On Tue, Oct 13, 2009 at 1:24 PM, William Emmanuel Yu <[email protected]> wrote: > > If that is the case will the COMELEC/Smartmatic/Whoever come up with a > proposed blackbox test that would capture all the scenarios (including > the ones of my fellow PLUG members)? >
I have not thought of this. But I assume Comelec, etc., will not refuse such a reasonable suggestion. > Also can COMELEC/Smartmatic/Whoever come up with a solution to the > access to source code provision in the enabling law? > I think that you have to take this up with Comelec and the responsible parties. In my personal opinion, I don't think you will be granted to see the proprietory source codes used in AES. I am not in anyway connected with Comelec nor Smartmatic nor shall I profit directly or indirectly from the project at all. I am voicing my opinions on behalf of me as a Filipino Citizen and as a registered voter during this coming election. > The longer this gets delayed the great the risk. > > On Tue, 2009-10-13 at 13:19 +1100, Oscar Plameras wrote: >> You're right. The 1000 is just to illustrate. >> >> You're also right that Comelec will dream up all sorts of possibilities, >> including "stupid" ones, unreasonable ones, like no entries in ballots, and >> all >> sorts of idiotic combinations. Testing the system to it's limits is >> the purpose. >> >> On Tue, Oct 13, 2009 at 1:14 PM, <[email protected]> wrote: >> > Forgive my ignorance but doesn't this test fall short? >> > >> > Shouldn't we also test for every concievable configuration setting and not >> > just data? Also shouldn't we test for all possilbe input and output? Maybe >> > 1,000 is just an example but that is really too little right? >> > >> > Thanks. >> > "Sent via BlackBerry from Smart" >> > >> > -----Original Message----- >> > From: Oscar Plameras <[email protected]> >> > Date: Tue, 13 Oct 2009 13:06:31 >> > To: Philippine Linux Users' Group (PLUG) Technical Discussion >> > List<[email protected]> >> > Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >> > SourceCodeReview) >> > >> > What my Comelec check will do is, for 1000 votes inputted, I expected to >> > get >> > in the results 1000 votes, categorized as valid, invalid, and >> > uncategorized. >> > >> > And the actual results should match the expected results as prepared >> > by Comelec of 1000 votes, categorized as valid, invalid, and uncategorized. >> > >> > On Tue, Oct 13, 2009 at 12:42 PM, Danny Ching <[email protected]> wrote: >> >> You should check for absurdity in code, because it may not affect the >> >> check >> >> during testing but it may affect the outcome when it really counts (on >> >> election day). Why do you want to accept that risk? >> >> >> >> On Tue, Oct 13, 2009 at 9:40 AM, Danny Ching <[email protected]> wrote: >> >>> >> >>> How about checking for code that says if there is a candidate named >> >>> "Eddie >> >>> Gil" add 5,000,000 votes to Gloria? Will they check for each individual >> >>> name >> >>> available in the world? >> >>> >> >>> Do not get me wrong. I do not believe that outcome checking is not good. >> >>> It is. What I am saying is that it is not enough. >> >>> >> >>> On Tue, Oct 13, 2009 at 9:09 AM, Oscar Plameras <[email protected]> >> >>> wrote: >> >>>> >> >>>> The check I propose is by Outcome. >> >>>> >> >>>> If my check will not catch the absurdity in any coding, that's well and >> >>>> good. >> >>>> >> >>>> My check is not going to look for such things. What matters are the >> >>>> outcome >> >>>> or results. >> >>>> >> >>>> On Tue, Oct 13, 2009 at 1:40 AM, Robert Locke <[email protected]> wrote: >> >>>> > Oscar, >> >>>> > >> >>>> > If I had a closed system that did the following: >> >>>> > >> >>>> > if (current_date < '2010-05-10) { >> >>>> > do_a_normal_tally(); >> >>>> > } else { >> >>>> > do_something_slightly_different_but_not_too_obvious(); >> >>>> > } >> >>>> > >> >>>> > How would your proposed "Testing the System by Outcomes" catch this? >> >>>> > >> >>>> > Maybe you set the system date to be 2010-05-10, and the ruse is >> >>>> > revealed. >> >>>> > >> >>>> > So the programmer does this: >> >>>> > >> >>>> > if (current_date < '2010-05-10 && !obscure_hot_key_pressed) { >> >>>> > do_a_normal_tally(); >> >>>> > } else { >> >>>> > do_something_slightly_different_but_not_too_obvious(); >> >>>> > } >> >>>> > >> >>>> > How do you catch it then? Obviously this is an oversimplified >> >>>> > example, but I'm curious to hear how you would expose it. Or are we >> >>>> > supposed to blindly "trust" that this won't happen? If that's your >> >>>> > position, then I would say it's a bit naive. >> >>>> > >> >>>> > "There is one safeguard known generally to the wise, which is an >> >>>> > advantage and security to all, but especially to democracies as >> >>>> > against despots. What is it? Distrust." - Demosthenes >> >>>> > >> >>>> > Rob >> >>>> > >> >>>> > >> >>>> > >> >>>> > >> >>>> > On 10 12, 09, at 9:35 PM, Oscar Plameras wrote: >> >>>> > >> >>>> >> We do it the way it has been done. >> >>>> >> >> >>>> >> Testing the System by Outcomes. >> >>>> >> >> >>>> >> Come up with a set of inputs, and a set of outputs. >> >>>> >> >> >>>> >> If all the outputs (maybe hundreds or thousands) agree with all the >> >>>> >> inputs, then that's acceptable. >> >>>> >> >> >>>> >> >> >>>> >> On Tue, Oct 13, 2009 at 12:31 AM, <[email protected]> wrote: >> >>>> >>> How do you suggest we ensure that the code that is running does not >> >>>> >>> have the badguyvote++ sub-routine? Checking binaries using pre- >> >>>> >>> defined test cases will probably miss something. >> >>>> >>> >> >>>> >>> "Sent via BlackBerry from Smart" >> >>>> >>> >> >>>> >>> -----Original Message----- >> >>>> >>> From: Oscar Plameras <[email protected]> >> >>>> >>> Date: Tue, 13 Oct 2009 00:09:48 >> >>>> >>> To: <[email protected]>; Philippine Linux Users' Group (PLUG) >> >>>> >>> Technical Discussion List<[email protected]> >> >>>> >>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >> >>>> >>> SourceCode >> >>>> >>> Review) >> >>>> >>> >> >>>> >>> It's efficiency. Code source review will not get you to where you >> >>>> >>> want. >> >>>> >>> >> >>>> >>> It will not reach the objective of knowing whether the System is >> >>>> >>> right >> >>>> >>> in doing what it's suppose to deliver. >> >>>> >>> >> >>>> >>> On Tue, Oct 13, 2009 at 12:08 AM, <[email protected]> wrote: >> >>>> >>>> This is getting out of hand and really entertaining. >> >>>> >>>> >> >>>> >>>> But seriously, what is wrong with a source code audit and a binary >> >>>> >>>> integrity validation mechanism? Just to check if there is not code >> >>>> >>>> that says: "if candidate='good guy' then badguyvote++"? >> >>>> >>>> >> >>>> >>>> "Sent via BlackBerry from Smart" >> >>>> >>>> >> >>>> >>>> -----Original Message----- >> >>>> >>>> From: Oscar Plameras <[email protected]> >> >>>> >>>> Date: Mon, 12 Oct 2009 23:58:59 >> >>>> >>>> To: Philippine Linux Users' Group (PLUG) Technical Discussion >> >>>> >>>> List<[email protected] >> >>>> >>>> > >> >>>> >>>> Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 >> >>>> >>>> Source >> >>>> >>>> Code Review) >> >>>> >>>> >> >>>> >>>> [email protected] is not even in google search. >> >>>> >>>> >> >>>> >>>> Just another one of those pretenders. >> >>>> >>>> >> >>>> >>>> On Mon, Oct 12, 2009 at 11:56 PM, Oscar Plameras >> >>>> >>>> <[email protected]> wrote: >> >>>> >>>>> Maybe, just maybe your just one of those pretenders. >> >>>> >>>>> >> >>>> >>>>> On Mon, Oct 12, 2009 at 11:53 PM, Oscar Plameras >> >>>> >>>>> <[email protected]> wrote: >> >>>> >>>>>> I don't understand. Why would you ask the question? >> >>>> >>>>>> >> >>>> >>>>>> On Mon, Oct 12, 2009 at 11:50 PM, Daniel Escasa >> >>>> >>>>>> <[email protected]> wrote: >> >>>> >>>>>>> OK, who are you, and what did you do with the Oscar Plameras who >> >>>> >>>>>>> posted this: >> >>>> >>>>>>> http://lists.slug.org.au/archives/slug/2003/08/msg00344.html >> >>>> >>>>>>> and this: >> >>>> >>>>>>> http://archives.free.net.ph/message/20090918.004218.c213bcf2.en.html >> >>>> >>>>>>> ? Oh, and ironically, >> >>>> >>>>>>> http://www.elections.act.gov.au/elections/electronicvoting.html: >> >>>> >>>>>>> >> >>>> >>>>>>> <except> >> >>>> >>>>>>> Source code for 2008 software (zipped file in .zip format - 759 >> >>>> >>>>>>> kb)The >> >>>> >>>>>>> eVACS® source code downloadable here is an extract of the >> >>>> >>>>>>> voting, data >> >>>> >>>>>>> entry, and counting modules as used by Elections ACT and is >> >>>> >>>>>>> provided >> >>>> >>>>>>> for study purposes only. Not included are: (a) artefacts >> >>>> >>>>>>> produced >> >>>> >>>>>>> during the eVACS® development process, such as detailed design >> >>>> >>>>>>> specifications; (b) the base Linux operating system and >> >>>> >>>>>>> configuration >> >>>> >>>>>>> files; (c) the scripts that are used to initialise the vote >> >>>> >>>>>>> databases >> >>>> >>>>>>> and invoke the eVACS® modules. The design information for the >> >>>> >>>>>>> eVACS® >> >>>> >>>>>>> system is the property of Software Improvements Pty Ltd. Their >> >>>> >>>>>>> website >> >>>> >>>>>>> is at