I want to make sure I understand what you’re saying. You’re telling me that each machine is coded separately, and that they (the programmers, hired by…just who hires them anyway?) don’t just do the coding once and image it to multiple machines? If that’s how they do it, then they could very easily have several people working on the code at once to get it done that much faster.
And speaking of my emphasis, are you serious? What exactly qualifies as a “big project” if this is not one?
Okay, let’s put my quote in context:
The fact that its being blamed on the Democrats is because they’re losing elections, and complaining about it, so they look like sore losers. Thus, if the Republicans had lost and complained about it, they’d look like sore losers too. Republicans can’t look like sore losers when they’re winning the elections. Where in that train of simple logic did I lose you?
No, they don’t write separate software for each machine. Having multiple people working on a project will not ensure that one of them has not slipped something into the code – it wouldn’t be that hard to hide, and as Oy! explained it could easily be written to cover its tracks after the fact. Besides, the “rogue programmer” is just one way the current system could be exploited. There have been several links showing how the code on a given voting machine can be changed after the fact. If the code can be changed, then all the votes on that machine can be changed. It wouldn’t be hard – far more sophisticated software has been written to get spyware on people’s computers to hock porn or penis pills.
From a coding standpoint, counting and tallying votes is not a big programming project. Computer games are far more complex and are routinely written by a handful of people.
Ok, this is just straight up BS. First of all, we’re talking multi-million dollar contracts with the government, and its somehow NOT a big project? Even on small projects, its TERRIBLE business practice to have only one programmer with a non-technical manager. You’re talking about a single point of failure. Do you really think they’d have one programmer do all the coding/testing, have it reviewed by a non-technical manager, and stick in a final product with no QC?
As a PhD student in Computer Science with a job working on a Government contract with many friends also working as programmers for various companies, I can assure that that is not how it is done. Are you familiar with how programmers work in the real world? Are you familiar with object oriented programming works?
As a real-world manager of programmers for the last 9 years (and a programmer for 5 years before that) and working for a company with 85%+ of our business in the public sector, I can tell you with absolute certainty that you are wrong.
There are large projects with multiple project teams and professional organizations and small projects run by whoever actually wants to use the software who has no technical expertise at all. There are also any number of variations in between. We work with a large number of people who are convinced that a PMP certification means that the holder understands technology. After all, they know how to run projects, right?
The other thing to keep in mind is what Giraffe said, while the contracts to sell hundreds or thousands of these machines is a multi-million dollar contract, the actual coding for the machines is a small effort. Probably 3 or fewer programmers and less than 6 months - that’s both server-side and machine-side.
Okay, I’ll grant you that it’s a simple job. That doesn’t make it not a big one. The security on a database like that should be absolutely top shelf, which in and of itself can’t be all that easy. If they’re really running it off of Microsoft Access, as I believe someone said earlier, then the programmers were extraordinarily lazy.
Gee, I’ve only been a professional programmer since 1977. How long did you say you’d been one? In fact, what year were you born?
Yes, a contract can be huge. But that doesn’t mean the *programming * job is big. As Giraffe stated, a program that tallies votes and produces totals is pretty darned trivial. Like one day for one programmer. The chances of a company hiring more than one programmer to do this job are very small. Why would they spend the money? After all, they have all those security measures in place!
It would be pretty easy to get around a testing issue. First of all, testers don’t go into the code. Managers don’t usually either - my sample dialog was a “just in case.” Testers look at functionality. So you write the version that does this thing the way it’s supposed to be. They test it. It works, but you’ve made some trivial cosmetic error. They hand it back to you. You fix it, only your fix does more than just clear up the cosmetic error. But they only look at it again to see if the cosmetic error is fixed; after all, they’ve already tested the rest.
