If the program is a mere "Count and Tally" why push it that we can ignore checking the validity and functionality of the Automated Election source code?
On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras <[email protected]>wrote: > The system testers are not suppose to see the source codes. In general, > they > are not programmers but Systems Analyst Professionals. > > Triggers are difficult to develop but easy to test. You mention ordering of > the > candidates, that is the easiest to come up with in a test given the > specified > outcome. > > Remember, Election Automation Software is one of the easiest to develop. > It is "Count and Tally", nothing complicated and convoluted. > > On Mon, Oct 12, 2009 at 5:36 PM, Danny Ching <[email protected]> wrote: > > if you do not see the source code, you can test all you want and get > > good/correct results. Unfortunately it does not preclude, "easter eggs" > or > > hidden triggers that will initiate "special" programs that will favor the > > programmer's candidate of choice. > > > > Triggers like - voting for certain candidates in a specific order. I > doubt > > if the testing centers will be able to test all, possible combinations. > All > > a corrupt candidate has to do is bribe the election officer to feed the > > election sheets in the right order, then BINGO, extra 500 votes, and > nobody > > even knows or sees that it has happened. The election officer doesn't > even > > have to know he's helping the candidate to cheat. > > > > I agree though that Source Code review should not be about the quality of > > the programming, but on its results. > > > > On Mon, Oct 12, 2009 at 1:54 PM, Oscar Plameras <[email protected] > > > > wrote: > >> > >> I think it's silly to spend so much money and time to test the > >> Election System by reviewing Source code. > >> > >> From my experience, end users implement acceptance testing of the > >> system by developing a series of test > >> other than source code review.The main idea is to simulate scenarios > >> of operations with input test data > >> and pre-defining the expected results. Several scenarios are covered > >> with the input data that's prepared. > >> > >> The Election system itself is a simple count and tabulate system and > >> that is not difficult to simulate. > >> > >> Hardly no commercial developer will allow third parties to have source > >> code access to their propriety > >> software. And in general, commercial confidence protects the privacy > >> of these codes.under the trade > >> secrets act of countries. I think the Philippines is a signatory to > that. > >> > >> And lastly, which source codes are they going to review. The > >> application source codes? But application > >> source codes interacts with system source codes. Are they going to > >> review system source codes, too? > >> What about the source codes of all firmware chips used in the system? > >> Are they goind to review those source codes, > >> too? How long is a piece of string? The code done by one programmer > >> maybe anathema to another and so > >> source code review leads to more controversies. As you know > >> programmers are full of egos and one argument > >> leads to another and another. The point is if it does the defined > >> specifications, it does not matter how or why the > >> code is written that way. > >> > >> Reviewing source codes is a mine field of difficult issues to deal with. > >> > >> The simplest and easieast is to test by outcome, not how the code and > >> why the code is written that > >> way. After all, we are interested in the integrity of the system not > >> the integrity of the code. > >> > >> On Mon, Oct 12, 2009 at 2:24 PM, Pablo Manalastas > >> <[email protected]> wrote: > >> > On SysTest Labs: It will do a testing of the binary executable. The > >> > testing will be more scientific than the testing done by the Special > Bids > >> > and Awards Committee (that awarded the contract to Smartmatic) but > will cost > >> > COMELEC more than PHP70 Million. Note that this is software testing of > the > >> > binary executable, not a review of the source code, and the two are > totally > >> > different "animals". > >> > > >> > On Monday, October 5, 2009, CenPEG filed with the Supreme Court a > >> > petition for mandamus, asking the Supreme Court to force COMELEC to > release > >> > the source code of the election programs that will be used in May, > 2010 to > >> > CenPEG and to all interested political parties and groups, as provided > for > >> > by law (RA-9369). > >> > > >> > The text of the petition can be found here: > >> > > >> > > http://www.cenpeg.org/POL%20PARTIES%20AND%20ELECTIONS/OCT%202009/Petition%20for%20Mandamus.pdf > >> > > >> > The lawyers for CenPEG are Atty Koko Pimentel, and Atty Pancho > Joaquin. > >> > I mention their names here, because they render their services for > important > >> > causes for free, and by advertising them, I hope to give them > business. So > >> > if you need legal representation, please talk to them. > >> > > >> > ~Pablo Manalastas, for CenPEG~ > >> > > >> > > >> > --- On Fri, 10/9/09, Drexx Laggui [personal] <[email protected]> > wrote: > >> > > >> >> From: Drexx Laggui [personal] <[email protected]> > >> >> Subject: Re: [plug] The Death of Election 2010 Source Code Review > >> >> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" > >> >> <[email protected]> > >> >> Date: Friday, October 9, 2009, 11:01 PM > >> >> 09Oct2009 (UTC +8) > >> >> > >> >> On Fri, Oct 9, 2009 at 21:21, Richard Paradies <[email protected]> > >> >> wrote: > >> >> > But Note Caution: Not certain if it's the same > >> >> company. > >> >> > >> >> I'm pretty sure it is. SysTest is one of the companies > >> >> *currently* > >> >> accredited by EAC: > >> >> > >> >> > http://www.eac.gov/program-areas/voting-systems/test-lab-accreditation/eac-accredited-test-laboratories/ > >> >> > >> >> > >> >> --And the list of the 5 testing labs in the above URL is > >> >> most probably > >> >> what is referred to in this news article: > >> >> > http://services.inquirer.net/print/print.php?article_id=20090824-221835 > >> >> > >> >> Excerpt: > >> >> "Meanwhile, Ateneo de Manila professor Renato Garcia, who > >> >> sits as > >> >> consultant for the poll body's project management office > >> >> (PMO) for the > >> >> 2010 elections, said they have written letters to at least > >> >> five of the > >> >> international software certification bodies that can > >> >> conduct a > >> >> “formal, thorough review” of the poll automation system > >> >> software. > >> >> > >> >> “One of the five international software certification > >> >> bodies, have > >> >> already expressed interest to do the formal review of the > >> >> customized > >> >> automation software. This body, we found out, has been > >> >> conducting a > >> >> software review for Canadian-based Dominion, the software > >> >> provider for > >> >> Smartmatic's poll machines,” Garcia said. > >> >> > >> >> “If we can get them, the certification will be easier and > >> >> faster,” he added." > >> >> > >> >> > >> >> > >> >> > For Immediate Release on 10/29/2008. EAC Announces > >> >> Intention to Suspend > >> >> > SysTest Labs > >> >> > > >> >> > WASHINGTON, DC – The U.S. Election Assistance > >> >> Commission (EAC) today > >> >> > notified SysTest Laboratories Inc. of its intent to > >> >> suspend the laboratory’s > >> >> > accreditation based upon actions taken by the National > >> >> Institute of > >> >> > Standards and Technology (NIST). > >> >> > > >> >> > August 8, 2008 – Letter from NIST to SysTest > >> >> regarding initial reassessment > >> >> > findings. Reiterates EAC’s earlier concerns by > >> >> stating that SysTest has no > >> >> > documented test methods, unqualified personnel > >> >> conducting tests and concerns > >> >> > regarding manufacturer influence. NIST notes the need > >> >> for an on-site > >> >> > assessment, requires SysTest to submit specific > >> >> testing information and > >> >> > update NIST regarding testing documentation. > >> >> > > >> >> > October 28, 2008 – NIST suspends accreditation of > >> >> SysTest. > >> >> > > >> >> > EAC is United States Election Assistance Commission > >> >> 1225 New York Avenue > >> >> > N.W. - Suite 1100 Washington, DC 20005 > >> >> > > >> >> > On Thu, Oct 8, 2009 at 6:36 PM, jan gestre <[email protected] > > > >> >> wrote: > >> >> >> > >> >> >> What's with this? > >> >> >> <snip> > >> >> >> > >> >> >> US-BASED SysTest Labs was declared as the winning > >> >> bidder that will certify > >> >> >> the source code of the software to be installed in > >> >> the 82,200 precinct count > >> >> >> optical scan (PCOS) machines for the May 2010 > >> >> elections. > >> >> >> > >> >> >> Poll Commissioner Rene Sarmiento said that out of > >> >> the four international > >> >> >> companies that participated in the bidding last > >> >> week, SystTest Labs was able > >> >> >> to comply with all the requirements set by the > >> >> Bids and Awards Committee > >> >> >> (BAC) of the Commission on Elections (Comelec). > >> >> >> > >> >> >> Taken from > >> >> >> > >> >> >> --> > http://www.sunstar.com.ph/manila/us-firm-wins-bid-review-pcos-source-code > >> >> >> > >> >> >> They're not allowing Cenpeg et al. but the awarded > >> >> a bid to a US based > >> >> >> firm? WTF. > >> >> > >> > _________________________________________________ > >> > Philippine Linux Users' Group (PLUG) Mailing List > >> > http://lists.linux.org.ph/mailman/listinfo/plug > >> > Searchable Archives: http://archives.free.net.ph > >> _________________________________________________ > >> Philippine Linux Users' Group (PLUG) Mailing List > >> http://lists.linux.org.ph/mailman/listinfo/plug > >> Searchable Archives: http://archives.free.net.ph > > > > > > > > -- > > Regards, > > Danny Ching > > > > _________________________________________________ > > Philippine Linux Users' Group (PLUG) Mailing List > > http://lists.linux.org.ph/mailman/listinfo/plug > > Searchable Archives: http://archives.free.net.ph > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph >
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
