Significantly More On-Topic

From: Jeff Almeida <spud_at_spudzeppelin_dot_com>
Date: Sat Apr 17 2004 - 16:52:02 CDT

Bruce Schneier's latest Crypto-Gram newsletter has a blurb where he does
an analysis of the efforts, costs, and subsequent risks associated with
compromising electronic voting machines to bring forth radically different
outcomes; it's both fascinating and disturbing:

http://www.schneier.com/crypto-gram-0404.html#4

In light of that, and the recent list discussion of the possibility of
compromising system and python libraries, we should probably consider
devising a regression suite that, when run, can test with reasonable
certainty that the python scripts we subsequently run on that particular
machine will produce consistent results. A pleasant side-effect of having
such a test suite would be that it also enables us to certify particular
os distributions prior to actually implementing on them. I'm envisioning
something that comes in three parts:

(1) a series of short python scripts that test the python core and any
libraries we're include-ing.

(2) a couple of shell scripts to resolve dynamic symbols in the python
core and said python libs, and produce a list of dynamic link libraries
and specific functions therein to analyze.

(3) a series of small c programs that test the various functions
contained in the dynamic link libraries we're linked against.

One possible end-result of such an effort would be an SCM tool that could
obviate the hardware discussion as well: if done properly, we could
effectively say, "Run it on anything you like, as long as it passes the
standalone SCM test suite." Then, it becomes a "Palms in Maine, Ice Cubes
in Hawaii, it's all good" scenario the hardware-specific-solution vendors
will find even more difficult to compete against.

jeff :)

-- 
************************************************************
Jeff D. "Spud (Zeppelin)" Almeida
Corinth, TX
spud@spudzeppelin.com
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Fri Apr 30 23:17:10 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT