this post was submitted on 21 Jun 2023
155 points (98.1% liked)

No Stupid Questions

35947 readers
2025 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS
 

I see stories about how election is rigged or that there are security vulnerabilities and lots of people don't believe the outcome. Why don't they just open source everything so that anyone can look at the code and be sure the votes are tallied correctly?

you are viewing a single comment's thread
view the rest of the comments
[–] ritswd 6 points 1 year ago (2 children)

I don’t know that that’s the reason, but I have an intuition from having been an election judge here in Illinois.

A voting machine is a closed-circuit system that just counts votes and prints the tally. It is not connected to any network, and getting its software upgraded requires a key that only the voting machine company has, and a seal that is unique and that can only be replaced by that voting machine company.

To make it clear with an example: a judge ruled in Illinois that ballots that would be in either English or Spanish were now void, they all had to be in both language at the same time. Because that didn’t use to be the case, the election judge has to choose for each person between “English”, or “Spanish”, or both in the UI, and if they don’t choose both, the ballot is void. It’d be a trivial UI fix, and critical enough that you’d think it would be a priority. And yet the past elections still had the old UI, because updating the software on there is that hard.

So my intuition: if a CVE was found in one of the open-source solutions on there right before the election, the voting company would have to patch it, except it couldn’t realistically be done in time, so the election would be canceled until there is enough time without a CVE. Which of course doesn’t typically happen for very long. But if it’s all closed-source and the voting machine company is on the line for it, therefore that problem doesn’t exist.

[–] [email protected] 7 points 1 year ago (2 children)

security through obscurity is a terrible idea - the problem is still there, and a determined attacker will find it anyway

[–] ritswd 2 points 1 year ago* (last edited 1 year ago)

I don’t disagree. The point here being that the choice that was made was to keep the machines off any network to mitigate a bunch of attack vectors, and that’s having consequences on which unusual compromises had to be found. In other words: I can see how the obscurity is probably not the goal, only a consequence of other goals.

[–] thebestaquaman 2 points 1 year ago

In general I agree, but these voting machines are in the quite uncommon position where potential attackers not only don't have access to the source code, but in general don't even have access to the program for any significant amount of time, and has no way of knowing if the software has been updated since they last interacted with it. That makes it very hard to even start developing an attack that could maybe work.

I guess my major concern with voting machines is this.

[–] MajorHavoc 1 points 1 year ago

Thanks for your insights.

A high profile CVE on voting machines released right before an election would almost certainly be solved by air-gapping the machines during the election.

Also, a high profile CVE released right before an election is almost guaranteed to happen, thanks to the motives of potential attackers, so it would be important to have a plan in place.