Actually it's difficult to test because if you have a huge pool of candidates and positions you have to hit all possible combinations ( and in the right order) to trigger the cheat in a test environment. Bear in mind that the trigger does not have to come from one voter. Requiring three voters to enter different trigger codes is very easy. A simple disclosure of the source code will preclude this.
Regards, Danny Ching On Oct 12, 2009, at 3:53 PM, Oscar Plameras <oscarplame...@gmail.com> wrote: > The system testers are not suppose to see the source codes. In > general, they > are not programmers but Systems Analyst Professionals. > > Triggers are difficult to develop but easy to test. You mention > ordering of the > candidates, that is the easiest to come up with in a test given the > specified > outcome. > > Remember, Election Automation Software is one of the easiest to > develop. > It is "Count and Tally", nothing complicated and convoluted. > > On Mon, Oct 12, 2009 at 5:36 PM, Danny Ching <dlcco...@gmail.com> > wrote: >> if you do not see the source code, you can test all you want and get >> good/correct results. Unfortunately it does not preclude, "easter >> eggs" or >> hidden triggers that will initiate "special" programs that will >> favor the >> programmer's candidate of choice. >> >> Triggers like - voting for certain candidates in a specific order. >> I doubt >> if the testing centers will be able to test all, possible >> combinations. All >> a corrupt candidate has to do is bribe the election officer to feed >> the >> election sheets in the right order, then BINGO, extra 500 votes, >> and nobody >> even knows or sees that it has happened. The election officer >> doesn't even >> have to know he's helping the candidate to cheat. >> >> I agree though that Source Code review should not be about the >> quality of >> the programming, but on its results. >> >> On Mon, Oct 12, 2009 at 1:54 PM, Oscar Plameras <oscarplame...@gmail.com >> > >> wrote: >>> >>> I think it's silly to spend so much money and time to test the >>> Election System by reviewing Source code. >>> >>> From my experience, end users implement acceptance testing of the >>> system by developing a series of test >>> other than source code review.The main idea is to simulate scenarios >>> of operations with input test data >>> and pre-defining the expected results. Several scenarios are covered >>> with the input data that's prepared. >>> >>> The Election system itself is a simple count and tabulate system and >>> that is not difficult to simulate. >>> >>> Hardly no commercial developer will allow third parties to have >>> source >>> code access to their propriety >>> software. And in general, commercial confidence protects the privacy >>> of these codes.under the trade >>> secrets act of countries. I think the Philippines is a signatory >>> to that. >>> >>> And lastly, which source codes are they going to review. The >>> application source codes? But application >>> source codes interacts with system source codes. Are they going to >>> review system source codes, too? >>> What about the source codes of all firmware chips used in the >>> system? >>> Are they goind to review those source codes, >>> too? How long is a piece of string? The code done by one programmer >>> maybe anathema to another and so >>> source code review leads to more controversies. As you know >>> programmers are full of egos and one argument >>> leads to another and another. The point is if it does the defined >>> specifications, it does not matter how or why the >>> code is written that way. >>> >>> Reviewing source codes is a mine field of difficult issues to deal >>> with. >>> >>> The simplest and easieast is to test by outcome, not how the code >>> and >>> why the code is written that >>> way. After all, we are interested in the integrity of the system not >>> the integrity of the code. >>> >>> On Mon, Oct 12, 2009 at 2:24 PM, Pablo Manalastas >>> <prmanalas...@yahoo.com> wrote: >>>> On SysTest Labs: It will do a testing of the binary executable. >>>> The >>>> testing will be more scientific than the testing done by the >>>> Special Bids >>>> and Awards Committee (that awarded the contract to Smartmatic) >>>> but will cost >>>> COMELEC more than PHP70 Million. Note that this is software >>>> testing of the >>>> binary executable, not a review of the source code, and the two >>>> are totally >>>> different "animals". >>>> >>>> On Monday, October 5, 2009, CenPEG filed with the Supreme Court a >>>> petition for mandamus, asking the Supreme Court to force COMELEC >>>> to release >>>> the source code of the election programs that will be used in >>>> May, 2010 to >>>> CenPEG and to all interested political parties and groups, as >>>> provided for >>>> by law (RA-9369). >>>> >>>> The text of the petition can be found here: >>>> >>>> http://www.cenpeg.org/POL%20PARTIES%20AND%20ELECTIONS/OCT%202009/Petition%20for%20Mandamus.pdf >>>> >>>> The lawyers for CenPEG are Atty Koko Pimentel, and Atty Pancho >>>> Joaquin. >>>> I mention their names here, because they render their services >>>> for important >>>> causes for free, and by advertising them, I hope to give them >>>> business. So >>>> if you need legal representation, please talk to them. >>>> >>>> ~Pablo Manalastas, for CenPEG~ >>>> >>>> >>>> --- On Fri, 10/9/09, Drexx Laggui [personal] <dre...