How about doing some development? (was: Re: readable source code [Re: OVC-discuss Digest, Vol 37, Issue 10])

From: Fred McLain <mclain_at_zipcon_dot_net>
Date: Wed Nov 07 2007 - 22:11:43 CST

I'm a little fed up with the lack of progress on open voting. Thus I
have a rant. Please skip this if you aren't involved in the
development side.

<rant>

I find it interesting that other then this earlier discussion we
seldom do peer reviews on voting code. It would be helpful to create
a new forum for discussion of designs and code review. Perhaps OVS
could host it? If we are going to be successful developing open
source voting, let's at least start with a developers list where we
can discuss requirements and design flaws/considerations. Once a
foundation is established, we can go forward with the solution.

I'm not very interested in a chat, chat, chat sort of an approach to
software design. If people are serious, let's get the real work
started and done. The principles need to set requirements for *each*
system involved, developers need to be committed to fulfilling those
requirements and we need milestones for completion. No more then the
next few months to a release candidate please. None of us have time
to waste,

There are only a few critical systems in electronic voting. These
include the electronic voting systems for the visually impaired and
the precinct and central tabulation systems. How hard would it be to
create a reference system for them in time for 2008 elections?

It seems to me that we could develop the software fairly quickly if
solid requirements were laid out. In the past couple of years, I have
heard little more then chat about what is needed in these voting
systems. If some part of this group would step up and define what the
requirements for the software really are we would have finished this
project a couple of years ago. These next few months are an
opportunity to at least put out a real reference system.

We also need an infrastructure for creating the software *now* (please
don't say SF, it hasn't worked). I don't see that happening. Please
enlighten me if someone is actually getting this together.

</rant>

        -Fred-

On Nov 4, 2007, at 2:39 PM, Fred McLain wrote:

