IEBC

Ujinga gani? Did you stop and think deeply about my question? Ama ni kupayuka tu. Have you even tried the mathematical implication of your id # having 8 digits?

My frien? My ID has 8 digits, mimi sio mtu wa 1960. Wacha ujuaji.

OK. If you understand what those 8 digits mean, assume 00000000=0, go back to your first course in maths and tell me how many non-repeating numbers you can get. Hint: permutations and combinations.

1 Like

Once you do that think how 12345678 might be a valid id number?

Toa upuzi hapa. data validation hatujaskia leo.

Oh the mighty Descartes, welcome! What is in my discussion that annoyed you thus? Please put down your Rungu. They say you should avoid attacking the messager. Can we engage in a healthy discourse?

How can one forget validation? Si angesahau passwords na username basi ata za admin.

It would be interesting to discuss your alter egl, Rene Descartes. He was a great mathematician and philosopher.

Sometimes the pressure (political/financial) requires that the prototype is upgraded to production without adding the boilerplate code.

Wacha kujaribu kunichanganya. Do you know whats a boilerplate in this business?

Na hizo
12345678 na 1234567 haziko e citizen while such old ID numbers should be there.

Dont forget that

No. Security is important! Its part of validation. Nevertheless, lets look at the underlaying issues:

Every organisation wants its products shipped to customers as soon as possible. Microsoft wants you to have the next version of windows as soon as possible. IEBC wants you to have an online voter verification portal soonest. From a traditional project model, you would think of cost, schedule and quality as the primary constraints. You could vary one and get some adjustmetments from the other two.

The traditional project model does not work in software projects. (I can give you references )

My point is that IEBC accepted low quality software to get into production. Their programmers let them down. Do you expect the same programmers to leave viable holes for rigging?

BTW why should’nt of all iebc software be open source?

ndo nakuuliza walisahau aje validation? Even a beginner cannot build a database without validation. I dont see how this could be omitted unless the whole thing was deliberate. Anyway, maybe my standards are higher than that whole group of developers who built that thing. unfortunately, chebukati and top leadership may not know much about testing, validation and querying and all possibilities and they will take heat for things they have never heard of.

Well, i will make assumptions here because I dont work with iebc and i dont have all the facts. Im assuming that their data is their most important asset. The most reliable way way of storing it is via a relational database, I think they chose Oracle. This is the database that holds information that was used for voter registration, voter verification, and will even be used for actual elections and tallying. Any competent database professional can design it and apply appropriate security to make any changes, however small, auditable. A competent IT auditor can confirm an audit compliant database.

Lets go back to what happened Jana. People were querying this database using invalid ID card numbers e.g. 0, q, or even 0x4675636b. All what the website needed to do is tell those weasels that all those are invalid id numbers. Dont crucify iebc programmers (oh hawakutumia regex shit) , many ignore programmers just like they do other professionals. You dont budget for a tractor and expect an aircraft.

Now, that reminds me of the millenium bug. For those that dont know about it, jaribu Google.

[QUOTE="
Lets go back to what happened Jana. People were querying this database using invalid ID card numbers e.g. 0, q, or even 0x4675636b. All what the website needed to do is tell those weasels that all those are invalid id numbers. Dont crucify iebc programmers (oh hawakutumia regex shit) , many ignore programmers just like they do other professionals. You dont budget for a tractor and expect an aircraft.

Now, that reminds me of the millenium bug. For those that dont know about it, jaribu Google.[/QUOTE]

So can you explain why those queries with invalid ID numbers would bring up those particular details and not any other like for example kigui’s details?

No, I cannot explain. I would need to have access to that database. I don’t.

With such a low quality system. Isn’t a wall in the park for hackers snd crackers.

Even Didah can be the main man fair and square.

Not necessarily. Like I said, im not an iebc insider. However, if i were working there, i would make sure that the current database you guys are querrying was read only, isolated and not even within the internal iebc network.

Considering that IEBC IT team allowed such things to happen. It speaks alot about them.

Probably they are rubber stamps.

Hiyo hekaya ya someone editing iebc register sijasikia. Weka rink, I will click.