Of course that’s the riskiest way to do it. People MIGHT decide to test it again fully (we call this regression testing). So you leave the good code in the right place until just before it’s downloaded to all the machines. You slip in your version at the last second. After the download is done, you switch back again. As I said, programmers are usually pretty lax about security procedures, as are IT personnel, at least wrt the programmers. After all, the programmers aren’t going to inadvertently blow away the corporate network, and that’s what they’re mostly worried about. The chances are good that you don’t have to do anything fancy to get access to the loading image. But if you do, well, $100K or $1M is a lot of money. I’m willing to bet on your creativity.
Lord Ashtar, I’d be shocked if they weren’t running it on Access or FoxPro or one of those other, small-scale, off-the-shelf db programs. We’re talking about a comparatively tiny amount of data here; there’s simply no need to spend money on database muscle, and you don’t want to THINK about what Oracle charges per user license! For that matter, it doesn’t even NEED to be on a database! This is about as simple functionality as it gets in the programming world.
I agree with you that the security OUGHT to be as tight as is humanly possible. But I’m guessing it’s not. The people who wrote the original specs were probably not computer people, and weren’t thinking in terms of problems; they were laying out the basic functionality. That’s how it usually works. Then we spend about 10% of our time doing the actual functionality, and 90% of our time doing error handling and such. (There’s a quote: it’s impossible to make something foolproof because it’s amazing how ingenious fools can be!). Again, here we’re talking about very limited user interface; that makes the job a LOT easier, because there just aren’t that many things the user can do that you weren’t expecting.
But no company is going to go looking to add additional work that isn’t specified. Remember, these specifiers are the same people to whom it apparently never occurred that a verifiable paper trail might be a good idea. If the customer doesn’t request tight security, he’s not going to get it.
We’re USED to thinking in terms of tight security when it comes to DoD work; my first four years of programming were working for TRW Aerospace division, developing a project for the US Navy. After all, weaponry can HURT somebody (although I worked on a telescope in a dome; the only way we could have hurt someone was to slew the telescope around and bop 'em on the head)!
But voting machines? Most people are honest; it probably wouldn’t occur to them that someone might not WANT to have a true tally. You can’t take them out of the polling place and hold up a convenience store or threaten a mass killing with one; it doesn’t work for holding hostages or threatening populations. It’s a big box to do a tiny function - count stuff as it’s entered, and entered slowly at that. It’s a freaking adding machine, for Pete’s sake! Who thinks of security for an adding machine? Accuracy, yes. But security?
Why have so many holes in security surfaced? My guess is because no one ever made an issue of tight security on these machines.
Ooh, ooh, I though of an even easier way to get around testing.
Have your code check for the date. If it’s not Election Day, render an honest tally.
Again, it depends on the EXACT functionality here. I don’t know exactly how these guys are set up; how they’re changed between elections to reflect the new candidates and so forth. I’d need to know the details before I could come up with a precise way of doing it. But I’m telling you, no matter how huge the contract is, that’s for the manufacturing of a lot of big boxes. The programming job itself is tiny.
Isn’t this an argument from authority?
It occured to quite a few people in this thread alone. You think that wouldn’t have occurred to anyone bidding on the contract?
Congratulations, you’ve been a real-world manager for 9 years and you’re exactly the kind of manager that would cause this sort of lapse because you lack critical reading and comprehension skills; this is a strawman argument.
This would be a fine argument if I was arguing that it would take 50 people 2 years to develop; but that’s not what I was advocating. Oy explicitly said a SINGLE programmer with no QC, which is what I was addressing. You said, 3 programmers and 6 months, which is probably in the ballpark of what I would guess… regardless, that’s certainly more than one programmer! The fact that its a multi-million dollar contract should (hopefully) imply an enormous amount of QC along with hardware/software support/upgrades in the event any of these sorts of exploitations are later discovered.
As part of the QC process, once a module is tested, debugged, and certified, the code should be locked because programmers have no need to access it. This is one of the great advantages of object oriented programming; I don’t need to do extensive regressive testing and there’s no risk of altering previously certified code unless the management is incompetent and can’t figure out how to manage their product for their contracts.
Further, once a beta is available for the government, they do their own QC process to make sure their not being shafted. It would be very difficult to make it through both and it would certainly take more than a couple programmers with a political agenda to pull it off.