www.softimp.com.au/. Bona fide researchers interested in >> >>>> >>>>>>> acquiring more of the source code may apply to Software >> >>>> >>>>>>> Improvements >> >>>> >>>>>>> using the form at: www.softimp.com.au/evacs/contactus.html >> >>>> >>>>>>> </excerpt> >> >>>> >>>>>>> >> >>>> >>>>>>> Ironic because you're in Australia. And you're even too lazy to >> >>>> >>>>>>> trim >> >>>> >>>>>>> the quotes. And if you have to ask what that's all about, I'll >> >>>> >>>>>>> ask >> >>>> >>>>>>> again: who are you and what did you do to the Oscan Plameras who >> >>>> >>>>>>> posted those two messages in the URLs above? >> >>>> >>>>>>> -- >> >>>> >>>>>>> Daniel O. Escasa >> >>>> >>>>>>> independent IT consultant and writer >> >>>> >>>>>>> contributor, Free Software Magazine >> >>>> >>>>>>> (http://www.freesoftwaremagazine.com >> >>>> >>>>>>> ) >> >>>> >>>>>>> personal blog at http://descasa.i.ph >> >>>> >>>>>>> Twitter page at http://www.twitter.com/silverlokk >> >>>> >>>>>>> If we choose being kind over being right, we will be right >> >>>> >>>>>>> every time. >> >>>> >>>>>>>_________________________________________________ >> >>>> >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> >>>>>>> Searchable Archives: http://archives.free.net.ph >> >>>> >>>>>>> >> >>>> >>>>>> >> >>>> >>>>> >> >>>> >>>>_________________________________________________ >> >>>> >>>> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> >>>> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> >>>> Searchable Archives: http://archives.free.net.ph >> >>>> >>>>_________________________________________________ >> >>>> >>>> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> >>>> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> >>>> Searchable Archives: http://archives.free.net.ph >> >>>> >>>_________________________________________________ >> >>>> >>> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> >>> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> >>> Searchable Archives: http://archives.free.net.ph >> >>>> >>>_________________________________________________ >> >>>> >>> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> >>> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> >>> Searchable Archives: http://archives.free.net.ph >> >>>> >>_________________________________________________ >> >>>> >> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> >> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> >> Searchable Archives: http://archives.free.net.ph >> >>>> > >> >>>> >_________________________________________________ >> >>>> > Philippine Linux Users' Group (PLUG) Mailing List >> >>>> > http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> > Searchable Archives: http://archives.free.net.ph >> >>>> > >> >>>>_________________________________________________ >> >>>> Philippine Linux Users' Group (PLUG) Mailing List >> >>>> http://lists.linux.org.ph/mailman/listinfo/plug >> >>>> Searchable Archives: http://archives.free.net.ph >> >>> >> >>> >> >>> >> >>> -- >> >>> Regards, >> >>> Danny Ching >> >> >> >> >> >> >> >> -- >> >> Regards, >> >> Danny Ching >> >> >> >>_________________________________________________ >> >> Philippine Linux Users' Group (PLUG) Mailing List >> >> http://lists.linux.org.ph/mailman/listinfo/plug >> >> Searchable Archives: http://archives.free.net.ph >> >> >> > _________________________________________________ >> > Philippine Linux Users' Group (PLUG) Mailing List >> > http://lists.linux.org.ph/mailman/listinfo/plug >> > Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ >> > Philippine Linux Users' Group (PLUG) Mailing List >> > http://lists.linux.org.ph/mailman/listinfo/plug >> > Searchable Archives: http://archives.free.net.ph > -- > ------------------------------------------------------- > William Emmanuel S. Yu (杨怀义) > Department of Information Systems and Computer Science > Ateneo de Manila University > email : wyu at ateneo dot edu > blog : http://hip2b2.yutivo.org/ > web : http://CNG.ateneo.edu/cng/wyu/ > phone : +63(2)4266001 loc. 4186 > GPG : http://CNG.ateneo.net/cng/wyu/wyy.pgp > > Confidentiality Issue: This message is intended only for the use of the > addressee and may contain information that is privileged and > confidential. If you are not the intended recipient, you are hereby > notified that any use or dissemination of this communication is strictly > prohibited. If you have received this communication in error, please > notify us immediately by reply and delete this message from your system. > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
