Re: [OVC-discuss] Something really big: Sequoia source code, free to download and study, no NDAs.

From: Charlie Strauss <cems_at_browndogs_dot_org>
Date: Thu Oct 22 2009 - 02:23:34 CDT

On Oct 22, 2009, at 1:03 AM, Edward Cherlin wrote:

> On Wed, Oct 21, 2009 at 23:59, Charlie Strauss <cems@browndogs.org>
> wrote:
>> Evidently my comments on if this was on a voting machine need to be
>> ammended. From you reply I now have come to understand that the
>> strings
>> were extracted from tabulator code not from voting machine code.
>
> Right.
>
>> I think my comments however should still apply.
>>
>> the central question is, does the tabulator contain a SQL command
>> parser and
>> interpreter?
>
> Yes. That's the only way the database can be created.
>
>> if it does not then having SQL instructions in a program
>> doesn't mean that code can be run since the interpreter needed is
>> missing.
>> Right?
>>
>> The other points I was making had to do with the possibility SQL
>> code might
>> be example or BLOB-like stored procedures, not code that can be
>> executed.
>> But just to facilitate people who want to use the data.
>
> I am unclear on the distinction between a procedure and code that can
> be executed. Did you mean to say code that can be interpreted?

example:

a data base table might contain a field called "votes totals by
candidate Index" that is a list of integers. another field is an
array of strings called "candidate names by index".
yet another field is called "handy candidate vote total query method"
and it contains string that looks like a program:

loop over candidate names
    if candidate name is desired candidate name:
         ID = current name index
         return item ID from "vote totals by candidare index"
     else print "cant find that candidate"

it's not a program the gets executed when a database client accesses
the field "handy candidate vote total query method". all that
happens is the database just hands back that string to the client.
if the client chose to subsequenty desire to run that string as a
program, it would have to send that command sequence back to the SQL
server.

So it's the client that is driving the bus.

