> Brazil used to at least pretend to be a democracy with a constitution and rule of law
What do you mean? Didn't they have an election that the incumbent lost (for very good reasons I might add, anyone who bungles the Covid response that bad doesn't deserve to remain in power regardless of anything else (and there was a lot of "else")) recently, implying democracy and all that?
Another theory I have is the CIA leaked the Jan 8 recordings to CNN. Security camera recordings that implied he and his people staged a false flag terrorist attack operation in Brasilia in order to justify censoring the internet and persecuting the opposition.
They made those recordings confidential and stalled official attempts at investigation as much as possible. I actually thought they were going to just memory hole all this. Then Lula allies himself with Russia and China and openly says Ukraine was responsible for the war and that they should just cede the territory in order to have peace. In the next few days those confidential recordings are somehow "leaked" to the media and now people are literally angling to impeach him. Looks like Brazil is a country of coincidences.
> They made those recordings confidential and stalled official attempts at investigation as much as possible.
They made the recordings unavailable to Congress because several members of Congress are being investigated for their involvement. Also, it's not a legal responsibility of Congress to investigate criminal and terrorist attacks - that responsibility belongs to the police, as the responsibility to ensure the safety of the president is with the Institutional Security Cabinet, which, until recently, was stacked with Bolsonaro supporters (one was recorded serving water to intruders).
It's naïve to the extreme to think the federal police doesn't have the full recordings (CNN showed a few, out of order, with selected faces blurred, including the guy serving the intruders) and hasn't had them from the start, as the first thing they'd request would be those recording (and they know how many cameras there are, and how much material they should have - running time times the number of cameras).
I know they had the recordings. They just didn't release them because they obviously implicated Lula and his people.
They literally buried Lava Jato. Biggest corruption scandal in the country and they erased it all. Lula actually gets to claim he's innocent, they dropped the charges. You think I trust anything these people "investigate"? Not a chance. I'll take my chances with the court of public opinion. It's got way more credibility than these "institutions".
Because the police wouldn't want to alert the people being investigated they were recorded committing crimes.
> they obviously implicated Lula and his people
There is no evidence in any recording made available. Quite the contrary - there is ample evidence of misconduct by the district's police that answers to the secretary of public safety, who was visiting Bolsonaro at the time, by the military, and by the members of the institutional security cabinet, mostly carryovers from the Bolsonaro government.
Days prior to the events both ABIN (intelligence services) and PF (federal police) warned Flavio Dino (minister of law & order) of the build-up and he did nothing (which is a crime). Everyone in the country knew this thing was going to happen.
I don't want to counterargument all of your points because they are totally paranoid and just feeds the disinformation that Bolsonaro and his followers spread throughout the election year.
You could use any number of arguments, you could say that the current government is actively pushing for censorship and state-wide surveillance, you could criticize the fact that the supreme court judge had the power to decide what was allowed and what wasn't during the election (which is a huge red flag and surprisingly Moraes only acted towards content that had little to no truth to it) and he's now pushing for TSE (Supreme Electoral Court) to have this permanent power to decide what is allowed and what isn't on the internet.
> Last year the brazilian armed forces released a report saying that the voting machine software's makefiles download unaudited proprietary libraries straight off the internet and links them against the final binary. I'm sure the HN community can appreciate the insanity of that. Brazilian journalists didn't.
The same Aremd Forces that was heavily politicized and most of them, if not all, were supporting Bolsonaro and all the stupid shit he spat out during the election year, the same armed forces that celebrated when that stupid Oswaldo Eustaquio said the voting machines had a huge security flaw in it and he couldn't even write proper code, which turned out to be a SIMULATION of the voting machine obtained from a repository on GitHub.
The voting machines are audited every election year, TSE invites the political parties to audit them and strongly recommends them to invite over technical people to find issues with them. They found a couple of issues in the last year which had no impact on the election and wouldn't have.
