This weblog is no longer being maintained. All information here has been ported to EclecticEchoes.com. This site (heupel.com/eclectic) remains only for archival purposes.
It seems the rumors of Diebold ATM’s having been infected with a worm were true. Considering that their voting machines are based on a similar code base (Windows) we should trust these people and their black box systems with handling our vote?
Of course I personally don’t understand why an ATM needs to run Windows as a base operating system at all. Technically the requirements for an ATM like device are very narrowly defined and could be handled very well by a low power embedded device with very restricted code base. Even better – but not a source of the worm infection — would be to have the code run from a write protected compact flash device or a mini-cd.
This is not only an example of Diebold’s untrustworthiness but also another example of monolithic software causing problems. While basing a device off Windows XP or Windows XP Embedded can reduce development time it opens up the device to many, if not all, of the same security risks that affect desktop Windows, which by virtue of being the dominant operating system on the planet is also the target of 90% of the security hacks and worms. While basing the devices on a reduced footprint Linux or BSD would also reduce time to market, and expose the device to certain security issues, at least with a Linux or BSD core developers could strip all non-essential services from the source entirely thus reducing vulnerability.
It seems IBM agrees in some way as they have announced that they will be discontinuing support for OS/2 including on ATM devices, recommending instead that vendors turn to Linux. Naturally Microsoft is taking advantage of the shift in IBM’s OS/2 plan to push for vendors to turn to Windows XP and XP embedded.