Firestarter
Sunday, November 16. 2008
Every now and then I come across a picture that really makes me say "wow".
On the web, most pictures that are "wow" are usually photoshopped. I've been trying to automate many of the manual heuristics that I developed for evaluating images. My automated tools flagged this image as "manipulated" -- digitally enhanced. However, something didn't seem right. The crisp edges, or blurry boundaries, expected around image splicing isn't there, even though the different error levels are present. Although PCA identifies that the colors are off and luminance gradient finds linear coloring (synonymous with modification), wavelets identify no splicing. And a visual assessment finds other oddities. For example, Cynthia Baron noticed a few things:
Since there are conflicting findings, I decided to contact the photographer...
Dave Roth is an exceptional photographer. I analyzed some pictures from his blog and found no sign of manipulation. Usually when someone modifies a photo, they don't stop with just one.
I was really impressed with the speed that he wrote back to me:
He was also gracious enough to send me the original photo from the camera. (Same big picture found at Zooomr, but prior to Zooomr resaving the image.) This original matched the quantization tables for the camera and shows no sign of manipulation -- it tests as real. It also looks like the picture on the web! So why does the web picture test positive for manipulation?
Edits come in a variety of forms -- and not all are malicious. In this case, it appears that JPG Magazine did a few simple modifications that ended up making the entire image test as "digitally enhanced". (Below is the picture from Dave Roth. Mouse over the image to see the JPG Magazine photo at the same size. If they look the same to you, then try turning up the brightness on your monitor.)
Here's what Cynthia Baron, Chris Hanson, and I can piece together:
JPG Magazine could not be reached for comment or validation of the manipulation.
Having gone through this exercise, I am amazed that I could identify the image as being manipulated. Even without any intended deception, the enhancements are detectable.
On the web, most pictures that are "wow" are usually photoshopped. I've been trying to automate many of the manual heuristics that I developed for evaluating images. My automated tools flagged this image as "manipulated" -- digitally enhanced. However, something didn't seem right. The crisp edges, or blurry boundaries, expected around image splicing isn't there, even though the different error levels are present. Although PCA identifies that the colors are off and luminance gradient finds linear coloring (synonymous with modification), wavelets identify no splicing. And a visual assessment finds other oddities. For example, Cynthia Baron noticed a few things:
There is a small light corner to the left of the child's left eye that looks to me to be left over from the child photo's original background.
The right eye shows signs of having been altered. The inside corder is too light and not quite the right color, and there is something suspicious to me about the extreme positioning of the iris.
Since there are conflicting findings, I decided to contact the photographer...
The Photographer
Dave Roth is an exceptional photographer. I analyzed some pictures from his blog and found no sign of manipulation. Usually when someone modifies a photo, they don't stop with just one.
I was really impressed with the speed that he wrote back to me:
I took this photo back in early 2005 with a Minolta (maybe it was Konica Minolta by then) Dimage 7Hi, that was about a year old at the time.
As far as edits go, I don't think I did any, actually. I know I didn't own photoshop then. I bought Elements in January 2008, and this photo has been posted on three sites legally: Zooomr, Flickr, and JPG Magazine since long before then.
He was also gracious enough to send me the original photo from the camera. (Same big picture found at Zooomr, but prior to Zooomr resaving the image.) This original matched the quantization tables for the camera and shows no sign of manipulation -- it tests as real. It also looks like the picture on the web! So why does the web picture test positive for manipulation?
Photo Edits
Edits come in a variety of forms -- and not all are malicious. In this case, it appears that JPG Magazine did a few simple modifications that ended up making the entire image test as "digitally enhanced". (Below is the picture from Dave Roth. Mouse over the image to see the JPG Magazine photo at the same size. If they look the same to you, then try turning up the brightness on your monitor.)
Here's what Cynthia Baron, Chris Hanson, and I can piece together:
- The image was scaled smaller. The original was 2560x1920, but the one at JPG Magazine is 658x493. When an image is scaled (larger or smaller), every pixel is modified. This caused the error level analysis to identify the image as being modified, but wouldn't fool most of the other analysis methods.
- The image was recolored darker, and the recoloring is not linear. Print magazines usually try a test page and then perform a color correction so that the image looks better in printed materials. The modification isn't malicious; it is a regular practice. Otherwise, dark images may print too dark, and light ones may be too faint.
Another option is that an upload service may have acted as an intermediary and recolored the image.
In either case, the recoloring with scaling caused the changes detected by luminance gradient and PCA. It also accounts for the differences in the eyes; the eyes went from brown to black, one specular vanished, and the coloring in the sclera compressed to form a faux reflection.
- Rather than posting the original picture to the web, JPG Magazine posted the color-adjusted print-copy to the web. Thus, posting a modified image.
JPG Magazine could not be reached for comment or validation of the manipulation.
Having gone through this exercise, I am amazed that I could identify the image as being manipulated. Even without any intended deception, the enhancements are detectable.
Skype Logs
Monday, November 10. 2008
The 2008 DC3 Forensic Challenge has ended, but the results won't be posted for a few weeks. The DC3 included some easy challenges, some moderate, and a few that were very hard.
The DC3 actually has a (not so) secret agenda for the contest. They want to collect tools and techniques. For things that they know how to solve, they want alternate solutions. This way, if they come across some situation where their own solution does not work, they can use an alternative.
In other cases, they have solutions but are looking for something better. And a few of the challenges are because they don't know a solution.
The first year that the DC3 held the Challenge, they had a problem that they didn't know how to solve. This was a CD-ROM that was physically cut. They didn't know how to get the data off of it. They ended up getting 11 different solutions! (I think mine was the cheapest -- double-back tape and super glue.)
In exchange for solving the problems, the highest scoring teams get serious bragging rights. The winning team gets treated to the DoD's Cyber Crime Conference.
The Challenge has one critical rule for getting full credit. If you use an open source tool to solve any of the puzzles, you must turn it in with your solutions. If you use commercial software, then you don't have to provide it but you must say what you used. And if you make any software for solving a challenge, then you must turn in the code. You still own the copyright, but they have permission to use it.
It's that last item that always makes me think twice. While I like the folks from the DC3, they are a government organization. It is against my beliefs to give free software to the government.
Thus, I feel that I must make any custom software public.
One of the challenges this year concerned Skype logs. Keep in mind, I don't know if the DC3 didn't have a solution, wanted a better solution, or just thought that this would be a fun challenge. They provided a number of Skype logs. The challenge was to extract the contents.
Since I couldn't find any tools for extracting log entries, I ended up building my own. And since I don't believe in giving the DC3 exclusive access, here is the source code: skypelog.c.
(I would have released the source code months ago, except that I didn't want to give hints to other teams.)
Skype uses binary log files (.dbb) that are undocumented. While a few people have tried to reverse-engineer the format, their findings are either wrong or incomplete.
The actual file format is nowhere near as complicated as these documents make it sound.
Skype database files follow a basic tag-data format, with a flag to identify data. There are two parts to each file:
The files themselves are separated by record size. For example, if the record is 256 bytes or smaller, then it is stored in a 256 byte block and separated into a filename that contains "256" in the name.
If the record is larger than 256 but smaller than 512 bytes, then it goes into chat512.dbb, chatmsg512.dbb, etc. This means, a single conversation is likely split across multiple files.
To put together the whole conversation, you need all of the parts. An easy way to assemble them:
or
This exacts data from each of the files, then uses sort to put them in the proper order (grouped by session and then date).
To just see the time, sender, and message:
Each conversation includes a session ID. For example:
Let's assume you only have one of the chat files. How much of the conversation are you missing?
Each of the chat lines (chatmsg*.dbb) contains a Log ID. (Denoted by this program with "LogId:".) The maximum ID is stored in the basic chat file (e.g., chat256.dbb or chat512.dbb). Each line in chatmsg*.dbb should have a Log ID that increments by one. Thus, you can count the number of missing lines.
HOWEVER: Watch the timestamps! Each time the user reconnects, the Log ID seems to restart. Thus: Sort by date THEN by Log. And then watch for missing sequences in the Log ID.
(Best way to use the Log ID: if two lines happen in the same second, then use the Log ID to find which one came a fraction faster.)
