I am a computer programmer. Just like we have many here today.

INEC is telling Court to allow them reconfigure BVAS before the next election.

The question is this?
1.How can a machine made for serious election not capable of working perfectly for at least 4 years before reconfiguration.

2. Does it mean INEC did not test run this machine before using it?

3. If INEC chairman can agree that the machine failed in most cases, why can't they call for the cancellation of the election?

4. If billions of money was spent for using BVAS, why can't INEC take it time to properly train it's staff on how to operate the machine?

Injustice anywhere is a threat to Justice everywhere. Yoruba, Igbo, Hausa, Christians and Muslims, this is the only time we have to secure our future and that of our unborn children.

Let's stop pretending like everything is okay, while some useless politians are busy destroying our future.

A new Nigeria is possible.....

I am not privy to the any of the process design for the BVAS so my comments would strictly be my opinions as a programmer.

First, it is clear that there was either a shoddy design process or an intentional fraud or a mix of both.

There are 100k+ BVAS systems all connected to servers to fetch biometrics, validate data and upload images of a potential 93 million voters all within the space of 10 hours with peak demand at the image upload and results submission window which starts from 4pm.

At a potential 781 voters per machine, this approximates to 78 voters per hour or one voter per minute ON ALL MACHINES at the same time.

A redundancy design of 100 users per hour is fair. If each user requires say 1mb download of validation data and another 1mb of upload, this implies a bandwidth demand of at least 100mb/100mb per machine per hour or 1gib per machine.

Each machine would also require at least 5mb to upload the result page and results at the end of the day. 5mb from 100k machines is 500Gib of data hitting the servers at peak time in the evening, separate from the 100,000 Gib overall on election day.

This is a whole lot of data demand.

Now to my first assumption as regards incompetence, it would be absurd if the developers did not envisage such a demand and designed for a lower scale. This assumption falls flat because the bulk of the data transmission (the 100k) went ahead without reported hitches across the country. People were able to validate and vote. So lack of capacity should be ruled out, despite the volume of data.

Could there have been an inefficient code that slowed down process after hitting a load which then timed out other processes? If this was the case, then the incompetence of the CTO comes to bear. A load test on the servers would have revealed such prior to the D-day.

My second assumption is that there was an intentional fraud. The main problem on election day was the inability to upload the presidential results. The other elections uploaded successfully.

As a programmer, following the DRY principle, i would not code upload codes separately for the presidential and senate elections. I would only provide different endpoints for the same factory.
So it is safe to assume that the presidential election upload endpoints caused the whole drama.

So, a suspension of the presidential election upload endpoint permissions by a root access user (or another privileged user) could have sabotaged the elections.

In a well designed system, this fraud could be discovered via a review of the stream logs. If LP and other aggrieved parties in the election could get their hands on the codes, they should be able to see who and when this was done. However, i am doubtful if the assumed criminal would be dumb enough to leave footprints.

Now as regards INEC’s recent claim that they need to wipe systems. I am bold to declare that the statement is an attempt to cover up the fraud.

In the 12- Factor App design methodology, every good developer should know that a server should have no state. You store nothing on a server. A server simply collects inputs from the users, fetches data from the database and returns data to the user or store inputs or processes into databases.

Except they want to wipe their databases or caches which is absurd and suspicious, there is nothing to hide. There should be enough storage to hold all our election data. Afterall, INEC had an open cheque from the national budget.

One thing i would like to add is that all the transaction logs for the election must be provided for review. Let forensic experts go through the logs to understand what happened.

For future elections, i would suggest a blockchain based transaction model.

Cheers

EDIT:
Some of my earlier assumptions on online validation were wrong as each BVAS was hardcoded with validation data for each polling unit so overall data transmission would have been around 500 GiB for the whole day. Other points remain valid.

truthCoder:
I am not privy to the any of the process design for the BVAS so my comments would strictly be my opinions as a programmer.

First, it is clear that there was either a shoddy design process or an intentional fraud or a mix of both.

There are 100k+ BVAS systems all connected to servers to fetch biometrics, validate data and upload images of a potential 93 million voters all within the space of 10 hours with pick demand at the image upload and results submission window which starts from 4pm.

