[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Can a machine test itself? + other issues

Peter adds a middle-of-the-road view, and I fully agree with him.

I also agree with Vince that elections are important enough that they should command necessary resources for the optimum voting system.  I just don't think that our standard-setting activity should seek to raise the bar so as to eliminate COTS components, given the real possibility that most systems actually in use will not be at the COTS-free optimal level.  Rather, I believe that IEEE standards should define best practices in a way that do not preclude diverse implementations, that set goals for functions and operations in a manner that leaves alternative designers room to innovate solutions.  And these best practices should include automated test and, for example, simulation of voter actions on the touchscreens as appropriate.

That said, leaving economics aside, do you know of any mission-critical, embedded system whose basic source code and design documents have been made public in the way Open Source code is?  My impression is that the investment in mission critical, embedded systems is also fiercely guarded from public scrutiny for proprietary or government security reasons or both.  I may be wrong, of course, and you may have many examples showing how it would be practical to develop total proprietary systems, make the source code and designs public, and not be working on a cost+ basis.

This is my personal and professional opinion, and it does not necessarily reflect the opinions of my employer.

-- Dick

Richard C. Johnson, Ph.D.
Applications Architect
Oracle Corporation

Zelechoski, Peter wrote:
RE: Can a machine test itself? + other issues

Dick, et al. -

Throwing my two cents worth into this:

ES&S has used both entirely proprietary configurations and ones with COTS.

Definitely, if there is a way to make COTS workable (rules that allow for their use but make it acceptable constraints that the COTS providers will meet those rules and yet provide the necessary level of assurance), there should be a lower cost to deploying systems with them.  And, in use of the term "cost", I include more than just raw money -- time and effort to build/test/maintain/etc.

It is possible by setting up the rules around COTS (or Open Source for that matter) to either incent or disincent the voting solution vendors in such use.

- Peter Z
Peter M Zelechoski, CISSP, MBA-TM
Election Systems & Software

This e-mail transmission and any documents, files or previous e-mail messages attached to it may contain information that is confidential and may constitute non-public information.  It is intended to be conveyed only to the designated recipient(s) named above.  Any unauthorized use, reproduction, forwarding, distribution or other dissemination of this transmission is strictly prohibited and may be unlawful.  If you are not an intended recipient of this e-mail transmission, please notify the sender by return e-mail and permanently delete any record of this transmission.  Your cooperation is appreciated.

-----Original Message-----
From: Dick Johnson [mailto:dick.johnson@ORACLE.COM]
Sent: Wednesday, December 08, 2004 12:25 PM
To: Dick Johnson
Cc: Vincent J. Lipsio; COTS@LIPSIO.COM; stds-1583-disc@IEEE.ORG;
Subject: Re: Can a machine test itself? + other issues


One more question--is any vendor truly prepared to invest in an
embedded, totally custom COTS-free voting system and then make all of
its investment public as Open Source?  If so, I missed that information.

-- Dick

Dick Johnson wrote:

> Gee, Vince,
> please re-read my comments.  I have no doubt that there are tons of
> embedded systems in existence, and that there is an embedded system
> industry.  I have not said that such is impossible or that it does not
> exist.  I may have phrased my argument poorly.
> I am only saying that my understanding (which may be wrong) of the
> economics of voting systems is such that most voting systems are based
> on either Windows or Linux and not custom embedded systems for the
> reason that vendors have wished to save money.  Sure, it is possible,
> feasible, and desired by many to built COTS-free software--but how much
> will it cost and who will pay for it?
> This is my personal and professional opinion, and it does not
> necessarily reflect the opinions of my employer.
> Cheers!
> -- Dick
> Vincent J. Lipsio wrote:
>> Dick,
>> I have made my living for 28 years now designing embedded systems.
>> Remarkably, you have just told Stan that my line of work is "passed
>> the bounds of the practical".  Please do a Google search on "Embedded
>> Systems" and you will discover that there is an entire thriving
>> industry that you seem entirely unaware of.
>> Embedded systems typically employ a kernel written in-house (as, for
>> example, ES&S's DREs do) or an RTOS (Real Time Operating System), of
>> which there are more than a hundred on the market.  You may wish to
>> Google that term, too.
>> There are hundreds of specialized processors from all the major
>> manufacturers that are tailored to specific niches of the embedded
>> market.
>> Intel, realizing it was missing the embedded market because it
>> end-of-lifes its desktop CPUs three years after introduction, now
>> introduces a new x86 chip from time to time that is guaranteed to
>> remain in production as long as there is a demand for it.  For this
>> reason, most embedded systems that use x86 CPUs use some variant of a
>> 486 or 386.
>> Microsoft introduced CE in order to try to get into the embedded
>> systems market.  It has gained some popularity among non-critical
>> applications.  However, no critical device uses a Microsoft OS and
>> few use Linux; by critical device I mean, for example, a Class 3 or
>> class 2 FDA device or avionics systems certified under RTCA/DO-178B.
>> Your comments leave me no choice but to conclude that you have no
>> knowledge of the entire arena of computer engineering that Stan and
>> I, among others, have been discussing.
>> Vince Lipsio
>> -----------------    Commence Original Message    -----------------
>> You raise some interesting theoretical issues, but my sense of it is
>> that you have passed the bounds of the practical.  The economic basis of
>> computers was and is that they may run more than one program.  It does
>> not have to be this way; you could design and build a dedicated,
>> one-purpose machine with hardware and software all custom crafted.
>> Quite expensive, really, since all development costs must be amortized
>> over one specialized application.  The profit potential is limited,
>> given the costs of development, so no private party would want to do
>> this.  Are you sure that the political realities are such that the U.S.
>> Government in a time of deficit would choose to spend money on elections
>> rather than tax cuts?  I might agree with you on the desired approach to
>> election equipment, but I am not very influential regarding the federal
>> government's spending plans.
>> The fact of the matter is that in the real world we have MS Windows and
>> Linux from which to choose,  generic PC firmware and hardware,
>> specialized and general purpose printers, proprietary hardware, and
>> either open source or proprietary specialized voting software.  From
>> this mix, all US voting systems will certainly emerge.  We do have the
>> option of specifiying Open Test to supplement the existing proprietary,
>> private, and inscrutible test organizations currently providing
>> certification.  Our standards must provide a measure of how well an
>> individual voting system is likely to function, given our understood
>> criteria.
>> Otherwise, although interesting, speculation about total custom voting
>> systems (Open Source and Open Hardware Designs?) does not seem helpful
>> except in order to highlight what is needed in the real world.
>> This is my personal and professional opinion, and it does not
>> necessarily reflect the opinions of my employer.
>> Cheers!
>> -- Dick
>> Richard C. Johnson, Ph.D.
>> Applications Architect
>> Oracle Corporation
>> 631-689-3736