Todd's Blog

The Tennessee Lottery posted a video on their web site that demonstrates the security features of their computerized drawing system, and makes claims about the audit trail of the drawings. 

I hope everyone gets a chance to see that video, because it is a great example of how the Tennessee Lottery cannot, in any shape or fashion, show you the actual drawing as it takes place.  All the stuff in that video is a smoke screen, designed to draw your attention to other areas in which they feel they have a firm footing.

It's really wonderful that they have 12 billion video cameras, but can one of them actually capture the method used to select the winning numbers?  Of course not!  It happens inside a computer!

The lottery crows about the fact that each drawing supposedly takes one and a half hours to conduct, and how they use reams of paper to document the drawings.

How is that a good thing?  I thought the whole point was that computers make the process better and more efficient. 

Instead of a nimble, efficient drawing process, they seem to have created a laborious, wasteful, and inefficient slog, in which two employees are dedicated to ticking off dozens of pages of checklists several times a day, and adding nothing of value to the process. 

With all those checklists and pre-draw activities, how did they overlook a colossal error like no doubles and triples being drawn for more than three weeks?

And what happened to the drawings being "exciting", as stated in their first press release?

As I watched the video, I visibly cringed every time the announcer claimed with complete certainty that there was no way for the computer system to be penetrated.  Are they for real?  Don't they know that computers can be hacked?

Every security expert who is worth their salt knows that there is no 100% effective security method.  There are only degrees of safety.  The object is to create the least possible risk. 

Stating that there is no risk is just plain wrong, and highly misleading.  It is a disservice to every citizen of Tennessee.  If the announcer was a security expert he would be laughed out of the business.  He points to the modem line that directly connects the drawing computers with television stations and states that there is no possible way for the modem lines to be hacked.  Dope!

Just the fact that the drawing computers are directly connected to any outside computers is a very poor design!

Despite the announcer claiming to have the only computer system in the world that is incapable of being hacked, I want to show that not only is the statement misleading, but from what I can see, then system is not designed with the proper level of safety protocols.

The drawing computer's line of communications should be designed as follows:

1. The sensitive drawing computer should only be connected to inside computers (internal network), and that inside network should only consist of the two drawing computers plus one dedicated controller computer.  The two drawing computers should not have any means of communicating directly with any other computer, other than the controller.
2. The internal network is then connected to another communications computer, which is not on the internal drawing network.  It is a highly firewalled connection, with only a single open port, through which the results are sent (not pulled) from the internal network's controller computer to the communications computer.
3. The communications computer can then dial up their TV stations to deliver the results.

The reason I am posting this level of detail is because I think it's important for me to back up the allegations I am making about the security weaknesses in their drawing system.

Let me show it to you in another way.

Here is a diagram of how their system currently appears to be connecting with TV stations to deliver the results:

There are several ways that would be acceptable for communicating lottery results to TV stations, but their method is not one of them.

Here is a layout of one method that would be acceptable:

Again, my point in all of this is to show how ridiculous the statements made by the announcer are.  And if you can't trust the statements about one part, can you trust the statements about another part?

The attitude of "we cannot be hacked" and "we cannot be wrong" is the exact attitude that lead to a drawing error that festered at the lottery for more than three weeks in August.  Instead of learning their lesson, the lottery continues to claim they are super-human, and the regular laws of physics do not apply to them.

One last point I'd like to make. 

The video itself is a mistake. 

The lottery basically gave a tour of their security features to the world.  The level of detail shown in the video is a bad idea, because it gives hackers a very good feel for how to attack the system.  ("Attack vectors")

I know in the mind of Hargrove that the video is a pre-emptive strike against anything that might be said against them in the oversight meeting next month.  It's designed to shut down opposition to their massive mistake -- the computerized drawing system.

Earlier in the month when they released some over-inflated monetary numbers for converting back to real drawings, that was another pre-emptive strike.

Hargrove:  instead of these pre-emptive attacks, how about a real dialog with the players?  And when they tell you where to put your computerized drawings, perhaps you should take it to heart, instead of trying to force the players to like it.

Everyone makes mistakes, even you.  Admit this mistake, and correct it.  You will come out a hero if you do. 

Do you see yourself as the people's hero right now?