At a potential 781 voters per machine, this approximates to 78 voters per hour or one voter per minute ON ALL MACHINES at the same time.

A redundancy design of 100 users per hour is fair. If each user requires say 1mb download of validation data and another 1mb of upload, this implies a bandwidth demand of at least 100mb/100mb per machine per hour or 1gib per machine.

Each machine would also require at least 5mb to upload the result page and results at the end of the day. 5mb from 100k machines is 500Gib of data hitting the servers at peak time in the evening, separate from the 100,000 Gib overall on election day.

This is a whole lot of data demand.

Now to my first assumption as regards incompetence, it would be absurd if the developers did not envisage such a demand and designed for a lower scale. This assumption falls flat because the bulk of the data transmission (the 100k) went ahead without reported hitches across the country. People were able to validate and vote. So lack of capacity should be ruled out, despite the volume of data.

Could there have been an inefficient code that slowed down process after hitting a load when then timed out other processes? If this was the case, then the incompetence of the CTO comes to bear. A load test on the servers would have revealed such prior to the D-day.

My second assumption is that there was an intentional fraud. The main problem on election day was the inability to upload the presidential results. The other elections uploaded successfully.

As a programmer, following the DRY principle, i would not code upload codes separately for the presidential and senate elections. I would only provide different endpoints for the same factory.
So it is safe to assume that the presidential election upload endpoints caused the whole drama.

So, a suspension of the presidential election upload endpoint permissions by a root access user (or another privileged user) could have sabotaged the elections.

In a well designed system, this fraud could be discovered via a review of the stream logs. If LP and other aggrieved parties in the election could get their hands on the codes, they should be able to see who and when this was done. However, i am doubtful if the assumed criminal would be dumb enough to leave footprints.

Now as regards INEC’s recent claim that they need to wipe systems. I am bold to declare that the statement is an attempt to cover up the fraud.

In the 12- Factor App design methodology, every good developer should know that a server should have no state. You store nothing on a server. A server simply collects inputs from the users, fetches data from the database and returns data to the user or store inputs or processes into databases.

Except they want to wipe their databases or caches which is absurd and suspicious, there is nothing to hide. There should be enough storage to hold all our election data. Afterall, INEC had an open cheque from the national budget.

One thing i would like to add is that all the transaction logs for the election must be provided for review. Let forensic experts go through the logs to understand what happened.

For future elections, i would suggest a blockchain based transaction model.

Cheers

Which validation cost 1mb to process , inec is corrupted simple

With amount spent on the useless technology
The creator speculated all this scenarios na inec just rigged and planing to clear evidence

A programmer with sense will always solve and even solve unseen problems Like this

Nothing like failure on this technology inec just have back door

Even programmers on this forum will come up with a better technology that will cost less and will not fail , it is high time we stop using foreign technology on a national matters

Imagine a bvas that determines who rules that no single person can give details or how it how's and then kind of encryption and how hackproof it is

Shame to inec and the people that want to run this country down

God bless nigeria

@truthCoder

I'm sure you know that INEC would rather "die" than release those logs. That's if they haven't been obfuscated already

airsaylongcome:
@truthCoder

I'm sure you know that INEC would rather "die" than release those logs. That's if they haven't been obfuscated already

I am suspecting that certain logs or footprints actually exist (wont be surprised if there are github commits for example) and the claim that they need to wipe is to enable them clean the records.

I am also guessing that due to the scale, cloud would be involved. (Thats going to be some serious compute cost. ), GCP, Azure or AWS. Footprints will always dey.

I am being hopeful that real forensic experts are on the LP and other aggrieved party’s teams.

truthCoder:


I am suspecting that certain logs or footprints actually exist (wont be surprised if there are github commits for example) and the claim that they need to wipe is to enable them clean the records.

I am also guessing that due to the scale, cloud would be involved. (Thats going to be some serious compute cost. ), GCP, Azure or AWS. Footprints will always dey.

I am being hopeful that real forensic experts are on the LP and other aggrieved party’s teams.

I think the cloud was locally hosted. I cannot say with 100% certainty but I have a feeling it was hosted in Lagos. There's a Data centre (Bare metal not AWS/GCP resellers) somewhere in the Lekki axis that was commissioned recently. Lagos government did the road to their office somewhere around Jakande. I don't expect that INEC will host those kind of data outside the country where they don't have complete control

airsaylongcome:


I think the cloud was locally hosted. I cannot say with 100% certainty but I have a feeling it was hosted in Lagos. There's a Data centre (Bare metal not AWS/GCP resellers) somewhere in the Lekki axis that was commissioned recently. Lagos government did the road to their office somewhere around Jakande. I don't expect that INEC will host those kind of data outside the country where they don't have complete control

Wow. Pressure ti wa.

Maybe na for there pressure ti wa sef.

jazzme1:


I am a computer programmer. Just like we have many here today.

INEC is telling Court to allow them reconfigure BVAS before the next election.

The question is this?
1.How can a machine made for serious election not capable of working perfectly for at least 4 years before reconfiguration.

2. Does it mean INEC did not test run this machine before using it?

3. If INEC chairman can agree that the machine failed in most cases, why can't they call for the cancellation of the election?

4. If billions of money was spent for using BVAS, why can't INEC take it time to properly train it's staff on how to operate the machine?

1. Working properly and reconfiguration are 2 different issues. Many devices need to be reconfigured after use and that doesn't mean they're not working properly. After the Guber/HOA elections it will take 4 years before the next reconfiguration.

2. The machines were tested before use and there're no issues with it.

3. INEC Chairman never said that the machines failed. The primary role of the machine is for accreditation, that why it's called the Bimodal Voters Accreditation System (BVAS). Cancellation of election is a different issue, it's for law students to discuss that.

4. I agree that many of the ad hoc personnel were not properly trained. They should actually take time to train those who will be operating the devices.

truthCoder:
I am not privy to the any of the process design for the BVAS so my comments would strictly be my opinions as a programmer.

First, it is clear that there was either a shoddy design process or an intentional fraud or a mix of both.

There are 100k+ BVAS systems all connected to servers to fetch biometrics, validate data and upload images of a potential 93 million voters all within the space of 10 hours with peak demand at the image upload and results submission window which starts from 4pm.

Cheers

The system design is likely the culprit or human error but as we always say systems always fail.

The BVAS are not connected to servers for authentication.

silento:


Which validation cost 1mb to process , inec is corrupted simple

With amount spent on the useless technology
The creator speculated all this scenarios na inec just rigged and planing to clear evidence

A programmer with sense will always solve and even solve unseen problems Like this

Nothing like failure on this technology inec just have back door

Even programmers on this forum will come up with a better technology that will cost less and will not fail , it is high time we stop using foreign technology on a national matters

Imagine a bvas that determines who rules that no single person can give details or how it how's and then kind of encryption and how hackproof it is

Shame to inec and the people that want to run this country down

God bless nigeria

It's frustrating when things don't go as expected. The device worked as expected. The issue was with the IReV. They're interconnected but different. No technology is foolproof. The issue is not a programming issue, It's more of system design and architecture, issues relating to load balancing, caching, databases, proxies, scaling, web servers, microservices, CAP theory, Queues etc and/or human factor.

The Fault Tolerance and Critical Systems policy was poor. The budget was also poor. INEC's budget was N105.3B for procurement of accreditation devices if we assume all of that money was spent on procurement, the funding is poor, when you account for inflation and exchange rates. This is because the funds will be going offshore for foreign procurement. When you compare Nigeria's cost of elections vs other African countries. It's cheaper to conduct elections in Nigeria. Eg It costs Kenya $17 per voter and Nigeria $6 per voter. When they received the funds is a different story.

truthCoder:


I am suspecting that certain logs or footprints actually exist (wont be surprised if there are github commits for example) and the claim that they need to wipe is to enable them clean the records.

I am also guessing that due to the scale, cloud would be involved. (Thats going to be some serious compute cost. ), GCP, Azure or AWS. Footprints will always dey.

I am being hopeful that real forensic experts are on the LP and other aggrieved party’s teams.

There are logs for every transmission. The logs can be retrieved from the servers. If that will help the parties is a different issue.
For the data, it is not stored offshore. The forensics will reveal interesting details not so much with respect to posted results but with respect to accreditation /overvoting or successful packet injection.

The aim of the BVAS is to perform MFA. Reads voters card and biometrics.

