Then, you have a corrupt programmer. There's nothing you can do when there's a programmer in your team who is corrupt.
This is a project management issue and not a systems issue that is properly dealt with before and during the development. On Mon, Oct 12, 2009 at 9:06 PM, Danny Ching <[email protected]> wrote: > Allow me to clarify. Assume that I pay the programmer to order the > computer to double votes to Danny if there is a candidate named Juan > De la Cruz, will simulation catch that? What if the trigger is a name > that says fhrbdudnejd. Will that scenario be tested? There is no way > to see that with simulation. Not unless you know what you are looking > for. Source code review will expose that. > > Regards, > Danny Ching > > > On Oct 12, 2009, at 5:58 PM, Oscar Plameras <[email protected]> > wrote: > >> I don't know what you mean. >> >> So, if you really are a good programmer you must be able to explain >> what you >> really mean. >> >> On Mon, Oct 12, 2009 at 8:52 PM, Danny Ching <[email protected]> >> wrote: >>> Additionally, you can guess a person's credibility by experience >>> (simulation testing) but you are never 100% sure because we do not >>> have the ability to check what makes a person do something or read >>> his >>> mind (his source code). Fortunately, computers are easier to verify. >>> >>> Regards, >>> Danny Ching >>> >>> >>> On Oct 12, 2009, at 5:47 PM, Michael Mondragon <[email protected] >>> > wrote: >>> >>>> foolder is correct. that's why sometimes there's a need for reverse >>>> engineering (static analysis) which could led to vulnerability >>>> discovery. this could lead us to some code which could be made in- >>>> place for any injection (backdoor, etc.) during normal execution. >>>> >>>> cheers, >>>> mike >>>> >>>> >>>> >>>> ----- Original Message ---- >>>> From: fooler mail <[email protected]> >>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion List >>>> <[email protected] >>>>> >>>> Sent: Mon, October 12, 2009 4:47:19 PM >>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>> Source Code Review) >>>> >>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>> <[email protected]> wrote: >>>>> >>>>> Remember, Election Automation Software is one of the easiest to >>>>> develop. >>>>> It is "Count and Tally", nothing complicated and convoluted. >>>> >>>> true.. BUT... the purpose of source code review is to examine if >>>> there >>>> is something beyond the count and tally thing which cannot be seen >>>> by >>>> your simulation test.. as what danny said - TRIGGERS.. >>>> >>>> special keyboard hotkey, special packets, special ER and others to >>>> trigger the manipulation of votes to do the dagdag-bawas scheme... >>>> >>>> fooler. >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>>> >>>> >>>> >>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
