7/26

Today I'm a bit concerned with something involving PRIME. We have to reach 120 hours in order to get credit for the internship. However, a few days ago, Mrs. O'Loughlin sent all of us an email which included her saying that she would give everyone 20-25 free hours for attending the orientation and other events, meaning that my hours would then be at around 128, giving me more than enough that I need. However, when I emailed Mrs. O'Loughlin my logs from last week, she said the following:

Thanks Eric. If you work 32 hours this week, you will have put in 108 hours at your internship. Have you gone to any meetups or worked from home?

Mrs. O'Loughlin

Sent from my iPhone

I haven't done either of these things, but it seems to me that she should know that she's giving us 20 hours, and that would put me over the line. Weird.

Anyway, nothing new today. I kept working on my documentation. I also researched some interesting JavaScript stuff that I'll talk about on Friday.

7/25

There's not much to say for what I've done today. Finishing the documentation is what I'm working on by default, and I've got a long way to go. One thing that I've been investigating today is the power of auditing a vote. What I first thought that it was was a way for you to avoid your vote getting counted, but from what I'm discovering now it is a little more complex than that. It seems as though it also doubles as a way to check if your vote has been encrypted correctly, and there may be even more to it. I've made note of this in my documentation.

There really isn't much more to what I've done today. I'm hoping to finally finish my documentation tomorrow.

7/24

Mr. Elkner talked to all of us today about finishing the internship with a 'deliverable.' Obviously, this isn't much trouble for me considering the fact that I have spent a large amount of time writing this documentation that anyone will be able to read. Mr. Elkner also told me that I should email my documentation to Helios after I finish to gain recognition. However, I still have to actually finish it first, so I'm still working on improving and creating the final edit.

I ran through another election today just to make sure that everything I have is correct, and to make the necessary changes. I want to be sure that it's possible to use my documentation as a guide to create an elections if you have absolutely zero existing knowledge. Although I might have thought that I was finished last week, in reality, I was far from it.

7/21

Today, I'm still working on my documentation. I should be able to finish it today, and after that, Mr. Elkner told me that I should add it to the GitHub repo. I've never really used GitHub before so it'll be a learning experience for me, and I'm excited.

I got an email from German saying that we should test Helios more at 2:00, so that sounds like a good idea. German talked to me yesterday about deleting elections, which I don't think is possible, however I mentioned the archiving system, which I am still unsure about, so I hope we can investigate that today.

Nothing particularly eventful happened today, but I did get my documentation done! Here's the link to the Gist:  https://gist.github.com/ericsaenz/40ba8d373ae7cadda867b444f1ab6489

I'm still not sure what adding this to a repo would entail, but I'll probably find out next week.

7/20

I'll begin today by working more on my Helios docs, which have a great deal to go before they are completed. However, at 1:30, I'm going to make an election and actually have some people vote on it this time.

Mr. Elkner just gave me a good suggestion- convert my Helios documentation to markdown. I've been reading up on markdown, and it's apparently just a simple language that converts easily to HTML, and is often used in tandem with GitHub. Working in markdown for the first time is very easy. I'm using a Github Gist, which I believe is essentially a quick way to write or paste some code, then upload it. Virtually all I have to change is putting asterisks around what I want to bold and making each section a header. In addition, I had to use <br> since lines are not automatically broken and use asterisks for bullet points. However, I'll save this as a draft since I'm not finished writing all the documentation yet.

I've made an incredibly important new election based on pizza toppings. 
I've made another less important poll based around random questions.

The tests went extremely well. German fixed both the creation error and the trustee error, so nothing of that sort was encountered in this run through.

I finished the day by continuing work on my documentation. Mr. Elkner told me that it would be a good idea to add it to GitHub, so I'll do that when I'm completely finished.

7/18

Today, I'm continuing on my project to document Helios. The first strange thing that I'll jot down is that I get an error page when I try to add Helios as a trustee. In addition, it's impossible to get to your election page after creating an election, meaning you have to go through the home or admin page to get to it. Today, another intern in the PRIME program has joined me on the Helios project. As German hasn't appeared yet today, all she has been doing has been learning about Helios and has created some test elections. Something that this other intern did was create a question that has 3 as its minimum answers and 1 as its maximum, which, strangely enough, did not induce an error. That is, until I actually tried to vote it said election, when my vote could not even go through because I hadn't selected enough answers. Right there is two possible ways that Helios should reject a question: If the maximum possible selections is larger than the minimum, and if the minimum is larger than the total amount of possible answers.

