This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.
Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.
We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:
-
Shaming.
-
Attempting to 'build consensus' or enforce ideological conformity.
-
Making sweeping generalizations to vilify a group you dislike.
-
Recruiting for a cause.
-
Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.
In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:
-
Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.
-
Be as precise and charitable as you can. Don't paraphrase unflatteringly.
-
Don't imply that someone said something they did not say, even if you think it follows from what they said.
-
Write like everyone is reading and you want them to be included in the discussion.
On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.
Jump in the discussion.
No email address required.
Notes -
This could be less serious than it seems. If the voting system is designed right, a BIOS password would be insufficient to cast a fraudulent vote - one possible example is in the vein of Windows' Bitlocker. A modified BIOS would cause the OS to reject the boot attempt, so you'd fail to get anywhere. If you booted something else, like a facsimile of the actual voting system but that swaps 25% of the votes for Trump to Harris or something, then you wouldn't have the credentials to submit the votes gathered and your pack of votes would be tossed.
But you could also use that as the attack, if you deploy machines that look like they're doing the right thing but then have bad/missing credentials and their votes are not counted, you could poke holes in areas that lean heavily Trump. This would be detectable after the fact - there'd be machines that mysteriously "glitched out" but you can't trust the machine so those votes can't come back in.
Either way, that's assuming there's decent security design in place. And of course, if they are right that you need access to the machine to put in the password and there's no remote management gunk somebody forgot to disable and they're under 24-7 guard, then the leak isn't actionable in the first place.
So overall effect - if you trust them to be mostly competent, things are in fact fine (unless/until a bunch of machines' worth of votes are tossed).
Bitlocker has been so thoroughly pwned it's a pure joke.
I'm not endorsing it - I'm just using it as an example more people are likely to know by name. It is the type of protection you want to see - disc encryption that only unlocks under the right conditions.
More options
Context Copy link
More options
Context Copy link
I don't know how the security architecture works in detail, but that really seems like the sort of thing a modified BIOS could work around with a strategic byte write to a known memory address. It's ~impossible to defend yourself against an attacker running on a higher ring than you.
You are, in principle, correct but that's exactly what dedicated cryptography hardware like a TPM is there to resolve. The BIOS stuffs some values not known ahead of time but measured/detected during the boot process (like a hash of the values in a bunch of different registers at point D during an ABCDEFG register sequence) into the hardware gizmo. Then the OS polls the gizmo for its current value and tries to decrypt its main boot volume using that as the key - wrong value, fail to boot. A compromised BIOS will now get different results from the measurements/hashses and can't reproduce that same state. If it had full control over the TPM, it could, but it doesn't - it does not respect ring 0. To be clear, there is still a way to beat this - you just have to monitor the values sent to the gizmo and then replay them in order, rather than trying to do the measurements yourself, but you can't accomplish that without physical access to the internals of the machine and some kind of sensor/probe to watch whichever bus the traffic goes over. You can also try to crack open the gizmo and read back its state, but that's also access-to-internals level.
Ah, that's fair. So for instance the TPM could detect a patched bios by polling the actual eeprom for a checksum? Or just signature check the whole thing. It wouldn't even have to use the BIOS to talk to the hardware in the first place. The BIOS just has to go "okay, you have the hardware, I won't touch the bus for the next x ms."
I guess that's pretty convincing in theory. (Do I trust that it's actually working like that? Is it even on?)
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link
More options
Context Copy link