Being a software engineer and a code reviewer myself, code review is indeed inefficient if all you need to know is if the system is right and will pass the compliance tests. I do not disagree with you here. All you need is blackbox testing: write a series of tests and have them run in an automated fashion.
The thing is, there is a requirement by law, and that cannot be changed by mere implementing rules and regulations set by a constitutional body, as implementing against the provisions of the law is termed "illegal". That act by the COMELEC started this whole mess, as COMELEC will not yield to the law. As much as we hate it, suing them was the only option we had. We're not here to debate on the efficiency of source code review. I understand that given you're a developer as well, it is a very tiring process that even a lot of eyes rolling over the source code may miss important details, and even miss the bugs, especially if your code base is big, and even worse some bugs just come out when the system is subjected to extreme loads or corner cases that the tester forgot to include in the test plan. That being said, we have precedence in the open source model that eventually, in time, bugs surface given scrutiny, be it by white hats or black hats. And the first things that get surfaced are the obvious bugs. By precedence we've seen full disclosure of the code yielding better results than a closed model - and even exposed old backdoors when closed source products were opened to the community for inspection and later improvement. The people who are contributing their effort here for the source code review are not your average programmers - these people have their doctorates in computer science, the certifications in information security, the years of experience, software engineering expertise, and a methodical approach to attack that problem. They're not there to stroke their egos and do an svn blame, or steal code and make their own implementation come next election year. I trust Smartmatic did their due diligence in making the code secure, and there are good people there. Then again, trust but verify. And we can't do that verification with mere tests when we know that a source code review will show more, especially the parts that may not meet compliance. On Mon, Oct 12, 2009 at 9:09 PM, Oscar Plameras <[email protected]> wrote: > It's efficiency. Code source review will not get you to where you want. > > It will not reach the objective of knowing whether the System is right > in doing what it's suppose to deliver. > > On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >> This is getting out of hand and really entertaining. >> >> But seriously, what is wrong with a source code audit and a binary integrity >> validation mechanism? Just to check if there is not code that says: "if >> candidate='good guy' then badguyvote++"? >> >> "Sent via BlackBerry from Smart" >> >> -----Original Message----- >> From: Oscar Plameras <[email protected]> >> Date: Mon, 12 Oct 2009 23:58:59 >> To: Philippine Linux Users' Group (PLUG) Technical Discussion >> List<[email protected]> >> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source >> Code Review) >> >> [email protected] is not even in google search. >> >> Just another one of those pretenders. >> >> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >> <[email protected]> wrote: >>> Maybe, just maybe your just one of those pretenders. >>> >>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >>> <[email protected]> wrote: >>>> I don't understand. Why would you ask the question? >>>> >>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa <[email protected]> wrote: >>>>> OK, who are you, and what did you do with the Oscar Plameras who >>>>> posted this: http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >>>>> and this: >>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >>>>> ? Oh, and ironically, >>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >>>>> >>>>> <except> >>>>> Source code for 2008 software (zipped file in .zip format - 759 kb)The >>>>> eVACS® source code downloadable here is an extract of the voting, data >>>>> entry, and counting modules as used by Elections ACT and is provided >>>>> for study purposes only. Not included are: (a) artefacts produced >>>>> during the eVACS® development process, such as detailed design >>>>> specifications; (b) the base Linux operating system and configuration >>>>> files; (c) the scripts that are used to initialise the vote databases >>>>> and invoke the eVACS® modules. The design information for the eVACS® >>>>> system is the property of Software Improvements Pty Ltd. Their website >>>>> is at www.softimp.com.au/. Bona fide researchers interested in >>>>> acquiring more of the source code may apply to Software Improvements >>>>> using the form at: www.softimp.com.au/evacs/contactus.html >>>>> </excerpt> >>>>> >>>>> Ironic because you're in Australia. And you're even too lazy to trim >>>>> the quotes. And if you have to ask what that's all about, I'll ask >>>>> again: who are you and what did you do to the Oscan Plameras who >>>>> posted those two messages in the URLs above? >>>>> -- >>>>> Daniel O. Escasa >>>>> independent IT consultant and writer >>>>> contributor, Free Software Magazine (http://www.freesoftwaremagazine.com) >>>>> personal blog at http://descasa.i.ph >>>>> Twitter page at http://www.twitter.com/silverlokk >>>>> If we choose being kind over being right, we will be right every time. >>>>>_________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> >>> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Paolo Sent from Makati, Man, Philippines _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
