That's why we are in a mess. There's a saying when you are in a hole, you stop digging.
On Mon, Oct 12, 2009 at 10:14 PM, Oscar Plameras <[email protected]> wrote: > It's really up to you. > > > On Mon, Oct 12, 2009 at 10:11 PM, Paolo Falcone <[email protected]> wrote: >> Duh? >> >> You are conveniently forgetting that the PCOS is not just "Count and >> Tabulate". It also has features to ensure that the system is NOT >> tampered, whether during count or transmission, and that requires >> crypto. >> >> Horses for courses my ass. >> >> If it were just simple to simply trust governments and people, there >> wouldn't be a need for a military, or for crypto at all. But you're in >> the real world, and not all can be trusted. >> >> Paolo >> >> On Mon, Oct 12, 2009 at 7:07 PM, Oscar Plameras <[email protected]> >> wrote: >>> Horses for courses. Military security is not comparable to a system that is >>> "Count and Tabulate. >>> >>> On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> >>> wrote: >>>> The system is indeed not designed to detect corruption, and neither >>>> does a source code review indicate that with all degrees of certainty >>>> the presence of a backdoor indicates corruption. >>>> >>>> Then again, only a source code review satisfies the requirement that >>>> there will be no backdoors in the inspected application, be it put by >>>> a corrupt programmer or a programmer in a hurry to get out of the >>>> office. A blackbox testing with the specifications can only get you so >>>> far - that the system is compliant as per specification. Whether it >>>> exceeds or subverts the specification outside the test conditions is >>>> something that you can only get with a code review. >>>> >>>> Has anyone even wondered why the military is so anal about source code >>>> and algorithm review when designing military ciphers? Once the >>>> underlying mantra (Kerckhoff's principle) is thoroughly understood >>>> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >>>> JOB. >>>> >>>> It amazes me that there are still some segments in society that won't >>>> extend the same level of scrutiny to the system that determines who >>>> will run their government. And would rather outsource the scrutinizing >>>> eyes to some non-stakeholder corporation. >>>> >>>> When it comes to reviewing software, you can automate all the tests, >>>> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >>>> >>>> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <[email protected]> >>>> wrote: >>>>> You should know that the system is not meant to detect corruption. >>>>> >>>>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >>>>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>>>> you. Hehehe >>>>>> >>>>>> I think we should at least be realistic enough to note that some >>>>>> corrupt officials are completely willing to corrupting anyone >>>>>> including programmers. >>>>>> >>>>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>>>> to technical stuff and let us not question each other's technical >>>>>> capabilities. Peace. >>>>>> >>>>>> Regards, >>>>>> Danny Ching >>>>>> >>>>>> >>>>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> If you don't trust programmers, you are in the wrong profession. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>>>> wrote: >>>>>>>> I don't trust programmers who hide their code. Although not all >>>>>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>>>>> is one honest reviewer. >>>>>>>> >>>>>>>> However in a close source system all it takes to corrupt the system >>>>>>>> is >>>>>>>> one corrupt programmer. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Danny Ching >>>>>>>> >>>>>>>> >>>>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> You don't trust programmers? >>>>>>>>> >>>>>>>>> This precisely what's wrong with source code review. >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>>>> wrote: >>>>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>>>> cannot >>>>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>>>> will >>>>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>>>> course >>>>>>>>>> outside of computers that is a different problem altogether. I just >>>>>>>>>> don't want people blaming computerization for failure of elections. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Danny Ching >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <[email protected] >>>>>>>>>> > >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>>>> system. >>>>>>>>>>> >>>>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>>>> to >>>>>>>>>>> arrest >>>>>>>>>>> human corruption. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>>>> are >>>>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>>>> simple >>>>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>>>> out of >>>>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>>>> then >>>>>>>>>>>> checking the cource code should be easy. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> Danny Ching >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras >>>>>>>>>>>> <[email protected] >>>>>>>>>>>>> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>>>> accept >>>>>>>>>>>>> a System. >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail >>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>>>> to >>>>>>>>>>>>>>> develop. >>>>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>>>> >>>>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>>>> if >>>>>>>>>>>>>> there >>>>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>>>> seen by >>>>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>>>> >>>>>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>>>>> to >>>>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>>>> scheme... >>>>>>>>>>>>>> >>>>>>>>>>>>>> fooler. >>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>> >>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> >>>> >>>> >>>> -- >>>> Paolo >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> >> >> >> -- >> Paolo >> Sent from Makati, Man, Philippines >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