Finally: This parsing was found by reverse-engineering existing logfiles. There are plenty of bytes that are skipped (use -vvv to see them) and they may have important meanings. Even the blocking at 0x03 may not be accurate. (There may be a better way to identify data segments.)
To see the unknown stuff, use -vvv.
Finally, if you happen to see a poorly labeled tag, know how to parse other items, or have other suggestions, please let me know. I don't mind updating this program.
The DC3 actually has a (not so) secret agenda for the contest. They want to collect tools and techniques. For things that they know how to solve, they want alternate solutions. This way, if they come across some situation where their own solution does not work, they can use an alternative.
In other cases, they have solutions but are looking for something better. And a few of the challenges are because they don't know a solution.
The first year that the DC3 held the Challenge, they had a problem that they didn't know how to solve. This was a CD-ROM that was physically cut. They didn't know how to get the data off of it. They ended up getting 11 different solutions! (I think mine was the cheapest -- double-back tape and super glue.)
In exchange for solving the problems, the highest scoring teams get serious bragging rights. The winning team gets treated to the DoD's Cyber Crime Conference.
Rules
The Challenge has one critical rule for getting full credit. If you use an open source tool to solve any of the puzzles, you must turn it in with your solutions. If you use commercial software, then you don't have to provide it but you must say what you used. And if you make any software for solving a challenge, then you must turn in the code. You still own the copyright, but they have permission to use it.
It's that last item that always makes me think twice. While I like the folks from the DC3, they are a government organization. It is against my beliefs to give free software to the government.
Thus, I feel that I must make any custom software public.Skype Logs
One of the challenges this year concerned Skype logs. Keep in mind, I don't know if the DC3 didn't have a solution, wanted a better solution, or just thought that this would be a fun challenge. They provided a number of Skype logs. The challenge was to extract the contents.
Since I couldn't find any tools for extracting log entries, I ended up building my own. And since I don't believe in giving the DC3 exclusive access, here is the source code: skypelog.c.
(I would have released the source code months ago, except that I didn't want to give hints to other teams.)
DBB File Format
Skype uses binary log files (.dbb) that are undocumented. While a few people have tried to reverse-engineer the format, their findings are either wrong or incomplete.
The actual file format is nowhere near as complicated as these documents make it sound.
Skype database files follow a basic tag-data format, with a flag to identify data. There are two parts to each file:
- The Header. The 1st 16 bytes are a basic header. The first four bytes are "1331", denoting the start of a record. The next four bytes are the record size, then comes the 4-byte session ID. I don't know what the final four bytes are, but you can skip them.
- The Data. The rest of the file contains data records. All content begins with 0x03. Read the data until you hit an 0x03. This does not need to be on the even byte offset!
- If the byte is a 0x03, then it is followed by a number. Numbers are in a 7-bit format. The MSB identifies whether it is the last byte in the number sequence. (If the MSB is set (Byte & 0x80), then it is not the last byte in the number. If the MSB is clear, then it is the last byte in the number.) This number identifies the TYPE of the data field.
- All bytes after the type are the data for the field.
- All data sections end with 0x00, 0x01, 0x02, or 0x03. If it is 0x03, then it denotes a new dataset immediately after the last data set. Process this next set of data. If it is 0x00, then the next bytes are junk. Read until you hit another 0x03.
- If the byte is a 0x03, then it is followed by a number. Numbers are in a 7-bit format. The MSB identifies whether it is the last byte in the number sequence. (If the MSB is set (Byte & 0x80), then it is not the last byte in the number. If the MSB is clear, then it is the last byte in the number.) This number identifies the TYPE of the data field.
The files themselves are separated by record size. For example, if the record is 256 bytes or smaller, then it is stored in a 256 byte block and separated into a filename that contains "256" in the name.
call256.dbb
callmember256.dbb
chat256.dbb
chatmsg256.dbb <-- the actual chat log
If the record is larger than 256 but smaller than 512 bytes, then it goes into chat512.dbb, chatmsg512.dbb, etc. This means, a single conversation is likely split across multiple files.
