This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
Colorado Department of State has put out a press-release on a whoopsie:
The Colorado Public Radio elaborates on what kind of passwords these were, and to which machines:
The Colorado Department of State calls these "partial" passwords and says no worries re election integrity:
The BIOS passwords, that were stored unencrypted on an Excel spreadsheet that was up on the department's website (but in a hidden tap!), are "partial" in a sense that one needs another password to access "every election component".
I am not a certified IT geek, so I asked Claude for top three security concerns if a hacker got my computer's BIOS password:
Those sound serious. That's OK, though, because I need my usual password to get into my account, so the BIOS password for my computer is just "partial", right? Claude patiently replies "Nope":
The Colorado Department of State, in their press release, give a paragraph describing why one shouldn't worry that this may compromise the voting equipment:
I have highlighted all that impressive-sounding security: secure rooms, secure ID badge, secure area... So with all that carefully thought-out security protocol, how the F*@& did the BIOS passwords got stored unencrypted on a Microsoft Excel spreadsheet in the first place? Let alone how that Excel file got onto the Department of state website? According to the Colorado Secretary of State Jena Griswold:
Which mistake, Secretary Griswold? The act of compiling of the unencrypted BIOS passwords onto a Microsoft Excel spreadsheet? The act of hiding that tab and leaving it on a Microsoft Excel document meant for sharing with broader audience? The act of uploading that document to the Department's website, free to download to anyone on the web? I am far more interested in answers to that first question, because it says quite a lot about the level of professionalism that underlies the security system of Colorado voting equipment.
What is the job of the Colorado Secretary of State?
The Colorado GOP, therefore, wants to know if Secretary Griswold will resign. Her response:
So that's a no, then. Plus, a nice implication that this whoopsie is also part and parcel of the "conspiracies and lies about our election system".
Is it too late to switch to that system we had the Iraqis use, with the ink-on-the-finger that stains the skin for the following week?
Mods, can we get a moratorium on using chatbots to pad out one's word-count?
I will happily go along with the community norms on the matter, once such become clear. My objective is to be completely upfront where I got the info, and I tried to include only the parts that are relevant to my point. I also put them in block-quote mode, so that they are easy to skip.
More options
Context Copy link
It’s already against the rules. Report it if that’s what you suspect.
The OP contains a section explicitly using a chatbot to get a "default answer" to a technical question. That seems like a legitimate use of AI to me, not "padding out the word-count", but apparently @TequilaMockingbird disagrees.
More options
Context Copy link
More options
Context Copy link
People tend to get banned for that when it's caught / suspected, the problem is that it's hard to detect, and prove objectively. What made you think that this is what happened here?
"I asked Claude" "Claude patiently replies"
Claude is an AI chat bot built by Anthropic.
The OP didn’t hide it, used it to summarise information, which the bot has done correctly as far as I can tell (except maybe the user applied answers about home pc bioses to voter machines)
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
As long as the machines use disk encryption, having the BIOS password doesn’t allow you to log in or tamper with the data. It would allow an attacker to completely blow away the data a little quicker than they could otherwise. No idea if they do use disk encryption. If they don’t that would be a bigger scandal in my book.
I was going to write about BitLocker, but I doubt people that store BIOS passwords in Excel sheets think about disk encryption much.
More options
Context Copy link
More options
Context Copy link
I would really, strongly, urge you not too try to extrapolate how a home computer bios configuration works to voting machines. It's bad whenever there is a leak of any kind of course but this is like if there was a leak of the physical key design to the entrance of the polling location that still has armed guards stations 24/7. To make use of these you'd need to know which keys correspond to which machine, have prolonged physical access to the machines, plug a keyboard or some peripheral device into them and then maybe you'd be able to do something unclear.
I'll add to this that BIOS passwords do not provide much security even in the ordinary context without armed guards. In order to do something with a BIOS password, you need physical access to a machine to type it in. But if you have physical access, you can also easily reset the BIOS password by removing a battery. (This would break a seal on the machine, but those seals can also be replaced.) So I don't think this leak of BIOS passwords meaningfully made the election less secure.
I'm still very much opposed to electronic voting, however, because of all the other ways they make voting insecure.
More options
Context Copy link
And the people who install or maintain those machines would have access to all that information. A very small conspiracy could hijack voting machines. Slip in a USB, run a program, and it's done. Machines have to be updated and maintained all the time anyways. And it's totally feasible to write a program that infects other USBs plugged into the device: Infect one machine, and then some third unknowing party who maintains the machines ends up infecting more.
It would be very easy to do! How do we know that this isn't being done? We would need a thorough audit of machine votes and record systems, and that's a right-wing Republican dangerous conspiracy that undermines trust in our sacred democracy.
Ok, but how does this relate to the OP? This is true whether or not there's a leak of some specific passwords in a publicly accessible excel document. Somebody has to have access to maintain voting machines and by the nature of maintenance would be able to compromise the thing they're maintaining.
In a secure operation, only a few people would have access to important passwords (like bios). Now, everybody has access to those passwords. The list of people who could be suspected of tampering with a ballot machine goes from documented individuals with a need-to-know to... everybody. And there would be lots of people with legitimate reason to handle a ballot machine who would not have legitimate reason to know those passwords. Lots of people handle ballot machines!
We know how to secure systems in this country, we do it all the time. If these passwords belonged to drones being used in Ukraine, the officer in charge wouldn't say, well, mistakes happen, but five day delays are normal, we shouldn't worry about Russia hacking into our systems, etc. etc.
Yes, and in the event one of those "documented individuals" was planning something of dubious legality, "accidentally" releasing that data would be a clever way to muddy the waters for any future audit or investigation. "I swear, it could've been anyone your honor."
Oops, I've strayed into conspiracy minded Republican territory again.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Ehhh, it's not great that these passwords have been disclosed but honestly, it's not the end of the world in this situation, assuming the voting machines are designed intelligently (not a safe thing to assume, I know): if someone has access to enter the BIOS password, they probably already have the kind of access they need to the machine to compromise it in many ways.
More options
Context Copy link
Is it any wonder that republicans have trouble trusting the integrity of our election systems when fair-minded professionals like Griswold are in charge of it?
More options
Context Copy link
I can't speak to the exact systems they are using, but my laptop from 15 years ago had two levels of BIOS passwords. You could set one (and I did) to prevent booting without the password, and another to actually making changes to the system. Assuming this is similar, I'd bet it's the password to just turn the thing on, not change it.
We don't actually know: why would you assume it's not serious?
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link