Programmers dreamed up difficulties as if nobody else understands what they are talking about.
On Mon, Oct 12, 2009 at 8:18 PM, Gideon N. Guillen <[email protected]> wrote: > On 10/12/2009 15:52:55, Oscar Plameras wrote: > Sent: >> Remember, Election Automation Software is one of the easiest to develop. >> It is "Count and Tally", nothing complicated and convoluted. > > No! In addition to the checking for triggers or backdoors that other have > mentioned, the EAS should also provide a way to check that data, and maybe > even the program, has not been tampered with. Thus, the need for several > crypto tech like public key encryption, message digest algorithms, etc. > Everybody in this list knows how important it is to have crypto stuff. You > might be using good algorithms to do the authentication or checking the > integrity of the system and data, but a little backdoor and your EAS is even > worse than paper ballots.to simulate. >>> >>> Hardly no commercial developer will allow third parties to have source >>> code access to their propriety >>> software. And in general, commercial confidence protects the privacy >>> of these codes.under the trade >>> secrets act of countries. I think the Philippines is a signatory to that. >>> >>> And lastly, which source codes are they going to review. The >>> application source codes? But application >>> source codes interacts with system source codes. Are they going to >>> review system source codes, too? >>> What about the source codes of all firmware chips used in the system? >>> Are they goind to review those source codes, >>> too? How long is a piece of string? The code done by one programmer >>> maybe anathema to another and so >>> source code review leads to more controversies. As you know >>> programmers are full of egos and one argument >>> leads to another and another. The point is if it does the defined >>> specifications, it does not matter how or why the >>> code is written that way. >>> >>> Reviewing source codes is a mine field of difficult issues to deal with. >>> >>> The simplest and easieast is to test by outcome, not how the code and >>> why the code is written that >>> way. After all, we are interested in the integrity of the system not >>> the integrity of the code. >>> >>> On Mon, Oct 12, 2009 at 2:24 PM, Pablo Manalastas >>> <[email protected]> wrote: >>> > On SysTest Labs: It will do a testing of the binary executable. The >>> > testing will be more scientific than the testing done by the Special Bids >>> > and Awards Committee (that awarded the contract to Smartmatic) but will >>> > cost >>> > COMELEC more than PHP70 Million. Note that this is software testing of the >>> > binary executable, not a review of the source code, and the two are >>> > totally >>> > different "animals". >>> > >>> > On Monday, October 5, 2009, CenPEG filed with the Supreme Court a >>> > petition for mandamus, asking the Supreme Court to force COMELEC to >>> > release >>> > the source code of the election programs that will be used in May, 2010 to >>> > CenPEG and to all interested political parties and groups, as provided for >>> > by law (RA-9369). >>> > >>> > The text of the petition can be found here: >>> > >>> > http://www.cenpeg.org/POL%20PARTIES%20AND%20ELECTIONS/OCT%202009/Petition%20for%20Mandamus.pdf >>> > >>> > The lawyers for CenPEG are Atty Koko Pimentel, and Atty Pancho Joaquin. >>> > I mention their names here, because they render their services for >>> > important >>> > causes for free, and by advertising them, I hope to give them business. So >>> > if you need legal representation, please talk to them. >>> > >>> > ~Pablo Manalastas, for CenPEG~ >>> > >>> > >>> > --- On Fri, 10/9/09, Drexx Laggui [personal] <[email protected]> wrote: >>> > >>> >> From: Drexx Laggui [personal] <[email protected]> >>> >> Subject: Re: [plug] The Death of Election 2010 Source Code Review >>> >> To: "Philippine Linux Users' Group (PLUG) Technical Discussion List" >>> >> <[email protected]> >>> >> Date: Friday, October 9, 2009, 11:01 PM >>> >> 09Oct2009 (UTC +8) >>> >> >>> >> On Fri, Oct 9, 2009 at 21:21, Richard Paradies <[email protected]> >>> >> wrote: >>> >> > But Note Caution: Not certain if it's the same >>> >> company. >>> >> >>> >> I'm pretty sure it is. SysTest is one of the companies >>> >> *currently* >>> >> accredited by EAC: >>> >> >>> >> http://www.eac.gov/program-areas/voting-systems/test-lab-accreditation/eac-accredited-test-laboratories/ >>> >> >>> >> >>> >> --And the list of the 5 testing labs in the above URL is >>> >> most probably >>> >> what is referred to in this news article: >>> >> http://services.inquirer.net/print/print.php?article_id=20090824-221835 >>> >> >>> >> Excerpt: >>> >> "Meanwhile, Ateneo de Manila professor Renato Garcia, who >>> >> sits as >>> >> consultant for the poll body's project management office >>> >> (PMO) for the >>> >> 2010 elections, said they have written letters to at least >>> >> five of the >>> >> international software certification bodies that can >>> >> conduct a >>> >> “formal, thorough review” of the poll automation system >>> >> software. >>> >> >>> >> “One of the five international software certification >>> >> bodies, have >>> >> already expressed interest to do the formal review of the >>> >> customized >>> >> automation software. This body, we found out, has been >>> >> conducting a >>> >> software review for Canadian-based Dominion, the software >>> >> provider for >>> >> Smartmatic's poll machines,” Garcia said. >>> >> >>> >> “If we can get them, the certification will be easier and >>> >> faster,” he added." >>> >> >>> >> >>> >> >>> >> > For Immediate Release on 10/29/2008. EAC Announces >>> >> Intention to Suspend >>> >> > SysTest Labs >>> >> > >>> >> > WASHINGTON, DC – The U.S. Election Assistance >>> >> Commission (EAC) today >>> >> > notified SysTest Laboratories Inc. of its intent to >>> >> suspend the laboratory’s >>> >> > accreditation based upon actions taken by the National >>> >> Institute of >>> >> > Standards and Technology (NIST). >>> >> > >>> >> > August 8, 2008 – Letter from NIST to SysTest >>> >> regarding initial reassessment >>> >> > findings. Reiterates EAC’s earlier concerns by >>> >> stating that SysTest has no >>> >> > documented test methods, unqualified personnel >>> >> conducting tests and concerns >>> >> > regarding manufacturer influence. NIST notes the need >>> >> for an on-site >>> >> > assessment, requires SysTest to submit specific >>> >> testing information and >>> >> > update NIST regarding testing documentation. >>> >> > >>> >> > October 28, 2008 – NIST suspends accreditation of >>> >> SysTest. >>> >> > >>> >> > EAC is United States Election Assistance Commission >>> >> 1225 New York Avenue >>> >> > N.W. - Suite 1100 Washington, DC 20005 >>> >> > >>> >> > On Thu, Oct 8, 2009 at 6:36 PM, jan gestre <[email protected]> >>> >> wrote: >>> >> >> >>> >> >> What's with this? >>> >> >> <snip> >>> >> >> >>> >> >> US-BASED SysTest Labs was declared as the winning >>> >> bidder that will certify >>> >> >> the source code of the software to be installed in >>> >> the 82,200 precinct count >>> >> >> optical scan (PCOS) machines for the May 2010 >>> >> elections. >>> >> >> >>> >> >> Poll Commissioner Rene Sarmiento said that out of >>> >> the four international >>> >> >> companies that participated in the bidding last >>> >> week, SystTest Labs was able >>> >> >> to comply with all the requirements set by the >>> >> Bids and Awards Committee >>> >> >> (BAC) of the Commission on Elections (Comelec). >>> >> >> >>> >> >> Taken from >>> >> >> >>> >> >> --> http://www.sunstar.com.ph/manila/us-firm-wins-bid-review-pcos-source-code >>> >> >> >>> >> >> They're not allowing Cenpeg et al. but the awarded >>> >> a bid to a US based >>> >> >> firm? WTF. >>> >> >>> > _________________________________________________ >>> > Philippine Linux Users' Group (PLUG) Mailing List >>> > http://lists.linux.org.ph/mailman/listinfo/plug >>> > Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> >> >> >> -- >> Regards, >> Danny Ching >> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