To put together the whole conversation, you need all of the parts. An easy way to assemble them:
./skypelog chatmsg256.dbb chatmsg512.dbb charmsg1024.dbb | sort
or
./skypelog chatmsg*.dbb | sort
This exacts data from each of the files, then uses sort to put them in the proper order (grouped by session and then date).
To just see the time, sender, and message:
skypelog chatmsg*.dbb | sort | awk -F| '{print $2 "|" $3 "|" $4}'
Each conversation includes a session ID. For example:
#useralice/$userbob;12345678abcdef10
- The first name is the caller.
- The second name is the recipient of the call.
- The 16 hex digits is a unique ID. This ID appears to change with each new connection.
- The Session is also listed in the chat log (e.g., chat256.dbb or chat512.dbb).
Let's assume you only have one of the chat files. How much of the conversation are you missing?
Each of the chat lines (chatmsg*.dbb) contains a Log ID. (Denoted by this program with "LogId:".) The maximum ID is stored in the basic chat file (e.g., chat256.dbb or chat512.dbb). Each line in chatmsg*.dbb should have a Log ID that increments by one. Thus, you can count the number of missing lines.
HOWEVER: Watch the timestamps! Each time the user reconnects, the Log ID seems to restart. Thus: Sort by date THEN by Log. And then watch for missing sequences in the Log ID.
skypelog chatmsg*.dbb | \
awk -F| '{print $2"|"$5"|"$3"|"$4"|"$6"|"$7 }' | \
sort
(Best way to use the Log ID: if two lines happen in the same second, then use the Log ID to find which one came a fraction faster.)
Knowing the Unknown
Finally: This parsing was found by reverse-engineering existing logfiles. There are plenty of bytes that are skipped (use -vvv to see them) and they may have important meanings. Even the blocking at 0x03 may not be accurate. (There may be a better way to identify data segments.)
To see the unknown stuff, use -vvv.
[num] = identified number for type of data
*byte* = byte skipped because the type of data is unknown.
{bytes} = bytes skipped because it is outside of an identified data set.
Finally, if you happen to see a poorly labeled tag, know how to parse other items, or have other suggestions, please let me know. I don't mind updating this program.
A Fire In Their Heart
Thursday, November 6. 2008
Earlier today, North Korea released a second set of photos that feature Kim Jong Il. As first reported in my blog, these photos appear to show the dictator, but do not identify when the pictures were taken. They could be months, or even a few years old.
When I first saw the pictures this morning, I attempted to identify when and where the photos were taken based on the shadows. (There is some really cool math concerning shadow angles, but I need a photo that shows a right-angle shadow.)Unfortunately, the shadows are really low resolution and I couldn't pull anything out.
Update 2008-11-07: I finally worked out the math for the shadow angle. This photo was taken sometime between early-April and early-May, or mid-August to early September. I don't know the year. Kim Jong Il had his stroke on 14-Aug-2008. For this to be a photo after his stroke, it would have to be immediately after his stroke and before recovering from his surgery. Thus, this picture was taken before his stroke.
Anyway... my friend Xenon directed me toward an interested report from the Times Online. It seems, some amateur photo sleuth thinks one of the photos has been manipulated. However, I think the conclusion is wrong.
Here's a big version of the photo from Reuters. Unfortunately, I cannot find a higher quality version.
The investigator, only identified as "Anthony, from Kuala Lumpur in Malaysia", reportedly had the following comment: "Notice how the shadow of Kim's legs is vertical while those of the troops on both sides of him are at an angle." The Times Online included a photo with a highlight of the area:
Shadows do really interesting things depending on topography and distance. Depending on the distance, the shadow may appear vertical or angled. In this case, the shadow from Kim Jong Il's head is at the same angle as the shadows from every other head. (Look closely at the image below; I drew the connector in red and then copied the connector between different people.) He does not appear "added". And Kim Jong Il is not the only person with an "inconsistent shadow" around his feet. Two and four people to the right have near-vertical and vertical shadows.
So how can this happen? The images are really low quality, so nothing is conclusive. The white step appears to have ripples. If it is fabric, then it could be bent enough for the shadows to appear straight. Alternately, the people in the front row may not all be the same distance from the step. If Kim Jong Il and the two other people are a little closer to the step, then the shadow may appear straight. And the people on the far right may be further out, causing all of their shadows to overlay.
