Voting machine source-code leak shows odd subroutines

I agree wholeheartedly that all voting machine code should be open for public inspection, but I don't think it helps the cause to make fantastic claims that are not supported by the evidence.

I have worked in the software for the Brazilian electronic voting system and I am astonished they used such a heavy pile of software.<p>The code I helped write had to run on as little as 8 megabytes of RAM on an embedded MS-DOS-like OS (our version targeted Windows CE, but it had to run on the older, 386-ish machines). It was written in very compact ANSI C, had data in plain-text files and certainly didn't need a relational database embedded in the ballot.<p>All this reeks of incompetence.

What is surprising is that people will jump the gun with stuff like this, if you <i>really</i> want to make a dent in these companies you have to get ironclad proof first, have it checked by someone else that is 'noteworthy' under NDA and <i>then</i> you go all out to the media.<p>It's almost as if they just cared about the short term exposure and not the longer term goal.

Claim: "They appear instead to have just vandalized the data as valid databases by stripping the MS-SQL header data off, assuming that would stop us cold."<p>Correction: " It appears the files were NOT VANDALIZED and will open in MS-SQL Server 2005."<p>Claim: "This in turn revealed thousands of lines of Microsoft SQL code that appear to control the logical flow of the election. Stuff like:" (example follows)<p>The example they give looks like some code which adds a new candidate to the ballot.<p>This looks like an embarrassing debacle so far.

For now it seems that it doesn't, there is already much written about this and there are plausible explanations on how that stuff got in there. Best to wait and see and not jump the gun on this, if it is real it will definitely come out. Until then this is pure speculation.<p>Such accusations should only be made with very solid evidence in hand to avoid blowing the media attention on a 'dud', then next time when there is real evidence you'll get a small fraction of the response.

<a href="http://www.itwire.com/content/view/28715/1141/" rel="nofollow">http://www.itwire.com/content/view/28715/1141/</a> is a rebuttal by someone with some actual technical skill (eg, he knew how to restore a database backup)

Nope. It does not show that.

The entire idea of electronic voting just rubs me the wrong way. Any way you shake it, it seems as if the security of the systems is only as good as the lowest-payed employee with access to the source code.