On Mon, Oct 12, 2009 at 9:43 PM, Oscar Plameras <[email protected]> wrote: > This issue is very simple. > > What if we KNOW that this Election System Software delivers what it is > intended to do, > regardless of what is in the RA?
There are two ways to test this: a) write more tests and more test cases. b) read the source code. Many companies use a combination of both internally. For interfacing with external parties, it's more of letter A. This is the time-honored means, as the external party should only know the exposed APIs, given that the internals may change. And for most cases, A should be the norm for acceptance tests. For absolute certainty though, due rigor needs to be exercised, and access to source is a must to ensure that there are no backdoors. A trusted system never relies on the secrecy of its components, but rather on the strength of the algorithms and the architecture. The only way to be absolutely sure is to have the expression of the algorithm and architecture (hence access to the source code) inspected and tested. This is the only way to know for sure - and not just a means of acceptability. > Would you accept that the source code review is not unnecessary? At this stage, it is indeed not unnecessary (therefore necessary). There are reasons why the framers of RA-9369 intended a source code review - probably one of them is that they don't trust government to do the right thing without scrutiny. It is indeed weird for a proprietary product such as the PCOS, but then again, that's the law. That law has been in effect since the bidding, bidders exercising due diligence would know that beforehand, and bidders in their right mind would quit outright if they find the law onerous. If certain people would want to have the law amended, they can do so in the next congress. But not today. COMELEC must comply, or we risk failure of computerized elections given the provisions of section 12. > On Tue, Oct 13, 2009 at 12:33 AM, Paolo Falcone <[email protected]> wrote: >> Being a software engineer and a code reviewer myself, code review is >> indeed inefficient if all you need to know is if the system is right >> and will pass the compliance tests. I do not disagree with you here. >> All you need is blackbox testing: write a series of tests and have >> them run in an automated fashion. >> >> The thing is, there is a requirement by law, and that cannot be >> changed by mere implementing rules and regulations set by a >> constitutional body, as implementing against the provisions of the law >> is termed "illegal". That act by the COMELEC started this whole mess, >> as COMELEC will not yield to the law. As much as we hate it, suing >> them was the only option we had. >> >> We're not here to debate on the efficiency of source code review. I >> understand that given you're a developer as well, it is a very tiring >> process that even a lot of eyes rolling over the source code may miss >> important details, and even miss the bugs, especially if your code >> base is big, and even worse some bugs just come out when the system is >> subjected to extreme loads or corner cases that the tester forgot to >> include in the test plan. >> >> That being said, we have precedence in the open source model that >> eventually, in time, bugs surface given scrutiny, be it by white hats >> or black hats. And the first things that get surfaced are the obvious >> bugs. By precedence we've seen full disclosure of the code yielding >> better results than a closed model - and even exposed old backdoors >> when closed source products were opened to the community for >> inspection and later improvement. >> >> The people who are contributing their effort here for the source code >> review are not your average programmers - these people have their >> doctorates in computer science, the certifications in information >> security, the years of experience, software engineering expertise, and >> a methodical approach to attack that problem. They're not there to >> stroke their egos and do an svn blame, or steal code and make their >> own implementation come next election year. >> >> I trust Smartmatic did their due diligence in making the code secure, >> and there are good people there. Then again, trust but verify. And we >> can't do that verification with mere tests when we know that a source >> code review will show more, especially the parts that may not meet >> compliance. >> >> >> On Mon, Oct 12, 2009 at 9:09 PM, Oscar Plameras <[email protected]> >> wrote: >>> It's efficiency. Code source review will not get you to where you want. >>> >>> It will not reach the objective of knowing whether the System is right >>> in doing what it's suppose to deliver. >>> >>> On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >>>> This is getting out of hand and really entertaining. >>>> >>>> But seriously, what is wrong with a source code audit and a binary >>>> integrity validation mechanism? Just to check if there is not code that >>>> says: "if candidate='good guy' then badguyvote++"? >>>> >>>> "Sent via BlackBerry from Smart" >>>> >>>> -----Original Message----- >>>> From: Oscar Plameras <[email protected]> >>>> Date: Mon, 12 Oct 2009 23:58:59 >>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion >>>> List<[email protected]> >>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source >>>> Code Review) >>>> >>>> [email protected] is not even in google search. >>>> >>>> Just another one of those pretenders. >>>> >>>> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >>>> <[email protected]> wrote: >>>>> Maybe, just maybe your just one of those pretenders. >>>>> >>>>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >>>>> <[email protected]> wrote: >>>>>> I don't understand. Why would you ask the question? >>>>>> >>>>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa <[email protected]> >>>>>> wrote: >>>>>>> OK, who are you, and what did you do with the Oscar Plameras who >>>>>>> posted this: >>>>>>> http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >>>>>>> and this: >>>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >>>>>>> ? Oh, and ironically, >>>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >>>>>>> >>>>>>> <except> >>>>>>> Source code for 2008 software (zipped file in .zip format - 759 kb)The >>>>>>> eVACS® source code downloadable here is an extract of the voting, data >>>>>>> entry, and counting modules as used by Elections ACT and is provided >>>>>>> for study purposes only. Not included are: (a) artefacts produced >>>>>>> during the eVACS® development process, such as detailed design >>>>>>> specifications; (b) the base Linux operating system and configuration >>>>>>> files; (c) the scripts that are used to initialise the vote databases >>>>>>> and invoke the eVACS® modules. The design information for the eVACS® >>>>>>> system is the property of Software Improvements Pty Ltd. Their website >>>>>>> is at www.softimp.com.au/. Bona fide researchers interested in >>>>>>> acquiring more of the source code may apply to Software Improvements >>>>>>> using the form at: www.softimp.com.au/evacs/contactus.html >>>>>>> </excerpt> >>>>>>> >>>>>>> Ironic because you're in Australia. And you're even too lazy to trim >>>>>>> the quotes. And if you have to ask what that's all about, I'll ask >>>>>>> again: who are you and what did you do to the Oscan Plameras who >>>>>>> posted those two messages in the URLs above? >>>>>>> -- >>>>>>> Daniel O. Escasa >>>>>>> independent IT consultant and writer >>>>>>> contributor, Free Software Magazine >>>>>>> (http://www.freesoftwaremagazine.com) >>>>>>> personal blog at http://descasa.i.ph >>>>>>> Twitter page at http://www.twitter.com/silverlokk >>>>>>> If we choose being kind over being right, we will be right every time. >>>>>>>_________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> >> >> >> -- >> Paolo >> Sent from Makati, Man, Philippines >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Paolo Sent from Makati, Man, Philippines _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