There is also the "baggy" factor. The people with baggy pants may be casting shadows that appear straight. (Yes, depending on the angle, a bent item can cast a straight shadow.) Kim Jong Il and the two other people have straight-legged, baggy pants that would cast different shadows.
So what do we have here...
Is the picture photoshopped? I doubt it. Without a higher quality image, I'm strongly suspecting that it is real. (Also, in order to photoshop an image, you need Photoshop -- and I kind of doubt that North Korea has a copy.)
Is it a body double? No way of knowing. There are so few photos of Kim Jong Il and this is such a low resolution, we really cannot tell.
Is it recent? Probably not. I suspect that it is 1-2 years old, but there is just not enough information to tell.
Did the Times Online make a story out of a false speculation on a conspiracy from an anonymous person? Definitely. Shame on the them.
When I first saw the pictures this morning, I attempted to identify when and where the photos were taken based on the shadows. (There is some really cool math concerning shadow angles, but I need a photo that shows a right-angle shadow.)
Update 2008-11-07: I finally worked out the math for the shadow angle. This photo was taken sometime between early-April and early-May, or mid-August to early September. I don't know the year. Kim Jong Il had his stroke on 14-Aug-2008. For this to be a photo after his stroke, it would have to be immediately after his stroke and before recovering from his surgery. Thus, this picture was taken before his stroke.
Anyway... my friend Xenon directed me toward an interested report from the Times Online. It seems, some amateur photo sleuth thinks one of the photos has been manipulated. However, I think the conclusion is wrong.
Here's a big version of the photo from Reuters. Unfortunately, I cannot find a higher quality version.
The investigator, only identified as "Anthony, from Kuala Lumpur in Malaysia", reportedly had the following comment: "Notice how the shadow of Kim's legs is vertical while those of the troops on both sides of him are at an angle." The Times Online included a photo with a highlight of the area:
Shadows do really interesting things depending on topography and distance. Depending on the distance, the shadow may appear vertical or angled. In this case, the shadow from Kim Jong Il's head is at the same angle as the shadows from every other head. (Look closely at the image below; I drew the connector in red and then copied the connector between different people.) He does not appear "added". And Kim Jong Il is not the only person with an "inconsistent shadow" around his feet. Two and four people to the right have near-vertical and vertical shadows.
So how can this happen? The images are really low quality, so nothing is conclusive. The white step appears to have ripples. If it is fabric, then it could be bent enough for the shadows to appear straight. Alternately, the people in the front row may not all be the same distance from the step. If Kim Jong Il and the two other people are a little closer to the step, then the shadow may appear straight. And the people on the far right may be further out, causing all of their shadows to overlay.
There is also the "baggy" factor. The people with baggy pants may be casting shadows that appear straight. (Yes, depending on the angle, a bent item can cast a straight shadow.) Kim Jong Il and the two other people have straight-legged, baggy pants that would cast different shadows.
So what do we have here...
Is the picture photoshopped? I doubt it. Without a higher quality image, I'm strongly suspecting that it is real. (Also, in order to photoshop an image, you need Photoshop -- and I kind of doubt that North Korea has a copy.)
Is it a body double? No way of knowing. There are so few photos of Kim Jong Il and this is such a low resolution, we really cannot tell.
Is it recent? Probably not. I suspect that it is 1-2 years old, but there is just not enough information to tell.
Did the Times Online make a story out of a false speculation on a conspiracy from an anonymous person? Definitely. Shame on the them.
Running Totals
Tuesday, November 4. 2008
I'm going to use this blog entry as a running commentary of things that I notice during today's election.
Saturday Night Live actually offended me last night. (And not just because it wasn't Saturday.)
While a few skits featured Democrats, every skit featured Republicans. They didn't even feature an Obama-like character until the end.
Basically, the Republicans complained about Obama paying for a 30-minute infomercial. While some complaints were about the content, other complaints simply declared it as pompus. This criticism about a 30-minute Democrat infomercial is then followed by a two-hour Republican parody.
In the ad world, any ad is a good ad -- it does not matter if it is a spoof or real. The two-hour SNL special was more about promoting Republicans than comedy.
