That's what programmers always say. it's difficult.
On Mon, Oct 12, 2009 at 7:07 PM, Danny Ching <[email protected]> wrote: > Actually it's difficult to test because if you have a huge pool of > candidates and positions you have to hit all possible combinations > ( and in the right order) to trigger the cheat in a test environment. > Bear in mind that the trigger does not have to come from one voter. > Requiring three voters to enter different trigger codes is very easy. > A simple disclosure of the source code will preclude this. > > Regards, > Danny Ching > > > On Oct 12, 2009, at 3:53 PM, Oscar Plameras <[email protected]> > wrote: > >> The system testers are not suppose to see the source codes. In >> general, they >> are not programmers but Systems Analyst Professionals. >> >> Triggers are difficult to develop but easy to test. You mention >> ordering of the >> candidates, that is the easiest to come up with in a test given the >> specified >> outcome. >> >> Remember, Election Automation Software is one of the easiest to >> develop. >> It is "Count and Tally", nothing complicated and convoluted. >> >> On Mon, Oct 12, 2009 at 5:36 PM, Danny Ching <[email protected]> >> wrote: >>> if you do not see the source code, you can test all you want and get >>> good/correct results. Unfortunately it does not preclude, "easter >>> eggs" or >>> hidden triggers that will initiate "special" programs that will >>> favor the >>> programmer's candidate of choice. >>> >>> Triggers like - voting for certain candidates in a specific order. >>> I doubt >>> if the testing centers will be able to test all, possible >>> combinations. All >>> a corrupt candidate has to do is bribe the election officer to feed >>> the >>> election sheets in the right order, then BINGO, extra 500 votes, >>> and nobody >>> even knows or sees that it has happened. The election officer >>> doesn't even >>> have to know he's helping the candidate to cheat. >>> >>> I agree though that Source Code review should not be about the >>> quality of >>> the programming, but on its results. >>> >>> On Mon, Oct 12, 2009 at 1:54 PM, Oscar Plameras <[email protected] >>> > >>> wrote: >>>> >>>> I think it's silly to spend so much money and time to test the >>>> Election System by reviewing Source code. >>>> >>>> From my experience, end users implement acceptance testing of the >>>> system by developing a series of test >>>> other than source code review.The main idea is to simulate scenarios >>>> of operations with input test data >>>> and pre-defining the expected results. Several scenarios are covered >>>> with the input data that's prepared. >>>> >>>> The Election system itself is a simple count and tabulate system and >>>> that is not difficult to simulate. >>>> >>>> Hardly no commercial developer will allow third parties to have >>>> source >>>> code access to their propriety >>>> software. And in general, commercial confidence protects the privacy >>>> of these codes.under the trade >>>> secrets act of countries. I think the Philippines is a signatory >>>> to that. >>>> >>>> And lastly, which source codes are they going to review. The >>>> application source codes? But application >>>> source codes interacts with system source codes. Are they going to >>>> review system source codes, too? >>>> What about the source codes of all firmware chips used in the >>>> system? >>>> Are they goind to review those source codes, >>>> too? How long is a piece of string? The code done by one programmer >>>> maybe anathema to another and so >>>> source code review leads to more controversies. As you know >>>> programmers are full of egos and one argument >>>> leads to another and another. The point is if it does the defined >>>> specifications, it does not matter how or why the >>>> code is written that way. >>>> >>>> Reviewing source codes is a mine field of difficult issues to deal >>>> with. >>>> >>>> The simplest and easieast is to test by outcome, not how the code >>>> and >>>> why the code is written that >>>> way. After all, we are interested in the integrity of the system not >>>> the integrity of the code. >>>> >>>> On Mon, Oct 12, 2009 at 2:24 PM, Pablo Manalastas >>>> <[email protected]> wrote: >>>>> On SysTest Labs: It will do a testing of the binary executable. >>>>> The >>>>> testing will be more scientific than the testing done by the >>>>> Special Bids >>>>> and Awards Committee (that awarded the contract to Smartmatic) >>>>> but will cost >>>>> COMELEC more than PHP70 Million. Note that this is software >>>>> testing of the >>>>> binary executable, not a review of the source code, and the two >>>>> are totally >>>>> different "animals". >>>>> >>>>> On Monday, October 5, 2009, CenPEG filed with the Supreme Court a >>>>> petition for mandamus, asking the Supreme Court to force COMELEC >>>>> to release >>>>> the source code of the election programs that will be used in >>>>> May, 2010 to >>>>> CenPEG and to all interested political parties and groups, as >>>>> provided for >>>>> by law (RA-9369). >>>>> >>>>> The text of the petition can be found here: >>>>> >>>>> http://www.cenpeg.org/POL%20PARTIES%20AND%20ELECTIONS/OCT%202009/Petition%20for%20Mandamus.pdf >>>>> >>>>> The lawyers for CenPEG are Atty Koko Pimentel, and Atty Pancho >>>>> Joaquin. >>>>> I mention their names here, because they render their services >>>>> for important >>>>> causes for free, and by advertising them, I hope to give them >>>>> business. So >>>>> if you need legal representation, please talk to them. >>>>> >>>>> ~Pablo Manalastas, for CenPEG~ >>>>> >>>>> >>>>> --- On Fri, 10/9/09, Drexx Laggui [personal] <[email protected]> >>>>> wrote: >>>>> >>>>>> From: Drexx Laggui [personal] <[email protected]> >>>>>> Subject: Re: [plug] The Death of Election 2010 Source Code Review >>>>>> To: "Philippine Linux Users' Group (PLUG) Technical Discussion >>>>>> List" >>>>>> <[email protected]> >>>>>> Date: Friday, October 9, 2009, 11:01 PM >>>>>> 09Oct2009 (UTC +8) >>>>>> >>>>>> On Fri, Oct 9, 2009 at 21:21, Richard Paradies <[email protected] >>>>>> > >>>>>> wrote: >>>>>>> But Note Caution: Not certain if it's the same >>>>>> company. >>>>>> >>>>>> I'm pretty sure it is. SysTest is one of the companies >>>>>> *currently* >>>>>> accredited by EAC: >>>>>> >>>>>> http://www.eac.gov/program-areas/voting-systems/test-lab-accreditation/eac-accredited-test-laboratories/ >>>>>> >>>>>> >>>>>> --And the list of the 5 testing labs in the above URL is >>>>>> most probably >>>>>> what is referred to in this news article: >>>>>> http://services.inquirer.net/print/print.php?article_id=20090824-221835 >>>>>> >>>>>> Excerpt: >>>>>> "Meanwhile, Ateneo de Manila professor Renato Garcia, who >>>>>> sits as >>>>>> consultant for the poll body's project management office >>>>>> (PMO) for the >>>>>> 2010 elections, said they have written letters to at least >>>>>> five of the >>>>>> international software certification bodies that can >>>>>> conduct a >>>>>> “formal, thorough review” of the poll automation system >>>>>> software. >>>>>> >>>>>> “One of the five international software certification >>>>>> bodies, have >>>>>> already expressed interest to do the formal review of the >>>>>> customized >>>>>> automation software. This body, we found out, has been >>>>>> conducting a >>>>>> software review for Canadian-based Dominion, the software >>>>>> provider for >>>>>> Smartmatic's poll machines,” Garcia said. >>>>>> >>>>>> “If we can get them, the certification will be easier and >>>>>> faster,” he added." >>>>>> >>>>>> >>>>>> >>>>>>> For Immediate Release on 10/29/2008. EAC Announces >>>>>> Intention to Suspend >>>>>>> SysTest Labs >>>>>>> >>>>>>> WASHINGTON, DC – The U.S. Election Assistance >>>>>> Commission (EAC) today >>>>>>> notified SysTest Laboratories Inc. of its intent to >>>>>> suspend the laboratory’s >>>>>>> accreditation based upon actions taken by the National >>>>>> Institute of >>>>>>> Standards and Technology (NIST). >>>>>>> >>>>>>> August 8, 2008 – Letter from NIST to SysTest >>>>>> regarding initial reassessment >>>>>>> findings. Reiterates EAC’s earlier concerns by >>>>>> stating that SysTest has no >>>>>>> documented test methods, unqualified personnel >>>>>> conducting tests and concerns >>>>>>> regarding manufacturer influence. NIST notes the need >>>>>> for an on-site >>>>>>> assessment, requires SysTest to submit specific >>>>>> testing information and >>>>>>> update NIST regarding testing documentation. >>>>>>> >>>>>>> October 28, 2008 – NIST suspends accreditation of >>>>>> SysTest. >>>>>>> >>>>>>> EAC is United States Election Assistance Commission >>>>>> 1225 New York Avenue >>>>>>> N.W. - Suite 1100 Washington, DC 20005 >>>>>>> >>>>>>> On Thu, Oct 8, 2009 at 6:36 PM, jan gestre <[email protected] >>>>>>> > >>>>>> wrote: >>>>>>>> >>>>>>>> What's with this? >>>>>>>> <snip> >>>>>>>> >>>>>>>> US-BASED SysTest Labs was declared as the winning >>>>>> bidder that will certify >>>>>>>> the source code of the software to be installed in >>>>>> the 82,200 precinct count >>>>>>>> optical scan (PCOS) machines for the May 2010 >>>>>> elections. >>>>>>>> >>>>>>>> Poll Commissioner Rene Sarmiento said that out of >>>>>> the four international >>>>>>>> companies that participated in the bidding last >>>>>> week, SystTest Labs was able >>>>>>>> to comply with all the requirements set by the >>>>>> Bids and Awards Committee >>>>>>>> (BAC) of the Commission on Elections (Comelec). >>>>>>>> >>>>>>>> Taken from >>>>>>>> >>>>>>>> --> >>>>>>>> http://www.sunstar.com.ph/manila/us-firm-wins-bid-review-pcos-source-code >>>>>>>> >>>>>>>> They're not allowing Cenpeg et al. but the awarded >>>>>> a bid to a US based >>>>>>>> firm? WTF. >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> >>> >>> >>> -- >>> Regards, >>> Danny Ching >>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
