Horses for courses. Military security is not comparable to a system that is "Count and Tabulate.
On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> wrote: > The system is indeed not designed to detect corruption, and neither > does a source code review indicate that with all degrees of certainty > the presence of a backdoor indicates corruption. > > Then again, only a source code review satisfies the requirement that > there will be no backdoors in the inspected application, be it put by > a corrupt programmer or a programmer in a hurry to get out of the > office. A blackbox testing with the specifications can only get you so > far - that the system is compliant as per specification. Whether it > exceeds or subverts the specification outside the test conditions is > something that you can only get with a code review. > > Has anyone even wondered why the military is so anal about source code > and algorithm review when designing military ciphers? Once the > underlying mantra (Kerckhoff's principle) is thoroughly understood > then one will understand why a blackbox testing SIMPLY DOES NOT DO THE > JOB. > > It amazes me that there are still some segments in society that won't > extend the same level of scrutiny to the system that determines who > will run their government. And would rather outsource the scrutinizing > eyes to some non-stakeholder corporation. > > When it comes to reviewing software, you can automate all the tests, > but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. > > On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <[email protected]> > wrote: >> You should know that the system is not meant to detect corruption. >> >> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >>> Perhaps I should qualify that. Lest the prorammers in the list believe >>> you. Hehehe >>> >>> I think we should at least be realistic enough to note that some >>> corrupt officials are completely willing to corrupting anyone >>> including programmers. >>> >>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>> to technical stuff and let us not question each other's technical >>> capabilities. Peace. >>> >>> Regards, >>> Danny Ching >>> >>> >>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>> wrote: >>> >>>> If you don't trust programmers, you are in the wrong profession. >>>> >>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>> wrote: >>>>> I don't trust programmers who hide their code. Although not all >>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>> is one honest reviewer. >>>>> >>>>> However in a close source system all it takes to corrupt the system >>>>> is >>>>> one corrupt programmer. >>>>> >>>>> Regards, >>>>> Danny Ching >>>>> >>>>> >>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>>> wrote: >>>>> >>>>>> You don't trust programmers? >>>>>> >>>>>> This precisely what's wrong with source code review. >>>>>> >>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>> wrote: >>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>> cannot >>>>>>> check their work. The purpose of source code validation is not to >>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>> will >>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>> course >>>>>>> outside of computers that is a different problem altogether. I just >>>>>>> don't want people blaming computerization for failure of elections. >>>>>>> >>>>>>> Regards, >>>>>>> Danny Ching >>>>>>> >>>>>>> >>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <[email protected] >>>>>>> > >>>>>>> wrote: >>>>>>> >>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>> system. >>>>>>>> >>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>> to >>>>>>>> arrest >>>>>>>> human corruption. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>> wrote: >>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>> are >>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>> simple >>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>> out of >>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>> then >>>>>>>>> checking the cource code should be easy. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Danny Ching >>>>>>>>> >>>>>>>>> >>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras <[email protected] >>>>>>>>>> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>> accept >>>>>>>>>> a System. >>>>>>>>>> >>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail <[email protected] >>>>>>>>>>> >>>>>>>>>> wrote: >>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>> <[email protected] >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>> to >>>>>>>>>>>> develop. >>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>> >>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>> if >>>>>>>>>>> there >>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>> seen by >>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>> >>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>> to >>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>> scheme... >>>>>>>>>>> >>>>>>>>>>> fooler. >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > > -- > Paolo > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
