We usually look for the trees in the forest.
On Mon, Oct 12, 2009 at 10:11 PM, Oscar Plameras <[email protected]> wrote: > This brings us back always to our sense of proportion as a Pinoy culture. > > On Mon, Oct 12, 2009 at 10:07 PM, Oscar Plameras > <[email protected]> wrote: >> Horses for courses. Military security is not comparable to a system that is >> "Count and Tabulate. >> >> On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> wrote: >>> The system is indeed not designed to detect corruption, and neither >>> does a source code review indicate that with all degrees of certainty >>> the presence of a backdoor indicates corruption. >>> >>> Then again, only a source code review satisfies the requirement that >>> there will be no backdoors in the inspected application, be it put by >>> a corrupt programmer or a programmer in a hurry to get out of the >>> office. A blackbox testing with the specifications can only get you so >>> far - that the system is compliant as per specification. Whether it >>> exceeds or subverts the specification outside the test conditions is >>> something that you can only get with a code review. >>> >>> Has anyone even wondered why the military is so anal about source code >>> and algorithm review when designing military ciphers? Once the >>> underlying mantra (Kerckhoff's principle) is thoroughly understood >>> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >>> JOB. >>> >>> It amazes me that there are still some segments in society that won't >>> extend the same level of scrutiny to the system that determines who >>> will run their government. And would rather outsource the scrutinizing >>> eyes to some non-stakeholder corporation. >>> >>> When it comes to reviewing software, you can automate all the tests, >>> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >>> >>> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <[email protected]> >>> wrote: >>>> You should know that the system is not meant to detect corruption. >>>> >>>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >>>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>>> you. Hehehe >>>>> >>>>> I think we should at least be realistic enough to note that some >>>>> corrupt officials are completely willing to corrupting anyone >>>>> including programmers. >>>>> >>>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>>> to technical stuff and let us not question each other's technical >>>>> capabilities. Peace. >>>>> >>>>> Regards, >>>>> Danny Ching >>>>> >>>>> >>>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>>> wrote: >>>>> >>>>>> If you don't trust programmers, you are in the wrong profession. >>>>>> >>>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>>> wrote: >>>>>>> I don't trust programmers who hide their code. Although not all >>>>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>>>> is one honest reviewer. >>>>>>> >>>>>>> However in a close source system all it takes to corrupt the system >>>>>>> is >>>>>>> one corrupt programmer. >>>>>>> >>>>>>> Regards, >>>>>>> Danny Ching >>>>>>> >>>>>>> >>>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> You don't trust programmers? >>>>>>>> >>>>>>>> This precisely what's wrong with source code review. >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>>> wrote: >>>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>>> cannot >>>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>>> will >>>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>>> course >>>>>>>>> outside of computers that is a different problem altogether. I just >>>>>>>>> don't want people blaming computerization for failure of elections. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Danny Ching >>>>>>>>> >>>>>>>>> >>>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <[email protected] >>>>>>>>> > >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>>> system. >>>>>>>>>> >>>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>>> to >>>>>>>>>> arrest >>>>>>>>>> human corruption. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>>> are >>>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>>> simple >>>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>>> out of >>>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>>> then >>>>>>>>>>> checking the cource code should be easy. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Danny Ching >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras <[email protected] >>>>>>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>>> accept >>>>>>>>>>>> a System. >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail <[email protected] >>>>>>>>>>>>> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>>> to >>>>>>>>>>>>>> develop. >>>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>>> >>>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>>> if >>>>>>>>>>>>> there >>>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>>> seen by >>>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>>> >>>>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>>>> to >>>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>>> scheme... >>>>>>>>>>>>> >>>>>>>>>>>>> fooler. >>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>> >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> >>> >>> >>> -- >>> Paolo >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
