asciilifeform: i just emailed him my (not a secret at all) meatspace name.

asciilifeform: there wasn't any KYC nonsense when Mr. M (Curtis Yarvin) spoke to me re: the original award.

asciilifeform: dukedom" sold! http://www.loper-os.org/?p=1352

asciilifeform: "

asciilifeform: don't need to be someone else.

asciilifeform: because i'm me.

asciilifeform: nor do i particularly wish to be vupen.

asciilifeform: but i'm not vupen. and, afaik, you are also not vupen.

asciilifeform: sure.

asciilifeform: afaik this is actually the norm in '0day markets'

asciilifeform: then the risk is on the buyer. you could easily sell the 'whore's virginity' many times.

asciilifeform: or, if you deliver prior to payment, simply abscond.

asciilifeform: as in, they club you over the head and take the goods instead of paying

asciilifeform: counterparty risk is about the same in either case.

asciilifeform: (not to mention the counterparty risk!)

asciilifeform: it's badly paid if you sell exploits as such

asciilifeform: it isn't exciting or glorious.

asciilifeform: i do it for a living.

asciilifeform: Apocalyptic: why? you'd care to share yours here?

asciilifeform: no comment

asciilifeform: if you want a privilege escalation 0day out of me (or the next guy) it's gonna cost you more than 10btc.

asciilifeform: just an unprivileged account labeled 'root'

asciilifeform: and i'm not root.

asciilifeform: then it's a lie

asciilifeform: that's what 'root' means on planet earth.

asciilifeform: can i execute arbitrary ring0 cpu instructions or not?

asciilifeform: or, probably not me, but the first fellow who plays

asciilifeform: but if i can, i win.

asciilifeform: and we're then playing with words

asciilifeform: if i can't execute arbitrary ring0 instructions, i'm not root

asciilifeform: so the first-comer reads back your disk blockwise

asciilifeform: also does 'root' mean something peculiar on your machine?

asciilifeform: it'll be mostly a footrace though

asciilifeform: ok let's play!

asciilifeform: root!?

asciilifeform: what are the conditions? do we get unprivileged shell access?

asciilifeform: please bring it on. 10 btc of prize is reasonable.

asciilifeform: http://www.loper-os.org/?p=1352

asciilifeform: if they set this up correctly: widget will be hard-wired to boot from 'boot rom' section of FW, which receives upgrade and calculates checksum and rsa sig.

asciilifeform: OTG FS in Device mode (PA11/PA12) through DFU (device firmware upgrade).'

asciilifeform: using USART1 (PA9/PA10), USART3 (PC10/PC11 or PB10/PB11), CAN2 (PB5/PB13), USB

asciilifeform: 'The boot loader is located in system memory. It is used to reprogram the Flash memory by

asciilifeform: 'At startup, boot pins are used to select one out of three boot options: * Boot from user Flash * Boot from system memory * Boot from embedded SRAM'

asciilifeform: p. 22. sec. 3.13: boot modes.

asciilifeform: difficult, lacking a trezor

asciilifeform: so let's 'sherlock holmes,' and http://www.st.com/web/catalog/mmc/FM141/SC1169/SS1575/LN1433/PF245091

asciilifeform: just the arm.

asciilifeform: https://fbcdn-sphotos-b-a.akamaihd.net/hphotos-ak-prn1/529570_217373745067854_1151791403_n.jpg and particularly, https://fbcdn-sphotos-g-a.akamaihd.net/hphotos-ak-ash4/399919_248300785308483_2018068197_n.jpg

asciilifeform: i've always thought of 'FYM' as a slavic thing.

asciilifeform: as if imperial rome hadn't debased coins

asciilifeform: or a document like this: http://en.wikipedia.org/wiki/Reply_of_the_Zaporozhian_Cossacks

asciilifeform: distinctly medieval style

asciilifeform: read the edicts of Ivan IV, etc

asciilifeform: these folks need to hire a translator.

asciilifeform: 'it' being?

asciilifeform: (i see no pads for ROMs, jumpers, or other protection mechanisms in that photo.)

asciilifeform: betcha the thing can be re-flashed via usb, too.

asciilifeform: at least, as pictured.

asciilifeform: imho the concept is brain-damaged.

asciilifeform: let the chinese undercut.

asciilifeform: the arm and two vregs.

asciilifeform: not counting display.

asciilifeform: looks like there are exactly three active components in there

asciilifeform: fairly straightforward 2-layer pcb

asciilifeform: https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-ash3/579620_213467352125160_890578977_n.png

asciilifeform: $5 or so in quantity, afaik

asciilifeform: 'trezor' appears to use a cheapo consumer ARM

asciilifeform: per tape-out.

asciilifeform: where you need $10M just to play

asciilifeform: these aren't mining asics

asciilifeform: how much funding does one need to build a few keychain-sized boards

asciilifeform: i grew up reading about inventors, hucksters, etc. and i always thought it was obvious that you need a prototype to really wake people up

asciilifeform: interesting how they toured conventions, etc. for ages with no widget.

asciilifeform: ah

asciilifeform: when was 'trezor' 1st announced?

asciilifeform: a bit old

asciilifeform: http://cryptome.org/jya/czech-crypto.htm

asciilifeform: jurov: if you know these fellows in person, do ask them why no source.

asciilifeform: given that i don't, for the most part, live there

asciilifeform: jurov: i'm quite 'out of date' re: 'happenings in bitcoin universe'

asciilifeform: wassenar convention, etc

asciilifeform: i'd be surprised if there are no weird crypto laws there

asciilifeform: aha

asciilifeform: Czech. ok

asciilifeform: wait, maybe trezor isn't u.s. based

asciilifeform: but there's a bush-era loophole for published source

asciilifeform: afaik nobody cancelled the ancient law forbidding crypto export

asciilifeform: how do the 'trezor' folks even get away with shipping the damn thing internationally without publishing source?

asciilifeform: why would you even care to read it now

asciilifeform: jurov: will publish, with excruciatingly pedantic detail - when widget is sold.

asciilifeform: https://github.com/trezor contains no source for the embedded micro, as far as i can see.

asciilifeform: or just these jokers

asciilifeform: anybody else making 'wallet machines' ?

asciilifeform: For the love of God, Montrezor!

asciilifeform: 'fully auditable software.' -- where?

asciilifeform: nobody ever heard of diff. power analysis?

asciilifeform: except when it runs...

asciilifeform: 'never sends private keys to the computer'

asciilifeform: 'small and durable with no battery'

asciilifeform: http://www.bitcointrezor.com/news/celebrate-day-of-bitcoin-trezor