Opening the source code gives us a better channce to catch that. May not be 100%. But better than nothing.
Regards, Danny Ching On Oct 12, 2009, at 6:11 PM, Oscar Plameras <[email protected]> wrote: > Then, you have a corrupt programmer. > > There's nothing you can do when there's a programmer in your team who > is corrupt. > > This is a project management issue and not a systems issue that is > properly dealt with before and during the development. > > On Mon, Oct 12, 2009 at 9:06 PM, Danny Ching <[email protected]> > wrote: >> Allow me to clarify. Assume that I pay the programmer to order the >> computer to double votes to Danny if there is a candidate named Juan >> De la Cruz, will simulation catch that? What if the trigger is a name >> that says fhrbdudnejd. Will that scenario be tested? There is no way >> to see that with simulation. Not unless you know what you are looking >> for. Source code review will expose that. >> >> Regards, >> Danny Ching >> >> >> On Oct 12, 2009, at 5:58 PM, Oscar Plameras <[email protected]> >> wrote: >> >>> I don't know what you mean. >>> >>> So, if you really are a good programmer you must be able to explain >>> what you >>> really mean. >>> >>> On Mon, Oct 12, 2009 at 8:52 PM, Danny Ching <[email protected]> >>> wrote: >>>> Additionally, you can guess a person's credibility by experience >>>> (simulation testing) but you are never 100% sure because we do not >>>> have the ability to check what makes a person do something or read >>>> his >>>> mind (his source code). Fortunately, computers are easier to >>>> verify. >>>> >>>> Regards, >>>> Danny Ching >>>> >>>> >>>> On Oct 12, 2009, at 5:47 PM, Michael Mondragon <[email protected] >>>> > wrote: >>>> >>>>> foolder is correct. that's why sometimes there's a need for >>>>> reverse >>>>> engineering (static analysis) which could led to vulnerability >>>>> discovery. this could lead us to some code which could be made >>>>> in- >>>>> place for any injection (backdoor, etc.) during normal execution. >>>>> >>>>> cheers, >>>>> mike >>>>> >>>>> >>>>> >>>>> ----- Original Message ---- >>>>> From: fooler mail <[email protected]> >>>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion List >>>>> <[email protected] >>>>>> >>>>> Sent: Mon, October 12, 2009 4:47:19 PM >>>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>>> Source Code Review) >>>>> >>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>> <[email protected]> wrote: >>>>>> >>>>>> Remember, Election Automation Software is one of the easiest to >>>>>> develop. >>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>> >>>>> true.. BUT... the purpose of source code review is to examine if >>>>> there >>>>> is something beyond the count and tally thing which cannot be seen >>>>> by >>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>> >>>>> special keyboard hotkey, special packets, special ER and others to >>>>> trigger the manipulation of votes to do the dagdag-bawas scheme... >>>>> >>>>> fooler. >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
