Re: [OVC-discuss] Something really big: Sequoia source code, free to download and study, no NDAs.

From: Edward Cherlin <echerlin@gmail.com>
Date: Thu Oct 22 2009 - 02:03:57 CDT

On Wed, Oct 21, 2009 at 23:59, Charlie Strauss <cems@browndogs.org> wrote:
> Evidently my comments on if this was on a voting machine need to be
> ammended.  From you reply I now have come to understand that the strings
> were extracted from tabulator code not from voting machine code.

Right.

> I think my comments however should still apply.
>
> the central question is, does the tabulator contain a SQL command parser and
> interpreter?

Yes. That's the only way the database can be created.

>  if it does not then having SQL instructions in a program
> doesn't mean that code can be run since the interpreter needed is missing.
>  Right?
>
> The other points I was making had to do with the possibility SQL code might
> be example or BLOB-like stored procedures, not code that can be executed.
>  But just to facilitate people who want to use the data.

I am unclear on the distinction between a procedure and code that can
be executed. Did you mean to say code that can be interpreted?

> Finally the rationale for storing both raw data and data access methods as
> sql instructions in a database is to hide the implementation of the data
> storage like one usually does with most objects.  You provide accessor
> methods to query the stored data.   Sure, as you point out the data may be
> stored in known formats like integers, but that does not mean you don't want
> to hide this implementation.  if you provide accessor methods in stead as
> the interface, then later you are free to change the implementation of the
> storage in some future edition of the code.
>
> Anyhow, I'm not saying this is why they did it. I'd just like some hints
> that these ideas might be ruled out.

We're both waiting to hear from the people actually examining the code.