Even worse: most of the SNL clips were not funny! SNL has plenty of political skits that were hysterical, but many featured Democrats. (Chevy Chase playing Gerold Ford was the first-ever SNL spoof of an election. It was a riot. And ended up costing Ford the election...)
Neal's opinion? SNL and NBC are making a subtle message to support Republicans.
So I'm sure that it is just a coincidence that LAST NIGHT, Palin was cleared of Troopergate. Then again, the same conspiratorial attitude can say, "I'm sure that it is just a coincidence that Obama's Grandmother died Sunday night. Anything to get the sympathy vote."
As I am writing this, CNN.com has a flash animation to track votes. However, it does not display correctly with Firefox. The middle graphic (Map) covers the right graphic (McCain), so all you see is Obama (left graphic) and the map.
DarkFlib (that's his nick) is reporting that Firefox 3.0.3 on Win XP with flash 9,0,124,0 works, but Centos 5 (Firefox 3.0.2 with flash 9.0.115.0) and flash 9.0.124.0 both fail the same way.
News outlets are reporting about an interesting problem in Florida. In Florida, some machines are rejecting votes when the voter does not fill out the second page. The second page contains proposed amendments to the Florida constitution. Pollsters are sending voters back to the booths to complete the ballots, or are manually re-entering the votes in order to override the error.
I see a few problems here. First, can't voters abstain? Valdis mentioned that a "good UI practice would say that for important things like proposed amendments, either a 'yes/no' should be required, or a specific 'abstain' button should be provided." However, it seems that you cannot abstain in Florida.
The bigger problem, as I see it, is that "someone" is actually reviewing how people vote, before votes are turned in! In Colorado, we have "security envelopes" -- the poll worker never sees how you voted. If you left lots of blanks, they don't know and your votes are counted. In Florida, it seems that a person is looking at your votes before you turn it in. (CNN says voters are being sent back to booths to fill out the second page.)
So... if votes are not counted unless everything is filled out, then we have a potential for abuse. Consider this: the reviewer sees that you're voting for his favorite candidate but you forgot page 2. He sends you back to complete the form. In contrast, he sees that you're voting for the opposition and forgot page 2. He submits your form knowing that it will be rejected if it is not completed.
Or maybe the pollster just tells people how to vote. ("You should have filled out that bubble instead.") And if pollsters are re-entering votes, then why not change things? In any case, the voting and ballots certainly do not look "secret" or "fair" in Florida.
It's late, but the results are in. After all of the dirty campaigning and undesirable undertones, it is finally over. A few things really impressed me this evening. First, there were very few reports of voter irregularities. Unlike four years ago, there were no widespread accusations or accounts of voter fraud.
Second, long before the majority of precincts reported in, McCain gracefully conceded to Obama. Although he did get boos from the audience a few times, and a few loudmouths shouted out hateful statements, McCain did appear to try to patch the rift that had formed during the campaign.
Third, Colorado didn't have the 80/20 split I expected, but it was larger than the 51/49 split that would suggest widespread voter fraud.
Looking over the various county maps, it appears that Obama won most of the heavily populated cities and counties, but McCain won in the rural areas. And in many counties, the differences were by only a few votes. For example, in the battle ground state of Missouri, the difference was fewer than 20,000 votes (out of nearly 2 million votes).
Had McCain won, he would have had an uphill battle. He did not have a strong party support and both the House and Senate just went to Democratic majorities. Nobody is perfect, and every step he could take would be compared against the previous administration.
Obama, on the other hand, will have one of the easiest Presidencies in more than a generation. He won by both popular and electoral votes, he has his party's support, and his party controls both the House and Senate. On top of this, no matter how badly he screws up, he will always look good when compared to the Bush administration.
As for me, I'm going back to blogging about the stuff I really enjoy: computer security and forensics.
TV Time!
Saturday Night Live actually offended me last night. (And not just because it wasn't Saturday.)
While a few skits featured Democrats, every skit featured Republicans. They didn't even feature an Obama-like character until the end.
