Somewhat off-topic but many of the newsgroup subscribers are into computers as well as machining. See story at bottom of rant.
Some observations:
(1) Millions of lines of code? I used to teach computer programming and I would flunk any student who came in with more than about 1,000 lines of code to do a simple accumulator array, excluding windows function calls and hooks. I may go another 500 lines for a front-end interface to terminal and maybe 1,000 lines for odbc function calls to access and verify voter ID from a central data base. I would also expect accepted programming practice such as structured/modular/OOP programming, plenty of comments, no global variables, strongly typed variables, a complete flow diagram and variable cross reference listing. I would also expect the programming to be done in a high-level, generally used language, such as C#, C++, etc. so it can be inspected for Trojans, trap-doors, hooks, etc.
(2) « ... executives at the voting machine makers said Tuesday they would not submit their most valuable data — their proprietary source code.» My observation – you don’t have to supply your source code, but we don’t have to buy your machines. Just what language are these proprietary programs written in, and where?
(3) Given the potential and incentive for fraud and abuse, the executable code should be compiled by a governmental agency from the approved source, and a hash total calculated, so that the programs loaded and running on the voting machines can be verified against the approved version, several times during the day, not just when loaded (i.e. one time).
George McDuffee
============
Following story from Yahoo news: E-Voting Cos. Reveal Software to Feds By RACHEL KONRAD, AP Technology Writer SAN JOSE, Calif. - The nation's largest voting machine companies are submitting millions of lines of code to the National Software Reference Library to address sharp criticism from computer scientists about the secret software used in elections. But executives at the voting machine makers said Tuesday they would not submit their most valuable data — their proprietary source code. And they might not provide the library with copies of software patches, updates and upgrades. Computer scientists said the conciliatory gesture wouldn't help ensure the integrity of next week's presidential election, when as many as 29 million Americans will cast electronic ballots. Some researchers worry that hackers, software bugs, ill-trained poll workers or power outages could intentionally or accidentally erase or alter voting data. "This is a step in the right direction," said Doug Jones, associate professor at the University of Iowa's computer science department. "I just wish these steps had been taken earlier. I say hooray, but it's a long-term benefit with some pretty glaring caveats." Executives from the largest equipment makers in the United States — Election Systems & Software, Sequoia Voting Systems, Diebold Election Systems and Hart InterCivic — announced Tuesday that they had already submitted many versions of the software that will be used to tally votes next week. The library, run by the National Institute of Standards and Technology, also holds proprietary code from Microsoft Corp., Oracle Corp. and other technology giants. Executives acted at the request of the U.S. Election Assistance Commission, a year-old federal agency created through the Help America Vote Act. EAC Chairman DeForest Soaries Jr. acknowledged that the data was far from complete. But he said the companies' ongoing submissions could eventually make election software more transparent to computer scientists, who want "open source" voting software that can be independently inspected. Scientists were pessimistic, noting that hackers could delete ballots on a particular machine without any worries that the library archives would foil them. No technology on the market today allows an election official to check software code that's already been installed and used on an individual voting machine and compare it to the software code stored in the library, noted library director Barbara Guttman. Avi Rubin, technical director of the Information Security Institute of Johns Hopkins University, called the program "meaningless." "At a high level, this plan sounds good," Rubin said. "It reminds me of when people take security measures simply for appearance's sake — to make you feel better. But it's not adding any real security." The big vendors and a smaller company, Avante International Technology, said the archive now contains significant parts of the code to be used Nov. 2 in Florida, California, Georgia, Maryland, Delaware, New Mexico and Nevada. They also submitted vote-tallying software and other "election management" programs. All the software in the library has been certified by independent testing authorities. Many states require such certification before running the programs in actual elections. Mark Radke, a marketing director at Diebold, said data storage "should provide substantial assurance to the voting public that their vote is accurately and securely tabulated." Companies submit data to the library on CD-ROMs, but the public cannot view the actual code. Instead, library technicians convert data into a mathematical algorithm known as a "hash" — the digital equivalent of a fingerprint. Election supervisors can compare the hash on software they're about to install to the hash in the library. If the fingerprints don't match, they know the software is not the same one certified by an independent testing authority. On the Net: National Software Reference Library: