Allow me to clarify. Assume that I pay the programmer to order the computer to double votes to Danny if there is a candidate named Juan De la Cruz, will simulation catch that? What if the trigger is a name that says fhrbdudnejd. Will that scenario be tested? There is no way to see that with simulation. Not unless you know what you are looking for. Source code review will expose that.
Regards, Danny Ching On Oct 12, 2009, at 5:58 PM, Oscar Plameras <[email protected]> wrote: > I don't know what you mean. > > So, if you really are a good programmer you must be able to explain > what you > really mean. > > On Mon, Oct 12, 2009 at 8:52 PM, Danny Ching <[email protected]> > wrote: >> Additionally, you can guess a person's credibility by experience >> (simulation testing) but you are never 100% sure because we do not >> have the ability to check what makes a person do something or read >> his >> mind (his source code). Fortunately, computers are easier to verify. >> >> Regards, >> Danny Ching >> >> >> On Oct 12, 2009, at 5:47 PM, Michael Mondragon <[email protected] >> > wrote: >> >>> foolder is correct. that's why sometimes there's a need for reverse >>> engineering (static analysis) which could led to vulnerability >>> discovery. this could lead us to some code which could be made in- >>> place for any injection (backdoor, etc.) during normal execution. >>> >>> cheers, >>> mike >>> >>> >>> >>> ----- Original Message ---- >>> From: fooler mail <[email protected]> >>> To: Philippine Linux Users' Group (PLUG) Technical Discussion List >>> <[email protected] >>>> >>> Sent: Mon, October 12, 2009 4:47:19 PM >>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>> Source Code Review) >>> >>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>> <[email protected]> wrote: >>>> >>>> Remember, Election Automation Software is one of the easiest to >>>> develop. >>>> It is "Count and Tally", nothing complicated and convoluted. >>> >>> true.. BUT... the purpose of source code review is to examine if >>> there >>> is something beyond the count and tally thing which cannot be seen >>> by >>> your simulation test.. as what danny said - TRIGGERS.. >>> >>> special keyboard hotkey, special packets, special ER and others to >>> trigger the manipulation of votes to do the dagdag-bawas scheme... >>> >>> fooler. >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >>> >>> >>> >>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
