What do you mean by law? The problem is we are too pedantic.
If only we are a little bit practical, pragmatic, and sensible. Then, change will come. On Mon, Oct 12, 2009 at 10:21 PM, Oscar Plameras <[email protected]> wrote: > You're right. > > You get what you deserve, as they say. > > > On Mon, Oct 12, 2009 at 10:19 PM, Paolo Falcone <[email protected]> wrote: >> So we're just gonna trade quips and one liners eh? Any two monkeys can >> play that game. >> >> Then again, you still haven't proven that a blackbox test WILL work >> and SATISFY the requirement (BY LAW!) for the source code review. Or >> are you claiming invincible ignorance here? This ain't the forum for >> that! >> >> On Mon, Oct 12, 2009 at 7:16 PM, Oscar Plameras <[email protected]> >> wrote: >>> That's why we are in a mess. >>> >>> There's a saying when you are in a hole, you stop digging. >>> >>> On Mon, Oct 12, 2009 at 10:14 PM, Oscar Plameras >>> <[email protected]> wrote: >>>> It's really up to you. >>>> >>>> >>>> On Mon, Oct 12, 2009 at 10:11 PM, Paolo Falcone <[email protected]> >>>> wrote: >>>>> Duh? >>>>> >>>>> You are conveniently forgetting that the PCOS is not just "Count and >>>>> Tabulate". It also has features to ensure that the system is NOT >>>>> tampered, whether during count or transmission, and that requires >>>>> crypto. >>>>> >>>>> Horses for courses my ass. >>>>> >>>>> If it were just simple to simply trust governments and people, there >>>>> wouldn't be a need for a military, or for crypto at all. But you're in >>>>> the real world, and not all can be trusted. >>>>> >>>>> Paolo >>>>> >>>>> On Mon, Oct 12, 2009 at 7:07 PM, Oscar Plameras <[email protected]> >>>>> wrote: >>>>>> Horses for courses. Military security is not comparable to a system that >>>>>> is >>>>>> "Count and Tabulate. >>>>>> >>>>>> On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> >>>>>> wrote: >>>>>>> The system is indeed not designed to detect corruption, and neither >>>>>>> does a source code review indicate that with all degrees of certainty >>>>>>> the presence of a backdoor indicates corruption. >>>>>>> >>>>>>> Then again, only a source code review satisfies the requirement that >>>>>>> there will be no backdoors in the inspected application, be it put by >>>>>>> a corrupt programmer or a programmer in a hurry to get out of the >>>>>>> office. A blackbox testing with the specifications can only get you so >>>>>>> far - that the system is compliant as per specification. Whether it >>>>>>> exceeds or subverts the specification outside the test conditions is >>>>>>> something that you can only get with a code review. >>>>>>> >>>>>>> Has anyone even wondered why the military is so anal about source code >>>>>>> and algorithm review when designing military ciphers? Once the >>>>>>> underlying mantra (Kerckhoff's principle) is thoroughly understood >>>>>>> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >>>>>>> JOB. >>>>>>> >>>>>>> It amazes me that there are still some segments in society that won't >>>>>>> extend the same level of scrutiny to the system that determines who >>>>>>> will run their government. And would rather outsource the scrutinizing >>>>>>> eyes to some non-stakeholder corporation. >>>>>>> >>>>>>> When it comes to reviewing software, you can automate all the tests, >>>>>>> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras >>>>>>> <[email protected]> wrote: >>>>>>>> You should know that the system is not meant to detect corruption. >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> >>>>>>>> wrote: >>>>>>>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>>>>>>> you. Hehehe >>>>>>>>> >>>>>>>>> I think we should at least be realistic enough to note that some >>>>>>>>> corrupt officials are completely willing to corrupting anyone >>>>>>>>> including programmers. >>>>>>>>> >>>>>>>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>>>>>>> to technical stuff and let us not question each other's technical >>>>>>>>> capabilities. Peace. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Danny Ching >>>>>>>>> >>>>>>>>> >>>>>>>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> If you don't trust programmers, you are in the wrong profession. >>>>>>>>>> >>>>>>>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>>> I don't trust programmers who hide their code. Although not all >>>>>>>>>>> reviewers are honest, all it takes to expose anomalies in open >>>>>>>>>>> source >>>>>>>>>>> is one honest reviewer. >>>>>>>>>>> >>>>>>>>>>> However in a close source system all it takes to corrupt the system >>>>>>>>>>> is >>>>>>>>>>> one corrupt programmer. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Danny Ching >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras >>>>>>>>>>> <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> You don't trust programmers? >>>>>>>>>>>> >>>>>>>>>>>> This precisely what's wrong with source code review. >>>>>>>>>>>> >>>>>>>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>>>>>>> cannot >>>>>>>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>>>>>>> will >>>>>>>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>>>>>>> course >>>>>>>>>>>>> outside of computers that is a different problem altogether. I >>>>>>>>>>>>> just >>>>>>>>>>>>> don't want people blaming computerization for failure of >>>>>>>>>>>>> elections. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> Danny Ching >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras >>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>> > >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>>>>>>> system. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>>>>>>> to >>>>>>>>>>>>>> arrest >>>>>>>>>>>>>> human corruption. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <[email protected]> >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>>>>>>> are >>>>>>>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>>>>>>> simple >>>>>>>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>>>>>>> out of >>>>>>>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>>>>>>> then >>>>>>>>>>>>>>> checking the cource code should be easy. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>> Danny Ching >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras >>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>>> a System. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail >>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>> develop. >>>>>>>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>>>>>>> if >>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>>>>>>> seen by >>>>>>>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> special keyboard hotkey, special packets, special ER and >>>>>>>>>>>>>>>>> others >>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>>>>>>> scheme... >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> fooler. >>>>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>> >>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>> >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Paolo >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Paolo >>>>> Sent from Makati, Man, Philippines >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> >> >> >> -- >> Paolo >> Sent from Makati, Man, Philippines >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
