As much as I'd like to, the review must stay, given that this is the law. You can't correct something illegal by bowing to it. The issue of the source code review is already beyond a normal UAT as per industry standard practice, as the law didn't just stop on a UAT. We have to understand that the stakes are much higher, and despite claims that it's just a counting device, it is NOT just a counting device. Heck, if it all it did was count why spend the millions just to do AES and all the extra bells and whistles while a hacked up calculator will cost significantly less.
Now, as how the source code review can go, I encourage COMELEC to stop this crazy stonewalling and have all the concerned parties sit down and talk and work something out without jeopardizing the spirit of the law. The law is clear - source code review - and not just mere acceptance tests. Not this utter bullshit of binary-only review that will cost 70 million pesos that doesn't conform to the law, does not erase doubts, that would be better spent aiding our typhoon-affected folks. I don't buy the chairborne commando conspiracy theories, but I already find the reluctance too doubtful, tempting me to want to utterly distrust the people behind COMELEC and Smartmatic, given that effectively what they're saying is "just blindly trust us, you don't need to know the internals, here are some tests to play with". On Tue, Oct 13, 2009 at 12:29 PM, Michael Mondragon < michael_mondra...@yahoo.com> wrote: > You're right. That's what I am actually after. Given the fact that we > are petitioning Comelec and take a source code review, this would take us so > much time and now the petition or case (some sort if ever) needs to be filed > in court and source code review be done by the US will be postpone, this > will definitely won't take source code review at all. I'm not sure if my > calculation is correct, because again enough time is needed in this case and > its critical. What I am thinking guys is to think what other things we can > offer to be of help instead of pushing this review. I don't know maybe you > can help us out here and shed some light. > Thanks, > Michael > > > ------------------------------ > *From:* Dennis Legaspi <legasp...@yahoo.com> > *To:* Michael Mondragon <emai...@michentosh.tk>; Philippine Linux Users' > Group (PLUG) Technical Discussion List <plug@lists.linux.org.ph>; Drexx > Laggui [personal] <dre...@gmail.com> > *Sent:* Tue, October 13, 2009 11:46:53 AM > *Subject:* Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source > Code Review) > > Not the kind of task you can completely divide into chunks. You're > right. If you have 20 auditors it doesn't mean you can reduce audit time to > X/20. > > --- On *Tue, 10/13/09, Drexx Laggui [personal] <dre...@gmail.com>* wrote: > > > From: Drexx Laggui [personal] <dre...@gmail.com> > Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source > Code Review) > To: "Michael Mondragon" <emai...@michentosh.tk>, "Philippine Linux Users' > Group (PLUG) Technical Discussion List" <p...@lists.linux.org..ph> > Date: Tuesday, October 13, 2009, 1:48 AM > > 12Oct2009 (UTC +8) > > On Mon, Oct 12, 2009 at 18:08, Michael Mondragon > <michael_mondra...@yahoo.com<http://us.mc564.mail.yahoo.com/mc/compose?to=michael_mondra...@yahoo.com>> > wrote: > > I am just wondering, given the fact, let's say, we got some TRO of some > sort, do we still have > > time to do it? How many of us here, can go with source code review then > if Comelec will allow > > us to review source code publicly? Though I believe in our capability as > Filipinos and most of > > the people here are best of breed, I'm just checking since we are running > out of time. How long > > can Supreme Court can interfere with this? Let's say, 2 mos. from now, > can we still have much > > time? > > Very good questions. Depends on how many people do you have behind the > word "we" as well as how skilled are the "we" people. If many > volunteered but are there just to learn from the exercise, then your > "we" is just a mob. > > A proper evaluation and assurance project typically runs from 6 months > to 2 years. What you'd need now is an army of highly skilled > evaluators / auditors to do that. Less than that, you'll get lower > assurance levels, and much less audit evidence to give the Filipinos > the confidence they require in the 2010 national elections. > > > Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA > http://www.laggui.com ( Singapore / Manila / California ) > Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer > PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E > > > > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Paolo
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
