In my personal life I write software for the manufacturing industry. Professionally, I am an engineer, and write code for computer-operated equipment (lathes and mills, commonly known as CNC machines.)
For a sense of scale, let me say that most CNC programs are under 250 lines of code. In addition to controlling the cutting tools, the programs will check for operator input mistakes: Tools can only be adjusted within a narrow range, anything outside that range and the machine won't run. Did the operator slow it down to check something and forget to turn it back to 100%? Machine won't run. And so on. Idiot-proofing, dimensional checks and feedback, torque monitoring, etc.
Before we even let the customer see their new machine, we have already run the machine for 8 hours of hands-off auto cycling of the program. We have also run each cutting tool through enough parts to ensure the cutting conditions are optimal. Then for the customer we run an additional hands-off production run of 8 hours or 35 pieces (whichever is greater) and then do a 100% inspection of every feature out to 5 decimal places, followed by some statistical analysis to measure capability. Once the customer is happy, we ship the machine and repeat this on their floor. Then we spend a few days going over the statistical analysis, then a week of training for their operators. Only then is it ready for producing parts that make sure your car door latches with 18lbs of force rather than 19lbs.
Oh, yeah... we provide the computer code to the customer as well, every line commented for clarity.
Doesn't it seem like voting software, which likely is thousands of lines of code, should be made open-source and go through some sort of approval process before being used for real? Isn't this software vetted or tested or examined at all?
-+Edit+- I should clarify... I am not claiming that voting software and CNC programs are similar in architecture, language, layout, complexity, or structure. My point is, if a fairly simple g-code program and its performance is vetted so thoroughly by the end user, at multiple points in its development and prove out, then why in the hell isn't the software that determines how my vote is recorded given the same level of scrutiny? I didn't realize my example was too convoluted for so many snowflakes.
view the rest of the comments →
[–] Interruptedagain 0 points 22 points 22 points (+22|-0) ago
In your real world example you are dealing with customers that have been there before and, to a degree, know what they are looking at and for.
With voting machines the customers are government bureaucrats that were affirmative action hires. They wouldn't have a clue what they were looking at. You could sell them a pile of dog shit and tell them it was roses.
[–] screamingrubberband [S] 0 points 14 points 14 points (+14|-0) ago (edited ago)
I used to believe that, but it is stunning to see the LACK of understanding in the industry lately.
And, ultimately, with voting machines, I am the customer. I should have some assurance that the software works. And, no, I don't believe the software company can provide that.
Software should be revision-controlled, on air-gapped machines, and dry-ran on-site with people who got selected for jury duty, or some similar method of randomly selecting participants for a 4-hour runoff.
Open sourced and posted dry-run results at every precinct.
Otherwise, fuck off with your "proprietary software" arguments. There's nothing "proprietary" about adding 1 to a tally.
Edit... sorry, just venting. Not at you.
[–] Interruptedagain 0 points 2 points 2 points (+2|-0) ago
No problem. I get wound up to.
[–] buckhorn 0 points 1 point 1 point (+1|-0) ago (edited ago)
Yes. The source code should be owned by 'We the people' and it should run on commodity/open hardware. Any installs/updates should be subject to observation by multiple opposing parties who may video all keystrokes and hash codes and receive a copy of the deployed code for further inspection/dissemination before the admin jacks are sealed under lock and key. There's no excuse that would make closed/prorietary source code necessary at this point.
Many eyes make all bugs shallow--even if only 1% of the eyes who have access know what they're even looking at.
After every e.g., 1000 votes, a 100-sided die should be rolled. If it comes up as 1, the totals for those 1000 paper ballots must be audited/confirmed by manual count irrespective of whether there's any particular reason to be suspicious.
Scanned images of all ballots should also be made publicly available shortly after voting ends.
[–] screamingrubberband [S] 0 points 3 points 3 points (+3|-0) ago
An additional clarification... I don't give a shit about the bureaucrats or diversity hires... I want the public at large to have open access. I want to make sure the routine that adds "one" doesn't have any conditional statements. If Sha'niqu'a is going to use the software to display a number, I want to look over the routine that handles the output and make certain it is rig-proof. If everybody can see it, then confidence in the system goes up.
Code errors are caught by people who didn't write the code... because presumably the person writing the code thought it was right, and is therefore less likely to see a mistake. So let's all see all the code, so there's no "glitches" like this. I know you can't find all the bugs, but you can sure as hell see any underhanded "stuff" if you look hard enough.
[–] cantaloupe6 0 points 1 point 1 point (+1|-0) ago
The Chinese hardware and firmware can adjust the contents of memory.
[–] Interruptedagain ago
I'm agreeing with you on this. I'm just saying that in the system that we now have it is those retard affirmative action hires that see and approve of the code. That has got to change! We all need access to it.
[–] 26291004? 0 points 3 points 3 points (+3|-0) ago
yeah, but that's true in the medical space. Most EHR and EMR systems are crappy from the inside, and the customers don't know any better.
HOWEVER, you don't see massive failures with mission critical medical applications anymore, post THERAC. You have errors, but not with the essential fuction of the software. Voting software does ONE THING, it should do it properly.