonymity because they were not authorized to speak about it… New Hampshire officials say the scan revealed another issue: A programmer had hard-coded the Ukrainian national anthem into the database, in an apparent gesture of solidarity with Kyiv.
None of the findings amounted to evidence of wrongdoing, the officials said, and the company resolved the issues before the new database came into use ahead of the presidential vote this spring. This was “a disaster averted,” said the person familiar with the probe, citing the risk that hackers could have exploited the first two issues to surreptitiously edit the state’s voter rolls, or use them and the presence of the Ukrainian national anthem to stoke election conspiracies. [Though WSD only maintains one other state’s voter registration database — Vermont] the supply-chain scare in New Hampshire — which has not been reported before — underscores a broader vulnerability in the U.S. election system, POLITICO found during a six-month-long investigation: There is little oversight of the supply chain that produces crucial election software, leaving financially strapped state and county offices to do the best they can with scant resources and expertise.
The technology vendors who build software used on Election Day face razor-thin profit margins in a market that is unforgiving commercially and toxic politically. That provides little room for needed investments in security, POLITICO found. It also leaves states with minimal leverage over underperforming vendors, who provide them with everything from software to check in Americans at their polling stations to voting machines and election night reporting systems. Many states lack a uniform or rigorous system to verify what goes into software used on Election Day and whether it is secure.
The article also points out that many state and federal election officials “insist there has been significant progress” since 2016, with more regular state-federal communication. “The Cybersecurity and Infrastructure Security Agency, now the lead federal agency on election security, didn’t even exist back then.
“Perhaps most importantly, more than 95% of U.S. voters now vote by hand or on machines that leave some type of paper trail, which officials can audit after Election Day.”
Read more of this story at Slashdot.
Python Developer Survey: 55% Use Linux, 6% Use Python 2
Some interesting findings:
Though Python 2 reached “end-of-life” status in April of 2020, last year’s survey found 7% of respondents were still using Python 2. This year’s survey found that number has finally dropped… to 6%.
“Almost half of Python 2 holdouts are under 21 years old,” the survey results point out, “and a third are students. Perhaps courses are still using Python 2?”
Meanwhile, 73% are using one of the last three versions of Python (3.10, 3.11, or 3.12)
“The share of developers using Linux as their development environment has decreased through the years: compared with 2021, it’s dropped by 8 percentage points.” [The graphic is a little confusing, showing 55% using Linux, 55% using Windows, 29% on MacOS, 2% on BSD, and 1% on “Other.”]
Visual Studio Code is the most popular IDE (22%), followed by Jupyter Notebook (20%) and Vim (17%). The next-most popular IDEs were PyCharm Community Edition (13%), JupyterLab (12%), NotePad++ (11%) and Sublime Text (9%). Interestingly, just 23% of the 25,000 respondents said they only used one IDE, with 38% saying they used two, 21% using three, and 19% using four or more. [The annual survey is a collaboration between the Python Software Foundation and JetBrains.]
37% said they’d contributed to open-source projects within the last year. (77% of those contributed code, while 38% contributed documentation, 35% contributed governance/leadership/maintainer duties, and 33% contributed tests…)
For “age range,” nearly one-third (32%) said 21-29 (with another 8% choosing 18-20). Another 33% said 30-39, while 16% said 40-49, 7% said 50-59, and 3% chose “60 or older.”
49% of respondents said they had less than two years of programming experience, with 33% saying “less than 1 year” and 16% saying “1-2 years.” (34% of developers also said they practiced collaborative development.)
And here’s how the 25,000 developers answered the question: how long have you been programming in Python?
Less than 1 year: 25%
1-2 years: 16%
3-5 years: 26%
6-10 years: 19%
11+ years: 13%
So what are they doing with Python? Among those who’d said Python was their main language:
Data analysis: 44%
Web development: 44%
Machine learning: 34%
Data engineering: 28%
Academic research: 26%
DevOps / Systems administration / Writing automation scripts 26%
Programming of web parsers / scrapers / crawlers: 25%
62% were “fully employed by a company,” while the next-largest category was “student” (12%) with another 5% in “working student”. There were also categories for “self-employed” (6%), “freelancer” (another 6%), and “partially employed by a company” (4%). Another 4% said they were unemployed.
In other news, the Python Software Foundation board has also “decided to invest more in connecting and serving the global Python community” by hosting monthly “office hours” on their Discord channel.
Read more of this story at Slashdot.
Tech Worker Builds Free AI-Powered Tool For Fighting US Health Insurance Denials
“A Fight Health Insurance user can scan their insurance denial, and the system will craft several appeal letters to choose from and modify.”
With the slogan “Make your health insurance company cry too,” [San Francisco tech worker Holden Karau’s site] makes filing appeals faster and easier. A recent study found that Affordable Care Act patients appeal only about 0.1% of rejected claims, and she hopes her platform will encourage more people to fight back…
The “dirty secret” of the insurance industry is that most denials can be successfully appealed, according to Dr. Harley Schultz, a patient advocate in the Bay Area. “Very few people know about the process, and even fewer take advantage of it, because it’s rather cumbersome, arcane, and confusing, by design,” he said. “But if you fight hard enough and long enough, most denials get overturned….”
