tmsr - Search: i

33300+ entries in 0.248s

asciilifeform: phf: i fully expect that the winner will want to publish his discovery. hence i would like to give an incentive for him to wait a reasonable time.

asciilifeform: phf: i need an arbiter so as to give players some amt of confidence that rules will not change underneath them. ☟︎

phf: yes, but if you are going to establish a procedure why do you need an arbitrator, or in other words, i don't see a point of separate arbitrator if the process is your own ☟︎

asciilifeform: phf: i described a coupla min ago, upthread, how.

phf: the discussions after that though are all over the place, and introduce some requirements that i don't think i can arbitrate like "didn't leak the code back to google"

a111: Logged on 2018-06-12 19:50 asciilifeform: i'ma brb, teatime

a111: Logged on 2018-06-12 19:44 asciilifeform: for my purposes, a proper break is when i can load in arbitrary firmware in place of the vendor's.

phf: asciilifeform: so i was going by http://btcbase.org/log/2018-06-12#1823998 to http://btcbase.org/log/2018-06-12#1824022 where you lay out your requirements for "successful crack", which make sense ☝︎☝︎

trinque: no such automatic reader of address balance is currently in the loop. process by which I confirm deposits is unspecified, varies.

ben_vulpes: BingoBoingo: can i get the copyright r ?

asciilifeform: ( can i hit him up for some ln2 when i visit ?? )

asciilifeform: i have nfi if they do it using coolies in romania working for food, or with what else. but there it is.

asciilifeform: i ain't about to try to get people to swear to eternal secrecy.

mircea_popescu: sometimes i wonder what you imagine google is.

mircea_popescu: your idea is that "what if i don't have enough time to get to the store after contest is declared" ?

asciilifeform: in a month, i buy boxen, cure'em.

mircea_popescu: i don't get it, and if your model is correct, secret waits a month thereby ? what's in a month ?

asciilifeform: it is to be computed as follows : at the end of the elapsed period, i go to a shop and buy a box, and let it vendor-update

asciilifeform: i trust the bounty-motivated folk about as far as i can throw'em.

mircea_popescu: i can't imagine we'll have such a deluge of these the clerical work keeping track is worh the hassle

asciilifeform: phf: you will test using your c101pa. and so you will need the debug snake, i will need to put the output of sysinfo , ver , brd , etc cr50 console commands into the statement. ☟︎

asciilifeform: phf: the way i'm thinking of doing it: i'ma write up and sign a statement describing the competition; you will create a special-occasion key, e.g. 'cr50contest', rate it e.g. +1 cr50 , and i will drop a coin into it.

asciilifeform: phf: do you have now with what to referee ? if i start the contest today, and entry is mailed in, can you test ?

phf: http://btcbase.org/log/2018-06-12#1824041 << if you decide that the effort is worth the while, i'll referee ☝︎

cnomad: i can't say i haven't considered it

cnomad: its fine. I'll ping you folks when I'm ready to order some chromebooks and do some imaging

cnomad: er, more precisely I'm not going to get to it until sometime next month, so I'd rather accept payment then

mircea_popescu: i suppose i should also rate him huh.

mircea_popescu: cnomad, imagine i shipped you some boards, what difference does it make.

cnomad: i don't want money, but thanks

cnomad: mircea_popescu: ok. I'm not going to get to it within this month, but i'll ping you back for details to give you a die image

mircea_popescu: cnomad, how about you get a key registered, i send you some bitcoin dust, you order yourself a coupla chromebooks and "imagine it for us".

cnomad: and if you send 2-3 to me, I can image it for you

douchebag: I didn't even know what a cr50 was 10 minutes ago

asciilifeform: i put the spi bootrom in the pic, to make clear the fact that it is connected ~through~ cr50

asciilifeform: currently best i have is http://www.loper-os.org/pub/c101pa/h1.jpg

asciilifeform: i'd junk google's crapola fw regardless, even if we break cr50

mircea_popescu: could just put a sane kbd driver in there and whatnot. i don;'t even fucking want google's kbd driver, they can shove it.

asciilifeform: mircea_popescu: if i could find a fpga that sits down pad-for-pad, it becomes a $10 problem.

asciilifeform: ( may even be, for all i know, literally a product of altera hardcopy )

asciilifeform: douchebag: i'm not aware of a component known by name of 'motor compressor' anywhere in or near subj

douchebag: "i hope hes not referring to the fucking motor compressor"

douchebag: I'm talking to my buddy

asciilifeform: aha, in so far as i can tell they did a fairly clean job.

asciilifeform: mircea_popescu: fwiw i tracked down their factory test jig src. it was in their shithub, 'removed' in october 19

asciilifeform: and in so far as i can tell, thing's a pinball machine, designed to lock up on first sign of glitching

mircea_popescu: asciilifeform, honestly, i still suspect there's a clean way to flash-in via the factory pads. however...

douchebag: A friend of mine is great w/ hardware hacking, reverse engineering, binary exploitation, firmware exploitation, ect.. He has a ton of equipment, if asciilifeform wants I could have him come in here.

a111: Logged on 2018-06-12 19:44 cnomad: If someone popped this chip, I'd value it at _least_ 200k USD. we're talking about invasive analysis that requires equipment, weeks of non-stop work, and experience

mircea_popescu: http://btcbase.org/log/2018-06-12#1823995 << he's not even wrong ; tho honestly i'd much rather buy equipment than outsource. ☝︎

douchebag: Never knew that, I thought they were parasites

douchebag: I'm doing well now after a few days

douchebag: I've been around, just been busy attending to various issues irl

mircea_popescu: also, i can say it is extremely unlikely your preliminary "thousands" figure is correct. ☟︎

asciilifeform: but i'd like to see this one, cleared.

asciilifeform: i mean this is one possible approach, when encountering a mine field that the current republicans + slavegurlz can't clear, to say 'eh it dun need clearing'

mircea_popescu: and i don't see why that shouldn't suffice.

mircea_popescu: as far as i'm concerned, two things remain : republicans and slavegirls.

asciilifeform: ( i have no particular reason to think it, and more or less agree with mircea_popescu re why )

mircea_popescu: "i don't believe in factuality of anything besides usg" is the cheapest brand of shit to eat.

asciilifeform: i believe it.

mircea_popescu: and this is not anglotardation ; at some point a decade ago i actually offered a full scholarship. NOBODY claimed it.

mircea_popescu: you know, i did this on trilema what ? a dozen times ? two ?

asciilifeform: i'd start with giving the players , say , six weeks.

asciilifeform: i expect exactly same thing.

mircea_popescu: sure. but anyways, to circle back : i'll match. but i also expect exactly nothing to come of it.

asciilifeform: i can't speak authoritatively, but according to thirdhand folx, they had the usg naval keys for 20 yrs straight

mircea_popescu: recall the time i bought that dork a ranked reddit account ? recall the time anything came of it ?

asciilifeform: all i got is historical examples, buying keys worked for kgb and gru

asciilifeform: maybe not best example, i have nfi whether d00d has the spark of life or not

asciilifeform: mircea_popescu: hypothetically it'd be a contest with very simple mechanical judgement of winner. but i can picture why no one might want to be the referee.

asciilifeform: cnomad: i dun suppose you have anything to add to this thread ?

asciilifeform: well currently i'm out of ideas in re cr50; thought i'd try the 1 tool in the box i haven't unsheathed.

asciilifeform: but i can see the 'tits' angle.

asciilifeform: what can i say, this is probably 100% true.

mircea_popescu: asciilifeform, i'm just saying, the thing you discuss, with "has costs", works a ~certain~ way. and if you recall how NOPENOPE NOPE!!! kanzure was wrt getting his inept bs in functional shape, you realise that they will NEVER do any work.

a111: Logged on 2018-04-13 20:14 zx2c4: i'd be wary of any 'deal' that's different from: 'i'm given money. you're given warm feelings of having helped the internet.'

asciilifeform: i think i grasp this

asciilifeform: mircea_popescu: i don't expect that the google monkeys with access to the key, will willingly spill it ( tho this cannot be ruled out. ) idea was, possibly to get the same folks who currently sweat over ipnoje etc , interested.

asciilifeform: currently the thing is in a handful of boxes, but i suspect that it will spread.

asciilifeform: in so far as i can tell.

mircea_popescu: i'm jewish, that's what we do.

asciilifeform: ( one even on record, as 'no i don't!111' , amstan )

mircea_popescu: i'm not convinced of anything, but i'd rather discuss it than not.

asciilifeform: at any rate, nothing's finalized, if mircea_popescu is convinced that this is dumb idea, i'ma call it off

mircea_popescu: ie, a) if indeed this guy exists that'd give tyou whatever for the whatever prize, and b) i know for certain that he wouldn;'t have otherwise, somehow then c) i'll send a gal over to tie him to a post, slice an inch of his abdomen, and slowly roll his inrtestine on a cat scratch pad.

asciilifeform: well i wrote the article. observe what sort of folx came thus far.

mircea_popescu: asciilifeform, think : paying for tits resulted, before your very eyes, in ever increasing levels of exam taking. yes ? you noticed this, yourself, i said nothing, you complained about it.

mircea_popescu: i didn't do that publicly for nothing, after all.

mircea_popescu: i still don't see the merit in this "pay" approach.

asciilifeform: alphabet sells'em, i suspect, at-cost.

mircea_popescu: i'd be surprised if "the public" has the werewithal to even liberate 500 of them, should a pill be available now.

mircea_popescu: asciilifeform, the only problem is, i'm paying bitcoin to fix google's crapolade ? this sounds a lot like the soviet-sponsored "criticism of capitalism"

asciilifeform: ( i can dpa right here, dun need help even. but it isn't particularly useful for cr50. )

cnomad: yeah i know, i was speaking more generally

mircea_popescu: http://btcbase.org/log/2018-06-12#1823904 << sure, i'll match. ☝︎

asciilifeform: i'ma brb, teatime ☟︎

asciilifeform: so it is just as good to break the 'rma lock' mechanism, as the firmware verification, as i currently understand it.

asciilifeform: ( though as i understand it will also be possible as a side-effect of any general break. )

asciilifeform: i do not particularly need extraction of user-loaded tpm crapola, it does not do anything for me.