@cstross@HairyChris I can't wait to see what Bigelow(Boeing?) can fit inside a Starship cargo bay. Or, even cooler, a Superheavy-launched expendable second stage.
@mos_8502@living8bit Python is *very* easy to learn if you already know another language. And comes with a number of useful constructs that aren't easily expressed in C. It has its uses - what you do is what informs the choice of language.
@lxo I think you should apply for access to the machines and do more research on the protocols around the voting machines - from handling to data transmission.
There are attack vectors we can't really address - what if Intel puts malicious silicon inside the processor or the TPM? Data exfiltration by malicious code and ultrasound modulation? Once you compromise the hardware or the bootloader, anything goes.
@lxo the vote disclosure you mention was caused by a poorly chosen RNG seed, that allowed the attacker to duplicate the shuffling sequence of votes for that individual machine.
That specific flaw was, AFAIK, fixed.
As to independently verify and attack the machines, the parties and many other organizations and independent testers have access to the code and can request voting machines to be tested in realistic environments.
@lxo I am not sure how the signature checking is done with Linux (2002 was a Windows CE machine) but they all have TPMs now and the BIOS can check the signature of a first stage boot loader since 2002. If you can boot arbitrary code *and not be detected*, then any voting machine is doomed.
You are focusing too much on the machines themselves and ignoring all the precautions around their storage and handling, the multiple tamper-proof seals, the chain of custody controls...
@lxo The voting machine will not run an unsigned binary, so, unless TSE's signing key has been compromised (in which case, it's game over anyway), you'll not get far.
I have discussed this to exhaustion. I have worked on the voting machine project. This is NOT a plausible attack scenario.
@lxo@glynmoody I’d like to point out that there are two things being discussed - the machines themselves and the system built around them, which includes processes and controls. I haven’t heard of a viable attack yet that wouldn’t require compromising multiple components of the system. The machines and processes can always be improved, but we should acknowledge when good enough is good enough and, also, without proper threat assessment, security becomes meaningless.