>
>> Finally the rationale for storing both raw data and data access
>> methods as
>> sql instructions in a database is to hide the implementation of the
>> data
>> storage like one usually does with most objects. You provide
>> accessor
>> methods to query the stored data. Sure, as you point out the data
>> may be
>> stored in known formats like integers, but that does not mean you
>> don't want
>> to hide this implementation. if you provide accessor methods in
>> stead as
>> the interface, then later you are free to change the implementation
>> of the
>> storage in some future edition of the code.
>>
>> Anyhow, I'm not saying this is why they did it. I'd just like some
>> hints
>> that these ideas might be ruled out.
>
> We're both waiting to hear from the people actually examining the
> code.
>
>> On Oct 21, 2009, at 11:51 PM, Edward Cherlin wrote:
>>
>>> Charlie, our concern is not whether this SQL is on the voting
>>> machine
>>> (unless the Microsoft SQL server is also present for some bizarre
>>> reason), but what it is doing in the results database, which is
>>> unquestionably processed using the database server software.
>>>
>>> o Does the SQL code present correct data for queries, or can it skew
>>> election results?
>>>
>>> o Can it be changed on the fly to give incorrect results?
>>>
>>> o Is is presence legitimate or not under FEC rules?
>>>
>>> On Wed, Oct 21, 2009 at 19:45, Charlie Strauss
>>> <cems@browndogs.org> wrote:
>>>>
>>>> Jim, I don't want to be an apologist for Seqoia, but I would like
>>>> to make
>>>> sure of what you are confident about and what you are not confident
>>>> about.
>>>> Now as I understand things you are using the unix "strings"
>>>> commands to
>>>> grab
>>>> text looking segments of binaries. You are not for example simply
>>>> opening
>>>> text files and finding plain text.
>>>
>>> Correct. However, we can also open the binary files in certain text
>>> editors and examine the context of each string we find.
>>>
>>>> It's conceivable then that these curious text sequences are not
>>>> actually
>>>> things that a voting machine executes but are there for some
>>>> latent or
>>>> deliberate reasons.
>>>
>>> They are in the results database, and should never be on a voting
>>> machine.
>>>
>>>> for example. suppose that the voting machine itself has no command
>>>> interpret for the text SQL commands you found. But suppose that
>>>> these
>>>> lines
>>>> of code are intended to be written out by the voting machine into
>>>> headers
>>>> and instruction files that accompany the data files.
>>>
>>> No, they would be written on the machine where the tabulations are
>>> done.
>>>
>>>> I sometimes do this in
>>>> my own code (admittedly rarely). I will write a comment string
>>>> at the
>>>> top
>>>> of the data file that gives examples of how to parse the data that
>>>> follows
>>>> this header. One can imagine giving explicit code in such a
>>>> header.
>>>> Another possibility is that these are like oracle "blobs".
>>>> executable
>>>> command sequences stored in a data base that could be executed if a
>>>> suitable
>>>> interpreter existed.
>>>
>>> Yes, up to a point. That point is whether this interpreted code is
>>> legal, where compiled blobs seem much more likely to pass that test.
>>>
>>>> This is how one often stores an "object" in a
>>>> database system. It does not mean the interpreter is present.
>>>
>>> The only reason to use a database storage format is to load it
>>> into a
>>> database instance, in this case to tabulate the vote counts and get
>>> election results, or for auditing.
>>>
>>>> it means
>>>> some other program (not in the voting machine itself) could
>>>> retrieve the
>>>> Blob and execute it on some data it also retreived. this
>>>> technique is
>>>> very
>>>> frequent. it allows one to store data in a data base without
>>>> having to
>>>> give
>>>> a specification of it's storage format. instead you store the
>>>> data in a
>>>> raw
>>>> unspecified format and then supply an executable program that
>>>> allows
>>>> queries
>>>> on that data.
>>>
>>> This should not apply. This is a voting database with formats
>>> known in
>>> advance. The source data consists entirely of integers, although the
>>> software could conceivably calculate something else from them,
>>> such as
>>> percentages.
>>>
>>>> Another possibility is that these are just accidents. Maybe some
>>>> files
>>>> that
>>>> were left in some directory, perhaps there for other purposes,
>>>> just got
>>>> copied onto the voting machine along with the real code.
>>>
>>> No, this is a standard database backup format, where SQL is normal.
>>>
>>>> A final possibility is that it's just Chaffing from seqouoia.
>>>> extra
>>>> obfuscating crud they shove into code to make disassembly or
>>>> analysis
>>>> really
>>>> hard.
>>>
>>> They appear not to have done any obfuscating. We originally thought
>>> that some header data were missing, but in fact the file loads into
>>> the software without error, and can be queried normally.
>>>
>>>> The real smoking gun is if there is a SQL interpreter on the voting
>>>> machine.
>>>> has that been found?
>>>
>>> There would be no excuse for that, but also no reason to do it, and
>>> significant licensing expense. The voting machine deals with one
>>> integer per contest. The file would be more complex with ranked
>>> preference voting, but we aren't there yet, and even there we are
>>> dealing with sequences of integers of known length.
>>>
>>>> can the other possibilities be discounted?
>>>
>>> Working. Jim?
>>>
>>>> On Oct 20, 2009, at 4:17 PM, Jim March wrote:
>>>>
>>>> On Tue, Oct 20, 2009 at 3:03 PM, Edward Cherlin
>>>> <echerlin@gmail.com>
>>>> wrote:
>>>>>
>>>>> Can we get out a press release?
>>>>
>>>> Well...we want to get a lot of attention, but not necessarily
>>>> press just
>>>> yet. We were hoping that the first step will happen fairly
>>>> quickly:
>>>> proving
>>>> vandalism of the data files instead of redaction. If that can be
>>>> confirmed,
>>>> cool:
>>>
>>> OK, not a problem, as it turns out.
>>>
>>>> 1) Mainstream newspapers will be REAL interested, as they are
>>>> with any
>>>> public records related problem.
>>>>
>>>> 2) It really hurts Sequoia on multiple levels: makes it much
>>>> harder to
>>>> challenge what's going on in court for example, under the
>>>> "unclean hands"
>>>> doctrine. It will also make it much harder for them to screw with
>>>> additional public records requests.
>>>>
>>>> So we wanted to wait to hit the newspapers and such until we can
>>>> prove
>>>> the
>>>> vandalism issue.
>>>>
>>>> Go ahead and get it on Daily Kos though, in the interest of
>>>> attracting
>>>> geeks
>>>> :).
>>>
>>> Google News shows
>>>
>>> dKos, Slashdot, HuffPo, KESQ, Techdirt, scoop.co.nz, ITwire,
>>> Bradblog.
>>> That's three that we posted ourselves, and five that picked up the
>>> story. There may be others.
>>>
>>>> Jim
>>>
>>> --
>>> Edward Mokurai (默雷/
>>> धर्ममेघशब्दगर्ज/
>>> دھرممیگھشبدگر ج) Cherlin
>>> Silent Thunder is my name, and Children are my nation.
>>> The Cosmos is my dwelling place, the Truth my destination.
>>> http://www.earthtreasury.org/
>>>
>>> _______________________________________________
>>> OVC-discuss mailing list
>>> OVC-discuss@listman.sonic.net
>>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>>> By sending email to the OVC-discuss list, you thereby agree to
>>> release
>>> the content of your posts to the Public Domain--with the exception
>>> of
>>> copyrighted material quoted according to fair use, including
>>> publicly
>>> archiving at http://gnosis.python-hosting.com/voting-project/
>>
>>
>> _______________________________________________
>> OVC-discuss mailing list
>> OVC-discuss@listman.sonic.net
>> http://lists.sonic.net/mailman/listinfo/ovc-discuss
>> By sending email to the OVC-discuss list, you thereby agree to
>> release the
>> content of your posts to the Public Domain--with the exception of
>> copyrighted material quoted according to fair use, including publicly
>> archiving at http://gnosis.python-hosting.com/voting-project/
>
>
>
> --
> Edward Mokurai (默雷/धर्ममेघशब्दगर्ज/
> دھرممیگھشبدگر ج) Cherlin
> Silent Thunder is my name, and Children are my nation.
> The Cosmos is my dwelling place, the Truth my destination.
> http://www.earthtreasury.org/
>
> _______________________________________________
> OVC-discuss mailing list
> OVC-discuss@listman.sonic.net
> http://lists.sonic.net/mailman/listinfo/ovc-discuss
> By sending email to the OVC-discuss list, you thereby agree to
> release the content of your posts to the Public Domain--with the
> exception of copyrighted material quoted according to fair use,
> including publicly archiving at http://gnosis.python-hosting.com/voting-project/

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
Received on Sat Oct 31 23:17:06 2009

This archive was generated by hypermail 2.1.8 : Sat Oct 31 2009 - 23:17:11 CDT