Oscar Plameras wrote: > On Tue, Oct 13, 2009 at 11:15 AM, Alec Joseph Rivera <[email protected]> wrote: > >> Oscar Plameras wrote: >> >>> For all that were said and done, the objectives of the test for me are, >>> >>> 1. To assure that the valid votes cast are counted as valid and not as >>> invalid. >>> 2. To assure that the invalid votes cast are counted as invalid and >>> not as valid. >>> 3. To assure that the number of votes for every candidate is correct. >>> >>> > > To operationalize the test the steps are simple, clear, and no ambiguity. > So, there is little chance anybody will mis-interpret the results. > > 1. Prepare one thousand votes of various kinds. > > 2. Input the votes > > 3. Run the actual results and compare with expected results that Comelec > has prepared for the one thousand votes. > > How do you operationalize your checks by looking at the source codes? > > True... now extend that a bit. If you could identify the variables the system uses and be certain that they are not or can not be influenced by external sources, that's another step towards the validity of the system. Having the source code will enable you to do that easily.
1+1+i = 3, if i is 1. You can test that blindly many times and be happy. But are you sure of i's integrity before you add it? How will you prove to yourself without the source code of i's integrity? Can it be flagged for manual review? If yes and it was valid, how will the system address that? >>> What are the objectives of source code review? >>> >>> >>> >>> >> To ensure that the system provides/sufficiently/intelligently... >> >> (a) Adequate security against unauthorized access: >> >> (b) Accuracy in recording and reading of votes as well as in the >> tabulation, consolidation/canvassing, electronic transmission, and >> storage of results; >> >> (c) Error recovery in case of non-catastrophic failure of device; >> >> (d) System integrity which ensures physical stability and functioning of >> the vote recording and counting process; >> >> (e) Provision for voter verified paper audit trail; >> >> (f) System auditability which provides supporting documentation for >> verifying the correctness of reported election results; >> >> (g) An election management system for preparing ballots and programs for >> use in the casting and counting of votes and to consolidate, report and >> display election result in the shortest time possible; >> >> (h) Accessibility to illiterates and disable voters; >> >> (i) Vote tabulating program for election, referendum or plebiscite; >> >> (j) Accurate ballot counters; >> >> (k) Data retention provision; >> >> (l) Provide for the safekeeping, storing and archiving of physical or >> paper resource used in the election process; >> >> (m) Utilize or generate official ballots as herein defined; >> >> (n) Provide the voter a system of verification to find out whether or >> not the machine has registered his choice; and >> >> (o) Configure access control for sensitive system data and function >> >> >> >>> On Tue, Oct 13, 2009 at 1:45 AM, Paolo Falcone <[email protected]> wrote: >>> >>> >>>> Gone are the days wherein a simple handshake means that a deal is a >>>> deal. It is indeed sad. >>>> >>>> At present, I don't know of an acceptable means to comply with the law >>>> without doing the source code review, as it just sticks there. Maybe >>>> if there's just a way for the source code review to be done via >>>> trusted parties (with proven competence and independence) that can >>>> certify (rather than directly through any party), or an arrangement >>>> can be sought rather than letting this court case drag. There should >>>> be a way, even to the point of having NDA's and concrete and >>>> acceptable parameters for the review and the assent of the reviewer - >>>> a discussion with all interested parties should be sought rather than >>>> the stonewalling that COMELEC is giving everyone else. >>>> >>>> The test suite is a must. Unfortunately its presence alone cannot meet >>>> the law's requirements. >>>> >>>> For now nobody wants to stop the elections just because of a sore >>>> provision. But the automated elections must be done fairly and >>>> legally. >>>> >>>> On Mon, Oct 12, 2009 at 10:25 PM, Oscar Plameras >>>> <[email protected]> wrote: >>>> >>>> >>>>> Doubt is a big thing. >>>>> >>>>> The opposite of doubt is trust, of course. That's what is lacking in Pinas >>>>> TRUST. I'm sad to say but it's now part of our culture. >>>>> >>>>> There's no sense of TRUST. Everyone is untrusted. Nobody trust anyone. >>>>> Cynicism is the word. And unfortunately we mix cynicism with everything >>>>> we do, >>>>> including when we develop software because it's in our culture, our >>>>> unconscious >>>>> self. We try to incorporate checks that's akin to preventing someone >>>>> trying to >>>>> cheat the system. And our system becomes too complicated and we lost the >>>>> main objective of the system and what it is trying to accomplish. I've >>>>> seen this all. >>>>> >>>>> On Tue, Oct 13, 2009 at 12:50 AM, <[email protected]> wrote: >>>>> >>>>> >>>>>> Hello again, >>>>>> >>>>>> Yes, blackbox testing is definitely something that can be done. But, how >>>>>> can one prove that all possible outcomes have been used? Create a open >>>>>> source program that generates inputs with pre-computed outputs and >>>>>> compare them with the PCOS outputs? Pwede din. Then of course prove >>>>>> mathematically that all inputs are indeed generated by the open source >>>>>> test program. >>>>>> >>>>>> But, isn't a source review easier? >>>>>> >>>>>> Also I do find it strange