The check I propose is by Outcome. If my check will not catch the absurdity in any coding, that's well and good.
My check is not going to look for such things. What matters are the outcome or results. On Tue, Oct 13, 2009 at 1:40 AM, Robert Locke <[email protected]> wrote: > Oscar, > > If I had a closed system that did the following: > > if (current_date < '2010-05-10) { > do_a_normal_tally(); > } else { > do_something_slightly_different_but_not_too_obvious(); > } > > How would your proposed "Testing the System by Outcomes" catch this? > > Maybe you set the system date to be 2010-05-10, and the ruse is > revealed. > > So the programmer does this: > > if (current_date < '2010-05-10 && !obscure_hot_key_pressed) { > do_a_normal_tally(); > } else { > do_something_slightly_different_but_not_too_obvious(); > } > > How do you catch it then? Obviously this is an oversimplified > example, but I'm curious to hear how you would expose it. Or are we > supposed to blindly "trust" that this won't happen? If that's your > position, then I would say it's a bit naive. > > "There is one safeguard known generally to the wise, which is an > advantage and security to all, but especially to democracies as > against despots. What is it? Distrust." - Demosthenes > > Rob > > > > > On 10 12, 09, at 9:35 PM, Oscar Plameras wrote: > >> We do it the way it has been done. >> >> Testing the System by Outcomes. >> >> Come up with a set of inputs, and a set of outputs. >> >> If all the outputs (maybe hundreds or thousands) agree with all the >> inputs, then that's acceptable. >> >> >> On Tue, Oct 13, 2009 at 12:31 AM, <[email protected]> wrote: >>> How do you suggest we ensure that the code that is running does not >>> have the badguyvote++ sub-routine? Checking binaries using pre- >>> defined test cases will probably miss something. >>> >>> "Sent via BlackBerry from Smart" >>> >>> -----Original Message----- >>> From: Oscar Plameras <[email protected]> >>> Date: Tue, 13 Oct 2009 00:09:48 >>> To: <[email protected]>; Philippine Linux Users' Group (PLUG) >>> Technical Discussion List<[email protected]> >>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>> SourceCode >>> Review) >>> >>> It's efficiency. Code source review will not get you to where you >>> want. >>> >>> It will not reach the objective of knowing whether the System is >>> right >>> in doing what it's suppose to deliver. >>> >>> On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >>>> This is getting out of hand and really entertaining. >>>> >>>> But seriously, what is wrong with a source code audit and a binary >>>> integrity validation mechanism? Just to check if there is not code >>>> that says: "if candidate='good guy' then badguyvote++"? >>>> >>>> "Sent via BlackBerry from Smart" >>>> >>>> -----Original Message----- >>>> From: Oscar Plameras <[email protected]> >>>> Date: Mon, 12 Oct 2009 23:58:59 >>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion >>>> List<[email protected] >>>> > >>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>> Source >>>> Code Review) >>>> >>>> [email protected] is not even in google search. >>>> >>>> Just another one of those pretenders. >>>> >>>> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >>>> <[email protected]> wrote: >>>>> Maybe, just maybe your just one of those pretenders. >>>>> >>>>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >>>>> <[email protected]> wrote: >>>>>> I don't understand. Why would you ask the question? >>>>>> >>>>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa >>>>>> <[email protected]> wrote: >>>>>>> OK, who are you, and what did you do with the Oscar Plameras who >>>>>>> posted this: >>>>>>> http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >>>>>>> and this: >>>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >>>>>>> ? Oh, and ironically, >>>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >>>>>>> >>>>>>> <except> >>>>>>> Source code for 2008 software (zipped file in .zip format - 759 >>>>>>> kb)The >>>>>>> eVACS® source code downloadable here is an extract of the >>>>>>> voting, data >>>>>>> entry, and counting modules as used by Elections ACT and is >>>>>>> provided >>>>>>> for study purposes only. Not included are: (a) artefacts produced >>>>>>> during the eVACS® development process, such as detailed design >>>>>>> specifications; (b) the base Linux operating system and >>>>>>> configuration >>>>>>> files; (c) the scripts that are used to initialise the vote >>>>>>> databases >>>>>>> and invoke the eVACS® modules. The design information for the >>>>>>> eVACS® >>>>>>> system is the property of Software Improvements Pty Ltd. Their >>>>>>> website >>>>>>> is at www.softimp.com.au/. Bona fide researchers interested in >>>>>>> acquiring more of the source code may apply to Software >>>>>>> Improvements >>>>>>> using the form at: www.softimp.com.au/evacs/contactus.html >>>>>>> </excerpt> >>>>>>> >>>>>>> Ironic because you're in Australia. And you're even too lazy to >>>>>>> trim >>>>>>> the quotes. And if you have to ask what that's all about, I'll >>>>>>> ask >>>>>>> again: who are you and what did you do to the Oscan Plameras who >>>>>>> posted those two messages in the URLs above? >>>>>>> -- >>>>>>> Daniel O. Escasa >>>>>>> independent IT consultant and writer >>>>>>> contributor, Free Software Magazine (http://www.freesoftwaremagazine.com >>>>>>> ) >>>>>>> personal blog at http://descasa.i.ph >>>>>>> Twitter page at http://www.twitter.com/silverlokk >>>>>>> If we choose being kind over being right, we will be right >>>>>>> every time. >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>> >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
