Re: [OVC-discuss] Something really big: Sequoia source code, free to download and study, no NDAs.

From: Charlie Strauss <cems_at_browndogs_dot_org>
Date: Wed Oct 21 2009 - 21:45:39 CDT

Jim, I don't want to be an apologist for Seqoia, but I would like to
make sure of what you are confident about and what you are not
confident about.

Now as I understand things you are using the unix "strings" commands
to grab text looking segments of binaries. You are not for example
simply opening text files and finding plain text.

It's conceivable then that these curious text sequences are not
actually things that a voting machine executes but are there for some
latent or deliberate reasons.

for example. suppose that the voting machine itself has no command
interpret for the text SQL commands you found. But suppose that these
lines of code are intended to be written out by the voting machine
into headers and instruction files that accompany the data files. I
sometimes do this in my own code (admittedly rarely). I will write a
comment string at the top of the data file that gives examples of how
to parse the data that follows this header. One can imagine giving
explicit code in such a header.

Another possibility is that these are like oracle "blobs". executable
command sequences stored in a data base that could be executed if a
suitable interpreter existed. This is how one often stores and
"object" in a database system. It does not mean the interpreter is
present. it means some other program (not in the voting machine
itself) could retrieve the Blob and execute it on some data it also
retreived. this technique is very frequent. it allows one to store
data in a data base without having to give a specification of it's
storage format. instead you store the data in a raw unspecified
format and then supply an executable program that allows queries on
that data.

Another possibility is that these are just accidents. Maybe some
files that were left in some directory, perhaps there for other
purposes, just got copied onto the voting machine along with the real
code.

A final possibility is that it's just Chaffing from seqouoia. extra
obfuscating crud they shove into code to make disassembly or analysis
really hard.

The real smoking gun is if there is a SQL interpreter on the voting
machine.

has that been found? can the other possibilities be discounted?

On Oct 20, 2009, at 4:17 PM, Jim March wrote:

> On Tue, Oct 20, 2009 at 3:03 PM, Edward Cherlin <echerlin@gmail.com>
> wrote:
> Can we get out a press release?
>
> Well...we want to get a lot of attention, but not necessarily press
> just yet. We were hoping that the first step will happen fairly
> quickly: proving vandalism of the data files instead of redaction.
> If that can be confirmed, cool:
>
> 1) Mainstream newspapers will be REAL interested, as they are with
> any public records related problem.
>
> 2) It really hurts Sequoia on multiple levels: makes it much harder
> to challenge what's going on in court for example, under the
> "unclean hands" doctrine. It will also make it much harder for them
> to screw with additional public records requests.
>
> So we wanted to wait to hit the newspapers and such until we can
> prove the vandalism issue.
>
> Go ahead and get it on Daily Kos though, in the interest of
> attracting geeks :).
>
> Jim
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at http://gnosis.python-hosting.com/voting-project/

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Nov 30 23:17:08 2009

This archive was generated by hypermail 2.1.8 : Mon Nov 30 2009 - 23:17:17 CST