German hasn't been online yet today, however I don't think he's really needed, aside from being more knowledgeable about Helios than me. We have enough people to test elections and with admin access there's not much that I'm not able to do. However, as I'm busy writing the docs, I don't really have anything that I can tell her to do besides learn and mess around with Helios.

German came online, and I'm talking to him about some of the errors I've been finding with Helios. However, he says that he's not the right person to ask, so I've compiled a list of errors/bugs at the bottom of my documentation so that I'll have them for later.

I've written a lot on my documentation today. On Thursday, I'll finish the trustee instructions and move on to the voter instructions. Also on Thursday, I'll finally create an election that the six of us here can vote on.

 Here's my progress so far: https://docs.google.com/document/d/1hiGP8tRGXHVu6DmnlfVKjIGxE-cPzGOuG3FhQrVj7fQ/edit

7/17

Mr. Elkner's comments and what he told me in person today has given me some good ideas on what to write for my PRIME essay that is due on Wednesday. Since I don't have much to do in regards to Helios right at this moment, I'll try writing a draft, and I'll paste it here when I'm done.

The internship that I am at is likely the most unexpected of the PRIME sites. Although we were originally going to work at the Patent and Trademark Office, unfortunately that plan wasn’t able to come to fruition. Instead, I, along with three other students, have been working with NOVA Web Development, an IT business that offers web design assistance, at the Arlington Career Center. For the majority of the internship, I have been researching Helios voting, a system that provides a way to create online elections that are secure, private, and verifiable by using advanced cryptography that hides each vote until the total is tallied, meaning that deciphering an individual’s vote is virtually impossible. Although NOVA’s Helios project is in its infancy, it eventually hopes to offer assistance with it to its clients.
Something important that this experience has taught me is that, when working a job, everything is not laid out in a perfect schedule. Here at the Career Center, my work depends on communication with other NOVA Web Development members through IRC, (Internet Relay Chat) so sometimes I have a lot of work on my plate, while at other times, whether it be because someone that I am working with is offline or has a different schedule, I am forced to look for other worthwhile projects to work on. Not only has it been a learning experience based on testing Helios and other topics that Mr. Elkner discusses with us, but I have taken home valuable workplace skills.

I think it took me longer to sand it down to exactly 250 words than to write the actual essay.

Today when I arrived, Mr. Elkner told me that I was going to start with virtual machines this week. At noon, he said that he's going to set it up on my computer. From what I know, we are going to use something called CiviCRM in order to bulk email voters in a Helios election, since the current server does not have that functionality. As it's not quite noon yet, I decided to check up on NOVA Web's Helios page. It seems that the HTML layout has been updated, so it now looks a bit different. In addition, it seems that an election has been created and has been featured on the front page. Four people have voted on it, however I cannot check who as each name still shows up as "User." I believe that I'm supposed to be the fifth voter, but I'll ask German when he gets online later today.

Another interesting thought that Mr. Elkner made me aware of is that there's not very good documentation about Helios, aside from, obviously, the source code, which not everyone is able to read. An interesting project might be to write some instruction for the system, but I'm not sure if I'm familiar enough with it to actually do that yet.

Ultimately, however, I think I'm ready to start writing it, however I'll need additional help along the way. Here's the link to my work so far: https://docs.google.com/document/d/1hiGP8tRGXHVu6DmnlfVKjIGxE-cPzGOuG3FhQrVj7fQ/edit?usp=sharing

7/14

Today, I'm working at home for the whole day. Since I have not really investigated NOVA's Helios server, I will do more of that today. Something that's great about Helios is that the whole program is open source, (its GitHub is linked directly on its website) meaning that it most likely wasn't too difficult for Mr. Elkner's more experienced students to host a new Helios server. As I stated in an earlier blog post, I'm an Admin on this server, so I can do a bit more prodding than I could on the vanilla Helios server.