that a source review is in the law. Bidders >>>>>> entered their bids with this in mind. So what's up with all the fuss? >>>>>> This just causes doubt in people's minds and doubt is bad especially for >>>>>> something as sensitive as an election. >>>>>> >>>>>> Thanks. >>>>>> "Sent via BlackBerry from Smart" >>>>>> >>>>>> -----Original Message----- >>>>>> From: Oscar Plameras <[email protected]> >>>>>> Date: Tue, 13 Oct 2009 00:35:38 >>>>>> To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical >>>>>> Discussion List<[email protected]> >>>>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>>>> SourceCodeReview) >>>>>> >>>>>> We do it the way it has been done. >>>>>> >>>>>> Testing the System by Outcomes. >>>>>> >>>>>> Come up with a set of inputs, and a set of outputs. >>>>>> >>>>>> If all the outputs (maybe hundreds or thousands) agree with all the >>>>>> inputs, then that's acceptable. >>>>>> >>>>>> >>>>>> On Tue, Oct 13, 2009 at 12:31 AM, <[email protected]> wrote: >>>>>> >>>>>> >>>>>>> How do you suggest we ensure that the code that is running does not >>>>>>> have the badguyvote++ sub-routine? Checking binaries using pre-defined >>>>>>> test cases will probably miss something. >>>>>>> >>>>>>> "Sent via BlackBerry from Smart" >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Oscar Plameras <[email protected]> >>>>>>> Date: Tue, 13 Oct 2009 00:09:48 >>>>>>> To: <[email protected]>; Philippine Linux Users' Group (PLUG) Technical >>>>>>> Discussion List<[email protected]> >>>>>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>>>>> SourceCode >>>>>>> Review) >>>>>>> >>>>>>> It's efficiency. Code source review will not get you to where you want. >>>>>>> >>>>>>> It will not reach the objective of knowing whether the System is right >>>>>>> in doing what it's suppose to deliver. >>>>>>> >>>>>>> On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >>>>>>> >>>>>>> >>>>>>>> This is getting out of hand and really entertaining. >>>>>>>> >>>>>>>> But seriously, what is wrong with a source code audit and a binary >>>>>>>> integrity validation mechanism? Just to check if there is not code >>>>>>>> that says: "if candidate='good guy' then badguyvote++"? >>>>>>>> >>>>>>>> "Sent via BlackBerry from Smart" >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: Oscar Plameras <[email protected]> >>>>>>>> Date: Mon, 12 Oct 2009 23:58:59 >>>>>>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion >>>>>>>> List<[email protected]> >>>>>>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >>>>>>>> Source >>>>>>>> Code Review) >>>>>>>> >>>>>>>> [email protected] is not even in google search. >>>>>>>> >>>>>>>> Just another one of those pretenders. >>>>>>>> >>>>>>>> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >>>>>>>> <[email protected]> wrote: >>>>>>>> >>>>>>>> >>>>>>>>> Maybe, just maybe your just one of those pretenders. >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >>>>>>>>> <[email protected]> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>>> I don't understand. Why would you ask the question? >>>>>>>>>> >>>>>>>>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> OK, who are you, and what did you do with the Oscar Plameras who >>>>>>>>>>> posted this: >>>>>>>>>>> http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >>>>>>>>>>> and this: >>>>>>>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >>>>>>>>>>> ? Oh, and ironically, >>>>>>>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >>>>>>>>>>> >>>>>>>>>>> <except> >>>>>>>>>>> Source code for 2008 software (zipped file in .zip format - 759 >>>>>>>>>>> kb)The >>>>>>>>>>> eVACS® source code downloadable here is an extract of the voting, >>>>>>>>>>> data >>>>>>>>>>> entry, and counting modules as used by Elections ACT and is provided >>>>>>>>>>> for study purposes only. Not included are: (a) artefacts produced >>>>>>>>>>> during the eVACS® development process, such as detailed design >>>>>>>>>>> specifications; (b) the base Linux operating system and >>>>>>>>>>> configuration >>>>>>>>>>> files; (c) the scripts that are used to initialise the vote >>>>>>>>>>> databases >>>>>>>>>>> and invoke the eVACS® modules. The design information for the eVACS® >>>>>>>>>>> system is the property of Software Improvements Pty Ltd. Their >>>>>>>>>>> website >>>>>>>>>>> is at www.softimp.com.au/. Bona fide researchers interested in >>>>>>>>>>> acquiring more of the source code may apply to Software Improvements >>>>>>>>>>> using the form at: www.softimp.com.au/evacs/contactus.html >>>>>>>>>>> </excerpt> >>>>>>>>>>> >>>>>>>>>>> Ironic because you're in Australia. And you're even too lazy to trim >>>>>>>>>>> the quotes. And if you have to ask what that's all about, I'll ask >>>>>>>>>>> again: who are you and what did you do to the Oscan Plameras who >>>>>>>>>>> posted those two messages in the URLs above? >>>>>>>>>>> -- >>>>>>>>>>> Daniel O. Escasa >>>>>>>>>>> independent IT consultant and writer >>>>>>>>>>> contributor, Free Software Magazine >>>>>>>>>>> (http://www.freesoftwaremagazine.com) >>>>>>>>>>> personal blog at http://descasa.i.ph >>>>>>>>>>> Twitter page at http://www.twitter.com/silverlokk >>>>>>>>>>> If we choose being kind over being right, we will be right every >>>>>>>>>>> time. >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>>> >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>> >>>>>>> >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>>> >>>>> >>>>> >>>> -- >>>> Paolo >>>> Sent from Makati, Man, Philippines >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >>> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