Yes, it’s occurring to folks now, when people are yelling about the possibility.
For starters, btw, the programmers generally are NOT the ones who make the decision about what platform they’re working on. So don’t go blaming this on lazy programmers. That’s a management decision, generally driven by financial considerations vis a vis the amount of data to be handled and the price and availability of programmers who can implement stuff on it. Access is cheap, and you basically use VB to program it; almost anyone with any programming experience can handle it. Forms and Reports are built-in; you don’t have to pay extra for either. It’s a good choice for this application.
Oracle, on the other hand, I think charges more for a single license than they were getting for the whole machine. Forms and Reports cost extra. Plus it needs a LOT more memory and processor capacity to run, and Oracle people cost more than VB programmers.
As far as arguing from authority, Blaster Master informed me that obviously I had no idea of how things worked in the real world. My point was simply that I’ve been programming professionally for pretty much as long as he’s been alive (most likely), and I think I have quite a GOOD idea of how things work in the real world. At a certain point, you have a choice of spending years learning about something yourself, or accepting someone’s word for it. I was trying to demonstrate that with almost thirty years of programming experience, I’m a reasonably good source of information for some aspects of computer programming.
My point here is, every time we holler “Cite?” and get a response, if we accept the cite we’re accepting an argument from authority, or at least from presumed expertise. No one can know everything these days. My mention of my experience was a suggestion that, in some limited areas, I have that expertise. In others, quite frankly I don’t. But one thing I’ve done in every job I’ve had was to work in The Real World. THAT, I have experience (dare I say expertise?) with.
Ashtar, I don’t KNOW what security was requested on these machines; I’ve been guessing based on what little I know about the cost of the machines and the election workers I’ve met. But mostly, I’ve simply been trying to make it clear how easy it would be for a determined and smart person on the inside to skew the votes without leaving any evidence behind. If you don’t believe me, don’t. I can’t reach into your mind and change it, and I can’t telepathically give you thirty years of experience in the field, and you might interpret that experience differently anyway. All I can do is play Cassandra here.
Oh, and btw, Blaster Master? I never said anything one way or another about QC until after your masterful demonstration of the superiority of your knowledge and experience over mine. In my subsequent posts, I suggested at least three ways QC could be circumvented. And I’m not being motivated by large amounts of cash!
Congratulations, you’ve been in the field longer than I’ve been alive, as it it makes a bit of difference or adds a bit of credence to your argument. Having been in the field so long, you should also realize that programming in 1977 is COMPLETELY different from today. Pretty much any knowledge you have with regard to software development from 30 years ago, 10 years ago, or possibly even 5 years ago is completely irrelevant because the process is SO much different today.
For someone who has supposedly been programming for 30 years, this is about the biggest bunch of rubbish I can imagine you saying. There’s plenty more to this sort of project than just tallying votes; you can’t just spit out results. You need audit trails, you at least need a trivia database or data structure. Zakalwe’s estimate is considerabel more realistic.
And you know as well as I, that this shouldn’t be true. Any reasonable designer would never interface any of the “guts” of the code with the interface. In fact, chances are the “guts” coder is not going to be the same person as the interface coder, unless its just a small 3 person team. The guts would be tested, debugged, and certified, and only that certified version would be used in all future testing.
And, there’s still certainly at least some amount of regressive testing, even if its after all the coding is completed and loaded into a prototype machine and tested. You’re talking about the coders, the testers, the electrical engineers, the hardware engineers, the beta testers, all their managers, and the government QC testers ALL having to be on some kind of plot for this sort of malicious code changing to take place. You’re talking about a large conspiracy, or a company completely full of morons outside of the few conspirators. I can see a few bugs, or security holes getting through some or all of the testing, but you’d be hard-pressed to get some malicious code that deliberately mis-tallies the votes through all of that.
I don’t disagree with you here. But I do think that if these sorts of contracts don’t have some level of security required by the government (possibly on the order of having clearances and such), it absolutely should.
