In my personal life I write software for the manufacturing industry. Professionally, I am an engineer, and write code for computer-operated equipment (lathes and mills, commonly known as CNC machines.)
For a sense of scale, let me say that most CNC programs are under 250 lines of code. In addition to controlling the cutting tools, the programs will check for operator input mistakes: Tools can only be adjusted within a narrow range, anything outside that range and the machine won't run. Did the operator slow it down to check something and forget to turn it back to 100%? Machine won't run. And so on. Idiot-proofing, dimensional checks and feedback, torque monitoring, etc.
Before we even let the customer see their new machine, we have already run the machine for 8 hours of hands-off auto cycling of the program. We have also run each cutting tool through enough parts to ensure the cutting conditions are optimal. Then for the customer we run an additional hands-off production run of 8 hours or 35 pieces (whichever is greater) and then do a 100% inspection of every feature out to 5 decimal places, followed by some statistical analysis to measure capability. Once the customer is happy, we ship the machine and repeat this on their floor. Then we spend a few days going over the statistical analysis, then a week of training for their operators. Only then is it ready for producing parts that make sure your car door latches with 18lbs of force rather than 19lbs.
Oh, yeah... we provide the computer code to the customer as well, every line commented for clarity.
Doesn't it seem like voting software, which likely is thousands of lines of code, should be made open-source and go through some sort of approval process before being used for real? Isn't this software vetted or tested or examined at all?
-+Edit+- I should clarify... I am not claiming that voting software and CNC programs are similar in architecture, language, layout, complexity, or structure. My point is, if a fairly simple g-code program and its performance is vetted so thoroughly by the end user, at multiple points in its development and prove out, then why in the hell isn't the software that determines how my vote is recorded given the same level of scrutiny? I didn't realize my example was too convoluted for so many snowflakes.
view the rest of the comments →
[–] screamingrubberband [S] 0 points 14 points 14 points (+14|-0) ago (edited ago)
I used to believe that, but it is stunning to see the LACK of understanding in the industry lately.
And, ultimately, with voting machines, I am the customer. I should have some assurance that the software works. And, no, I don't believe the software company can provide that.
Software should be revision-controlled, on air-gapped machines, and dry-ran on-site with people who got selected for jury duty, or some similar method of randomly selecting participants for a 4-hour runoff.
Open sourced and posted dry-run results at every precinct.
Otherwise, fuck off with your "proprietary software" arguments. There's nothing "proprietary" about adding 1 to a tally.
Edit... sorry, just venting. Not at you.
[–] Interruptedagain 0 points 2 points 2 points (+2|-0) ago
No problem. I get wound up to.
[–] buckhorn 0 points 1 point 1 point (+1|-0) ago (edited ago)
Yes. The source code should be owned by 'We the people' and it should run on commodity/open hardware. Any installs/updates should be subject to observation by multiple opposing parties who may video all keystrokes and hash codes and receive a copy of the deployed code for further inspection/dissemination before the admin jacks are sealed under lock and key. There's no excuse that would make closed/prorietary source code necessary at this point.
Many eyes make all bugs shallow--even if only 1% of the eyes who have access know what they're even looking at.
After every e.g., 1000 votes, a 100-sided die should be rolled. If it comes up as 1, the totals for those 1000 paper ballots must be audited/confirmed by manual count irrespective of whether there's any particular reason to be suspicious.
Scanned images of all ballots should also be made publicly available shortly after voting ends.
[–] UrCoolerOlderBrother ago
Am I wrong that by open source/releasing the code to the public, that would assist people that wanted to hack the voting machines in doing so? Like, I think about how whenever an iPhone is released, with extremely proprietary code, some 15 year old is still able to hack it. If that iPhone was open source, wouldn't that make it much easier for that kid to figure out how to hack it? (Because they can see how it all works and where a vulnerability might be?). If I am wrong, if you could please tell me why, id appreciate it.