EDIT: as someone pointed out in another comment, the armed forces didn't participate in ANY of the public auditing sessions and were pushing for their own audit just so they could come up with something to feed the lie Bolsonaro was spreading that the voting machines aren't secure and shouldn't be used for elections.
Well, are they wrong? When we filter out all the noise, that's what it comes down to. Are they wrong?
> They found a couple of issues in the last year which had no impact on the election and wouldn't have.
"A couple of issues" ?
Does the voting machine software's build system NOT download unaudited proprietary manufacturer shared objects from the internet? Because that's the conclusion I came to after I read that document. That's a clear supply chain attack vector. The same type of attack vector that plagues Javascript and Python developers, many of whom post here on this very site. Yet this is supposed to be "conspiracy theory".
Am I wrong about this? So far I haven't seen anything to make me think I am. Do you have any critical information I'm missing?
When faced with this, the TSE judge just archived it with some "thanks for the code review" comment and that was the end of it. Then he says the system's "unquestionable". Then he fines Bolsonaro's party 22 million for the "bad faith" of questioning it. I don't trust it for a second.
Read the actual armed forces report. Would you like me to upload it somewhere?
Page 4, they recommend that access be given to the libraries referenced by the code. In other words, those libaries weren't audited.
Page 5, they say they noticed that the internet was accessed during the software compilation process for the purpose of downloading third party libraries. They outright say that this is an attack vector.
The rest of the document more or less verifies that everything is as expected after the final binary has been cryptographically signed. This is expected, any tampering necessarily occurred before the binary was signed.
Auditing source code doesn't matter given the nature of the attack vector. Protesters asking for source code will be embarrassed when they publish it and nothing is found. I'll only be satisfied if they publish the actual signed binary which ran on every machine on election day, the whole world looks at it with reverse engineering tools and finds nothing. Then I'll accept brazilian elections as legitimate.
I read the report and there's nothing there that can be used to argument in favor of what you're saying.
On the same report they point out 3 improvements for releasing the source code:
- provide access to git or the VCS they use
- allow usage of tools that do dynamic code analysis on compiled code
- provide access to 3rd party libs referenced in the source code
They didn't say the machines that compile the source code had internet access; they explicitly stated those machines had network access (which is completely different); they might have access to local network and it's expected so they can fetch the libraries needed for compilation.
I can't deny that a supply chain attack might be possible by corrupting one of these 3rd party libs, but there wasn't anything on their report that is as bad as you make it out to be.
Also, I can agree that the auditing should be more transparent, but I can't help but think that imagine if the army had access to the whole source code, how they would try to come up with a supply chain attack just to mess up the elections to favor their candidate?
EDIT2: just to clear out, there were several different auditors when they had the auditing session, including universities and the federal police, the source code was provided to these auditors in 2021 and none found the issues the army pointed out. It's even pointed out by TSE that the army had access to the source code at the same time the other auditors had.
There's nothing to worry about. There were public tests that provided full access to the source code and the army boycotted these tests, then they produced their own report, bringing up issues that could definitely be done during those public tests they decided not to participate.
> provide access to 3rd party libs referenced in the source code
Yes. I don't know what those libraries are, what they do or where they come from. I can't find any information on the matter.
> They didn't say the machines that compile the source code had internet access
> they explicitly stated those machines had network access (which is completely different)
You're right. I hadn't noticed that.
> they might have access to local network and it's expected so they can fetch the libraries needed for compilation
We still need access to those libraries.
> I can't deny that a supply chain attack might be possible by corrupting one of these 3rd party libs
Good, we at least agree on this possibility. I can't prove it was actually exploited but this shows it's not "unquestionable".
> but there wasn't anything on their report that is as bad as you make it out to be
A supply chain vulnerability seems pretty bad to me. Especially for an "unquestionable" system. Everything they did to defend it against criticism is cast into doubt given this possibility.
> how they would try to come up with a supply chain attack just to mess up the elections to favor their candidate?
If they can mess up the system, the elections are invalid anyway. All prior elections too. Including Bolsonaro's victory in 2018.
