readable source code [Re: OVC-discuss Digest, Vol 37, Issue 10]

From: Hamilton Richards <hrichrds_at_swbell_dot_net>
Date: Sun Nov 04 2007 - 15:13:15 CST

At 12:00 PM -0800 2007/11/4, ovc-discuss-request@listman.sonic.net wrote:
>
>Message: 2
>Date: Sat, 3 Nov 2007 12:17:59 -0700
>From: Fred McLain <mclain@zipcon.net>
>Subject: Re: [OVC-discuss] readable source code [Re: OVC-discuss
> Digest, Vol 37, Issue 6]
>To: Open Voting Consortium discussion list
> <ovc-discuss@listman.sonic.net>
>Message-ID: <3ABD58B0-4566-4229-A59B-D6F5034BAC75@zipcon.net>
>Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
>As it turns out, I can read that code.

No doubt you can, Fred, but the issue was whether it could be read by
a significant fraction of the voting public. And the real issue is
not how many people can read it, but how many could reason about it,
well enough to construct a sound argument that it's correct.

Fred, could you do that? I've spent quite a few years studying formal
methods, and have a fair amount of practice in proving programs
correct, but that chunk of Java would stymie me completely. For one
thing, I have no idea what axioms I would be starting with. For
another, I have no clue about what I should be trying to prove.

So I ask all of my fellow proponents of open-source election
software: What would you do with it if you had it? Would you be able
to construct such a convincing argument for its correctness that
ballot printers could be dispensed with?

If so, let's see an example of such a correctness argument.

      + + +

Because some readers of this list may misinterpret what I've just
written as an attack on open source, let me reiterate that I am
entirely in favor of making election software open-source. What I
don't accept is the purported connection between open source and
security, correctness, and validity.

I agree fully with this statement:

      "But every computer security expert says that you can't
      make a system secure by hiding your code."

But it's equally true that you can't make a system secure by opening its code.

>[...]
>
>By the way, commenting the code is a good idea.

That's the conventional wisdom, but it's hardly unchallenged. The
argument against commenting code is that the comments tell the reader
what the author intended, which is not necessarily what the author
achieved.

--Ham

>
> -Fred-
>
>On Nov 2, 2007, at 3:06 PM, Danny Swarzman wrote:
>
>> I promise you that code will not appear in any system running in an
>> election. We recognize the problem. We are working on a new product.
>> It will reflect a fanatic devotion to legibility.
>>
>> -Danny Swarzman, VP Software Engineering, OVS
>>
>> On Nov 2, 2007, at 2:45 PM, Hamilton Richards wrote:
>>
>>> At 10:45 AM -0700 2007/11/2, ovc-discuss-request@listman.sonic.net
>>> wrote:
>>>>
>>>> Message: 2
>>>> Date: Fri, 2 Nov 2007 10:45:52 -0700 (PDT)
>>>> From: "Richard C. Johnson" <dick@iwwco.com>
>>>> Subject: Re: [OVC-discuss] Representative Holt's OWN WORDS [Re:
>>>> OVC-discuss Digest, Vol 36, Issue 9]
>>>> To: Open Voting Consortium discussion list
>>>> <ovc-discuss@listman.sonic.net>
>>>> Message-ID: <479430.49366.qm@web408.biz.mail.mud.yahoo.com>
>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>
>>>> Stuart,
>>>>
>>>> Here is some example Open Source code from the OpenScan system. See
>>>> how difficult you think it would be to figure out. My own thought
>>>> is that most people could correctly understand what is being coded
>>>> and could also see that no subroutine doing nasty things was hidden
>>>> in the code:
>>>>
>>>> <EML Id="230" SchemaVersion="5.0">
>>>> <TransactionId>OK-2007-09-1</TransactionId>
>>>> <CandidateList>
>>>> <Election>
>>>> <ElectionIdentifier Id=?Oklahoma 2007" />
>>>> <Contest>
>>>> <ContestIdentifier Id="State Governor" />
>>>> <Candidate>Brad Henry</Candidate>
>>>> <Candidate>John Wayne</Candidate>
>>>> <Candidate>Bill Okapi</Candidate>
>>>> <Candidate>Jane Smith</Candidate>
>>>> </Contest>
>>>> </Election>
>>>> </CandidateList>
>>>> </EML>
>>>>
>>>> ***************************
>>>>
>>>> I do believe that there are enough people who could read such code
> >>> to make such Open Source a reasonable approach to increased
> >>> transparency of elections. How many people can read the above and
>>>> understand it? Quite a few, I would think. I admit, Open Source
>>>> drivers for a scanner are more difficult, but I can read them even
>>>> if it would be hard for me to write them myself.
>>>>
>>>> -- Dick
>>>>
>>>
>>> Sure, many people could read code like that, if by "read" you mean
>>> "recognize most of the words." But how many people could explain how
>>> one could determine whether that code is correct?
> >>
>>> For a more realistic example, spend a minute perusing the Java code
>>> appended below
>>> <http://emlvoting.cvs.sourceforge.net/emlvoting/USAballot/src/java/
>>> action/CountingAction.java?revision=1.1&view=markup>.
>>> Then give us an estimate of the fraction of the population that could
>>> formulate a coherent argument for its correctness. How many could
>>> even give a coherent definition of "correctness"?
>>>
>>> Thanks,
>>>
>>> --Ham
>>>
>>>
>>> public ActionForward execute(ActionMapping actionmapping, ActionForm
>>> actionform, HttpServletRequest httpservletrequest,
>>> HttpServletResponse httpservletresponse)
>>> 70 throws Exception
>>> 71 {
>>> 72 String forwardName = "defaultPage";
>>> 73 try {
> >> 74
>
[...]

-- 
------------------------------------------------------------------
Hamilton Richards, PhD           Department of Computer Sciences
Senior Lecturer (retired)        The University of Texas at Austin
ham@cs.utexas.edu                hrichrds@swbell.net
http://www.cs.utexas.edu/users/ham/richards
------------------------------------------------------------------
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external 
= quotations under fair use, are released to the Public Domain    
==================================================================
Received on Fri Nov 30 23:17:09 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST