If I wrote a program to run in Windows, say, would you also go through the Windows code line by line to see if what you thought was happening was actually happening?
I just looked on my PC and it has around 200 processes running. Ideally, they should all be checked line by line to be safe.
OK, but there is a problem. If I gave you a book in English and a thumb drive full of Chinese characters and told you they were the same, how would you check?
The source code would be text but the compiled and linked executable file would just be binary. Even worse, some of the binary that would run would not be in the source code anyway. It would be part of the operating system or drivers.
Well, I was saying the programs in the US for our voting systems, should be transparent, and subject to audit by reading line by line the source code. [When I was a software systems project manager, EVERY program before it was put online was subject not only to tests, but to a review of the code by several team members going through the code together. Every instruction, every conditional, every potential outcome of the code. There was no hidden code or time bombs in the code my project released. It is doable!]
If the code is as you describe, it needs to be THROWN OUT!!
SHEESH we can't have our voting system software INCOMPREHENSIBLE!
This is interesting and not unconnected. It explains some of the details behind the recent Linux hack.
Basically, code was hidden in an image type file and it acted in concert with the software building/compiling software to insert a number of "back doors" into open source software. Many eyes would have seen the code but no-one could see what was happening.
It was not until someone started to do performance checks on his computer that it was realised that the computer was spending time on some unknown tasks.
When you have your own system you know you can rely on most of it and when you have written a program in house you can be fairly certain that the source code you have is the code that generated the executable. You also know exactly where it will be installed.
In the case of voting machines there will be several polling stations in all of the around 3,000 counties all of which will need to have an executable file of some kind. How can you guarantee that every one will get exactly what they should?
Add in that the circuit boards inside the computer may have been corrupted. How would checking the code help? What if someone had hidden some code on a disk and then flagged the sector as unusable. The OS would never tell you about it. What if the insertion of a USB drive to collect the results triggered a program on the drive that changed the results.
Did you check all the drivers that were installed? What about the dll files (assuming Windows). Other operating systems have equivalents.
Did any of your programs include images? You can hide code in those after the end of the image data. Did you check the compiler to make sure that it did not add anything it shouldn't? Or interpreter or assembler. The possibilities are endless and that is why I would never trust them.
Yes and no!
If I wrote a program to run in Windows, say, would you also go through the Windows code line by line to see if what you thought was happening was actually happening?
I just looked on my PC and it has around 200 processes running. Ideally, they should all be checked line by line to be safe.
The source code for the program you are auditing, yes.
OK, but there is a problem. If I gave you a book in English and a thumb drive full of Chinese characters and told you they were the same, how would you check?
The source code would be text but the compiled and linked executable file would just be binary. Even worse, some of the binary that would run would not be in the source code anyway. It would be part of the operating system or drivers.
Well, I was saying the programs in the US for our voting systems, should be transparent, and subject to audit by reading line by line the source code. [When I was a software systems project manager, EVERY program before it was put online was subject not only to tests, but to a review of the code by several team members going through the code together. Every instruction, every conditional, every potential outcome of the code. There was no hidden code or time bombs in the code my project released. It is doable!]
If the code is as you describe, it needs to be THROWN OUT!!
SHEESH we can't have our voting system software INCOMPREHENSIBLE!
This is interesting and not unconnected. It explains some of the details behind the recent Linux hack.
Basically, code was hidden in an image type file and it acted in concert with the software building/compiling software to insert a number of "back doors" into open source software. Many eyes would have seen the code but no-one could see what was happening.
It was not until someone started to do performance checks on his computer that it was realised that the computer was spending time on some unknown tasks.
When you have your own system you know you can rely on most of it and when you have written a program in house you can be fairly certain that the source code you have is the code that generated the executable. You also know exactly where it will be installed.
In the case of voting machines there will be several polling stations in all of the around 3,000 counties all of which will need to have an executable file of some kind. How can you guarantee that every one will get exactly what they should?
Add in that the circuit boards inside the computer may have been corrupted. How would checking the code help? What if someone had hidden some code on a disk and then flagged the sector as unusable. The OS would never tell you about it. What if the insertion of a USB drive to collect the results triggered a program on the drive that changed the results.
Did you check all the drivers that were installed? What about the dll files (assuming Windows). Other operating systems have equivalents.
Did any of your programs include images? You can hide code in those after the end of the image data. Did you check the compiler to make sure that it did not add anything it shouldn't? Or interpreter or assembler. The possibilities are endless and that is why I would never trust them.