422500+ entries in 0.242s
Adlai: flowers are
too beautiful
to burn
mircea_popescu: i don't
think i smoked enough
to pay for a decent book in
those
tobacco prices.
mircea_popescu: making nearly £40 a year. Even before
the war when
the same
tobacco cost 8d. an ounce, I was spending over £10 a year on it"
mircea_popescu: "Twenty-five pounds a year sounds quite a lot until you begin
to measure it against other kinds of expenditure. It is nearly 9s. 9d. a week, and at present 9s. 9d. is
the equivalent of about 83 cigarettes (Players): even before
the war it would have bought you less
than 200 cigarettes. With prices as
they now are, I am spending far more on
tobacco
than I do on books. I smoke six ounces a week, at half-a-crown an ounce,
Adlai: divorce is generally a much more lively affair, due
to involvement of
the living
ascii_field: (old
thread, re: when i discovered
that some derp posted a fake (!) 'naggum's books' list in place of real one)
Adlai: ultimately sentiment
trumps
assbot: Logged on 09-07-2015 22:21:02; asciilifeform:
those aren't naggum's books!
mircea_popescu: anyway,
the "biblioteca de arta" collection was easily 500 volumes. it mostly dealt with cultural anthropology, aesthetics and such.
tiny fraction of a fucking library seriously
Adlai: what's odd about
that
mircea_popescu: oddly enough, more interested in
the books
than in
the girls, coupla decades later.
Adlai: but a single piano is more expensive
than most book collections
mircea_popescu sadly never
thought
to
take pictures of
the
thing itself, all he has is various nude girlies in front of bookwalls.
mircea_popescu: twelve and sixpence is about 20 dollars in
today's money.
mircea_popescu: quote : "You don't suppose we read
that stuff, do you? Why, half
the
time you're
talking about books
that cost
twelve and sixpence!"
ascii_field: today even a schmuck like me has
tens of
thou
mircea_popescu: i owned > 10k volumes before getting rid of
the lot, as a 20yo man.
mircea_popescu: l
text-books and so forth–that accumulate in
the bottoms of cupboards. I have counted only
those books which I have acquired voluntarily, or else would have acquired voluntarily, and which I intend
to keep. In
this category I find
that I have 442 books, acquired in
the following ways:
mircea_popescu: The books
that I have counted and priced are
the ones I have here, in my flat. I have about an equal number stored in another place, so
that I shall double
the final figure in order
to arrive at
the complete amount. I have not counted oddments such as proof copies, defaced volumes, cheap paper-covered editions, pamphlets, or magazines, unless bound up into book form. Nor have I counted
the kind of junky books-old schoo
ascii_field: Chinese forum (in Chinese, which I can't read, but it seemed
to be about Lenovo). In
the end it did
the exact same
thing
that
the autochk.exe method (under Windows 7) does (loads LenovoUpdate.exe, installs a service, etc), except you get a cryptic entry in your System Log: "A platform binary was successfully executed."'
ascii_field: 'nstead, a file called "wpbbin.exe" was placed in C:\windows\system32 and executed.
That
turns out
to be a method Microsoft introduced with Windows 8
to allow
the BIOS
to execute code on boot up (!?!) called "Windows Platform Binary
Table (WPBT)". I can find almost NOTHING about
this anywhere on
the internet except a single document on Microsoft's website (link
to
the Google Cache since it's a .docx file) and in a random
☟︎☟︎ ascii_field: btw
this is precisely how
the well-known 'computrace' works.
ascii_field: internet connection is established. I don't know
too much exactly what
those do, but one appears
to phone home
to
http://download.lenovo.com/ideapad/wind ... 2_oko.json which is a bit worrying with
the combination of a "ForceUpdate" parameter shown and
the lack of ssl, making it fairly likely
that it's exploitable for remote code execution by anyone who can intercept your
traffic(public wifi, etc).'
ascii_field: 'Before booting windows 7 or 8,
the bios checks if C:\Windows\system32\autochk.exe is
the Lenovo one or
the original Microsoft one. If it is not
the lenovo one, it moves it
to C:\Windows\system32\0409\zz_sec\autobin.exe, and
then writes it's own autochk.exe. During boot,
the Lenovo autochk.exe writes a LenovoUpdate.exe and a LenovoCheck.exe file
to
the system32 directory, and sets up a services
to run one of
them when an
mircea_popescu: "Trusted Platform Module From Wikipedia,
the free encyclopedia (Redirected from Fritz-chip)
Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor,"
mircea_popescu: in a sense
they always are :
they verify at
the minimum
that math is homogenous in
the universe.
mircea_popescu: so :
those could as well be
the remote part of a fritz chip
mircea_popescu: not sure how
to best convey
this as
the guy's
terminology is a sort of pigdin latin numerals.
ascii_field: (for n00bz: 'remote attestation' is
this crackpot concept where usg has permanent root (yes) on 'your' computer, and uses it
to verify
that you aren't, e.g., running illegal linux)
mircea_popescu: ascii_field incidentally, it's funny
to consider
the relations between "remote attestation" and hock or w/e
the
thing was called
ascii_field: see log, also, for why
the approach where
the whole computer is not inside
the fritz is laughable on its face
mircea_popescu: <ascii_field> boils down
to
the hardness of
the fritz chip <<
the reason
they don't call it
that is because
they are
trying
to avoid
the literature documenting
the costs of making it hard and
the limitation its softness imposes.
