Quantcast

In the Know: Source code



Precinct count optical scan (PCOS) machine. FILE PHOTO

A source code refers to the human-readable instructions that define how a computer functions.

Created by programmers, the source code contains the blueprint that reveals how a machine operates.

In determining the accuracy and quality of a source code, a common industry practice is the source code review, in which someone, other than the original creator, analyzes it and checks for security breaches, bugs and other concerns.

Under the Poll Automation Law, the source code to be used for the precinct count optical scan (PCOS) machines should be certified by a third party of computer experts.

In a March resolution, the Commission on Elections (Comelec) said accredited parties, independent candidates running for national posts and organizations with technical expertise might conduct a source code review.

The Comelec said SLI Global Solutions, a US-based company that conducts voting systems certification testing, had certified the source code.

Until Thursday, or four days before the elections,  the source code was not available for other parties to review because of a legal battle between Smartmatic, the supplier of the PCOS machines, and its corporate partner, Dominion Voting Systems, whose approval was needed for the release of the code.

Several groups raised concerns over the lack of a code, saying the failure to review it will deny interested parties the chance to ascertain the credibility of elections.—Inquirer Research

Sources: Inquirer Archives; Comelec; Center for People Empowerment in Governance








Recent Stories:

Japan’s Shinkansen bullet train turns 50 5 mins elapsed Guide dog for blind injured in stabbing 11 mins elapsed 9 things to know about Jessica’s exit from Girls’ Generation 16 mins elapsed SC stops auction of UP-Ayala Land Technohub 26 mins elapsed Heavy rains cause flooding in Metro Manila 36 mins elapsed PH peacekeepers new mission: Secure Pope Francis, APEC 2015 45 mins elapsed Vietnamese low cost carrier hit over anti-women PR stunt 49 mins elapsed PNP: Model used ‘fake’ business card to dodge traffic citation 1 hour elapsed
Complete stories on our Digital Edition newsstand for tablets, netbooks and mobile phones; 14-issue free trial. About to step out? Get breaking alerts on your mobile.phone. Text ON INQ BREAKING to 4467, for Globe, Smart and Sun subscribers in the Philippines.




  • wyl5326

    Too bad for you to assume that I know nothing, when the fact is I may have longer experience in IT than your actual age now and worked on big systems with thousands of lines of codes ! In fact, I may have even started my IT career even before you started college !

  • wyl5326

    Putting too much trust on source code is the height of stupidity as it is not the one that will run how actual computers will run. Source code is only needed for those who don’t know how the complete system should work and could serve as documentation at best ! Nobody who buys software for their PC ever gets a copy of source codes as that is a guarded secret companies will not share easily without any valid reason and signing a non-disclosure or non-compete clause. The only guarantee against fraud was a comprehensive testing done by independent IT Professionals without any limitation by Comelec to let them breakdown the system and done with parallel manual count with enough volume to get statistical confidence required. Only by that process can we be assured of honest results as source codes could have inherent bugs themselves ! So why so much distraction on Source codes when they need to be compiled first before it can be used by machines ? Only stupid automation lawmakers who wants to brag about their little knowhow make them very dangerous ! In the meantime, PCOS machines was not comprehensively tested and Comelec even tried to limit their testings and dictates non-random selection of places to audit !

    • Rey G. Domingo

      Little knowledge about something is highly dangerous. You have absolutely no idea about ‘external triggers’. You cannot know about such thing just by running a statistically significant number of mock ballots. Read the posts/comments so you will be enlightened.

  • lufthansa49

    There shoul be no election in the first place. Its a waste of money

  • Marlon Abastar

    Source code should be reviewed thoroughly. and how do we know that the proper revision of the source code is the one deployed in the PCOS machine. Who knows if they can deploy quick patch to the PCOS machine on the election day. Simple patch idea like:

    if (vote.party == ‘UNA’); then

    votecount.PNOY++;

    if( vote.party == INVALID ); then

    votecount.UNA–;

    Or something like that :D

  • Karabkatab

    Aside from the source code, laymen will better appreciate or understand the program architecture. Techies please correct me on this.

    • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

      what should worry (assuming nothing fishy on the counting program) us when the source code is release is the encryption being use to transmit because once that is shown it’s like using a vault with the PW is written outside.

  • disqusted0fu

    Having read this article, it became clearer now that the brilliant Brillantes was either fooling us or he just doesn’t really know what he is saying and he is doing. Prior to the release of the source code, Brillantes stated that he is no longer interested in the source code and it is not really needed for the automated elections. But with the knowledge of the code’s usefulness, only an idiot would say that it ain’t needed.

  • http://www.facebook.com/wilmorhm Wilmor Herald

    They should never reveal the source code to anyone except to a very trusted independent body, because the vulnerability of the program can easily be known, anong malay natin eh mag-hire yung ibang mga candidates ng hackers dyan, maski ano kasing security pa ang ilagay nila dyan, that is a software and it can never be called a secure one, kung yung may security nga eh nahahack, tapos ipapakita pa nila source code nyan sa kung sino-sino lang…

    • mjp78

      Sorry I beg to disagree…making the source code more widely available will result in more scrutiny, just because more people will be able to review it.

      There has been many studies and research that open-source makes for lesser bugs and more secure codes, of course over time…I’m not saying to make it open source, but more 3rd party reviewers are needed.

      Besides ‘security by obscurity’ has been largely discredited…

  • http://www.yahoo.com/ Jose Paman

    if the comelec bought the machine, why should they have problem in securing the source code? Once it is fully paid, I think the comelec have all the rights to ask for the source code as long as the request is certified by the comelec commisioners.

    • calipso_2100

      In doesn’t work that way in the software industry. Unless its open source.

    • sk2tk

      Wrong. Basically, by default You are only paying for the license to use the programs. Acquiring the source code is totally a different thing..

    • http://www.facebook.com/wilmorhm Wilmor Herald

      It’s not the case when it comes to software industry. Hindi rin naman basta-basta ang source code eh, yan mismo yung foundations of how a program functions, it’s basically their product, so hindi yan basta-basta na lang isasapubliko

  • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

    get the machine code from the rom para wala ng tanong.

    • sk2tk

      Stupid comment. May masabi lang.

      • WeAry_Bat

        er, it is actually correct. instead of the source code, [edited, portion removed to further aggravate the hemorrhoids of sk2tk].

      • sk2tk

        Oh c’mon… Be realistic… That is easier said than done… Disassembling the binary code you say? Do you know how long would it take? Going back to the comment above, how do you plan to do that? Getting the machine code from the rom? Hahaha. You wish…

      • WeAry_Bat

        I will not tell you.

      • sk2tk

        Haha. I don’t need your info,,, you are not a technical guy.. Haha

      • WeAry_Bat

        And you are a dog on the Internet.

      • sk2tk

        And you are a wanna-be techy.. Hahaha..

      • WeAry_Bat

        And you are Mr. Bean
        You know nothing.

      • sk2tk

        Haha. It’s quite the opposite.. Hahaha. Wanna-be.. Lol…

      • WeAry_Bat

        It’s lunchtime in my zone right now. You still haven’t found what I meant.

        I know you have been salivating to know.

        How pitiful :D

      • sk2tk

        Haha. You open your big mouth even before your tiny brain starts workin’.. Hahaha,, pathetic idiot.. Haha..

        We are all born ignorant, but someone must work hard to stay stupid.. And that someone is you.. Wahahaha

      • WeAry_Bat

        Hehehe you really want to know hahaha.

        On May 13, 2010 65 PCOS machines were found in a house. Days later, they were opened up by Jamby et. al. before moving under the custody of the Senate President.

        In the interim, so many things could happen, like copying. Lest you get rich, just in case, I still all the more won’t tell.

        Hahaha…

      • sk2tk

        Pure hearsay… People like you are so easy to be swayed by media.. Hahaha.. Do you raelly believe that all PCOS machine that will be installed onsite contains source codes??? Haha. It only goes to show that you are not a technical guy. Just wanna-be.. Hahaha

      • WeAry_Bat

        Compiled code.

