|
Post by Marti-Pair Furxheir S.H. on Feb 10, 2016 8:42:23 GMT -6
MPF, I think you might overestimate general public knowledge about computer coding. Even if you took someone line by line through the code and explained what each line was supposed to do, they probably wouldn't actually be able to understand it well enough to then certify that the code itself was perfect. You might have left out something, you might have missed a variable, or you might have just made up the code on the spot. Obviously you didn't do that and it's probably excellent code, but they'd just be taking your word for that... and the whole point of the Electoral Commission is to make sure we're not taking the Secretary of State's word on who voted and which way, as much as possible. AD, you are the author of the bill which is currently up for a referendum. You have added that the code needed to be validated, and now, you are saying that it can't be? Then why have that law on the books at all if it can never be validated!!!! But perhaps we ask an independent expert to testify. There is now a second PHP developer in Talossa, he could review it and make a recommendation to the EC? Would that be enough?
|
|
|
Post by Marti-Pair Furxheir S.H. on Feb 10, 2016 8:44:18 GMT -6
Even if the referendum passes, the law won't take effect until AFTER the votes are validated. That means that we can't really change how we validate from the last election until then. I like your enthusiasm, but it seems you are putting the idiomatic cart before the horse. I agree the ballot looks good, but I have no way of knowing that for sure because I can't really understand the coding. But are we 100% sure of that? For example, we could do a two step validation: 1 ) Review all of the public votes and their referendums, and only the referendum of private votes. That way, we can have the referendums validated even if the private votes aren't. 2 ) At that point, the results of the referendum are validated, and we can apply the referendum to call the party validation complete since we no longer have to review the private votes.
|
|
|
Post by Sir Alexandreu Davinescu on Feb 10, 2016 8:51:32 GMT -6
MPF, I did author that bill, and so you know I want this to happen. But the Commission needs to have "verified the reliability of the secure online ballot system" unanimously... I'm not sure just showing them the code is the way to go.
I'm neither Secretary of State nor a member of the Commission, of course, so it's just my two bence on the matter, but it seems to me like open testing is the way to go. Make them able to cast test votes, stress-test the system, and try to break it. That's what I would do, anyway.
|
|
|
Post by Marti-Pair Furxheir S.H. on Feb 10, 2016 9:11:05 GMT -6
MPF, I did author that bill, and so you know I want this to happen. But the Commission needs to have "verified the reliability of the secure online ballot system" unanimously... I'm not sure just showing them the code is the way to go. I'm neither Secretary of State nor a member of the Commission, of course, so it's just my two bence on the matter, but it seems to me like open testing is the way to go. Make them able to cast test votes, stress-test the system, and try to break it. That's what I would do, anyway. But open testing isn't a way to go... it won't test for fringe cases, it won't test for back-doors, for security issues. I mean, sure, I could run a test and get their certification, but anyone who knows anything about security audits will know that this isn't the way to go. Perhaps I could bring in Mr. Higgs as an auditor? He already expressed interests in the database and he is a PHP developer... He could review my code and then, testify to the EC that it is ok or not?
|
|
|
Post by Sir Alexandreu Davinescu on Feb 10, 2016 9:18:21 GMT -6
I guess that's up to the Electoral Commission. I just wanted to make the point, before and now, that we want to be careful that they're not left to take your word. Not because I doubt your word or your competence, of course, but as a matter of precedent for future Secretaries of State. I'm going to butt out now, and you can hash it out with the EC about what they think is good enough for them to certify the process.
|
|
|
Post by Eðo Grischun on Feb 11, 2016 0:39:20 GMT -6
Even if the referendum passes, the law won't take effect until AFTER the votes are validated. That means that we can't really change how we validate from the last election until then. I like your enthusiasm, but it seems you are putting the idiomatic cart before the horse. I agree the ballot looks good, but I have no way of knowing that for sure because I can't really understand the coding. But are we 100% sure of that? For example, we could do a two step validation: 1 ) Review all of the public votes and their referendums, and only the referendum of private votes. That way, we can have the referendums validated even if the private votes aren't. 2 ) At that point, the results of the referendum are validated, and we can apply the referendum to call the party validation complete since we no longer have to review the private votes. Actually, I'm not sure that's right. You say " At that point, the results of the referendum are validated, and we can apply the referendum ...". While you would be correct in saying the results are validated at that point, it would not be correct to say we can apply the referendum at that stage. The referendum has not created a new law yet at that stage. You would need to wait for the final stage of Royal Assent. Proposed laws don't become actual laws after referendum, and they certainly dont become law at whim of the Chancery. The worst case would be that a referendum is validated and then silently assented into law about a month later. Best case is you somehow get the King to make proclamation the very minute after you validate. It has always been practice (for solid practical reasons not to mention its just how our law on this matter works) that a new law enacting changes to the electoral system is ignored until the next election AFTER the law takes effect.
|
|
|
Post by Marti-Pair Furxheir S.H. on Feb 11, 2016 4:33:14 GMT -6
Fine, I'll drop this then.
|
|