Verify by objectives. That's the rule.
On Mon, Oct 12, 2009 at 10:16 PM, Oscar Plameras <[email protected]> wrote: > That's why we are in a mess. > > There's a saying when you are in a hole, you stop digging. > > On Mon, Oct 12, 2009 at 10:14 PM, Oscar Plameras > <[email protected]> wrote: >> It's really up to you. >> >> >> On Mon, Oct 12, 2009 at 10:11 PM, Paolo Falcone <[email protected]> wrote: >>> Duh? >>> >>> You are conveniently forgetting that the PCOS is not just "Count and >>> Tabulate". It also has features to ensure that the system is NOT >>> tampered, whether during count or transmission, and that requires >>> crypto. >>> >>> Horses for courses my ass. >>> >>> If it were just simple to simply trust governments and people, there >>> wouldn't be a need for a military, or for crypto at all. But you're in >>> the real world, and not all can be trusted. >>> >>> Paolo >>> >>> On Mon, Oct 12, 2009 at 7:07 PM, Oscar Plameras <[email protected]> >>> wrote: >>>> Horses for courses. Military security is not comparable to a system that is >>>> "Count and Tabulate. >>>> >>>> On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> >>>> wrote: >>>>> The system is indeed not designed to detect corruption, and neither >>>>> does a source code review indicate that with all degrees of certainty >>>>> the presence of a backdoor indicates corruption. >>>>> >>>>> Then again, only a source code review satisfies the requirement that >>>>> there will be no backdoors in the inspected application, be it put by >>>>> a corrupt programmer or a programmer in a hurry to get out of the >>>>> office. A blackbox testing with the specifications can only get you so >>>>> far - that the system is compliant as per specification. Whether it >>>>> exceeds or subverts the specification outside the test conditions is >>>>> something that you can only get with a code review. >>>>> >>>>> Has anyone even wondered why the military is so anal about source code >>>>> and algorithm review when designing military ciphers? Once the >>>>> underlying mantra (Kerckhoff's principle) is thoroughly understood >>>>> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >>>>> JOB. >>>>> >>>>> It amazes me that there are still some segments in society that won't >>>>> extend the same level of scrutiny to the system that determines who >>>>> will run their government. And would rather outsource the scrutinizing >>>>> eyes to some non-stakeholder corporation. >>>>> >>>>> When it comes to reviewing software, you can automate all the tests, >>>>> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >>>>> >>>>> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <[email protected]> >>>>> wrote: >>>>>> You should know that the system is not meant to detect corruption. >>>>>> >>>>>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >>>>>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>>>>> you. Hehehe >>>>>>> >>>>>>> I think we should at least be realistic enough to note that some >>>>>>> corrupt officials are completely willing to corrupting anyone >>>>>>> including programmers. >>>>>>> >>>>>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>>>>> to technical stuff and let us not question each other's technical >>>>>>> capabilities. Peace. >>>>>>> >>>>>>> Regards, >>>>>>> Danny Ching >>>>>>> >>>>>>> >>>>>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> If you don't trust programmers, you are in the wrong profession. >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>>>>> wrote: >>>>>>>>> I don't trust programmers who hide their code. Although not all >>>>>>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>>>>>> is one honest reviewer. >>>>>>>>> >>>>>>>>> However in a close source system all it takes to corrupt the system >>>>>>>>> is >>>>>>>>> one corrupt programmer. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Danny Ching >>>>>>>>> >>>>>>>>> >>>>>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> You don't trust programmers? >>>>>>>>>> >>>>>>>>>> This precisely what's wrong with source code review. >>>>>>>>>> >>>>>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>>>>> cannot >>>>>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>>>>> will >>>>>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>>>>> course >>>>>>>>>>> outside of computers that is a different problem altogether. I just >>>>>>>>>>> don't want people blaming computerization for failure of elections. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Danny Ching >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <[email protected] >>>>>>>>>>> > >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>>>>> system. >>>>>>>>>>>> >>>>>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>>>>> to >>>>>>>>>>>> arrest >>>>>>>>>>>> human corruption. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>>>>> are >>>>>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>>>>> simple >>>>>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>>>>> out of >>>>>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>>>>> then >>>>>>>>>>>>> checking the cource code should be easy. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> Danny Ching >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras >>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>>>>> accept >>>>>>>>>>>>>> a System. >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail >>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>> develop. >>>>>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>>>>> if >>>>>>>>>>>>>>> there >>>>>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>>>>> seen by >>>>>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>>>>>> to >>>>>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>>>>> scheme... >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> fooler. >>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>> >>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>> >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Paolo >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> >>> >>> >>> -- >>> Paolo >>> Sent from Makati, Man, Philippines >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