> On Oct 21, 2009, at 11:51 PM, Edward Cherlin wrote:
>
>> Charlie, our concern is not whether this SQL is on the voting machine
>> (unless the Microsoft SQL server is also present for some bizarre
>> reason), but what it is doing in the results database, which is
>> unquestionably processed using the database server software.
>>
>> o Does the SQL code present correct data for queries, or can it skew
>> election results?
>>
>> o Can it be changed on the fly to give incorrect results?
>>
>> o Is is presence legitimate or not under FEC rules?
>>
>> On Wed, Oct 21, 2009 at 19:45, Charlie Strauss <cems@browndogs.org> wrote:
>>>
>>> Jim, I don't want to be an apologist for Seqoia, but I would like to make
>>> sure of what you are confident about and what you are not confident
>>> about.
>>> Now as I understand things you are using the unix "strings" commands to
>>> grab
>>> text looking segments of binaries.  You are not for example simply
>>> opening
>>> text files and finding plain text.
>>
>> Correct. However, we can also open the binary files in certain text
>> editors and examine the context of each string we find.
>>
>>> It's conceivable then that these curious text sequences are not actually
>>> things that a voting machine executes but are there for some latent or
>>> deliberate reasons.
>>
>> They are in the results database, and should never be on a voting machine.
>>
>>> for example.  suppose that the voting machine itself has no command
>>> interpret for the text SQL commands you found.  But suppose that these
>>> lines
>>> of code are intended to be written out by the voting machine into headers
>>> and instruction files that accompany the data files.
>>
>> No, they would be written on the machine where the tabulations are done.
>>
>>> I sometimes do this in
>>> my own code (admittedly rarely).  I will write a comment string at the
>>> top
>>> of the data file that gives examples of how to parse the data that
>>> follows
>>> this header.  One can imagine giving explicit code in such a header.
>>> Another possibility is that these are like oracle "blobs".  executable
>>> command sequences stored in a data base that could be executed if a
>>> suitable
>>> interpreter existed.
>>
>> Yes, up to a point. That point is whether this interpreted code is
>> legal, where compiled blobs seem much more likely to pass that test.
>>
>>> This is how one often stores an "object" in a
>>> database system.  It does not mean the interpreter is present.
>>
>> The only reason to use a database storage format is to load it into a
>> database instance, in this case to tabulate the vote counts and get
>> election results, or for auditing.
>>
>>> it means
>>> some other program (not in the voting machine itself) could retrieve the
>>> Blob and execute it on some data it also retreived.  this technique is
>>> very
>>> frequent.  it allows one to store data in a data base without having to
>>> give
>>> a specification of it's storage format.  instead you store the data in a
>>> raw
>>> unspecified format and then supply an executable program that allows
>>> queries
>>> on that data.
>>
>> This should not apply. This is a voting database with formats known in
>> advance. The source data consists entirely of integers, although the
>> software could conceivably calculate something else from them, such as
>> percentages.
>>
>>> Another possibility is that these are just accidents.  Maybe some files
>>> that
>>> were left in some directory, perhaps there for other purposes, just got
>>> copied onto the voting machine along with the real code.
>>
>> No, this is a standard database backup format, where SQL is normal.
>>
>>> A final possibility is that it's just Chaffing from seqouoia.  extra
>>> obfuscating crud they shove into code to make disassembly or analysis
>>> really
>>> hard.
>>
>> They appear not to have done any obfuscating. We originally thought
>> that some header data were missing, but in fact the file loads into
>> the software without error, and can be queried normally.
>>
>>> The real smoking gun is if there is a SQL interpreter on the voting
>>> machine.
>>> has that been found?
>>
>> There would be no excuse for that, but also no reason to do it, and
>> significant licensing expense. The voting machine deals with one
>> integer per contest. The file would be more complex with ranked
>> preference voting, but we aren't there yet, and even there we are
>> dealing with sequences of integers of known length.
>>
>>> can the other possibilities be discounted?
>>
>> Working. Jim?
>>
>>> On Oct 20, 2009, at 4:17 PM, Jim March wrote:
>>>
>>> On Tue, Oct 20, 2009 at 3:03 PM, Edward Cherlin <echerlin@gmail.com>
>>> wrote:
>>>>
>>>> Can we get out a press release?
>>>
>>> Well...we want to get a lot of attention, but not necessarily press just
>>> yet.  We were hoping that the first step will happen fairly quickly:
>>> proving
>>> vandalism of the data files instead of redaction.  If that can be
>>> confirmed,
>>> cool:
>>
>> OK, not a problem, as it turns out.
>>
>>> 1) Mainstream newspapers will be REAL interested, as they are with any
>>> public records related problem.
>>>
>>> 2) It really hurts Sequoia on multiple levels: makes it much harder to
>>> challenge what's going on in court for example, under the "unclean hands"
>>> doctrine.  It will also make it much harder for them to screw with
>>> additional public records requests.
>>>
>>> So we wanted to wait to hit the newspapers and such until we can prove
>>> the
>>> vandalism issue.
>>>
>>> Go ahead and get it on Daily Kos though, in the interest of attracting
>>> geeks
>>> :).
>>
>> Google News shows
>>
>> dKos, Slashdot, HuffPo, KESQ, Techdirt, scoop.co.nz, ITwire, Bradblog.
>> That's three that we posted ourselves, and five that picked up the
>> story. There may be others.
>>
>>> Jim
>>
>> --
>> Edward Mokurai (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) Cherlin
>> Silent Thunder is my name, and Children are my nation.
>> The Cosmos is my dwelling place, the Truth my destination.
>> http://www.earthtreasury.org/
>>
>> _______________________________________________
>> OVC-discuss mailing list
>> OVC-discuss@listman.sonic.net
>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>> By sending email to the OVC-discuss  list, you thereby agree to release
>> the content of your posts to the Public Domain--with the exception of
>> copyrighted material quoted according to fair use, including publicly
>> archiving at  http://gnosis.python-hosting.com/voting-project/
>
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss  list, you thereby agree to release the
> content of your posts to the Public Domain--with the exception of
> copyrighted material quoted according to fair use, including publicly
> archiving at  http://gnosis.python-hosting.com/voting-project/

-- 
Edward Mokurai (默雷/धर्ममेघशब्दगर्ज/دھرممیگھشبدگر ج) Cherlin
Silent Thunder is my name, and Children are my nation.
The Cosmos is my dwelling place, the Truth my destination.
http://www.earthtreasury.org/
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/
Received on Mon Nov 30 23:17:08 2009

This archive was generated by hypermail 2.1.8 : Mon Nov 30 2009 - 23:17:17 CST