Duh? You are conveniently forgetting that the PCOS is not just "Count and Tabulate". It also has features to ensure that the system is NOT tampered, whether during count or transmission, and that requires crypto.
Horses for courses my ass. If it were just simple to simply trust governments and people, there wouldn't be a need for a military, or for crypto at all. But you're in the real world, and not all can be trusted. Paolo On Mon, Oct 12, 2009 at 7:07 PM, Oscar Plameras <oscarplame...@gmail.com> wrote: > Horses for courses. Military security is not comparable to a system that is > "Count and Tabulate. > > On Mon, Oct 12, 2009 at 10:03 PM, Paolo Falcone <pfalc...@free.net.ph> wrote: >> The system is indeed not designed to detect corruption, and neither >> does a source code review indicate that with all degrees of certainty >> the presence of a backdoor indicates corruption. >> >> Then again, only a source code review satisfies the requirement that >> there will be no backdoors in the inspected application, be it put by >> a corrupt programmer or a programmer in a hurry to get out of the >> office. A blackbox testing with the specifications can only get you so >> far - that the system is compliant as per specification. Whether it >> exceeds or subverts the specification outside the test conditions is >> something that you can only get with a code review. >> >> Has anyone even wondered why the military is so anal about source code >> and algorithm review when designing military ciphers? Once the >> underlying mantra (Kerckhoff's principle) is thoroughly understood >> then one will understand why a blackbox testing SIMPLY DOES NOT DO THE >> JOB. >> >> It amazes me that there are still some segments in society that won't >> extend the same level of scrutiny to the system that determines who >> will run their government. And would rather outsource the scrutinizing >> eyes to some non-stakeholder corporation. >> >> When it comes to reviewing software, you can automate all the tests, >> but at the end of the day, NEVER TRUST A MACHINE TO DO A HUMAN'S JOB. >> >> On Mon, Oct 12, 2009 at 6:35 PM, Oscar Plameras <oscarplame...@gmail.com> >> wrote: >>> You should know that the system is not meant to detect corruption. >>> >>> On Mon, Oct 12, 2009 at 9:24 PM, Danny Ching <dlcco...@gmail.com> wrote: >>>> Perhaps I should qualify that. Lest the prorammers in the list believe >>>> you. Hehehe >>>> >>>> I think we should at least be realistic enough to note that some >>>> corrupt officials are completely willing to corrupting anyone >>>> including programmers. >>>> >>>> Do I trust pogrammers? Not all. Do you? Btw. Let's keep the discussion >>>> to technical stuff and let us not question each other's technical >>>> capabilities. Peace. >>>> >>>> Regards, >>>> Danny Ching >>>> >>>> >>>> On Oct 12, 2009, at 6:16 PM, Oscar Plameras <oscarplame...@gmail.com> >>>> wrote: >>>> >>>>> If you don't trust programmers, you are in the wrong profession. >>>>> >>>>> On Mon, Oct 12, 2009 at 9:12 PM, Danny Ching <dlcco...@gmail.com> >>>>> wrote: >>>>>> I don't trust programmers who hide their code. Although not all >>>>>> reviewers are honest, all it takes to expose anomalies in open source >>>>>> is one honest reviewer. >>>>>> >>>>>> However in a close source system all it takes to corrupt the system >>>>>> is >>>>>> one corrupt programmer. >>>>>> >>>>>> Regards, >>>>>> Danny Ching >>>>>> >>>>>> >>>>>> On Oct 12, 2009, at 6:05 PM, Oscar Plameras <oscarplame...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> You don't trust programmers? >>>>>>> >>>>>>> This precisely what's wrong with source code review. >>>>>>> >>>>>>> On Mon, Oct 12, 2009 at 8:59 PM, Danny Ching <dlcco...@gmail.com> >>>>>>> wrote: >>>>>>>> Very true. Unfortunately, I do not trust the programmers if I >>>>>>>> cannot >>>>>>>> check their work. The purpose of source code validation is not to >>>>>>>> check the computer or it's software's trustworthiness. A computer >>>>>>>> will >>>>>>>> do what it's told. It is human corruption I'm worried about. Of >>>>>>>> course >>>>>>>> outside of computers that is a different problem altogether. I just >>>>>>>> don't want people blaming computerization for failure of elections. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Danny Ching >>>>>>>> >>>>>>>> >>>>>>>> On Oct 12, 2009, at 5:53 PM, Oscar Plameras <oscarplame...@gmail.com >>>>>>>> > >>>>>>>> wrote: >>>>>>>> >>>>>>>>> What you mean is the trustworthiness of the people running the >>>>>>>>> system. >>>>>>>>> >>>>>>>>> I'll say one thing from my experience, you can't use the system >>>>>>>>> to >>>>>>>>> arrest >>>>>>>>> human corruption. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2009 at 8:35 PM, Danny Ching <dlcco...@gmail.com> >>>>>>>>> wrote: >>>>>>>>>> I think I see where you are coming from. It is not the system we >>>>>>>>>> are >>>>>>>>>> worried about sir. It is the trustworthiness of the system. A >>>>>>>>>> simple >>>>>>>>>> exposure of the code will show that it is not doing anything >>>>>>>>>> out of >>>>>>>>>> the ordinary. Besides. If the code is indeed simple as you said, >>>>>>>>>> then >>>>>>>>>> checking the cource code should be easy. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Danny Ching >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Oct 12, 2009, at 5:26 PM, Oscar Plameras <oscarplame...@gmail.com >>>>>>>>>>> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> A tester does not need to know about programming to test and >>>>>>>>>>> accept >>>>>>>>>>> a System. >>>>>>>>>>> >>>>>>>>>>> On Mon, Oct 12, 2009 at 7:47 PM, fooler mail <fooler.m...@gmail.com >>>>>>>>>>>> >>>>>>>>>>> wrote: >>>>>>>>>>>> On Mon, Oct 12, 2009 at 3:52 PM, Oscar Plameras >>>>>>>>>>>> <oscarplame...@gmail.com >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> Remember, Election Automation Software is one of the easiest >>>>>>>>>>>>> to >>>>>>>>>>>>> develop. >>>>>>>>>>>>> It is "Count and Tally", nothing complicated and convoluted. >>>>>>>>>>>> >>>>>>>>>>>> true.. BUT... the purpose of source code review is to examine >>>>>>>>>>>> if >>>>>>>>>>>> there >>>>>>>>>>>> is something beyond the count and tally thing which cannot be >>>>>>>>>>>> seen by >>>>>>>>>>>> your simulation test.. as what danny said - TRIGGERS.. >>>>>>>>>>>> >>>>>>>>>>>> special keyboard hotkey, special packets, special ER and others >>>>>>>>>>>> to >>>>>>>>>>>> trigger the manipulation of votes to do the dagdag-bawas >>>>>>>>>>>> scheme... >>>>>>>>>>>> >>>>>>>>>>>> fooler. >>>>>>>>>>>> _________________________________________________ >>>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>>>> >>>>>>>>>>> _________________________________________________ >>>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> _________________________________________________ >>>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>>>> >>>>>>>>> _________________________________________________ >>>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> _________________________________________________ >>>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>>>> >>>>>>> _________________________________________________ >>>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> _________________________________________________ >>>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>>> Searchable Archives: http://archives.free.net.ph >>>>>> >>>>> _________________________________________________ >>>>> Philippine Linux Users' Group (PLUG) Mailing List >>>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>>> Searchable Archives: http://archives.free.net.ph >>>> _________________________________________________ >>>> Philippine Linux Users' Group (PLUG) Mailing List >>>> http://lists.linux.org.ph/mailman/listinfo/plug >>>> Searchable Archives: http://archives.free.net.ph >>>> >>> _________________________________________________ >>> Philippine Linux Users' Group (PLUG) Mailing List >>> http://lists.linux.org.ph/mailman/listinfo/plug >>> Searchable Archives: http://archives.free.net.ph >>> >> >> >> >> -- >> Paolo >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Paolo Sent from Makati, Man, Philippines _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
