if you do not see the source code, you can test all you want and get good/correct results. Unfortunately it does not preclude, "easter eggs" or hidden triggers that will initiate "special" programs that will favor the programmer's candidate of choice.
Triggers like - voting for certain candidates in a specific order. I doubt if the testing centers will be able to test all, possible combinations. All a corrupt candidate has to do is bribe the election officer to feed the election sheets in the right order, then BINGO, extra 500 votes, and nobody even knows or sees that it has happened. The election officer doesn't even have to know he's helping the candidate to cheat. I agree though that Source Code review should not be about the quality of the programming, but on its results. On Mon, Oct 12, 2009 at 1:54 PM, Oscar Plameras <[email protected]>wrote: > I think it's silly to spend so much money and time to test the > Election System by reviewing Source code. > > From my experience, end users implement acceptance testing of the > system by developing a series of test > other than source code review.The main idea is to simulate scenarios > of operations with input test data > and pre-defining the expected results. Several scenarios are covered > with the input data that's prepared. > > The Election system itself is a simple count and tabulate system and > that is not difficult to simulate. > > Hardly no commercial developer will allow third parties to have source > code access to their propriety > software. And in general, commercial confidence protects the privacy > of these codes.under the trade > secrets act of countries. I think the Philippines is a signatory to that. > > And lastly, which source codes are they going to review. The > application source codes? But application > source codes interacts with system source codes. Are they going to > review system source codes, too? > What about the source codes of all firmware chips used in the system? > Are they goind to review those source codes, > too? How long is a piece of string? The code done by one programmer > maybe anathema to another and so > source code review leads to more controversies. As you know > programmers are full of egos and one argument > leads to another and another. The point is if it does the defined > specifications, it does not matter how or why the > code is written that way. > > Reviewing source codes is a mine field of difficult issues to deal with. > > The simplest and easieast is to test by outcome, not how the code and > why the code is written that > way. After all, we are interested in the integrity of the system not > the integrity of the code. > > On Mon, Oct 12, 2009 at 2:24 PM, Pablo Manalastas > <[email protected]> wrote: > > On SysTest Labs: It will do a testing of the binary executable. The > testing will be more scientific than the testing done by the Special Bids > and Awards Committee (that awarded the contract to Smartmatic) but will cost > COMELEC more than PHP70 Million. Note that this is software testing of the > binary executable, not a review of the source code, and the two are totally > different "animals". > > > > On Monday, October 5, 2009, CenPEG filed with the Supreme Court a > petition for mandamus, asking the Supreme Court to force COMELEC to release > the source code of the election programs that will be used in May, 2010 to > CenPEG and to all interested political parties and groups, as provided for > by law (RA-9369). > > > > The text of the petition can be found here: > > > http://www.cenpeg.org/POL%20PARTIES%20AND%20ELECTIONS/OCT%202009/Petition%20for%20Mandamus.pdf > > > > The lawyers for CenPEG are Atty Koko Pimentel, and Atty Pancho Joaquin. I > mention their names here, because they render their services for important > causes for free, and by advertising them, I hope to give them business. So > if you need legal representation, please talk to them. > > > > ~Pablo Manalastas, for CenPEG~ > > > > > > --- On Fri, 10/9/09, Drexx Laggui [personal] <[email protected]> wrote: > > > >> From: Drexx Laggui [personal] <[email protected]> > >> Subject: Re: [plug] The Death of Election 2010 Source Code Review > >> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" < > [email protected]> > >> Date: Friday, October 9, 2009, 11:01 PM > >> 09Oct2009 (UTC +8) > >> > >> On Fri, Oct 9, 2009 at 21:21, Richard Paradies <[email protected]> > >> wrote: > >> > But Note Caution: Not certain if it's the same > >> company. > >> > >> I'm pretty sure it is. SysTest is one of the companies > >> *currently* > >> accredited by EAC: > >> > http://www.eac.gov/program-areas/voting-systems/test-lab-accreditation/eac-accredited-test-laboratories/ > >> > >> > >> --And the list of the 5 testing labs in the above URL is > >> most probably > >> what is referred to in this news article: > >> http://services.inquirer.net/print/print.php?article_id=20090824-221835 > >> > >> Excerpt: > >> "Meanwhile, Ateneo de Manila professor Renato Garcia, who > >> sits as > >> consultant for the poll body's project management office > >> (PMO) for the > >> 2010 elections, said they have written letters to at least > >> five of the > >> international software certification bodies that can > >> conduct a > >> “formal, thorough review” of the poll automation system > >> software. > >> > >> “One of the five international software certification > >> bodies, have > >> already expressed interest to do the formal review of the > >> customized > >> automation software. This body, we found out, has been > >> conducting a > >> software review for Canadian-based Dominion, the software > >> provider for > >> Smartmatic's poll machines,” Garcia said. > >> > >> “If we can get them, the certification will be easier and > >> faster,” he added." > >> > >> > >> > >> > For Immediate Release on 10/29/2008. EAC Announces > >> Intention to Suspend > >> > SysTest Labs > >> > > >> > WASHINGTON, DC – The U.S. Election Assistance > >> Commission (EAC) today > >> > notified SysTest Laboratories Inc. of its intent to > >> suspend the laboratory’s > >> > accreditation based upon actions taken by the National > >> Institute of > >> > Standards and Technology (NIST). > >> > > >> > August 8, 2008 – Letter from NIST to SysTest > >> regarding initial reassessment > >> > findings. Reiterates EAC’s earlier concerns by > >> stating that SysTest has no > >> > documented test methods, unqualified personnel > >> conducting tests and concerns > >> > regarding manufacturer influence. NIST notes the need > >> for an on-site > >> > assessment, requires SysTest to submit specific > >> testing information and > >> > update NIST regarding testing documentation. > >> > > >> > October 28, 2008 – NIST suspends accreditation of > >> SysTest. > >> > > >> > EAC is United States Election Assistance Commission > >> 1225 New York Avenue > >> > N.W. - Suite 1100 Washington, DC 20005 > >> > > >> > On Thu, Oct 8, 2009 at 6:36 PM, jan gestre <[email protected]> > >> wrote: > >> >> > >> >> What's with this? > >> >> <snip> > >> >> > >> >> US-BASED SysTest Labs was declared as the winning > >> bidder that will certify > >> >> the source code of the software to be installed in > >> the 82,200 precinct count > >> >> optical scan (PCOS) machines for the May 2010 > >> elections. > >> >> > >> >> Poll Commissioner Rene Sarmiento said that out of > >> the four international > >> >> companies that participated in the bidding last > >> week, SystTest Labs was able > >> >> to comply with all the requirements set by the > >> Bids and Awards Committee > >> >> (BAC) of the Commission on Elections (Comelec). > >> >> > >> >> Taken from > >> >> --> > http://www.sunstar.com.ph/manila/us-firm-wins-bid-review-pcos-source-code > >> >> > >> >> They're not allowing Cenpeg et al. but the awarded > >> a bid to a US based > >> >> firm? WTF. > >> > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Regards, Danny Ching
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
