This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
I can't speak to the exact systems they are using, but my laptop from 15 years ago had two levels of BIOS passwords. You could set one (and I did) to prevent booting without the password, and another to actually making changes to the system. Assuming this is similar, I'd bet it's the password to just turn the thing on, not change it.
We don't actually know: why would you assume it's not serious?
Because if my biggest enemy managed to get the BIOS password to one of my machines (if I even cared to put one; I don't), I would not give a fuck. If you told me my biggest enemy managed to get the BIOS password to my machine AND unsupervised physical access to my machine for for a couple of hours, then yeah I'd be worried and wouldn't trust that machine anymore.
But so would I if he just had unsupervised physical access to my machine for a couple of hours.
Hence, the BIOS password is inconsequential.
Considering that this organization is literally publishing their passwords in an Excel document on the open internet, would you think that their physical security is likely to be particularly competent?
No, I don't think it is. But the BIOS password is not holding back anything if the physical security is lacking.
More options
Context Copy link
More options
Context Copy link
Who has access to voting machines? Lots of people, presumably. It's not like we have a full list of all election workers who stand near a ballot. I went and voted early this week, there were two ballot machines, in the hullabaloo it would have been easy for someone to stick a USB in. How would you feel about the scenario, "My biggest enemy managed to get the BIOS password to my machine AND dozens of people have unsupervised access to my machine, and one of those people could or could not be my worst enemy."
If that was possible, then the issue is not a BIOS password, it's unsecured USB ports and no one keeping an eye on them. Someone could stick in a keylogger or rubber ducky and cause all sorts of issues, without any BIOS password.
I'm not making the case that voting machines are secure; from my understanding they're very much not. Just that the situations in which having the BIOS password enables someone to do something nefarious overlap almost perfectly with the situations in which someone could do similar harm without the BIOS password. Replacing the OS with a tampered version is not a drive-by attack even with the BIOS password any worker can do in a couple of minutes with the machine. They need physical access to the machine for a length of time that is in the same ballpark as the time they would need to bypass a BIOS password.
Pretty much the same as if no one had my BIOS password and dozens of people have unsupervised access to my machine, and one of those people could or could not be my worst enemy. BIOS passwords are a paper thin security feature, they're more to keep nosy kids and clueless employees from creating issues for IT to solve than protect the integrity of the data on the machines.
More options
Context Copy link
More options
Context Copy link
I don't understand how anyone reasonably intelligent or familiar with IT could be so blase about this.
Lots of people from random officials and polling site volunteers, to the voting public themselves are going to have unsupervised physical access to these machines. Meanwhile the number of people who have legitimate reasons to access the bios, change settings, etc... can't be more than a few dozen. This is, to all apperances, quite bad.
Because that's the very point point, a BIOS password is hardly any protection against someone who knows what they're doing having unsupervised access to the hardware, AND it requires having unsupervised physical access to the machine to exploit a leaked password anyway. At best it saves them a bit of time. The usefulness of a BIOS password is protecting against people who don't know what they're doing accidentally changing BIOS settings, or very unsophisticated malicious actors (kids, disgruntled employees wanting to break something).
Lots of people are going to have physical access to these machines who shouldn't have access to things like system settings.
Is it really so difficult for you to understand why that presents a problem? Or are you also in the habit of arguing that people should leave thier doors unlocked because a determined thief will just pick the lock or break a window to get in anyway?
And they all have access to the BIOS settings, with or without the BIOS password. Unsupervised physical access to a machine makes completely irrelevant a BIOS password.
I'm not saying they SHOULD give out the BIOS password. I'm saying that for these machines to be trustworthy, the BIOS password does basically nothing if untrusted people have access to them unsupervised for significant amounts of time.
I'm saying it makes no difference if the door is locked or not if someone is given a couple of hours unsupervised access to your house; they have more than enough time to get in with or without a locked door.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
Because all is lost anyway. Computer systems are not generally secure things with layers of protection that are sometimes breached. Rather, inside any connected system there's likely malware from the CIA, NSA, a couple of Russian and Chinese groups, and some freelancers. Inside the malware is malware from the other bunch, plus the Mossad. And also the firewalls and such are thoroughly pwned. And this is all just automated, it's just luck whether anyone actually notices whether they've gotten into anything of value.
I have felt for a long time that fatalism more often than not a coping mechanism for a percieved or imagined lack of agency.
The attitude being that if nothing matters than I can't be held responsibile for anything can I?
There isn't anything most reasonably intelligent people familiar with IT can do about it, since they don't have any power, authority, or influence over the security of these particular machines. If a house is thoroughly infested with termites, worrying about a woodpecker pecking at the facade is pointless.
Again smells like cope to me.
The normalization of deviance and incompetence is not an excuse for it.
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link