        I won’t help bad people reading us and especially you bad person.

        Bye :P

      • sk2tk

        Pikon! Haha

      • WeAry_Bat

        btw, this is where I caught you, poser…

        “installed onsite contains source codes???”

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        hushhh.

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        what do they contain? an abacus with an accountant inside the bin? no wonder it’s so big.

      • GustoKoHappyKa

        Actually he is quite right..

        In case of the source code the Comelec release… they can just do a simple CRC Checksum with the ROM VS Compiled code to
        determine if the resulting checksum match.

        As for getting the ROM..it’s really quite easy if you know what your doing lol…

        FYI

        I’m a Professional Software Developer and expert in FIRMWARE DEVELOPMENT and Reverse Engineering.

        I was once commissioned to Legally reverse engineer a Pagcor gaming system with only a ROM available because the original developer already resigned and took all the code.

      • sk2tk

        I dont care who you are or what you did. I myself did a lot of complicated system more than you could possibly imagine, not only in the philipines but all over asia, and you don’t see me bragging about it, just now. Lol..

        You are talking of something that can be googled.. There is nothing great in what you have said.. Lol..

        If you have created a system that is worth millions of dollars, all by yourself, then you can start arguing with me.. Lolo…

      • GustoKoHappyKa

        hahahaha yeah your right im a LOLO… Papunta ka palang sa ASIA nalibot ko na ang Mundo…

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        dude you don’t use colourfull OS on specialized machine. just a simple screen is enough and the rest is on how the logic will be process. You don’t waste memory on this kind of machine just like those atm’s. nothing fancy but quick and accurate. hardware programming is not for the eyes.

      • sk2tk

        Have you ever heard of dynamic link library? If you know that then you can see that your approach is not useful at all times.. Hahaha… And that’s just the tip of an iceberg. Lol..

      • GustoKoHappyKa

        LOL DLL… hahaha.. hahahaha… HANGANG WINDOWS lang pala alam mo eh..hahahahahahaha

      • http://www.facebook.com/akohitoh Rey G. Domingo

        DLLs? Bakit, ang mga PCOS machines ba ay tumatakbo using MS OS? OMG! That only shows your ignorance. Truly portable codes had linked libraries resolved.

        These machines are running proprietary codes and the codes are either in the ROM only or may have some in the supplied CF cards. And I tend to lean towards the latter given the statistically significant number of PCOS machines malfunctioning during bootup.

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        yup

      • GustoKoHappyKa

        bobo nga yan sk2tk ..nagmamagaling yan eh..mag suggest ba naman ng DLL sa PCOS machine hahaha..
        hangang Windows Development alam nyan..hahaha

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        window guy ka ano? hahahaha. Isusumbong kita kay kernell.

      • http://twitter.com/CeriseDavid Cerise David

        I believe they only have loader and bootstrap code in ROM. The rest gets read from CF card.

      • WeAry_Bat

        That is correct.

        I won’t say anymore, the entity you are replying to is fishing and lying.

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        you are correct . my very point on saying just take the machine code from the machine and distribute them on those concerned party and let them decode it (might be a bit costly but a senior student might do this for 50K only for 2 weeks) kasi kapag yung source code pwede pa nilang itanong kung yun ba talaga ang naka program sa mga PCOS machine. thanks.

      • http://twitter.com/CeriseDavid Cerise David

        For that size, less than 20 seconds, I’ll say, with a run-of-the-mill dissasembler. It will come out as semi beautified source with procedures, functions and variables with names. Experienced engineers can recognize what procedures and functions do on sight, and if you have a runtime debugger handy, most of them can be deduced fast enough by setting breakpoints in code as you run the application.

        I’m sure you are proficient with your Visual Basic (LOL), but this is a totally different thing altogether.