While some doctors have turned to artificial intelligence themselves to fight claims, Karau’s service puts the power in the hands of patients, who likely have more time and motivation to dedicate to their claims. “In an ideal world, we would have a different system, but we don’t live in an ideal world, so what I’m shooting for here is incremental progress and making the world suck a little less,” she said.
Karau estimates she’s spent about $10,000 building the platform, according to the article, which adds that “it’s free for users, though she might eventually charge for added services like faxing appeals.”
Thanks to Slashdot reader mirro_dude for sharing the news.
Read more of this story at Slashdot.
‘Is It Ethical to Have Children in the Face of Climate Change?’
And they start by noting many people ask that question:
A Pew Research Survey published in July found that among U.S. adults aged 18 to 49 who don’t plan on having kids, more than a quarter — 26% — cited “concerns about the environment, including climate change,” as a major factor. Of the people over 50 who did not have kids, 6% cited the same reason, pointing to a generational divide that may be fueled by growing awareness of the issue, as well as increasing exposure to worsening climate hazards…
I worry about the well-being of these kids: What kind of world will they live in? Will there be clean air and water? Will it be too hot or smoky to play outside? (To be blunt, the outlook on these matters doesn’t look great under most emissions scenarios.) But the other side of the coin involves the well-being of the planet. Is it wrong to add more people at a moment when resources are so strained — when, say, the Colorado River is shrinking to record lows and the global average temperature is soaring to record highs? Each new child, after all, will bring not only a cute little footprint but a carbon footprint as well…
[T]he fact is that climate change is also affecting reproduction. Hotter temperatures and air pollution, for instance, have been linked to increased stillbirths, preterm births, lower birth weight and increased risk of hospitalization for newborns and infants, among other negative outcomes. Pregnant people are also especially vulnerable to climate hazards, which can trigger hypertension and other health issues and contribute to reduced fertility rates.
The newsletter makes many other points, but ultimately concludes that “children, after all, are one of the clearest symbols of how we, as a society, feel about the future.” And it includes this quote from the book The Quickening, in which author Elizabeth Rush visits the melting Thwaites Glacier in Antarctic.
“I can celebrate the idea that to have a child means having faith that the world will change, and more importantly, committing to being a part of the change yourself.”
Read more of this story at Slashdot.
Wells Fargo Worker Dies At Desk, Nobody Notices For Four Days
Prudhomme’s cubicle was on the third floor of the building, tucked away from any main thoroughfares that employees would use to travel between departments. On top of that, most employees at the Tempe Wells Fargo location worked remotely, significantly cutting down the chance of someone finding her body.
Tempe police and the Maricopa County Medical Examiner didn’t detect any signs of foul play, but the woman’s official cause of death remains to be seen. Wells Fargo has said that they’re going to look into their internal procedures to make sure employees receive some kind of check-in to make sure they’re not, you know, dead.
Read more of this story at Slashdot.
Apple Stands By Decision To Terminate Account Belonging To WWDC Student Winner
Appstun co-founder Batuhan Karababa says that he and the other co-founder had been trying to work with Apple over the App Store rejections. (Karababa tells us that he’s only the formal founder on paper.) “We responded transparently and collaborated with Apple to ensure our app doesn’t violate any guidelines. However, as the process continued, we began to face rejection for the issue that we thought we had already resolved in previous submissions. Apple didn’t find our solution good enough,” according to the announcement on Appstun’s website. The company went back and forth with App Review, receiving multiple rejections over an app for designing Apple Watch faces. In addition to a more standard watch face, Appstun also came up with a workaround that would allow it to offer more highly customizable watch faces. But these weren’t actually watch faces in the traditional sense, but rather custom images and animations that run independently of the App Watch face system. Essentially, the app would take over the screen showing an image that was similar to a watch face, allowing Appstun to offer more customization. Of course, running a custom animation in this way could drain the Apple Watch battery faster.
Apple was also concerned that customers wouldn’t understand that they weren’t running a normal watch face, and that Appstun deceived them by suggesting that’s what it was offering. Though Appstun added notifications to its app that these were not real watch faces, in an attempt to placate App Review, Apple instead decided to terminate the company’s developer account after repeated back-and-forth. The company pleaded on its website for any help in getting its developer account restored. According to Apple, there’s more to this story, and it thinks it made the correct decision. The iPhone maker said Appstun’s app repeatedly tried to mislead users into thinking that it offered features and functionality that it didn’t support and also marketed the app with deceptive ads, leading to negative app ratings and reviews. […] Apple pointed to its guideline 5.6 — a developer code of conduct — that warns developers that “repeated manipulative or misleading behavior or other fraudulent conduct will lead to your removal from the Apple Developer Program.”
Read more of this story at Slashdot.