ascii_field: for answers
to questions
that don't have rigorous answers, but must be answered.
mircea_popescu: it can readily be shown riguroulsy
that
this is impossible iun
the general case
mircea_popescu: sort-of like
the interesting problem of "detecting emulator"
mircea_popescu: <mats> i'm rapidly
tiring of being a relay << why's
the guy not come over anyway ? well... i guess
the answer's actually obvious huh. nm.
assbot: Logged on 10-02-2015 03:25:08; mircea_popescu:
this is like asking wyatt earp "how do you distinguish between
the f brothers and stray dog"
mircea_popescu: not even necessary in
the case at hand, but as a general rule.
mircea_popescu: <mats> wasn't
telling a lie, merely made a mistake <<< it's a very interesting point as
to how do you establish
this ?
☟︎ jurov: not
that i complain.. needed some fiat :D
ascii_field: it's quite another
to propose
that
this can be a little pc peripheral
turd
that i can get 10,000 of and somehow still not crack
ascii_field: i mean, it's one
thing
to consider a whole computer in a safe which sets off built-in nuke if anyone so much as scratches
the door
ascii_field: fwiw, i always
thought
the idea of a copyprotection dongle
that
tries
to
take over
the whole machine was quite lulzy.
ascii_field: but
the latter succumbed
to its own weight
ascii_field: incidentally,
the only reason fritz chip was not pushed more aggressively is
that it was really intended
to prohibit linux
ascii_field: the best scam is
the kind where
the scammitude is implicit
ascii_field: what's
to keep me from sitting it down on one bus where ram hashes
to H,
then it spits key, and i sit it back down on another.
mats: he is quite clear about what it can and can't do, no dishonesty as far as i can
tell
ascii_field: let's say it sits on
the bus and refuses
to decrypt magic blob unless it
thinks hash(ram) == H
ascii_field: i never understood how anyone could ever be so gullible as
to believe
that 'remote attestation chip' could be a
thing
assbot: Logged on 12-08-2015 19:30:01; ascii_field: which
there is no mention of in
the paper.
assbot: Logged on 06-03-2015 00:52:21; mircea_popescu: here's
the long and
the short of
this story : you got
two whores, just like in
the chemistry and agriculture story. one's whomint,
the other's slutmint. you gotta fuck either one or
the other.
they both have very specific, life altering constraints.
ascii_field: but
the saving grace is
that in 100% of such cases,
the 'intellectual propertyyyyy!111!' holder is a
twerp, and cheaper
to give one of his employees a candy bar
ascii_field: and
this is often gnarly and expensive
to reverse, because it's on fpga, yes, and might need 500 units
to destroy
ascii_field: generally, folks who are obsessed with 'someone may steal my magic algo!!111!!!!' ship
the whole shebang on fpga with config in sram, backed with watch battery;
ascii_field: boils down
to
the hardness of
the fritz chip (and yes, i will keep calling it
that, because
the motherfuckers don't get
to pretend
that fritz, palladium, etc. never happened.)
mats: so
there's no attack here.
mats: i'm rapidly
tiring of being a relay, but: he says
that intel's 'trusted execution
technology' wouldn't work with marss86, and you'd also have
to have
the key
to provision marss
punkman: ascii_field, someone has
to pick
the low hanging fruit, no?
punkman: ascii_field: but
they do run windows
assbot: Logged on 15-07-2014 03:00:53; asciilifeform: me: why would
terrorist run ms-win. he:
they will always,
trust me.
assbot: Logged on 15-07-2014 03:00:27; asciilifeform: one of my first job interviews out of uni.
telephone. a fellow from one of
the giant gov. contractors was really intrigued
that i know x86 asm., have reversed crud for money. i ask him 'what's
the job'. he: automated reversing. me: of what. he: ever hear of karatsuba's algo? me: sure. bignum mult. him: well, we wanna find encryption softs on
terrorist drives!
ascii_field: the
thing about
the 'hares' fella is
that he is a
textbook case of 'but
terrorists wouldn't DO
that!!111'
ascii_field: (typically malware folks
try
to detect emulators by looking for well-known imperfections - if operator is an idiot,
these will be found - or for external
time base, which can set off a
trap if machine appears
to be uncommonly slow by wall clock
time.)
mats: wasn't
telling a lie, merely made a mistake
ascii_field: but, again,
this is a cheapo 90% solution for poor folks.
ascii_field: according
to
the docs,
thing is built on qemu. with none of
the 'accelarator' crud
that used kernel mods.
mats: guy's not a scammer as far as i can
tell, and you do a disservice
to folks (and yourself) by coming
to judgment so quickly
mats: ascii_field: he asserts
that 'massr86' uses a VMM, which would be detected
assbot: Logged on 12-08-2015 17:54:13; mircea_popescu: one of
the best places for stego i can
think of.