Link to video demonstration computerized drawing security 

Firefox 3.0 does in fact get installed side-by-side with Firefox 2.0, contrary to my last blog post.

I missed it because it replaced my shortcut, but 2.0 is still in my Start menu after installing 3.0 beta 1.

So anyone interested in checking out the lastest beta of Firefox 3.0 can do so without disturbing their existing 2.0 version installed.

Firefox fans rejoice!  The first public beta of version 3  of the popular web browser is now available for anyone to download.

I'm using it right now to type this blog entry.

Everything seems to work as it should.  I don't see many visible changes from version 2, but there are some.

For one, you get one-click ability to add a bookmark by clicking a star symbol next to the browser address.

The browser replaces the version of Firefox you currently have installed, so if you rely upon third party plug-ins, it is probably better not to upgrade.  That's because most plug-ins are not compatible with the new  beta yet.

The public download page is:

http://www.mozilla.com/en-US/firefox/all-beta.html

I've spent the last week trying to get the Lottery Results Gadget re-listed at the Microsoft gadget gallery.

You know why?  For the exact reason I referred to in a previous post -- there are some intensely jealous Lottery Post "competitors" out there (term is loosely used, since technically you'd need to be in the same league to compete) who immediately tried to get Microsoft to de-list the gadget.

These jerks try to act like regular users who have complaints.  Unfortunately, this is Microsoft's first time dealing with these morons, so they thought the people making complaints were on the up & up.

Can you believe what a bunch of sniveling &!^#$&!^%@'s these people are?  And some of you visit their web sites.  You know, web sites with names like "strategies" and "factor".  Think those people are nice?  Think again.  They have a guy who somehow bought or assumed control of the sites, and he is the worst of the worst.  An attacking, jealous you-know-what.  (He has wrote me theratening e-mails -- you literally would not believe the stuff he has threatened me with.)

Anyway, I could use some help again, now that the gadget is re-listed.

These jerks will surely go back to the Microsoft gallery page and post their negative reviews, so before that happens, if we could get as many people as possible to go there and give it 5-stars and a good review, that would be greatly appreciated.  Let's not allow these morons to gain any footing.

I really wish I didn't need to ask this, but unfortunately I do.  I need some help, if you can spare just a few minutes.

Here is the link:

http://gallery.live.com/liveItemDetail.aspx?li=a07c771a-080e-45d4-afba-fdc55cc2f9ad

If you already have a Microsoft Live account, you can just sign in and post a review.

(Don't forget to post the stars!)

If you don't have a Live account, it only takes a moment to create one.  After creating it, you activate it, just like you did with your Lottery Post account -- receive an e-mail, and click the link inside it.  Then you get full access and ability to review things.

By the way, while you're at Microsoft's site, be sure to check out their new Windows Live software, it's very cool.  I really like their new photo organizer, and you can get lots of other free software.  Plus, they have a brand new mail program that can integrate lots of different free e-mail accounts, like Yahoo, Google, Hotmail, etc. -- all in one program on your PC.

Thanks everyone for your help.

I am trying to get some positive reviews posted from people who are enjoying the new Lottery Results gadget.

If you would like to help, I would appreciate if you could take a few minutes of time to visit the following sites to register and post a positive review.  If you're looking to post "constructive criticism" I'd rather you posted it here in my blog, and keep reviews on the sites all-positive, 5-star reviews.

The reason is that people looking to download software don't take the time to carefully weigh your thoughts.  They just look at the stars posted and decide yes or no based on that.  So a nuanced review actually hurts the product, whereas a plainly-spoken positive review will help enormously.

Here are links to the places where 5-star reviews would be appreciated:

• http://gallery.live.com/liveItemDetail.aspx?li=a07c771a-080e-45d4-afba-fdc55cc2f9ad
• http://www.download.com/Lottery-Results-Gadget/3000-2130_4-10763740.html
• http://www.snapfiles.com/reviews/lottery-results-gadget-for-windows-vista/lotteryresults-gadget.html
• http://www.softpedia.com/get/Windows-Widgets/Widget-Miscellaneous/Lottery-Results-Gadget.shtml
• http://www.freedownloadscenter.com/Games/Gaming_Utilities/Lottery_Results_Gadget_for_Windows_Vista.html

Your help is appreciated!

.... to turn your clocks back tonight — no more daylight savings for the year.

(For most of us anyway.  Those in parts of Indiana, Arizona, and Hawaii don't have to deal with it tonight.)

Speaking of Windows Vista earlier, if you had Windows Vista, you would see a friendly message like this:

(This is a screen grab from my computer a few minutes ago.)

Don't you wish you had a computer this friendly?  You could if you upgrade to Vista.

I was experiencing some bad Firefox performance this evening, so I did some research into how to speed things up.  I'll document my findings here, so hopefully it can help a few other people out too.

Keep in mind that these tips are useful only if you have some kind of broadband access -- cable, satellite, DSL, place of employment, etc.  I would not use this for dial-up users.

Also, my goal with this is to increase performance, and these settings work great for me.  They are not guaranteed to work great for you, but I can't see how it would hurt to try.

The first thing to do is to open up a new Firefox browser window (or tab) and enter about:config in the address line, then press Enter. 

If you see a huge listing of settings, you did the right thing.  If not, try again.

The settings is bold text are settings that have been changed from their default values.  It helps you see what has changed.

To change a setting, just double-click it.  True/false values will instantly change, and things like numeric values and character strings will open a dialog box when you double-click. 

Scroll down to settings that begin with the word "network".

Make the following changes:

• network.dns.disableIPv6: true
• network.http.max-connections: 32
• network.http.max-connections-per-server: 12
• network.http.max-persistent-connections-per-proxy: 32
• network.http.max-persistent-connections-per-server: 12
• network.http.pipelining: true
• network.http.pipelining.maxrequests: 4
• network.http.proxy.pipelining: true
• network.http.request.max-start-delay: 0

Then, right-click anywhere on the page and from the popup menu choose New -> Integer.  Enter the name as nglayout.initialpaint.delay and the value as 0.

After I did these things, my Firefox browser worked much quicker.  These values required some trial and error on my part, so perhaps I'll tweak them again in the future.

I'm really happy with how performance on the site is coming along, especially in the forums.

Much of the improvement is coming as a result of architectural changes I made many months ago, and which are finally starting to kick in.

The server time to create a page of thread posts is down to about 1-2 hundredths of a second, which is just astounding, considering the number of forum posts in the system (approaching 900,000 at the moment). 

I just ran a full thread page at random, and it came up as 0.0134 seconds -- and I use a page size of 20 posts, so it can only be better than that for someone with default settings of 9 posts  per page.  (I'm pretty sure that's the default.)

It used to be that a second or so was pretty good, so to drop the times down to about 1 hundredth of a second is something that at one point I never thought would happen.

With all the difficult, nasty things that a Webmaster has to deal with on a daily basis, it can be nice now and then to take stock of some of the good things that are happening too.

I'm going to let this speak for itself:

http://www.ted.com/index.php/talks/view/id/129

This is one of the most beautiful pictures I've seen taken from space.  It is of an Aurora Borealis captured in the opposite direction we are used to seeing it.

How incredible it is to clearly and distinctly see the atmosphere surrounding our planet.

The Aurora Borealis is an electro-static phonomenon caused by the collision of charged particles in the magnetosphere with atoms in the Earth's upper atmosphere.

Learn more here, along with some good photos taken from the ground

Click on the thumbnail image below for the full-sized picture.  Enjoy!

(Click for full size)

These tips were created by a corporate attorney, and sent out to the employees in his company.

1.  Do not sign the back of your credit cards. Instead, put "PHOTO ID REQUIRED."

2.  When you are writing checks to pay on your credit card Accounts, do not put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number, and anyone who might be handling your check as it passes through all the check processing channels won't have access to it.

3.  Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. If you do not have a PO Box, use your work address. Never have your SS# printed on your checks. You can add it if it is necessary. But if you have it printed, anyone can get it.

4.  Place the contents of your wallet on a photocopy machine. Copy both sides of each license, credit card, etc. If your wallet is stolen, you will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. Also carry a photocopy of your passport when you travel either here or abroad. We've all heard horror stories about fraud that's committed just by stealing a name, address, Social Security number, credit card numbers, etc.

5.  We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them (see #4 above).

6.  File a police report immediately in the jurisdiction where your credit cards, etc., were stolen. This proves to credit providers you were diligent, and this is a first step toward an investigation (if there ever is one).

But here's what is perhaps most important of all:

7.  Call the 3 national credit reporting organizations immediately to place a fraud alert on your name and also call the Social Security fraud line. It is simple these days to apply for credit over the Internet in anyone's name. By alerting the aforementioned organizations, any company that checks your credit knows your information was stolen, and they have to contact you by phone to authorize new credit.

Here are the numbers you always need to contact about your wallet, if it has been stolen:

1.)  Equifax: 800-525-6285

2.)  Experian (formerly TRW): 888-397-3742

3.)  Trans Union: 800-6807289

4.)  Social Security Administration (fraud line): 800-269-0271

I received my note from Amazon.com today — I'm getting ready to do some late-night reading on Saturday!

Greetings from Amazon.com.

We thought you would like to know that we are preparing your items for shipment.

You saved an additional $0.90 with Amazon.com's Pre-Order Price Guarantee!

The price of the item(s) decreased after you ordered them, and we gave you the lowest price.

If a qualifying item's official release date hasn't passed, Pre-Order Price Guarantee hasn't ended yet! If the price of the item(s) decreases between now and the release date, we will issue you a refund for the difference.

You can view the status of this order, and all your orders, online by visiting Your Account at http://www.amazon.com/gp/css/history/view.html

There you can:

        * View the status of unshipped items
        * Cancel unshipped items
        * Return items
        * And do much more

The following items are being prepared for shipment by Amazon.com:

---------------------------------------------------------------------
Qty      Item                              Price  Shipping  Subtotal
---------------------------------------------------------------------
Amazon.com items (Sold by Amazon.com, LLC) :
  1    Harry Potter and the Death...  $17.99      1  $17.99

---------------------------------------------------------------------

              Item Subtotal:  $17.99
        Shipping & Handling:  $0.00
                      Total:  $17.99

                       Paid:  $17.99

--------------------------------------------------------------------

$0.90 is your additional savings under our Pre-Order Price Guarantee.

The following title(s) decreased in price:

Harry Potter and the Deathly Hallows (Book 7)
    Original Price: $18.89
        Your Price: $17.99
          Quantity: 1
Additional Savings: $0.90

I am typing this blog entry using the new beta of Apple's Safari Web browser, now available for Windows XP and Windows Vista.

Lottery Post has always been designed to work well with Safari, so those who choose to use Safari will have a good browsing experience at Lottery Post.  However, Safari is a little buggy with the text editor.  (Which is Apple's fault, and is slowly getting better.)  The new text editor used in the forums does work better than the one used in private messaging and blogs.

As I'm typing this in the blog editor, every time I hit Enter the cursor disappears and I have to click into the editor again to get it to appear.  Not devastating, but annoying.

Another thing about Safari under Windows that will either strike you as annoying or awesome, depending on your point of view, is that Apple insists on making the entire user interface look and function exactly like Mac OS/X.  Personally, I think it's annoying because i find OS/X to be much uglier than Windows Vista, and besides, Apple should write software that fits in with the other software on the operating system.  If someone wants a browser that looks like OS/X, then they would buy OS/X.

Nevertheless, more Web browser choices is always a good thing, so overall this is good news.

Here's the link!

http://www.apple.com/safari/download/

Well, I've got some stiff competition for Article of the month.  (Please see my blog, 2 posts back, for details if you're not sure what this is.) 

Here's the current stats:

Article
(Votes)

ASP.NET Ajax Grid and Pager
(26)

SuperToolTip
(18)

Settings Manager for Windows Vista Sidebar Gadgets
(11)

Introduction to WPF Animations
(4)

Interacting with Astoria Data Services
(2)

My article is the one in bold -- less than half the votes of the leader.  I checked the leader's blog, and it turns out he's trying to get HIS readers to vote -- and being quite successful at it, I might add.

C'mon Lottery Post members!  How about doing us proud by helping your intrepid Webmaster win the contest!  You'd think with the number of motivated members we have that we could muster more than 11 votes!

First, click here to create an account: http://dotnetslackers.com/register.aspx

Then, click here to vote: http://dotnetslackers.com/articles/voting/vote.aspx?Id=2 (my article is the last one in the list)

How about it?  Who's going to help me win?

...only 4 or 5 votes from all the members here?  How about showing a little love?