Yesterday, I posted an explanation of what caused the TREP to be suspended, whic

1. Yesterday, I posted an explanation of what caused the TREP to be suspended, which was furiously upvoted and downvoted in equal parts, mostly depending on the prior political preferences of the person doing the judging. The day before, I sent a somewhat lengthy email to Marcel Guzmán de Rojas, the administrator of the computer system used on Election Day who's said to currently be in Russia, explaining why I thought the explanation presented in the Final OEA Report didn't make any sense and why he should make a rebuttal. Quite shockingly, he actually replied to me:
2.  
3. https://i.imgur.com/ew6NGwn.png
4.  
5. (If you have a better way of showing an email that's less likely to be dismissed by dishonest partisans, I'm all ears.)
6.  
7. Here's the email I sent him to elicit the response:
8.  
9.  
10.  
11.  
12. El mié., 11 de dic. de 2019 a la(s) 06:11, [redacted] ([redacted]) escribió:
13. it would be extremely helpful if you made a public response to the oea report. you made a number of very useful and clarifying media appearances about a month ago, but i haven't seen anything from you since. the oas has focused most of their attention on procedural complaints about the computer system and singled you out in particular for harsh criticism, claiming again and again that you deliberately withheld information in order to conceal the alleged fraud. while there's great transparency about the election data - perhaps too much, i wonder sometimes - there's very little transparency about the computer system. aside from the report by ethical hacking, your reports to the tse are the only documents that provide any explanation of the computer system that's independent of the oea.
14. in one of your media appearances, you said that you thought the oea audit would be 'muy positivo' because it would separate legitimate arguments for fraud from fallacious ones, the latter being far more numerous than the former. i assume that you meant actual fraud - fake vote counts, forged documents, etc - and not a litany of nitpicking criticisms about how you changed a single line of code in a java file or fixed a database error using a sql command, all of which likely occurred in many previous elections which the oea praised. whenever i check the spreadsheets for actas about which there was some procedural complaint, i find that the data accurately represents what's in the acta image. so many of the oea's arguments are procedural, but procedures aren't ends in and of themselves - they're instruments to guide things to the right result. it's absurd to use procedural arguments to discredit an election when there's a mountain of publicly available data which can be used to verify the results.
15. i suspect that most, if not all, of the 'irregularities' in the computer system criticized by the oea have fairly banal explanations. for example, there was a lot of talk about the lack of exif metadata on most of the trep photos, but your explanation - that a graphics package you had used to rotate and/or compress the images had scrubbed the metadata - makes a lot of sense. just by checking the file size of #50999, i can see that it's about 3-4x larger than most other trep photos, which totally supports your explanation about the compression process failing occasionally. also, it makes sense to compress the photos, since it facilitates the faster replication of data across the various application servers. deep in the final oea report, they reluctantly acknowledge your explanation, but they also give a somewhat incomplete explanation of the facts in addition to an item or two of bad advice. critically, though: one really can't understand what happened to the exif metadata without reading your report. i assume this is also true about other matters for which you were criticized - especially the bo1/bo20 servers, which the oas claims were used to introduce fraudulent data into the primary trep application server, but i am extremely skeptical of this.
16. i have to ask, though: what was the tse's stated justification for bo20? based on their concerns about the unmonitored bo1 server and the traffic increase which caused the alert by ethical hacking, one would expect that they would simply use one of the other approved perimeter servers. however, they used bo20 instead. from your reports, i gather that you opposed this, that you thought nothing was actually wrong with bo1, and that you set up bo20, which was very similar or identical to bo1, simply to assuage the unfounded concerns of the tse. in the ethical hacking report, it explains the existence of bo1 by saying that '[los vocales] querían ver primero los resultados antes de ser publicados'. is that the reason for all of this? they wanted an advance look at any results? or did ethical hacking misunderstand what was being said? by your explanation of bo1, it appears that you are saying that it was simply a careless mistake that it remained active, which seems absolutely plausible. but if so, why are there ssh logins to that server on the day of the election, long before the ethical hacking alert which seems to have precipitated the whole election disaster? (i gather that you are quite frustrated with ethical hacking. you say at one point that their presence made your company's work more difficult, and in another place you say that if the presence of bo1 was a problem, they should've notified you earlier in the day. it seems that if they hadn't been there to send an erroneous alert at the worst possible moment, the election process would've gone smoothly.)