Right now, what I'm noticing is that even though I signed in with my Google account, my name doesn't actually show up. I'm just called "User" for some reason. After creating yet another test election, this is what my name shows up as again after voting. I'm not sure, but it seems as though this might go against an important aspect of Helios itself- there's not a way to see whose names appear on the voter registry. It seems to me that this might have something to do with the fact that facebook login has been removed, and Google is the only option available. However, this may not be a problem depending on what configurations you use, if you supply your own voters then it does not matter.

In addition, something else I noticed is that an error message is received when emailing voters in a public election. This is a bit stranger than the other one, and I'm not really sure what might cause it. I spent all of today experimenting with aspects such as this, but the IRC channel seems to be pretty inactive right now so I'm going to have to wait until next week to get some better advice than I can coke up with.

7/13

Today's a bit of a weird day for two reasons: we had a a field trip yesterday, and we're only working around half the day at the ACC, the rest of the day we are going to be working from home. Mr. Elkner gave me some good suggestions on my last blog post, mainly to actually create a real election that both the other interns here and the IRC regulars can vote in. Right now, I'm able to log everyone's full name but I don't have some email addresses yet, which is also required for the list of voters, so I'll have to pause this for a bit.

Right now I'll talk a bit more about Pyret. Yesterday, another intern here who is learning about cybersecurity was attempting to design an encrypter/unencrypter in Pyret, which sounded interesting, so I gave it a shot as well. As I was doing more in Pyret, I learned of some unusual quirks about the language. The biggest thing that I noticed was that unlike, I believe, all other languages, it does not automatically return anything unless explicitly told to, and an error results if nothing is returned. This means a lot of aspects of Pyret are unique- for one, it's illegal to have an if statement if an else or else if statement does not follow. In addition, it's only allowed to return one value, not two or more. However, the way to get around this is is to use the block: tag, which only returns the last expression of a block (from what I can tell.) However, one of the better things about Pyret is the ease at which you can fix your mistakes, as the error messages were designed with exactly that in mind.

Mr. Elkner also sent all of the interns here a CC of an email he sent to someone from Brown, the school that created Pyret. He makes the point that although Pyret is great for newcomers, the tutorial is not, and I completely agree. It would be an interesting project to create something that makes it easier for newcomers to learn about Pyret, as it is such a good tool but pretty hard to learn if you know absolutely nothing about programming.

I didn't do much on the Helios project today. However, earlier in the week, Mr. Elkner showed me a script that one of his other students designed that converts IRC logs into HTML pages. Since some IRC users earlier were discussing compiling a resource of names and emails to use for Helios, I decided to check it out to progress my CSV document. However, the script appears to be broken as none of the links to the logs work for me.

7/11

Yesterday, I created a very simple election with Helios but didn't really discuss the process much, so I'll talk about it today. As I stated yesterday, creating an election is pretty easy. Right from the get-go I get to input some attributes for the election, mainly its short name, (for the URL) its name, and its description. There are then some more options that can be inputted- whether it is an election or a referendum, (although I'm not quite sure what the difference is) whether or not voter aliases are toggled (meaning that those who voted have names replaced with aliases in the Ballot Tracking Center, whether the election is public or private, and when the voting begins and ends. Today, I'll set the options to the opposite of what I set up yesterday- referendum, voter aliases on, and private. Once these options are submitted, they can still be updated later.
The next step is to add some questions. I'll add a generic one for now. Creating questions is simple as well, all that's needed is to input the questions and their respective answers. However, there's also some additional possibilities at the top. I can choose how many answers that can be selected (I'll put from 1 to 5) and whether the result type is absolute or relative. (not sure what this means either) In addition, it's possible to attach a link to each answer that appears in the voting booth via a '[more info]' footnote.

Since I set it to private, obviously not everyone can vote. However, it seems that the only way to add voters is to upload them in bulk. The site tells me that the easiest way to do this is to use a spreadsheet program and to export it as a CSV file. I uploaded a document containing my unique code, email, and full name, and I was added to the list of approved voters.

Since I didn't do this last time, I'll try to add a trustee. I put in my name and email, so it should send me my public and secret keys. I was sent a public key, which I had to upload before the voting, and some JSON as a secret key.

