Re: confused about COTS vs open hardware

From: Jim March <1_dot_jim_dot_march_at_gmail_dot_com>
Date: Wed Feb 07 2007 - 13:02:07 CST

This issue of "COTS hardware" has been a concern for some time.

To illustrate the issue, there's a real-world example of "hacking" that went
on some years back.

As always, the major makers of high-end video cards were in a performance
race (still are). One of the major computer magazines at the time (mid-90s
I think?) wrote a series of benchmark programs for video and other issues,
and released it as freeware. It became THE standard tool for judging video
performance.

Well at least two of the video card makers "gamed it". They wrote drivers
that would identify the benchmark utility itself and when detected, would
disable error checking and a bunch of other protections so as to squeak out
max performance, yet at the same time run that way without crashing and
burning when that benchmark app was running. If you also tried to run
anything else in the background, good luck...the thing had become as
unstable as a congressional retreat carpentry project.

Understand: this "cheat code" wasn't just in drivers shipped to magazines
for review - it was in EVERY retail box, available for download, etc.

It was only discovered (despite all this being closed source - benchmark AND
driver) because there were huge numbers of eyeballs on the situation. After
all, graphics performance in DOOM attracts a hell of a lot more attention
than voting systems...compare the traffic at www.tomshardware.com with any
election integrity site if you don't believe me...

So: could some standard bit of microcode be rigged to provide an "election
cheat toolkit/library" if called via a specific hardware memory location or
something? And released across the industry?

Well...yeah. It would have to be written in coordination with a voting
system programmer, but...yeah, it IS possible. Likely? Who knows.

This is why Open/Public Source is "part of this complete breakfast" but
isn't the whole answer either. Proper audit procedures are a key as well.

Jim

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed Feb 28 23:17:09 2007

This archive was generated by hypermail 2.1.8 : Wed Feb 28 2007 - 23:17:27 CST