Also, Blaster, I should mention that you exhibit a rather touching faith in the concept of security measures working as they should. The fact is, such measures are dependent on people to implement them; to lock their system every time they leave it, for example. Do you think every person who gets up to go to the bathroom locks his or her system? When the auditors are there, probably most of them do. But the rest of the time?
In my current job, I don’t have write access to where the executable code is kept. I find it virtually impossible to believe that I couldn’t get to it fairly readily if it were important to me to do so. For that matter, I wouldn’t have to. I’m the one who gives the code to the guy to put it out in the executable directory. Who says I have to give him the same version that they just finished testing? He’s not going to know the difference; it’s not his job to know. It’s his job to move the files (executables and sometimes data files) to the directories I specify and have gotten managerial approval for. The managerial approval depends on my telling them that the tester has now blessed the new release. That can be confirmed with the tester, so of course it has to be true. But no one would have the slightest idea that I had switched files if I chose to do so BEFORE they moved them. These aren’t code files, btw. They’re executables. A person can’t just go in to the file and see what they’re doing; it’s gibberish to the human eye. The CODE file I put out there would, of course, be the one that didn’t have the little tweak in it.
Do you honestly believe that couldn’t happen? The exact details will vary from facility to facility, but to assume it can’t be done because of QA? I’m sorry, but I find that rather humorous. And yes, before you ask, as I’ve already stated, I’ve worked on projects that required a clearance. I’m not at all convinced that the voting machine manufacturers work to that level of security, but even if they do, a smart creative person can generally find a way around it.
Well, we cross posted. And apparently, while your friends’ experience is relevant, mine isn’t. OK. The fact is, I’m not going to convince you that it wouldn’t have to be a huge plot.
So go on believing it can’t be done. What can I tell you that would convince you? I haven’t done it myself, nor do I know anyone who has, so that’s the one thing I CAN’T say. I have no hope of actually convincing you.
Enjoy your ivory tower.
Let’s separate this out. 3 programmers for the whole project. I would probably divide that as follows:
Programmer 1: The voting machine code
Programmer 2: Server-side database (incl. machine load mechanism)
Programmer 3: Server-side UI
So, for two key components (you could modify either the machine code or the server side code to corrupt an election) you have one and only one programmer to bribe.
Again, these machines were built in-house and then sold in bulk. I would be flabbergasted if they had even a million dollar software budget.
There’s no “beta”. Governments are offered a unit for sale. They do testing, but as noted above two key issues are relevant:
Give me a break. OOP has been around since the fucking '60s.
Oh, but Zakalwe, ***Blaster Master * ** says they have a beta and great testing procedures, with lots of hardware and software involved. And that things have changed enormously since the 60s. He’s getting a PhD in Computer Science, and he has friends working as programmers, so he *must * know best, right?
When I gave my low-ball estimate, I was not including an interface to a server, or a user interface for changing the candidates; I was just talking about the part on the local machine itself that tallies votes. Oh Lord, if they’re all net-worked, the potential for dishonest interference just went up by about 100%! It doesn’t have to be in the local machines at all! Oh Lord, somehow I had the idea that that was more complex than the machines they actually have, and that local tallies were run and simply reported in manually. This changes everything, and allows for much wider scope for a dishonest programmer *or * a hacker! Christmas! The situation is far more vulnerable than I realized!
Oh, and I forgot. **Blaster Master ** knows about Object Oriented Programming. Gee, I’d never *heard * of *that * before! I’ll have to look into all these new developments in programming. Because I, of course, have spent the past 30 years writing FORTRAN on an IBM 360. What will they come up with next?
:: pats hair ::
Now, now, little lady, don’t you worry your pretty little head about it. I’m sure this fine young man, with his fine almost-doctorate, will help you understand all this newfangled stuff, or at least as much as you need to know. You just let him tell you what to think and everything’ll be just fine.
Thank you, ETF. That’s very sage advice for an old lady like me. 
'ere now, you had Fortran on a mainframe? All we ever had was QBasic and a Motorola 8086 and were damned glad to have it, I can tell you that!..