Hello again, Tama ka talaga diyan. Software audits are not typically used for user acceptance (UAT). I totally agree. Typically, enterprise software can generally (should) live within certain tolerances and assumptions. Say ... take the case of a financial system, all possible inputs and outputs must be proven to work on the system. So this type of blackbox testing is sufficient. Is Smartmatic willing to show this? Or isn't it easier to just show the code? I guess its just what proves beyond doubt that the system does what it is supposed to do. Personally (not speaking for the community), if the vendor can demonstrate with a verifiable and replicable test that generates (of course, with proof) all possible inputs (not limited to data but also configurations) produce valid outputs all the time then I am ok.
Of course, the law is a different matter. In this case, I don't think there is a choice? Or is there one? Thanks. "Sent via BlackBerry from Smart" -----Original Message----- From: Oscar Plameras <[email protected]> Date: Tue, 13 Oct 2009 00:58:32 To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical Discussion List<[email protected]> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 SourceCodeReview) The thing is source code review has never been a method for user acceptance testing. Mainly because testers are not suppose to know what the programs do and that testers need not be programmers. Testers are Professional Systems Analysts who are conversant with the requirements of the Systems but not programmers. I agree with you, that it is strange that the law itself stipulated source code review. This tells me that there was no competent advise on how the words of the law was to be worded. On Tue, Oct 13, 2009 at 12:50 AM, <[email protected]> wrote: > Hello again, > > Yes, blackbox testing is definitely something that can be done. But, how can > one prove that all possible outcomes have been used? Create a open source > program that generates inputs with pre-computed outputs and compare them with > the PCOS outputs? Pwede din. Then of course prove mathematically that all > inputs are indeed generated by the open source test program. > > But, isn't a source review easier? > > Also I do find it strange that a source review is in the law. Bidders entered > their bids with this in mind. So what's up with all the fuss? This just > causes doubt in people's minds and doubt is bad especially for something as > sensitive as an election. > > Thanks. > "Sent via BlackBerry from Smart" > > -----Original Message----- > From: Oscar Plameras <[email protected]> > Date: Tue, 13 Oct 2009 00:35:38 > To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical > Discussion List<[email protected]> > Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 > SourceCodeReview) > > We do it the way it has been done. > > Testing the System by Outcomes. > > Come up with a set of inputs, and a set of outputs. > > If all the outputs (maybe hundreds or thousands) agree with all the > inputs, then that's acceptable. > > > On Tue, Oct 13, 2009 at 12:31 AM, <[email protected]> wrote: >> How do you suggest we ensure that the code that is running does not have the >> badguyvote++ sub-routine? Checking binaries using pre-defined test cases >> will probably miss something. >> >> "Sent via BlackBerry from Smart" >> >> -----Original Message----- >> From: Oscar Plameras <[email protected]> >> Date: Tue, 13 Oct 2009 00:09:48 >> To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical >> Discussion List<[email protected]> >> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 SourceCode >> Review) >> >> It's efficiency. Code source review will not get you to where you want. >> >> It will not reach the objective of knowing whether the System is right >> in doing what it's suppose to deliver. >> >> On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >>> This is getting out of hand and really entertaining. >>> >>> But seriously, what is wrong with a source code audit and a binary >>> integrity validation mechanism? Just to check if there is not code that >>> says: "if candidate='good guy' then badguyvote++"? >>> >>> "Sent via BlackBerry from Smart" >>> >>> -----Original Message----- >>> From: Oscar Plameras <[email protected]> >>> Date: Mon, 12 Oct 2009 23:58:59 >>> To: Philippine Linux Users' Group (PLUG) Technical Discussion >>> List<[email protected]> >>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source >>> Code Review) >>> >>> [email protected] is not even in google search. >>> >>> Just another one of those pretenders. >>> >>> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >>> <[email protected]> wrote: >>>> Maybe, just maybe your just one of those pretenders. >>>> >>>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >>>> <[email protected]> wrote: >>>>> I don't understand. Why would you ask the question? >>>>> >>>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa <[email protected]> wrote: >>>>>> OK, who are you, and what did you do with the Oscar Plameras who >>>>>> posted this: http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >>>>>> and this: >>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >>>>>> ? Oh, and ironically, >>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >>>>>> >>>>>> <except> >>>>>> Source code for 2008 software (zipped file in .zip format - 759 kb)The >>>>>> eVACS® source code downloadable here is an extract of the voting, data >>>>>> entry, and counting modules as used by Elections ACT and is provided >>>>>> for study purposes only. Not included are: (a) artefacts produced >>>>>> during the eVACS® development process, such as detailed design >>>>>> specifications; (b) the base Linux operating system and configuration >>>>>> files; (c) the scripts that are used to initialise the vote databases >>>>>> and invoke the eVACS® modules. The design information for the eVACS® >>>>>> system is the property of Software Improvements Pty Ltd. Their website >>>>>> is at www.softimp.com.au/. Bona fide researchers interested in >>>>>> acquiring more of the source code may apply to Software Improvements >>>>>> using the form at: www.softimp.com.au/evacs/contactus.html >>>>>> </excerpt> >>>>>> >>>>>> Ironic because you're in Australia. And you're even too lazy to trim >>>>>> the quotes. And if you have to ask what that's all about, I'll ask >>>>>> again: who are you and what did you do to the Oscan Plameras who >>>>>> posted those two messages in the URLs above? >>>>>> -- >>>>>> Daniel O. Escasa >>>>>> independent IT consultant and writer >>>>>> contributor, Free Software Magazine (http://www.freesoftwaremagazine.com) >>>>>> personal blog at http://descasa.i.ph >>>>>> Twitter page at http://www.twitter.com/silverlokk >>>>>> If we choose being kind over being right, we will be right every time. >>>>>>_________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> >>>> >>>_________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>>_________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>_________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >>_________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >_________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