17. i have one other question as well: in your october 28th report, you say that the increase in traffic from bo1 at 19:30 on election night wasn't abnormal. however, ethical hacking insists that it was because, according to them, the server was making '30000 peticiones cada 30 segundos' and that this would be impossible because there are only 350 sereci operators. if all of those requests were from sereci operators and all 350 of them were working at their maximum rate of 'dos actas por minuto', this would mean that each acta represented ~86 requests. is that normal or abnormal? it's hard to know how many requests might be expected because this '30000 peticiones cada 30 segundos' figure is the only quantitative description of request traffic i've seen anywhere.
18. in any event, the oas's narrative about the 'servidores ocultos' doesn't even make sense to me. why would someone want to manipulate the unofficial preliminary count, except perhaps to lend credibility to a manipulated official count? and why manipulate a perimeter server that isn't even the central warehouse for trep data and images? i think all one could do is send erroneous transcription data back to the application server, but i figure any discrepancies would be traceable, and if they existed the oea would've cited them. are there even any credible claims that the acta images on the primary trep application server were modified? in one of your reports, you said that you initially opposed the installation of ossec because it could cause conflicts with your code and that there wasn't sufficient time to test the new setup. if ossec would've foiled the tse's supposed plot to manipulate the elections, then why wouldn't the tse just cite your initial concerns and decline to install it? furthermore, in your report you say that during the meeting with the tse vocales on election night, they cited the presence of this same 'servidor oculto' as a justification for suspending the trep count. so they drew attention to the centerpiece of their own alleged plot to rig the election? it doesn't make sense. why does the oas insist on using all of these procedural arguments, most of which only relate to the trep servers, when they presumably have logs of all the changes made to databases on the application servers? wasn't the data being published and updated every couple minutes? can't they just check to see what was done? aren't there a zillion copies, both digital and physical, of these actas? it's all very frustrating.
19. just as an example, here's something they say on page 4 of the final report:
20. El TSE contaba con un servidor principal (BO2), su respectiva contingencia (BO2S) y uno para publicar (BO3). Se mintió deliberadamente al decir que se utilizó el servidor BO3 puesto que el servidor utilizado para la publicación no fue este ya que al momento de auditarlo, tenía menos actas que las publicadas. Se constató inconsistencias entre las bases de datos de los servidores BO2 y BO3.
21. in your november 4th report, you explain that there were issues in the process of replicating the trep data across all the application servers and that you chose to use the data from the first server in that replication chain, the primary application server (bo2), to ensure that the published results were up-to-date. this seems totally reasonable to me given the state of events, but the oea twists this in their report, saying that the tse deliberately lied, implying that they were attempting to cover up some sort of malfeasance.
22. there are countless examples of these, but if we want just another one, there's this: they try to generate suspicion by saying that 'bo1' remained active after it was supposed to have been shut down, but when they dump three pages of nginx logs from the 25th, every single entry is a 404 error. or how about those ssh logs from bo1 on election day in which someone, i assume you, logs in, reads the nginx config file, greps in the file twice, disconnects, logs back in, reads the same config file as earlier, and then disconnects again. as far as i can tell, the only actual change they show is you making a backup of ec2-user's approved ssh keys into the same directory. frankly, there's no way you can read this stuff and not come to the conclusion that the oas is acting in bad faith and intends to mislead the public rather than inform it.
23. you seem like a well-meaning person who cares about democracy and truth. both are currently being trampled. there's a desperate need for a response to the report's allegations about the computer system. without it, the oea's false and misleading interpretations of events will go uncontested. (also, much of their report is devoted to slandering you either implicitly or explicitly, as i'm sure you well know!)
24.  
25.  
26.  
27.  
28. (Note: I wrote this before I found the full Ethical Hacking report, so there may be points of difference between it and the the post from yesterday that I linked. Also, of course I'm writing in a way designed to elicit a response.)
29.  
30. He's supposed to provide some kind of testimony soon, although I'm not sure if it will be public. Everyone should really keep a look out for that to hopefully see him explain, in his own words, why so many of the assertions about the computer system in the Final OEA Report are dishonest and misleading.
31. 📷