The system is indeed not designed to detect corruption, and neither
does a source code review indicate that with all degrees of certainty
the presence of a backdoor indicates corruption.
Then again, only a source code review satisfies the requirement that
there will be no backdoors in the inspected application, be it put by
a corrupt programmer or a programmer in a hurry to get out of the
office. A blackbox testing with the specifications can only get you so
far - that the system is compliant as per specification. Whether it
exceeds or subverts the specification outside the test conditions is
something that you can only get with a code review.
Has anyone even wondered why the military is so anal about source code
and algorithm review when designing military ciphers? Once the
underlying mantra (Kerckhoff's principle) is thoroughly understood
then one will understand why a blackbox testing SIMPLY DOES NOT DO THE
JOB.
It amazes me that there are still some segments in society that won't
extend the same level of scrutiny to the system that determines who
will run their government. And would rather outsource the scrutinizing
eyes to some non-stakeholder corporation.
When it comes to reviewing software, you can automate all the tests,
but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB.
On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <oscarplameras@???> wrote:
> You should know that the system is not meant to detect corruption.
>
> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <dlccorps@???> wrote:
>> Perhaps I should qualify that. Lest the prorammers in the list believe
>> you. Hehehe
>>
>> I think we should at least be realistic enough to note that some
>> corrupt officials are completely willing to corrupting anyone
>> including programmers.
>>
>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion
>> to technical stuff and let us not question each other's technical
>> capabilities. Peace.
>>
>> Regards,
>> Danny Ching
>>
>>
>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <oscarplameras@???>
>> wrote:
>>
>>> If you don't trust programmers, you are in the wrong profession.
>>>
>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <dlccorps@???>
>>> wrote:
>>>> I don't trust programmers who hide their code. Although not all
>>>> reviewers are honest, all it takes to expose anomalies in open source
>>>> is one honest reviewer.
>>>>
>>>> However in a close source system all it takes to corrupt the system
>>>> is
>>>> one corrupt programmer.
>>>>
>>>> Regards,
>>>> Danny Ching
>>>>
>>>>
>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <oscarplameras@???>
>>>> wrote:
>>>>
>>>>> You don't trust programmers?
>>>>>
>>>>> This precisely what's wrong with source code review.
>>>>>
>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <dlccorps@???>
>>>>> wrote:
>>>>>> Very true. Unfortunately, I do not trust the programmers if I
>>>>>> cannot
>>>>>> check their work. The purpose of source code validation is not to
>>>>>> check the computer or it's software's trustworthiness. A computer
>>>>>> will
>>>>>> do what it's told. It is human corruption I'm worried about. Of
>>>>>> course
>>>>>> outside of computers that is a different problem altogether. I just
>>>>>> don't want people blaming computerization for failure of elections.
>>>>>>
>>>>>> Regards,
>>>>>> Danny Ching
>>>>>>
>>>>>>
>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <oscarplameras@???
>>>>>> >
>>>>>> wrote:
>>>>>>
>>>>>>> What you mean is the trustworthiness of the people running the
>>>>>>> system.
>>>>>>>
>>>>>>> I'll say one thing from my experience, you can't use the system
>>>>>>> to
>>>>>>> arrest
>>>>>>> human corruption.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <dlccorps@???>
>>>>>>> wrote:
>>>>>>>> I think I see where you are coming from. It is not the system we
>>>>>>>> are
>>>>>>>> worried about sir. It is the trustworthiness of the system. A
>>>>>>>> simple
>>>>>>>> exposure of the code will show that it is not doing anything
>>>>>>>> out of
>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said,
>>>>>>>> then
>>>>>>>> checking the cource code should be easy.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Danny Ching
>>>>>>>>
>>>>>>>>
>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras <oscarplameras@???
>>>>>>>>>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> A tester does not need to know about programming to test and
>>>>>>>>> accept
>>>>>>>>> a System.
>>>>>>>>>
>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail <fooler.mail@???
>>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras <oscarplameras@???
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Remember, Election Automation Software is one of the easiest
>>>>>>>>>>> to
>>>>>>>>>>> develop.
>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted.
>>>>>>>>>>
>>>>>>>>>> true.. BUT... the purpose of source code review is to examine
>>>>>>>>>> if
>>>>>>>>>> there
>>>>>>>>>> is something beyond the count and tally thing which cannot be
>>>>>>>>>> seen by
>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS..
>>>>>>>>>>
>>>>>>>>>> special keyboard hotkey, special packets, special ER and others
>>>>>>>>>> to
>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas
>>>>>>>>>> scheme...
>>>>>>>>>>
>>>>>>>>>> fooler.
>>>>>>>>>> _________________________________________________
>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>>>>>>>> Searchable Archives: http://archives.free.net.ph
>>>>>>>>>>
>>>>>>>>> _________________________________________________
>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>>>>>>> Searchable Archives: http://archives.free.net.ph
>>>>>>>> _________________________________________________
>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>>>>>> Searchable Archives: http://archives.free.net.ph
>>>>>>>>
>>>>>>> _________________________________________________
>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>>>>> Searchable Archives: http://archives.free.net.ph
>>>>>> _________________________________________________
>>>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>>>> Searchable Archives: http://archives.free.net.ph
>>>>>>
>>>>> _________________________________________________
>>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>>> Searchable Archives: http://archives.free.net.ph
>>>> _________________________________________________
>>>> Philippine Linux Users' Group (PLUG) Mailing List
>>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>>> Searchable Archives: http://archives.free.net.ph
>>>>
>>> _________________________________________________
>>> Philippine Linux Users' Group (PLUG) Mailing List
>>> http://lists.linux.org.ph/mailman/listinfo/plug
>>> Searchable Archives: http://archives.free.net.ph
>> _________________________________________________
>> Philippine Linux Users' Group (PLUG) Mailing List
>> http://lists.linux.org.ph/mailman/listinfo/plug
>> Searchable Archives: http://archives.free.net.ph
>>
> _________________________________________________
> Philippine Linux Users' Group (PLUG) Mailing List
> http://lists.linux.org.ph/mailman/listinfo/plug
> Searchable Archives: http://archives.free.net.ph
>
--
Paolo
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