Can INEC uploads all the results immediately they are captured? They should be able to upload most of the results immediately but not all. They don't own the end to end infrastructure.

Are results uploaded to IReV? No, the results are uploaded to a database. So IReV is a web facing server that queries the database.

Is it the same database server used for the Presidential/NA reports. I'm not sure but it's unlikely. When I made some queries to the server, I was blocked by a firewall. It can be bypassed by using other protocols. Best practice demands it should be separate.

At a time IReV was down. I had high response time to the server. I could also tell there were spoofing packets to the server, if it was successful is a different case.

studyless123:


The system design is likely the culprit or human error but as we always say systems always fail.

The BVAS are not connected to servers for authentication.

My apologies. You are right. I actually forgot that they hard codes each device.

This could have accounted for why accreditation went smoothly and uploading failed.

System design for failure of bvqs and irev

And bad ui/ux implemention for staff been unable to use it device like this is always super simple to operate

truthCoder:


My apologies. You are right. I actually forgot that they hard codes each device.

This could have accounted for why accreditation went smoothly and uploading failed.

Yes accreditation was offline. The machines were pre-loaded with the Biometric data of voters in each polling unit. High risk if you ask me because it's easy to disenfranchise people by deliberately loading the wrong data. However I understand why they had to do it as it can be time consuming having the central Biometric database queried each time a voter is accredited. But it is a huge point of failure.

I don't know why the "result" upload is a copy of the scanned result sheet. Why can't the Polling officers key-in the results at the Polling Units and attach the copy of the results sheet as evidence of the correct entry?

Also do you, and anyone else here or the entire forum think we can have a full electronic elections in the country? I came across a github repo of the election software used by Estonia for their elections. Also cam across belenios.org as an open source election software and thought it can be a good basis to start thinking about electronic elections in this country.

Can tie our election software to NIN database so that all those child voters can be eliminated or at least heavily reduced as no one would want to declare a 6 year old as an 18year old, making them 12 years older than their actual age for life

airsaylongcome:


Yes accreditation was offline. The machines were pre-loaded with the Biometric data of voters in each polling unit. High risk if you ask me because it's easy to disenfranchise people by deliberately loading the wrong data. However I understand why they had to do it as it can be time consuming having the central Biometric database queried each time a voter is accredited. But it is a huge point of failure.

I don't know why the "result" upload is a copy of the scanned result sheet. Why can't the Polling officers key-in the results at the Polling Units and attach the copy of the results sheet as evidence of the correct entry?

Also do you, and anyone else here or the entire forum think we can have a full electronic elections in the country? I came across a github repo of the election software used by Estonia for their elections. Also cam across belenios.org as an open source election software and thought it can be a good basis to start thinking about electronic elections in this country.

Can tie our election software to NIN database so that all those child voters can be eliminated or at least heavily reduced as no one would want to declare a 6 year old as an 18year old, making them 12 years older than their actual age for life

Your questions remind me of the Nigerian Customs Service.

Car customs duty details should exist in a database that is easy to query by every car buyer but the system has been designed to make this look impossible. I can build a highly performant customs duty tracking software for the whole NCS in few weeks but will they allow someone like me or something like that to exist?

If you remember, the new electoral act was fought against by many politicians and even some lawmakers.

Electronic voting is possible. It has been happening for years in many other countries. Some antagonists claim a high level of illiteracy but there is nothing pictures, proper animations and simplicity can not resolve. Even chimpanzees can click a screen.

My suggestion for electronic voting is to reduce the number of polling units to 10% of current size and increase the number of voting days to 3 days, allowing for a 72 hour voting window. The electronic machines deployed would be like mini ATM machines and should be manned by security operatives and CCTV cameras to prevent intimidation. Each voter would be accredited via face or fingerprint recognition softwares.

There should be voter validation and new card issuance. New cards should be backed with their NIN.

Each voter should be able to vote at any voting machine irrespective of assigned local government. To prevent voting influence from other locations, you would only be able to transfer your voting local government up till 6 months before the election.

After the 3rd day, results are collated by the software and not by old vice chancellors and populated on the websites.

Each vote should be a blockchain transaction that can be verified and is immutable. The voting ledger would be open and each person can verify that his own vote actually counts.

We should be able to build something in this line with A similar INEC budget