This brings us back always to our sense of proportion as a Pinoy culture.
On Mon, Oct 12, 2009 at 10:07 PM, Oscar Plameras <[email protected]> wrote: > Horses for courses. Military security is not comparable to a system that is > "Count and Tabulate. > > On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> wrote: >> The system is indeed not designed to detect corruption, and neither >> does a source code review indicate that with all degrees of certainty >> the presence of a backdoor indicates corruption. >> >> Then again, only a source code review satisfies the requirement that >> there will be no backdoors in the inspected application, be it put by >> a corrupt programmer or a programmer in a hurry to get out of the >> office. A blackbox testing with the specifications can only get you so >> far - that the system is compliant as per specification. Whether it >> exceeds or subverts the specification outside the test conditions is >> something that you can only get with a code review. >> >> Has anyone even wondered why the military is so anal about source code >> and algorithm review when designing military ciphers? Once the >> underlying mantra (Kerckhoff's principle) is thoroughly understood >> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >> JOB. >> >> It amazes me that there are still some segments in society that won't >> extend the same level of scrutiny to the system that determines who >> will run their government. And would rather outsource the scrutinizing >> eyes to some non-stakeholder corporation. >> >> When it comes to reviewing software, you can automate all the tests, >> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >> >> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <[email protected]> >> wrote: >>> You should know that the system is not meant to detect corruption. >>> >>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>> you. Hehehe >>>> >>>> I think we should at least be realistic enough to note that some >>>> corrupt officials are completely willing to corrupting anyone >>>> including programmers. >>>> >>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>> to technical stuff and let us not question each other's technical >>>> capabilities. Peace. >>>> >>>> Regards, >>>> Danny Ching >>>> >>>> >>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>> wrote: >>>> >>>>> If you don't trust programmers, you are in the wrong profession. >>>>> >>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>> wrote: >>>>>> I don't trust programmers who hide their code. Although not all >>>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>>> is one honest reviewer. >>>>>> >>>>>> However in a close source system all it takes to corrupt the system >>>>>> is >>>>>> one corrupt programmer. >>>>>> >>>>>> Regards, >>>>>> Danny Ching >>>>>> >>>>>> >>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> You don't trust programmers? >>>>>>> >>>>>>> This precisely what's wrong with source code review. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>> wrote: >>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>> cannot >>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>> will >>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>> course >>>>>>>> outside of computers that is a different problem altogether. I just >>>>>>>> don't want people blaming computerization for failure of elections. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Danny Ching >>>>>>>> >>>>>>>> >>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <[email protected] >>>>>>>> > >>>>>>>> wrote: >>>>>>>> >>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>> system. >>>>>>>>> >>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>> to >>>>>>>>> arrest >>>>>>>>> human corruption. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>>> wrote: >>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>> are >>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>> simple >>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>> out of >>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>> then >>>>>>>>>> checking the cource code should be easy. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Danny Ching >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras <[email protected] >>>>>>>>>>> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>> accept >>>>>>>>>>> a System. >>>>>>>>>>> >>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail <[email protected] >>>>>>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>> <[email protected] >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>> to >>>>>>>>>>>>> develop. >>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>> >>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>> if >>>>>>>>>>>> there >>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>> seen by >>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>> >>>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>>> to >>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>> scheme... >>>>>>>>>>>> >>>>>>>>>>>> fooler. >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> >> >> >> -- >> Paolo >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