> there were several different auditors when they had the auditing session, including universities and the federal police, the source code was provided to these auditors in 2021 and none found the issues the army pointed out
Well they didn't publish detailed reports like the armed forces did. Or maybe they did and I didn't see the reports. Do you know?
They said nothing about the network access either. Why? Seems like a glaring omission to me. All these auditors and not a word about network access during compilation?
> It's even pointed out by TSE that the army had access to the source code at the same time the other auditors had.
Did they look at those libraries? I can't find any information on them.
> There's nothing to worry about.
I wouldn't go that far. I want them to publish the real executable that ran on the machines on election day. That way we can reverse engineer it and look for malicious code. That's the true test. If the binary is genuine and no one finds anything, I'll accept the results and never again speak of this matter. Otherwise the possibility is gonna remain at the back of my mind.
> Last year the brazilian armed forces released a report
Months after neglecting to participate in the public processes that audit the machine and its software. Would you trust they would say anything that could displease Bolsonaro? Don't you think someone would have noticed such a blatantly obvious issue in a previous session, at some point in time after the mid 1990s at least?
> Biden's CIA officials told Bolsonaro
By any chance, wouldn't they be the same who helped stoke the anti-left feelings that let to a coup against Dilma Rousseff?
> Bolsonaro is a fucking idiot when it comes to health care.
That is true, and would be true if you remove the last six words as well.
> judiciary monarchy
Just noting here Bolsonaro named two supreme court justices, explicitly, for ideological and religious reasons. "Terribly Evangelical" were his words.
> Months after neglecting to participate in the public processes that audit the machine and its software.
True. Society as a whole dragged its ass on this matter. This should have been questioned a long time ago. It certainly looks bad to question things only after you lost.
Bolsonaro tried at least. During his term, I remember there was a lot of controversy because he wanted a printer added to the machines. The same supreme court judges who say the system is "unquestionable" rejected the proposal.
> Would you trust they would say anything that could displease Bolsonaro?
No. I trust the brazilian military a lot more than these openly partial judges though.
I can't just ignore what I read in the actual report. Prior to cryptographically signing the final executable that runs on the machines, the build system apparently downloads proprietary manufacturer libraries over the internet and links them. I don't remember reading anything about HTTPS or authenticity verification. As far as I know, those libraries were never audited either. Obviously, if there's malware in that code, it's game over.
That people are out there protesting over "source code" when the voting machines are actually vulnerable to a supply chain attack shows how much the public understands about this system. That lack of visibility or understanding, that alone should make it unconstitutional.
> Don't you think someone would have noticed such a blatantly obvious issue in a previous session, at some point in time after the mid 1990s at least?
> By any chance, wouldn't they be the same who helped stoke the anti-left feelings that let to a coup against Dilma Rousseff?
I don't know. I was just a kid back then, I don't remember what happened clearly. I started taking politics more seriously after Dilma got impeached. Not a coup, an impeachment. I thought the Temer administration that followed was pretty good too.
Truth is this is the first election I seriously participated in. Before Bolsonaro won, I had written off this country as an irredeemably communist state that would never recover from that mediocrity. His victory gave me hope. I criticized him a lot during his term, especially his downright stupid "mito" antics that did nothing but create enemies. I still consider him a better option than Lula though.
> Just noting here Bolsonaro named two supreme court justices, explicitly, for ideological and religious reasons. "Terribly Evangelical" were his words.
I don't deny it. Politicians being able to "name" supreme court judges is the root problem. They should be selected by rigorous testing like every other judge. Otherwise you end up with utterly absurd situations like the lawyer of the biggest organized drug trafficking gang in the nation becoming a supreme court judge. There's just no way anyone can take these "institutions" seriously. Every time I read "supreme court releases drug trafficker" in the news I can only laugh. It's a surreal feeling.
What do you mean? Didn't they have an election that the incumbent lost (for very good reasons I might add, anyone who bungles the Covid response that bad doesn't deserve to remain in power regardless of anything else (and there was a lot of "else")) recently, implying democracy and all that?