      • sk2tk

        You are so funny… Visua Basic??? There is no money there, tatlo singko sa makati yan.. Nah.. Hahaha.. Little knowledge is very dangerous.. Hahahaha

      • http://twitter.com/CeriseDavid Cerise David

        So tell us something, so fellow engineers can have a laugh

      • WeAry_Bat

        Good approach, silence is.

        I figure the entity is getting results for ROM on crystal lattices which had been one of my subjects in college. Hahaha.

      • http://www.facebook.com/akohitoh Rey G. Domingo

        Sk2tk, ano ba ang alam mo sa low-level programming?

      • sk2tk

        Hahaha. Mag review ka na at mag google para may maituro ka sa mga estdyante mo.. Dahil hanggang theory ka na lang. Wahahaha…

      • Rey G. Domingo

        Kung sumusuweldo ka ng mahigit 3 million pesos per year ay sasaludo ako sa iyo. Otherwise, mag-aral ka ulit at nang umangat ka naman.

      • GustoKoHappyKa

        Wala nga sya alam..suggestion nya sa akin DLL daw.. lol

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        you don’t laught at visual basics most viruses during the 90’s are written in VBS.

      • sk2tk

        I guess you are not a programmer.. Don’t believe everything you read or heard… Hahaha

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        don’t waste your time he probably failed on his asm.

      • bluestar777

        It is NOT a stupid comment. Actually, It can be done No rocket science really is involved. (^_^) Just the dedication and patience. The very first thing we have to do is: Know what particular microprocessor iswas used with these machines. Study and understand the entire INSTRUCTION SET of this microprocessor. Get the binary One and Zeros that was Burned and Encoded in the ROM. (Remember a computer ONLY UNDERSTANDS *One OR Zero/one and Zero. It’s very elementary here, Thus, We have to deal with only two things: One and Zero.

        Compare the sequences of ONES and ZEROS to the sequences there in its Instruction set… and Voila, you have now in your HANDS the source Code in its Purest and most Primitive form
        The downside of this is:
        It is a very TEDIOUS and very TIME consuming process.
        This is surely NOT for the faint-hearted. This may drive you crazy in the long run. Most especially if the program is very long and the INSTRUCTION Set of processor used is quite complex___and there thousands or even hundred thousands of them.
        So, I think it just much better to just BRIBE the safe-Keeper of this Source Code in order to get it. LOL

      • sk2tk

        Crap but funny… Lol…

      • bluestar777

        Crap? What’s that?
        Can you explain here why it isn’t so?
        Surely, we could not understand each other here.
        If all you say is. CRAP. w/o the explanation.
        But I do understand the FUNNY thing
        Because I intended it to be so.
        In the first place.

        Why can’t you just admit that your are the one
        Who was making a STUPID COMMENT
        And not Juan DelaCruz?

        Probably, you don’t even understand anything what I have said or saying

        there in my comments above
        Stop pretending to be far more smarter than you really are Boy
        Because that can be EASILY SPOTTED
        And that will just EMBARRASS you.

        .

      • http://www.facebook.com/akohitoh Rey G. Domingo

        It is simple: sk2tk doesn’t know anything about machine-level programming.

        What you said is true. It is called reverse-engineering. But you don’t have to deal with 1s and 0s. If you know the instruction set, you can devise/write a program to decode the machine-level codes (if a disassembler is not available). Even then, it will not be easy to grasp the whole thing from the output because unlike source codes where you will find something like ‘perform read-marks’ what you will see is something like ‘perform a’. In other words, your ‘decoder’ will have to assign non-intuitive nomenclatures for all the ‘performs’ and ‘gotos’. Later, once you understand the function of ‘perform x’ then you can replace all the occurrences of ‘perform x’ to ‘perform ‘xxxxxxxxxx’. ‘Xxxxxxxxxx’ in this instance is descriptive of the function. You have to do that for all the objects, including the variables.

        This is just for the audit of the code to find bugs (errors, mis-directions, fall-throughs, etc.), non-optimized codings (make it run faster), see vulnerabilities (possibilities of code patches/pcos-specific dagdag-bawas done through the Internet, triggers for cheating, hacking exploits) and back-doors.

