A given.
These machines appear to have been internet-accessible by private-side technicians. Gross flaw. At the end of their validation procedure, they should’ve been locked down according to some national security standards (not my bailiwick). Obviously. If they didn’t work day-of, that indicates a deeper process problem that does not justify some last-minute firmware upload (that crashes the system and requires someone roll-up a diagnostics console). Bizarre. At the least, give me all of my money back.
Twitter comments in above links indicate that the vendor has been cited for security flaws/violations/yada in the past. Cheesy indeed.