@gmail.com> >>>> wrote: >>>> >>>>> From: Drexx Laggui [personal] <dre...@gmail.com> >>>>> Subject: Re: [plug] The Death of Election 2010 Source Code Review >>>>> To: "Philippine Linux Users' Group (PLUG) Technical Discussion >>>>> List" >>>>> <plug@lists.linux.org.ph> >>>>> Date: Friday, October 9, 2009, 11:01 PM >>>>> 09Oct2009 (UTC +8) >>>>> >>>>> On Fri, Oct 9, 2009 at 21:21, Richard Paradies <rparad...@gmail.com >>>>> > >>>>> wrote: >>>>>> But Note Caution: Not certain if it's the same >>>>> company. >>>>> >>>>> I'm pretty sure it is. SysTest is one of the companies >>>>> *currently* >>>>> accredited by EAC: >>>>> >>>>> http://www.eac.gov/program-areas/voting-systems/test-lab-accreditation/eac-accredited-test-laboratories/ >>>>> >>>>> >>>>> --And the list of the 5 testing labs in the above URL is >>>>> most probably >>>>> what is referred to in this news article: >>>>> http://services.inquirer.net/print/print.php?article_id=20090824-221835 >>>>> >>>>> Excerpt: >>>>> "Meanwhile, Ateneo de Manila professor Renato Garcia, who >>>>> sits as >>>>> consultant for the poll body's project management office >>>>> (PMO) for the >>>>> 2010 elections, said they have written letters to at least >>>>> five of the >>>>> international software certification bodies that can >>>>> conduct a >>>>> “formal, thorough review” of the poll automation system >>>>> software. >>>>> >>>>> “One of the five international software certification >>>>> bodies, have >>>>> already expressed interest to do the formal review of the >>>>> customized >>>>> automation software. This body, we found out, has been >>>>> conducting a >>>>> software review for Canadian-based Dominion, the software >>>>> provider for >>>>> Smartmatic's poll machines,” Garcia said. >>>>> >>>>> “If we can get them, the certification will be easier and >>>>> faster,” he added." >>>>> >>>>> >>>>> >>>>>> For Immediate Release on 10/29/2008. EAC Announces >>>>> Intention to Suspend >>>>>> SysTest Labs >>>>>> >>>>>> WASHINGTON, DC – The U.S. Election Assistance >>>>> Commission (EAC) today >>>>>> notified SysTest Laboratories Inc. of its intent to >>>>> suspend the laboratory’s >>>>>> accreditation based upon actions taken by the National >>>>> Institute of >>>>>> Standards and Technology (NIST). >>>>>> >>>>>> August 8, 2008 – Letter from NIST to SysTest >>>>> regarding initial reassessment >>>>>> findings. Reiterates EAC’s earlier concerns by >>>>> stating that SysTest has no >>>>>> documented test methods, unqualified personnel >>>>> conducting tests and concerns >>>>>> regarding manufacturer influence. NIST notes the need >>>>> for an on-site >>>>>> assessment, requires SysTest to submit specific >>>>> testing information and >>>>>> update NIST regarding testing documentation. >>>>>> >>>>>> October 28, 2008 – NIST suspends accreditation of >>>>> SysTest. >>>>>> >>>>>> EAC is United States Election Assistance Commission >>>>> 1225 New York Avenue >>>>>> N.W. - Suite 1100 Washington, DC 20005 >>>>>> >>>>>> On Thu, Oct 8, 2009 at 6:36 PM, jan gestre <plugger.l...@gmail.com >>>>>> > >>>>> wrote: >>>>>>> >>>>>>> What's with this? >>>>>>> <snip> >>>>>>> >>>>>>> US-BASED SysTest Labs was declared as the winning >>>>> bidder that will certify >>>>>>> the source code of the software to be installed in >>>>> the 82,200 precinct count >>>>>>> optical scan (PCOS) machines for the May 2010 >>>>> elections. >>>>>>> >>>>>>> Poll Commissioner Rene Sarmiento said that out of >>>>> the four international >>>>>>> companies that participated in the bidding last >>>>> week, SystTest Labs was able >>>>>>> to comply with all the requirements set by the >>>>> Bids and Awards Committee >>>>>>> (BAC) of the Commission on Elections (Comelec). >>>>>>> >>>>>>> Taken from >>>>>>> >>>>>>> --> >>>>>>> http://www.sunstar.com.ph/manila/us-firm-wins-bid-review-pcos-source-code >>>>>>> >>>>>>> They're not allowing Cenpeg et al. but the awarded >>>>> a bid to a US based >>>>>>> firm? WTF. >>>>> >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >> >> >> >> -- >> Regards, >> Danny Ching >> >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