        How about ascertaining whether the version of the source code submitted was the one deployed?

      • sk2tk

        let me guess, instructor ka noh? Wahaha, galeng mo sa theory ah? Mukhang bihasa ka na mag search sa google. Haha, matanong ko lang, nakagawa ka na ba ng system na ginagamit up to now ng malalaking company all over asia? Like big banks or by a switching networks? Haha.

        Try mo din mag implement ng system minsan, kung kaya mo. Wahahaha..

      • Rey G. Domingo

        I am not an instructor. I am a full-pledged IT professional. Iho, sperm cell ka pa lang nagco-coding na ako (machine-level, 1GL up to 4GL). At anong masama sa Instructor? Kung walang IT instructor wala ka sa IT ngayon. Ikaw, baka 3GL lang ang alam mo. No wonder na mahina ka sa concepts ng low-level programming. Natawa ka nga nang may mag-suggest na gamitin ang machine codes (i.e. ROM contents). Have you done integrations? Siguro object-oriented lang ang alam mo at hanggang ngayon ay programmer ka pa rin.

        One more thing: ilang % ang contribution mo sa mga collaborated projects niyo? 1% of the whole and 5% as a programmer? The success of a software is not in the programmers. Nasa system designers, system analysts and test data designers (baka ngayon mo lang narinig ito). Ang SA ang nagbibigay ng assignments sa mga programmers, nagre-review ng codes ng programmers, at nagbibigay ng coding techniques in case a programmer doesn’t know how to do code optimization, code segmentation, etc. Get’s mo.

        Ang hirap sa mga ibang commenters, ay puro panlalait at pagyayabang ang inaatupag. Isa ka na doon.

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        let the troll be. we only live once. thanks.

      • wyl5326

        while I agree with reverse engineering as I’ve done so without any source code, comprehensive testing should not even need source codes to find bugs if one has enough common sense of what an application is supposed to do ! Take the case of vote counts for each candidates when the total should be the sum of his vote counts from all precincts. In other word, the roll-up total vote count must match and that don’t need source codes to come conclusively of discrepancy or bugs and that should debunk any other conclusion !

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        the guy is a troll. let him be.

      • http://www.facebook.com/profile.php?id=100003498754650 Juan Delacruz

        Let me give you an Idea what is the difference of machine code and source code. Machine code is the instruction in positive or negative setting (the processor is a conplicated switches) now the source code is the one we humans written in logic. now source code is not the one read by the computer it is the machine code and the nearest to this is the binary code when you reverse engineer a program thats what you get endless 101010101000. the source code can still be question if that is really the one inserted on the ROM. I hope that gave me the benefit of the doubt. Bluestar thanks for your comment a fellow 37337

  • Je Magno

    Bakit ngayon lang ilinabas ang source code?

    • sk2tk

      Tinanggal pa kase yun mga naka hard code. Lol…

      • Johnny

        Lol saka may ni-run pa na code beautifier. Dapat may copy din sila kung ano ung build na naka-deploy doon sa PCOS.

        After verifying the souce code for any malicious instructions, dapat ni-build or compile ng harap-harapan and compare ung checksum ng mga files doon sa actual na naka-deploy sa PCOS machine. At saka make sure na ung build na yun talaga nag-eexecute kasi bka may mga hidden files and folders pa.



Copyright © 2014, .
To subscribe to the Philippine Daily Inquirer newspaper in the Philippines, call +63 2 896-6000 for Metro Manila and Metro Cebu or email your subscription request here.
Factual errors? Contact the Philippine Daily Inquirer's day desk. Believe this article violates journalistic ethics? Contact the Inquirer's Reader's Advocate. Or write The Readers' Advocate:
c/o Philippine Daily Inquirer Chino Roces Avenue corner Yague and Mascardo Streets, Makati City, Metro Manila, Philippines Or fax nos. +63 2 8974793 to 94
Advertisement
Advertisement
Marketplace