The final step is to freeze the ballot. This means that the settings, list of voters, and trustees can no longer be updated, and that the voting opens when it is the right time. This election has 1 voter, (me) and 2 trustees. (me and Helios)

When voting, you can choose to audit your vote. From what I can tell, all this does is make it so that your vote does not count in the tally. After voting, I am required to input my login and password, which was supposedly emailed to me. However, Helios does not do this automatically when the document containing the email addresses is uploaded, but the administrator has to utilize a function of Helios's to send out a mess email to everyone which contains each respective login and password. Obviously, this is not much of a problem but because all voters, unique codes, and emails are uploaded at the same time, I got the impression that their codes would be emailed automatically when the ballot was frozen.

Now that all 1 of the election's votes have been received, I'll compute the encrypted tally. Since I'm a trustee, I actually have to take part in this instead of having Helios do it all itself. All I have to do is paste my secret key, which serves as partial decryption for the tally. Then, I compute the tally and release the results. And the election's done! I could also archive the election (unsure of what that does) or duplicate it.

Looking back, there's three things that I stated that I did not fully understand. The first one is election vs. referendum, however I believe that this is purely a cosmetic naming convention rather than two functionally different types of voting. Say if you were creating a way for people in your club to vote on passing a certain law or not, it would be silly to call it an 'election,' so another option is given. The second, absolute vs relative results, I'm still not sure about. The first election I created was set to 'absolute' while the second was 'relative,' but I'm not noticing any fundamental differences between the results page for each. Finally, we have the ability to archive an election. I'm going to go purely off of the word 'archive' and guess that this only saves the results and other facets of the election from being deleted, however I have no way of knowing if that's really true.

Yesterday, one of Mr. Elkner's students on IRC said that he was going to help me test Helios more thoroughly today, however he's not online as of 11:20, so I'll do some more experimentation by myself for now.

After logging back in to Helios, I can't see the election that I created today on the homepage, but I can still see the one that I had made yesterday. I'm guessing this is because I archived the second one, which is interesting. I'm not sure what purpose that serves considering I can still access the second election via the link or viewing the entire list of elections that I have participated in. So far, all I've seen the 'archive' function do is hide the election from from access immediately, but not long after that, which is a bit strange. I'm not sure how that qualifies as "archiving," but then again I could be missing something.

It appears as though a server is being set up for the purpose of testing Helios with the NOVA email account, although it's not available yet, so it's going to be a short while before I'll be able to assist Mr. Elkner's other students with testing the system.

NOVA now has its own Helios server, and I've been made an administrator. However, there's not much time left today and we've got a field trip tomorrow, but I'll be able to access IRC while I'm working at home on Thursday and Friday so we'll have to work more on it then.

7/10

Today, we have met at the Career Center, and Mr. Elkner has recommended that I research the Helios Voting, an online voting system that utilizes some Python.
https://vote.heliosvoting.org/

Straight from the project's website, it aims to offer two values in online elections: privacy and verifiability. The page's FAQ offers some deeper insight onto how it achieves these values. Helios uses something called the "Ballot Tracking Center" which ensures to each voter that his vote was both received and tallied.

This is apparently an issue in elections and voting in general that many have a problem with. There have been countless attempts to create a system in which voters might be able to have satisfaction that their vote went through without risking others knowing what they voted for. I've never actually considered this problem but I can see why others might be concerned about it. Voting is something that everyone needs to feel like they are a part of, no matter how small their role played was, and if you're unsure that your vote was even counted that can be an awful feeling to bear. (However, as stated before, I've never actually felt this myself.) The type of voting system that allows proof that the voter has actually voted but without giving outsiders a way to see who he voted for is called an end-to-end auditable voting system.

How Helios insures privacy is possibly more interesting. Instead of decrypting individual votes, Helios only does so when all the votes are tallied, through a process known as homomorphic encryption, meaning no one except for the individual who cast the vote sees what was written on the 'ballot.' In addition, Helios apparently allows the election administrator to assign 'trustees' that are responsible for collectively decrypting the tally, for extra security.
Finally, the way Helios encrypts is apparently 'smart.' Helios's encryptions are not just randomly generated numbers, but are unique based upon each individual vote. This is another step that Helios takes to allow verifiability.

