You're right. You get what you deserve, as they say.
On Mon, Oct 12, 2009 at 10:19 PM, Paolo Falcone <[email protected]> wrote: > So we're just gonna trade quips and one liners eh? Any two monkeys can > play that game. > > Then again, you still haven't proven that a blackbox test WILL work > and SATISFY the requirement (BY LAW!) for the source code review. Or > are you claiming invincible ignorance here? This ain't the forum for > that! > > On Mon, Oct 12, 2009 at 7:16 PM, Oscar Plameras <[email protected]> > wrote: >> That's why we are in a mess. >> >> There's a saying when you are in a hole, you stop digging. >> >> On Mon, Oct 12, 2009 at 10:14 PM, Oscar Plameras >> <[email protected]> wrote: >>> It's really up to you. >>> >>> >>> On Mon, Oct 12, 2009 at 10:11 PM, Paolo Falcone <[email protected]> >>> wrote: >>>> Duh? >>>> >>>> You are conveniently forgetting that the PCOS is not just "Count and >>>> Tabulate". It also has features to ensure that the system is NOT >>>> tampered, whether during count or transmission, and that requires >>>> crypto. >>>> >>>> Horses for courses my ass. >>>> >>>> If it were just simple to simply trust governments and people, there >>>> wouldn't be a need for a military, or for crypto at all. But you're in >>>> the real world, and not all can be trusted. >>>> >>>> Paolo >>>> >>>> On Mon, Oct 12, 2009 at 7:07 PM, Oscar Plameras <[email protected]> >>>> wrote: >>>>> Horses for courses. Military security is not comparable to a system that >>>>> is >>>>> "Count and Tabulate. >>>>> >>>>> On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> >>>>> wrote: >>>>>> The system is indeed not designed to detect corruption, and neither >>>>>> does a source code review indicate that with all degrees of certainty >>>>>> the presence of a backdoor indicates corruption. >>>>>> >>>>>> Then again, only a source code review satisfies the requirement that >>>>>> there will be no backdoors in the inspected application, be it put by >>>>>> a corrupt programmer or a programmer in a hurry to get out of the >>>>>> office. A blackbox testing with the specifications can only get you so >>>>>> far - that the system is compliant as per specification. Whether it >>>>>> exceeds or subverts the specification outside the test conditions is >>>>>> something that you can only get with a code review. >>>>>> >>>>>> Has anyone even wondered why the military is so anal about source code >>>>>> and algorithm review when designing military ciphers? Once the >>>>>> underlying mantra (Kerckhoff's principle) is thoroughly understood >>>>>> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >>>>>> JOB. >>>>>> >>>>>> It amazes me that there are still some segments in society that won't >>>>>> extend the same level of scrutiny to the system that determines who >>>>>> will run their government. And would rather outsource the scrutinizing >>>>>> eyes to some non-stakeholder corporation. >>>>>> >>>>>> When it comes to reviewing software, you can automate all the tests, >>>>>> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >>>>>> >>>>>> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras >>>>>> <[email protected]> wrote: >>>>>>> You should know that the system is not meant to detect corruption. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> wrote: >>>>>>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>>>>>> you. Hehehe >>>>>>>> >>>>>>>> I think we should at least be realistic enough to note that some >>>>>>>> corrupt officials are completely willing to corrupting anyone >>>>>>>> including programmers. >>>>>>>> >>>>>>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>>>>>> to technical stuff and let us not question each other's technical >>>>>>>> capabilities. Peace. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Danny Ching >>>>>>>> >>>>>>>> >>>>>>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> If you don't trust programmers, you are in the wrong profession. >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>>>>>> wrote: >>>>>>>>>> I don't trust programmers who hide their code. Although not all >>>>>>>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>>>>>>> is one honest reviewer. >>>>>>>>>> >>>>>>>>>> However in a close source system all it takes to corrupt the system >>>>>>>>>> is >>>>>>>>>> one corrupt programmer. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Danny Ching >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> You don't trust programmers? >>>>>>>>>>> >>>>>>>>>>> This precisely what's wrong with source code review. >>>>>>>>>>> >>>>>>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>>>>>> cannot >>>>>>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>>>>>> will >>>>>>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>>>>>> course >>>>>>>>>>>> outside of computers that is a different problem altogether. I just >>>>>>>>>>>> don't want people blaming computerization for failure of elections. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> Danny Ching >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras >>>>>>>>>>>> <[email protected] >>>>>>>>>>>> > >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>>>>>> system. >>>>>>>>>>>>> >>>>>>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>>>>>> to >>>>>>>>>>>>> arrest >>>>>>>>>>>>> human corruption. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>>>>>> are >>>>>>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>>>>>> simple >>>>>>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>>>>>> out of >>>>>>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>>>>>> then >>>>>>>>>>>>>> checking the cource code should be easy. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> Danny Ching >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras >>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>> a System. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail >>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>> develop. >>>>>>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>>>>>> if >>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>>>>>> seen by >>>>>>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>>>>>> scheme... >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> fooler. >>>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>> >>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Paolo >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> >>>> >>>> >>>> -- >>>> Paolo >>>> Sent from Makati, Man, Philippines >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > > -- > Paolo > Sent from Makati, Man, Philippines > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
