The system is indeed not designed to detect corruption, and neither does a source code review indicate that with all degrees of certainty the presence of a backdoor indicates corruption.
Then again, only a source code review satisfies the requirement that there will be no backdoors in the inspected application, be it put by a corrupt programmer or a programmer in a hurry to get out of the office. A blackbox testing with the specifications can only get you so far - that the system is compliant as per specification. Whether it exceeds or subverts the specification outside the test conditions is something that you can only get with a code review. Has anyone even wondered why the military is so anal about source code and algorithm review when designing military ciphers? Once the underlying mantra (Kerckhoff's principle) is thoroughly understood then one will understand why a blackbox testing SIMPLY DOES NOT DO THE JOB. It amazes me that there are still some segments in society that won't extend the same level of scrutiny to the system that determines who will run their government. And would rather outsource the scrutinizing eyes to some non-stakeholder corporation. When it comes to reviewing software, you can automate all the tests, but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <[email protected]> wrote: > You should know that the system is not meant to detect corruption. > > On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >> Perhaps I should qualify that. Lest the prorammers in the list believe >> you. Hehehe >> >> I think we should at least be realistic enough to note that some >> corrupt officials are completely willing to corrupting anyone >> including programmers. >> >> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >> to technical stuff and let us not question each other's technical >> capabilities. Peace. >> >> Regards, >> Danny Ching >> >> >> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >> wrote: >> >>> If you don't trust programmers, you are in the wrong profession. >>> >>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>> wrote: >>>> I don't trust programmers who hide their code. Although not all >>>> reviewers are honest, all it takes to expose anomalies in open source >>>> is one honest reviewer. >>>> >>>> However in a close source system all it takes to corrupt the system >>>> is >>>> one corrupt programmer. >>>> >>>> Regards, >>>> Danny Ching >>>> >>>> >>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>> wrote: >>>> >>>>> You don't trust programmers? >>>>> >>>>> This precisely what's wrong with source code review. >>>>> >>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>> wrote: >>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>> cannot >>>>>> check their work. The purpose of source code validation is not to >>>>>> check the computer or it's software's trustworthiness. A computer >>>>>> will >>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>> course >>>>>> outside of computers that is a different problem altogether. I just >>>>>> don't want people blaming computerization for failure of elections. >>>>>> >>>>>> Regards, >>>>>> Danny Ching >>>>>> >>>>>> >>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <[email protected] >>>>>> > >>>>>> wrote: >>>>>> >>>>>>> What you mean is the trustworthiness of the people running the >>>>>>> system. >>>>>>> >>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>> to >>>>>>> arrest >>>>>>> human corruption. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>> wrote: >>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>> are >>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>> simple >>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>> out of >>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>> then >>>>>>>> checking the cource code should be easy. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Danny Ching >>>>>>>> >>>>>>>> >>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras <[email protected] >>>>>>>>> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>> accept >>>>>>>>> a System. >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail <[email protected] >>>>>>>>>> >>>>>>>>> wrote: >>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>> <[email protected] >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>> to >>>>>>>>>>> develop. >>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>> >>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>> if >>>>>>>>>> there >>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>> seen by >>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>> >>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>> to >>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>> scheme... >>>>>>>>>> >>>>>>>>>> fooler. >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Paolo _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