>
> On Nov 4, 2007, at 1:13 PM, Hamilton Richards wrote:
>>>
>>> As it turns out, I can read that code.
>>
>> No doubt you can, Fred, but the issue was whether it could be read by
>> a significant fraction of the voting public. And the real issue is
>> not how many people can read it, but how many could reason about it,
>> well enough to construct a sound argument that it's correct.
>
> As this exercise has made apparent, if the code is open at least
> *someone* can read it and put forward a learned opinion as to it's
> security.
>
>> Fred, could you do that? I've spent quite a few years studying formal
>> methods, and have a fair amount of practice in proving programs
>> correct, but that chunk of Java would stymie me completely. For one
>> thing, I have no idea what axioms I would be starting with. For
>> another, I have no clue about what I should be trying to prove.
>
> As it turns out, I have been exposed to formal methods over the last
> couple years in my current gig. Admittedly, I am not leading up that
> portion of the project (I focus more on tooling and design). I
> strongly approve of applying them, and in fact am in favor of
> requiring a formal security analysis for voting software. We need a
> protection profile for voting systems. The one question I have left
> is if a NIST Common Criteria level 3 would be sufficient. Perhaps it
> is a good start and a more stingient evaluation could follow on
> later. Until we have the protection profile we do not have a means by
> which to evaluate the security of these systems.
>
>>
>>
>> So I ask all of my fellow proponents of open-source election
>> software: What would you do with it if you had it? Would you be able
>> to construct such a convincing argument for its correctness that
>> ballot printers could be dispensed with?
>
> Please, no DREs. The process of ensuring election integrity is tough
> enough without DREs.
>>
>>
>> If so, let's see an example of such a correctness argument.
>>
>>
>>
>> + + +
>>
>> Because some readers of this list may misinterpret what I've just
>> written as an attack on open source, let me reiterate that I am
>> entirely in favor of making election software open-source. What I
>> don't accept is the purported connection between open source and
>> security, correctness, and validity.
>>
>> I agree fully with this statement:
>>
>> "But every computer security expert says that you can't
>> make a system secure by hiding your code."
>>
>> But it's equally true that you can't make a system secure by opening
>> its code.
>>
>>> [...]
>>>
>>> By the way, commenting the code is a good idea.
>>
>> That's the conventional wisdom, but it's hardly unchallenged. The
>> argument against commenting code is that the comments tell the reader
>> what the author intended, which is not necessarily what the author
>> achieved.
>>
>> --Ham
>>
>>>
>>> -Fred-
>>>
>>> On Nov 2, 2007, at 3:06 PM, Danny Swarzman wrote:
>>>
>>>> I promise you that code will not appear in any system running in an
>>>> election. We recognize the problem. We are working on a new
>>>> product.
>>>> It will reflect a fanatic devotion to legibility.
>>>>
>>>> -Danny Swarzman, VP Software Engineering, OVS
>>>>
>>>> On Nov 2, 2007, at 2:45 PM, Hamilton Richards wrote:
>>>>
>>>>> At 10:45 AM -0700 2007/11/2, ovc-discuss-request@listman.sonic.net
>>>>> wrote:
>>>>>>
>>>>>> Message: 2
>>>>>> Date: Fri, 2 Nov 2007 10:45:52 -0700 (PDT)
>>>>>> From: "Richard C. Johnson" <dick@iwwco.com>
>>>>>> Subject: Re: [OVC-discuss] Representative Holt's OWN WORDS [Re:
>>>>>> OVC-discuss Digest, Vol 36, Issue 9]
>>>>>> To: Open Voting Consortium discussion list
>>>>>> <ovc-discuss@listman.sonic.net>
>>>>>> Message-ID: <479430.49366.qm@web408.biz.mail.mud.yahoo.com>
>>>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>>>
>>>>>> Stuart,
>>>>>>
>>>>>> Here is some example Open Source code from the OpenScan system.
>>>>>> See
>>>>>> how difficult you think it would be to figure out. My own
>>>>>> thought
>>>>>> is that most people could correctly understand what is being
>>>>>> coded
>>>>>> and could also see that no subroutine doing nasty things was
>>>>>> hidden
>>>>>> in the code:
>>>>>>
>>>>>> <EML Id="230" SchemaVersion="5.0">
>>>>>> <TransactionId>OK-2007-09-1</TransactionId>
>>>>>> <CandidateList>
>>>>>> <Election>
>>>>>> <ElectionIdentifier Id=?Oklahoma 2007" />
>>>>>> <Contest>
>>>>>> <ContestIdentifier Id="State Governor" />
>>>>>> <Candidate>Brad Henry</Candidate>
>>>>>> <Candidate>John Wayne</Candidate>
>>>>>> <Candidate>Bill Okapi</Candidate>
>>>>>> <Candidate>Jane Smith</Candidate>
>>>>>> </Contest>
>>>>>> </Election>
>>>>>> </CandidateList>
>>>>>> </EML>
>>>>>>
>>>>>> ***************************
>>>>>>
>>>>>> I do believe that there are enough people who could read such
>>>>>> code
>>>>>> to make such Open Source a reasonable approach to increased
>>>>>> transparency of elections. How many people can read the above
>>>>>> and
>>>>>> understand it? Quite a few, I would think. I admit, Open Source
>>>>>> drivers for a scanner are more difficult, but I can read them
>>>>>> even
>>>>>> if it would be hard for me to write them myself.
>>>>>>
>>>>>> -- Dick
>>>>>>
>>>>>
>>>>> Sure, many people could read code like that, if by "read" you mean
>>>>> "recognize most of the words." But how many people could explain
>>>>> how
>>>>> one could determine whether that code is correct?
>>>>>
>>>>> For a more realistic example, spend a minute perusing the Java
>>>>> code
>>>>> appended below
>>>>> <http://emlvoting.cvs.sourceforge.net/emlvoting/USAballot/src/
>>>>> java/
>>>>> action/CountingAction.java?revision=1.1&view=markup>.
>>>>> Then give us an estimate of the fraction of the population that
>>>>> could
>>>>> formulate a coherent argument for its correctness. How many could
>>>>> even give a coherent definition of "correctness"?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> --Ham
>>>>>
>>>>>
>>>>> public ActionForward execute(ActionMapping actionmapping,
>>>>> ActionForm
>>>>> actionform, HttpServletRequest httpservletrequest,
>>>>> HttpServletResponse httpservletresponse)
>>>>> 70 throws Exception
>>>>> 71 {
>>>>> 72 String forwardName = "defaultPage";
>>>>> 73 try {
>>>>> 74
>>>
>> [...]
>>
>> --
>> ------------------------------------------------------------------
>> Hamilton Richards, PhD Department of Computer Sciences
>> Senior Lecturer (retired) The University of Texas at Austin
>> ham@cs.utexas.edu hrichrds@swbell.net
>> http://www.cs.utexas.edu/users/ham/richards
>> ------------------------------------------------------------------
>> _______________________________________________
>> OVC-discuss mailing list
>> OVC-discuss@listman.sonic.net
>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>> By sending email to the OVC-discuss list, you thereby agree to
>> release the content of your posts to the Public Domain--with the
>> exception of copyrighted material quoted according to fair use,
>> including publicly archiving at http://gnosis.python-hosting.com/voting-project/
>>
>
> Instant Messaging (IM) Addresses:
> Jabber: mclain@jabber.org
> Yahoo: appworx_fred, schemalogic_fred
> MSN: appworx_fred@hotmail.com, schemalogic_fred@hotmail.com
> AIM: mclain98021
> ICQ: 6947005
> GTalk (Jabber): mclain98021@gmail.com
> Skype: fmclain
>
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at http://gnosis.python-hosting.com/voting-project/
>

Instant Messaging (IM) Addresses:
Jabber: mclain@jabber.org
Yahoo: appworx_fred, schemalogic_fred
MSN: appworx_fred@hotmail.com, schemalogic_fred@hotmail.com
AIM: mclain98021
ICQ: 6947005
GTalk (Jabber): mclain98021@gmail.com
Skype: fmclain

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Nov 30 23:17:11 2007

This archive was generated by hypermail 2.1.8 : Fri Nov 30 2007 - 23:17:31 CST