I'm seeing a lot of media reports that are getting the basics wrong on the "SQL on voting machines" stuff. I am a professional software developer, so I'm in a position to help.
-- SQL - Short for "Structured Query Language." SQL is a basic standard language used for querying and modifying database data.
For example the following command: "SELECT Name, Age FROM Person" This command would get the Name and Age fields from the Person database table and list all the entries. You can also change data using SQL: "UPDATE Person SET Name = 'Q+'" would replace the data in the Name field for all entries in the table.
-- SQL Server - This is known as a Relational Database Management System. There are numerous RDBMS's out there; SQL Server is Microsoft's solution and is one of the most popular options. I personally use it every day. It comes in many different versions from very tiny and compact to very rich and full-featured.
The more compact versions could easily be installed on a basic computer such as that found on a voting machine. This is often done so that installed software can use it as a local cache of data pending transfer to/from a more centralized server. This provides many benefits in terms of performance and reliability.
-- SQL Server Management Studio - This is a tool put out by Microsoft. It helps the user to write SQL queries and execute them against a database. It CAN be used to modify that data, if the user has security permissions to do so. But by itself it's no more suspicious than finding, say, Excel installed on the computer.
So we need to be aware in our discussions - it is very understandable that you would find a compact version of SQL Server on a voting machine along with SSMS so that an admin could if needed dive in and troubleshoot the data held locally using SQL queries. In an honest system, there would be no problems with this.
Likewise, in the wrong hands SSMS can be used with devastating effect to alter and corrupt data. (Fellow geeks - that sinking feeling when you forget the WHERE clause in your update statement, amiright?)
That seems to be a common theme with Dominion software - an excellent and powerful system in the hands of honest and competent election officials, but which can be easily abused if you want to cheat.
Actually, IBM named it Structured English Query Language, SEQUEL in the 70s, which was shortened to Structured Query Language, SQL. That's why old timers call it sequel instead of s-q-l.
We humans DO love our acronyms and backronyms!
I agree with everything stated. I work with SQL Server and SSMS every day. I use these technologies for a variety of applications and it is APPALLING that they are used for elections.
Basic risk assessment looks at the likelihood of an attack and the consequences of an attack. An election system is going to be highly targeted and the results of an attack absolutely devastating - history changing. These machines HAVE TO GO!
Apparently the sa password was blank.
Ha ha! And they were using SQL 7.0 too?
Logon failed for user, ese!
The equifax credit "hack" a few years back had this as well, it was a default mysql install, they didn't bother to run the mysql_secure_installation command after. It gives too much credit to script kiddies, and not enough emphasis on admins and engineers that do a shitty job.
Or, when you omit one of the terms in the selection so instead of firing Person="Smith" in Dept="1234" you fire every Smith in the company!
Tricky stuff SQL!
Structured Query Language [cough]
Actually, it's not even suitable for honest officials. Information and processes are too easily modified. One simply must not use a machine with an infinite number of security holes.
The machines are meant to pull wool over the eyes of the masses by impressing them with tech. Everybody buying them means that most pols are compromised.
"Structured Query Language"
Oops, yep, fixed.
and thus the RDBMS wars began...
Forget the WHERE clause? Are you kidding me? Lemme tell you somethin’: I’m so paranoid, having bjorked up WHERE conditions on the regular, I now add 2-5 extra matching conditions just to make sure I affect exactly what I mean to - even to UPDATE a single record!
And nothing makes me more anxious than running an UPDATE on a large table than realizing after 10 minutes I missed something and having to wait for the cancel to take ANOTHER 10 minutes to roll back.
And speaking of “the wrong hands”: don’t forget that time T_D got “spez’d”, because he got his fee-fees hurt.
Good on you educating the masses - knowledge is power.
SQL is nerve-racking. My preferred trick:
SELECT * FROM Person
--DELETE FROM Person
WHERE Name = 'Soros'
Run it to see what you will delete. Select from DELETE to Soros when you're ready to execute. Works for updates too.