--- On Wed, 7/15/09, fooler mail <[email protected]> wrote:
> From: fooler mail <[email protected]>
> Miguel Paraz<[email protected]> wrote:
> >
> > This is probably a Java web (servlet) application.
> Since it is much
> > easier to cheat here, we need to make sure of the
> integrity of this
> > web app. But even if the app is good at the source
> level, how do we
> > know that it won't be substituted with another version
> at election
> > time?
>
> digital signature can test the authenticity of the original
> program...
I am thinking of something even more primitive: SHA256 checksum.
If the checksum of the original approved program is given to all
watchers, then anytime during election, the checksum of the running
can be computed and compared with the original. I do not trust
the digital signature of Smartmatic. Smartmatic may have several
versions of the election programs running on the 82,200 computers,
some of which can cheat, and still Smartmatic can digitally sign
all the different versions. The only thing that Smartmatic's
signature means is that the program came from them. But there
may be several different programs.
> > Also, what is the network involved? Is there a VPN or
> Internet
> > connectivity between the canvassing machines
> nationwide?
>
> there must be a network connectivity for this to speed up
> the counting..
>
> > Somebody could log in or issue some backdoor API calls
> separately.
>
> i was thinking of no remote login allowed by no ports are
> open and no
> internet connectivity during voting time... after all votes
> are in..
> then a one way connectivity from PCOS machine to comelec
> server to
> upload the data..
>
> we can discuss this further during our chat session...
Yes, thank you Fooler.
//PManalastas
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