Helios's site also has a page dedicated to privacy. This page addresses some concerns and loopholes with the service. If all of the assigned trustees worked together, they could technically collude and decrypt anyone's individual vote, but this is unlikely and can be prevented by either having at least three trustees with differing allegiances or having Helios itself serve as a trustee. In addition, to actually vote, credentials are required and can be presented using a username and password generated for each individual, or a Facebook, Google, Twitter, or Yahoo login. Some information based on votes may be available based on what the election administrator decides. If the election was made public, information such as who voted and what time people voted at are released to the public. This information is released to everyone who voted if the election is private. Finally, information from third party logins are only retained for authentication.

Helios is certainly a very interesting project. However, one aspect is particularly interesting to me. Helios itself states that it should not be trusted for public office elections, as the stakes are too high even for something as secure as it is. However, reading an interview from Harvard Magazine, the creator stated that he hopes the open-audit system becomes standard in 10-15 years. However, I do not necessarily agree with this. It is vital to public office elections that as many citizens as possible vote, and that there are as few barriers to voting as possible. I'm far from an expert, but it seems as though having to vote online might create arbitrary restrictions, even though the benefits the system might give are valuable. Helios is certainly useful for voting for other types of things, but I don't see online voting as viable for public office elections unless something changes drastically.

I created a test election with Helios, and it is fairly easy to both create and maintain an election, from what I have seen, although the one I made wasn't very legitimate.

In addition, today, Mr. Elkner requested that I set up an IRC username. IRC is, from what I've heard, a chatroom service created in 1998. Mr. Elkner's other students use this and I'm going to be working with some of them to test Helios. 

7/6

Something I like programming in different languages is a number guessing game, so I'll try to do that in Pyret as well. The program will do the following things:
Generate a random target number from 1-100.
Give the player 5 guesses to guess said number.
Have a function to allow to player to input a guess.
After each guess, inform the player if the guess was too high or too low.

Thanks to Pyret's simplicity, this shouldn't be too hard.
A quick search gives me the function to generate a random number, so setting variables for the target and number of guesses is the first thing I do.

var target=num-random(100)
var guesses=5

Then I wrote the function that allows the player to guess:

fun guess(x):
if 0 < guesses:   
    if x < target:
      "Too low. Guesses left: " + tostring(guesses)   
    else if target < x:
      "Too high. Guesses left: " + tostring(guesses)
    else if target == x:
      "You guessed it!"
    end
  else:
    "You're out of guesses! The number was: " + tostring(target)
end
end

It works fine, but there's a problem. The function doesn't actually decrease the number of guesses after a guess, allowing the player to guess an infinite amount of times. If I try to add a command to do so before the last 'end', Pyret gives me an error message: "This expression contains a block that contains multiple expressions," which is something that I've not had to deal with in other languages, so I'm thinking of a solution for it.

The solution is fairly simple. All I have to do is insert the "block:" command if I want to have an if statement then change the value of 'guesses' in succession. I'll admit that it took me far longer than it probably should have, but 'block:' seems to be unique to Pyret.

Here's the link to the finished game:
https://code.pyret.org/editor#share=0BzaGqkxKdpk4NUFhcjlYNUxBblE&v=06c8b98

7/5

Today, I am reading and learning about Pyret. This is my first time hearing of Pyret, so I'm reading through the 'getting started guide.' The language seems pretty similar to Python, which I am experienced with, so I'm not having too much trouble understanding it.

I'm getting the impression that Pyret is meant as a basic language, not in a way that's necessarily bad, but because it's meant to be accessible as a stepping-stone into more complicated ones. In this way, it reminds me of Scratch. For those who might be unaware, Scratch is somewhat of a pseudo-language developed by MIT, however very little coding is actually involved. Instead, blocks of code that execute commands are placed into the order that they will be executed in, allowing for simple games and animations using cartoon characters. Obviously, Scratch is more so meant as a way to learn syntax rather than as a robust language. However, the 'getting started guide' doesn't feel like it's meant to teach absolute beginners, so it seems as though Pyret is perhaps those who are a bit more advanced than at Scratch-level. But, one other thing strikes me about the similarities between Scratch and Pyret- the only place (that I can tell) that you can compile programs in both of those languages is on the language's respective home site. This gives me the impression that both languages are used primarily for learning instead of practically in software or web design.

I've spent today reading up on Pyret and messing around in the editor. Tomorrow, I'll try my hand at writing a real program in the language.