We are probably part of the problem? I wonder.
On Mon, Oct 12, 2009 at 10:25 PM, Oscar Plameras <[email protected]> wrote: > What do you mean by law? > > The problem is we are too pedantic. > > If only we are a little bit practical, pragmatic, and sensible. > > Then, change will come. > > On Mon, Oct 12, 2009 at 10:21 PM, Oscar Plameras > <[email protected]> wrote: >> You're right. >> >> You get what you deserve, as they say. >> >> >> On Mon, Oct 12, 2009 at 10:19 PM, Paolo Falcone <[email protected]> wrote: >>> So we're just gonna trade quips and one liners eh? Any two monkeys can >>> play that game. >>> >>> Then again, you still haven't proven that a blackbox test WILL work >>> and SATISFY the requirement (BY LAW!) for the source code review. Or >>> are you claiming invincible ignorance here? This ain't the forum for >>> that! >>> >>> On Mon, Oct 12, 2009 at 7:16 PM, Oscar Plameras <[email protected]> >>> wrote: >>>> That's why we are in a mess. >>>> >>>> There's a saying when you are in a hole, you stop digging. >>>> >>>> On Mon, Oct 12, 2009 at 10:14 PM, Oscar Plameras >>>> <[email protected]> wrote: >>>>> It's really up to you. >>>>> >>>>> >>>>> On Mon, Oct 12, 2009 at 10:11 PM, Paolo Falcone <[email protected]> >>>>> wrote: >>>>>> Duh? >>>>>> >>>>>> You are conveniently forgetting that the PCOS is not just "Count and >>>>>> Tabulate". It also has features to ensure that the system is NOT >>>>>> tampered, whether during count or transmission, and that requires >>>>>> crypto. >>>>>> >>>>>> Horses for courses my ass. >>>>>> >>>>>> If it were just simple to simply trust governments and people, there >>>>>> wouldn't be a need for a military, or for crypto at all. But you're in >>>>>> the real world, and not all can be trusted. >>>>>> >>>>>> Paolo >>>>>> >>>>>> On Mon, Oct 12, 2009 at 7:07 PM, Oscar Plameras >>>>>> <[email protected]> wrote: >>>>>>> Horses for courses. Military security is not comparable to a system >>>>>>> that is >>>>>>> "Count and Tabulate. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <[email protected]> >>>>>>> wrote: >>>>>>>> The system is indeed not designed to detect corruption, and neither >>>>>>>> does a source code review indicate that with all degrees of certainty >>>>>>>> the presence of a backdoor indicates corruption. >>>>>>>> >>>>>>>> Then again, only a source code review satisfies the requirement that >>>>>>>> there will be no backdoors in the inspected application, be it put by >>>>>>>> a corrupt programmer or a programmer in a hurry to get out of the >>>>>>>> office. A blackbox testing with the specifications can only get you so >>>>>>>> far - that the system is compliant as per specification. Whether it >>>>>>>> exceeds or subverts the specification outside the test conditions is >>>>>>>> something that you can only get with a code review. >>>>>>>> >>>>>>>> Has anyone even wondered why the military is so anal about source code >>>>>>>> and algorithm review when designing military ciphers? Once the >>>>>>>> underlying mantra (Kerckhoff's principle) is thoroughly understood >>>>>>>> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >>>>>>>> JOB. >>>>>>>> >>>>>>>> It amazes me that there are still some segments in society that won't >>>>>>>> extend the same level of scrutiny to the system that determines who >>>>>>>> will run their government. And would rather outsource the scrutinizing >>>>>>>> eyes to some non-stakeholder corporation. >>>>>>>> >>>>>>>> When it comes to reviewing software, you can automate all the tests, >>>>>>>> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras >>>>>>>> <[email protected]> wrote: >>>>>>>>> You should know that the system is not meant to detect corruption. >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <[email protected]> >>>>>>>>> wrote: >>>>>>>>>> Perhaps I should qualify that. Lest the prorammers in the list >>>>>>>>>> believe >>>>>>>>>> you. Hehehe >>>>>>>>>> >>>>>>>>>> I think we should at least be realistic enough to note that some >>>>>>>>>> corrupt officials are completely willing to corrupting anyone >>>>>>>>>> including programmers. >>>>>>>>>> >>>>>>>>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the >>>>>>>>>> discussion >>>>>>>>>> to technical stuff and let us not question each other's technical >>>>>>>>>> capabilities. Peace. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Danny Ching >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> If you don't trust programmers, you are in the wrong profession. >>>>>>>>>>> >>>>>>>>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>>> I don't trust programmers who hide their code. Although not all >>>>>>>>>>>> reviewers are honest, all it takes to expose anomalies in open >>>>>>>>>>>> source >>>>>>>>>>>> is one honest reviewer. >>>>>>>>>>>> >>>>>>>>>>>> However in a close source system all it takes to corrupt the system >>>>>>>>>>>> is >>>>>>>>>>>> one corrupt programmer. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> Danny Ching >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras >>>>>>>>>>>> <[email protected]> >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> You don't trust programmers? >>>>>>>>>>>>> >>>>>>>>>>>>> This precisely what's wrong with source code review. >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>>>>>>>> cannot >>>>>>>>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>>>>>>>> will >>>>>>>>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>>>>>>>> course >>>>>>>>>>>>>> outside of computers that is a different problem altogether. I >>>>>>>>>>>>>> just >>>>>>>>>>>>>> don't want people blaming computerization for failure of >>>>>>>>>>>>>> elections. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> Danny Ching >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras >>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>> > >>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>>>>>>>> system. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>>>>>>>> to >>>>>>>>>>>>>>> arrest >>>>>>>>>>>>>>> human corruption. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching >>>>>>>>>>>>>>> <[email protected]> >>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> I think I see where you are coming from. It is not the system >>>>>>>>>>>>>>>> we >>>>>>>>>>>>>>>> are >>>>>>>>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>>>>>>>> simple >>>>>>>>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>>>>>>>> out of >>>>>>>>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you >>>>>>>>>>>>>>>> said, >>>>>>>>>>>>>>>> then >>>>>>>>>>>>>>>> checking the cource code should be easy. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>> Danny Ching >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras >>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>>>>>>>> accept >>>>>>>>>>>>>>>>> a System. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail >>>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>>>>>>>> <[email protected] >>>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>>> develop. >>>>>>>>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>>>>>>>> if >>>>>>>>>>>>>>>>>> there >>>>>>>>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>>>>>>>> seen by >>>>>>>>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> special keyboard hotkey, special packets, special ER and >>>>>>>>>>>>>>>>>> others >>>>>>>>>>>>>>>>>> to >>>>>>>>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>>>>>>>> scheme... >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> fooler. >>>>>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>>>> >>>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Paolo >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Paolo >>>>>> Sent from Makati, Man, Philippines >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> >>> >>> >>> -- >>> Paolo >>> Sent from Makati, Man, Philippines >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
