Oscar Plameras wrote: > For all that were said and done, the objectives of the test for me are, > > 1. To assure that the valid votes cast are counted as valid and not as > invalid. > 2. To assure that the invalid votes cast are counted as invalid and > not as valid. > 3. To assure that the number of votes for every candidate is correct. > > What are the objectives of source code review? > > > To ensure that the system provides/sufficiently/intelligently...
(a) Adequate security against unauthorized access: (b) Accuracy in recording and reading of votes as well as in the tabulation, consolidation/canvassing, electronic transmission, and storage of results; (c) Error recovery in case of non-catastrophic failure of device; (d) System integrity which ensures physical stability and functioning of the vote recording and counting process; (e) Provision for voter verified paper audit trail; (f) System auditability which provides supporting documentation for verifying the correctness of reported election results; (g) An election management system for preparing ballots and programs for use in the casting and counting of votes and to consolidate, report and display election result in the shortest time possible; (h) Accessibility to illiterates and disable voters; (i) Vote tabulating program for election, referendum or plebiscite; (j) Accurate ballot counters; (k) Data retention provision; (l) Provide for the safekeeping, storing and archiving of physical or paper resource used in the election process; (m) Utilize or generate official ballots as herein defined; (n) Provide the voter a system of verification to find out whether or not the machine has registered his choice; and (o) Configure access control for sensitive system data and function > On Tue, Oct 13, 2009 at 1:45 AM, Paolo Falcone <[email protected]> wrote: > >> Gone are the days wherein a simple handshake means that a deal is a >> deal. It is indeed sad. >> >> At present, I don't know of an acceptable means to comply with the law >> without doing the source code review, as it just sticks there. Maybe >> if there's just a way for the source code review to be done via >> trusted parties (with proven competence and independence) that can >> certify (rather than directly through any party), or an arrangement >> can be sought rather than letting this court case drag. There should >> be a way, even to the point of having NDA's and concrete and >> acceptable parameters for the review and the assent of the reviewer - >> a discussion with all interested parties should be sought rather than >> the stonewalling that COMELEC is giving everyone else. >> >> The test suite is a must. Unfortunately its presence alone cannot meet >> the law's requirements. >> >> For now nobody wants to stop the elections just because of a sore >> provision. But the automated elections must be done fairly and >> legally. >> >> On Mon, Oct 12, 2009 at 10:25 PM, Oscar Plameras >> <[email protected]> wrote: >> >>> Doubt is a big thing. >>> >>> The opposite of doubt is trust, of course. That's what is lacking in Pinas >>> TRUST. I'm sad to say but it's now part of our culture. >>> >>> There's no sense of TRUST. Everyone is untrusted. Nobody trust anyone. >>> Cynicism is the word. And unfortunately we mix cynicism with everything we >>> do, >>> including when we develop software because it's in our culture, our >>> unconscious >>> self. We try to incorporate checks that's akin to preventing someone trying >>> to >>> cheat the system. And our system becomes too complicated and we lost the >>> main objective of the system and what it is trying to accomplish. I've >>> seen this all. >>> >>> On Tue, Oct 13, 2009 at 12:50 AM, <[email protected]> wrote: >>> >>>> Hello again, >>>> >>>> Yes, blackbox testing is definitely something that can be done. But, how >>>> can one prove that all possible outcomes have been used? Create a open >>>> source program that generates inputs with pre-computed outputs and compare >>>> them with the PCOS outputs? Pwede din. Then of course prove mathematically >>>> that all inputs are indeed generated by the open source test program. >>>> >>>> But, isn't a source review easier? >>>> >>>> Also I do find it strange that a source review is in the law. Bidders >>>> entered their bids with this in mind. So what's up with all the fuss? This >>>> just causes doubt in people's minds and doubt is bad especially for >>>> something as sensitive as an election. >>>> >>>> Thanks. >>>> "Sent via BlackBerry from Smart" >>>> >>>> -----Original Message----- >>>> From: Oscar Plameras <[email protected]> >>>> Date: Tue, 13 Oct 2009 00:35:38 >>>> To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical >>>> Discussion List<[email protected]> >>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>> SourceCodeReview) >>>> >>>> We do it the way it has been done. >>>> >>>> Testing the System by Outcomes. >>>> >>>> Come up with a set of inputs, and a set of outputs. >>>> >>>> If all the outputs (maybe hundreds or thousands) agree with all the >>>> inputs, then that's acceptable. >>>> >>>> >>>> On Tue, Oct 13, 2009 at 12:31 AM, <[email protected]> wrote: >>>> >>>>> How do you suggest we ensure that the code that is running does not have >>>>> the badguyvote++ sub-routine? Checking binaries using pre-defined test >>>>> cases will probably miss something. >>>>> >>>>> "Sent via BlackBerry from Smart" >>>>> >>>>> -----Original Message----- >>>>> From: Oscar Plameras <[email protected]> >>>>> Date: Tue, 13 Oct 2009 00:09:48 >>>>> To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical >>>>> Discussion List<[email protected]> >>>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>>> SourceCode >>>>> Review) >>>>> >>>>> It's efficiency. Code source review will not get you to where you want. >>>>> >>>>> It will not reach the objective of knowing whether the System is right >>>>> in doing what it's suppose to deliver. >>>>> >>>>> On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >>>>> >>>>>> This is getting out of hand and really entertaining. >>>>>> >>>>>> But seriously, what is wrong with a source code audit and a binary >>>>>> integrity validation mechanism? Just to check if there is not code that >>>>>> says: "if candidate='good guy' then badguyvote++"? >>>>>> >>>>>> "Sent via BlackBerry from Smart" >>>>>> >>>>>> -----Original Message----- >>>>>> From: Oscar Plameras <[email protected]> >>>>>> Date: Mon, 12 Oct 2009 23:58:59 >>>>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion >>>>>> List<[email protected]> >>>>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source >>>>>> Code Review) >>>>>> >>>>>> [email protected] is not even in google search. >>>>>> >>>>>> Just another one of those pretenders. >>>>>> >>>>>> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >>>>>> <[email protected]> wrote: >>>>>> >>>>>>> Maybe, just maybe your just one of those pretenders. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >>>>>>> <[email protected]> wrote: >>>>>>> >>>>>>>> I don't understand. Why would you ask the question? >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> OK, who are you, and what did you do with the Oscar Plameras who >>>>>>>>> posted this: >>>>>>>>> http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >>>>>>>>> and this: >>>>>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >>>>>>>>> ? Oh, and ironically, >>>>>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >>>>>>>>> >>>>>>>>> <except> >>>>>>>>> Source code for 2008 software (zipped file in .zip format - 759 kb)The >>>>>>>>> eVACS® source code downloadable here is an extract of the voting, data >>>>>>>>> entry, and counting modules as used by Elections ACT and is provided >>>>>>>>> for study purposes only. Not included are: (a) artefacts produced >>>>>>>>> during the eVACS® development process, such as detailed design >>>>>>>>> specifications; (b) the base Linux operating system and configuration >>>>>>>>> files; (c) the scripts that are used to initialise the vote databases >>>>>>>>> and invoke the eVACS® modules. The design information for the eVACS® >>>>>>>>> system is the property of Software Improvements Pty Ltd. Their website >>>>>>>>> is at www.softimp.com.au/. Bona fide researchers interested in >>>>>>>>> acquiring more of the source code may apply to Software Improvements >>>>>>>>> using the form at: www.softimp.com.au/evacs/contactus.html >>>>>>>>> </excerpt> >>>>>>>>> >>>>>>>>> Ironic because you're in Australia. And you're even too lazy to trim >>>>>>>>> the quotes. And if you have to ask what that's all about, I'll ask >>>>>>>>> again: who are you and what did you do to the Oscan Plameras who >>>>>>>>> posted those two messages in the URLs above? >>>>>>>>> -- >>>>>>>>> Daniel O. Escasa >>>>>>>>> independent IT consultant and writer >>>>>>>>> contributor, Free Software Magazine >>>>>>>>> (http://www.freesoftwaremagazine.com) >>>>>>>>> personal blog at http://descasa.i.ph >>>>>>>>> Twitter page at http://www.twitter.com/silverlokk >>>>>>>>> If we choose being kind over being right, we will be right every time. >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>> >>>>>>>>> >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >>> >> >> -- >> Paolo >> Sent from Makati, Man, Philippines >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
