|
|
|
|
|
|
by teddyh
1025 days ago
|
|
|
> because it raises the "barrier to commit fraud". It raises the cost and technical competence barrier, but lowers the “number of people required” barrier. So good luck having all your future elections controlled by the CIA, or whatever. |
|
|
https://www.theguardian.com/world/2022/may/05/cia-director-b...
When the software is compiled, it downloads libraries off the network and links them against the final binary before it is signed. Says so in the brazilian military's report. As far as I know, those libraries have not been audited. No one who has ever argued with me on this matter has ever provided evidence refuting this beyond shadow of doubt.
I thought everyone on this site would be able to spot the supply chain vulnerability in there. After all, not rarely people post stories here of people getting hit by those very same vulnerabilities when some malicious actor hijacks some npm package or something.
But no. The top comment is someone using authority as an argument. Just literally "these are very serious companies and people here". They got all these certificates, so all is well and we should just accept it. I can't even reply to the comment either for some reason. Sigh.
The saddest part of all this is all the brazilians asking for source code on social media. Most of them don't know what source code even is. They don't know that source code doesn't matter if you can get malicious code linked into the binary. They don't know that only publication of the signed binary that actually ran on election day could prove anything.