Basically, the Republicans complained about Obama paying for a 30-minute infomercial. While some complaints were about the content, other complaints simply declared it as pompus. This criticism about a 30-minute Democrat infomercial is then followed by a two-hour Republican parody.
In the ad world, any ad is a good ad -- it does not matter if it is a spoof or real. The two-hour SNL special was more about promoting Republicans than comedy.
Even worse: most of the SNL clips were not funny! SNL has plenty of political skits that were hysterical, but many featured Democrats. (Chevy Chase playing Gerold Ford was the first-ever SNL spoof of an election. It was a riot. And ended up costing Ford the election...)
Neal's opinion? SNL and NBC are making a subtle message to support Republicans.
Talk About Timing!
So I'm sure that it is just a coincidence that LAST NIGHT, Palin was cleared of Troopergate. Then again, the same conspiratorial attitude can say, "I'm sure that it is just a coincidence that Obama's Grandmother died Sunday night. Anything to get the sympathy vote."
Bias or Bug
As I am writing this, CNN.com has a flash animation to track votes. However, it does not display correctly with Firefox. The middle graphic (Map) covers the right graphic (McCain), so all you see is Obama (left graphic) and the map.
DarkFlib (that's his nick) is reporting that Firefox 3.0.3 on Win XP with flash 9,0,124,0 works, but Centos 5 (Firefox 3.0.2 with flash 9.0.115.0) and flash 9.0.124.0 both fail the same way.
WTF: Florida
News outlets are reporting about an interesting problem in Florida. In Florida, some machines are rejecting votes when the voter does not fill out the second page. The second page contains proposed amendments to the Florida constitution. Pollsters are sending voters back to the booths to complete the ballots, or are manually re-entering the votes in order to override the error.
I see a few problems here. First, can't voters abstain? Valdis mentioned that a "good UI practice would say that for important things like proposed amendments, either a 'yes/no' should be required, or a specific 'abstain' button should be provided." However, it seems that you cannot abstain in Florida.
The bigger problem, as I see it, is that "someone" is actually reviewing how people vote, before votes are turned in! In Colorado, we have "security envelopes" -- the poll worker never sees how you voted. If you left lots of blanks, they don't know and your votes are counted. In Florida, it seems that a person is looking at your votes before you turn it in. (CNN says voters are being sent back to booths to fill out the second page.)
So... if votes are not counted unless everything is filled out, then we have a potential for abuse. Consider this: the reviewer sees that you're voting for his favorite candidate but you forgot page 2. He sends you back to complete the form. In contrast, he sees that you're voting for the opposition and forgot page 2. He submits your form knowing that it will be rejected if it is not completed.
Or maybe the pollster just tells people how to vote. ("You should have filled out that bubble instead.") And if pollsters are re-entering votes, then why not change things? In any case, the voting and ballots certainly do not look "secret" or "fair" in Florida.
Impressed
It's late, but the results are in. After all of the dirty campaigning and undesirable undertones, it is finally over. A few things really impressed me this evening. First, there were very few reports of voter irregularities. Unlike four years ago, there were no widespread accusations or accounts of voter fraud.
Second, long before the majority of precincts reported in, McCain gracefully conceded to Obama. Although he did get boos from the audience a few times, and a few loudmouths shouted out hateful statements, McCain did appear to try to patch the rift that had formed during the campaign.
Third, Colorado didn't have the 80/20 split I expected, but it was larger than the 51/49 split that would suggest widespread voter fraud.
Looking over the various county maps, it appears that Obama won most of the heavily populated cities and counties, but McCain won in the rural areas. And in many counties, the differences were by only a few votes. For example, in the battle ground state of Missouri, the difference was fewer than 20,000 votes (out of nearly 2 million votes).
Had McCain won, he would have had an uphill battle. He did not have a strong party support and both the House and Senate just went to Democratic majorities. Nobody is perfect, and every step he could take would be compared against the previous administration.
Obama, on the other hand, will have one of the easiest Presidencies in more than a generation. He won by both popular and electoral votes, he has his party's support, and his party controls both the House and Senate. On top of this, no matter how badly he screws up, he will always look good when compared to the Bush administration.
As for me, I'm going back to blogging about the stuff I really enjoy: computer security and forensics.
