asciilifeform: the amt of ~actual~ reversing, to date, by zeptobar, is ~0.

asciilifeform: the problem with zeptobars, is that they're a ~porn co.

asciilifeform: however must point out, serious work does cost money; e.g. time on electron microscope, we saw what costs; and there is a population of folx who can make use of it, but can't steal enuff time on instruments, or , if they can, allocated it for something that actually pays the bills

asciilifeform: i think i grasp this

asciilifeform: win lottery, lol

asciilifeform: ok

asciilifeform: possibly not?

asciilifeform: if it were 'nothing', the holes from 2015 would still work.

asciilifeform: or what was it.

asciilifeform: what does crapple's 100k bounty do ?

asciilifeform: mircea_popescu: i don't expect that the google monkeys with access to the key, will willingly spill it ( tho this cannot be ruled out. ) idea was, possibly to get the same folks who currently sweat over ipnoje etc , interested.

asciilifeform: esp. if the derps begin to think that they've made an airtight trap.

asciilifeform: currently the thing is in a handful of boxes, but i suspect that it will spread.

asciilifeform: but still somewhat surprising.

asciilifeform: nao, possibly because nobody in ru sphere would be caught dead buying google crapolade, even for experiment.

asciilifeform: it's been on shop shelves for almost a year, and 0.

asciilifeform: in so far as i can tell.

asciilifeform: cnomad: interestingly, 0 discussion on ru net of cr50.

asciilifeform: lol

asciilifeform: mircea_popescu does, to extent, but won't admit!11

asciilifeform: asciilifeform, phf , apeloyee, possibly coupla other folx, do

asciilifeform: verily.

asciilifeform: ( one even on record, as 'no i don't!111' , amstan )

asciilifeform: they have access to that privkey.

asciilifeform: mircea_popescu: the code repo contains list of meat names of good candidates to tie to a post.

asciilifeform: at any rate, nothing's finalized, if mircea_popescu is convinced that this is dumb idea, i'ma call it off

asciilifeform: well i wrote the article. observe what sort of folx came thus far.

asciilifeform: mircea_popescu: occasionally folks do break things. presently they're stuck 1) publishing, and it gets patched within a day by enemy 2) the enemy's bounties, paid in printolade

asciilifeform: verily it did.

asciilifeform: ( and naturally contest would have finite time bound )

asciilifeform: refereeing will take some work. hence the call for a willing referee .

asciilifeform: mircea_popescu is not expected to contribute to the prize pot, if he thinks it is waste of time.

asciilifeform: mircea_popescu: imho it's worth a shot, dun cost me anything if nobody plays.

asciilifeform: the snsa boxen, in the hypothetical, will not contain google crapola.

asciilifeform: they make their dough via luser rapine, not iron.

asciilifeform: alphabet sells'em, i suspect, at-cost.

asciilifeform: s.nsa product.

asciilifeform: they're small.

asciilifeform: sure

asciilifeform: what public. asciilifeform , right here in torture room, will liberate.

asciilifeform: ( if cure indeed exists )

asciilifeform: the machines currently on retail shelves, are curable.

asciilifeform: nothing's forever.

asciilifeform: some time after we cure 500 units.

asciilifeform: per http://btcbase.org/log/2018-06-12#1823992 . ☝︎

asciilifeform: mircea_popescu: rape, not fix

asciilifeform: cnomad: it is quite conceivable that the artifact is airtight, and no one will collect the prize. however it is also conceivable that there is, e.g., buffer overflow somewhere in the mass of c crapola, and it can be rooted today, via the usb jack.

asciilifeform: !!up cnomad

asciilifeform: and at any rate a pill that requires elaborate physical diddling is not suitable for mass curing.

asciilifeform: cnomad: chip appears to be rad-hard, to an extent, also. tho there is a plain physical limit as to rad-hardness of an object half a mm in thickness

asciilifeform: ( i can dpa right here, dun need help even. but it isn't particularly useful for cr50. )

asciilifeform: cnomad: dpa won't do a lick of good, the boobytrap is a rsa pub sig check, no secrets involved

asciilifeform: hey phf ! ☟︎

asciilifeform: well ideally he'd have a box to test $pill on

asciilifeform: mircea_popescu wanna referee?

asciilifeform: mircea_popescu: good. nao all we need is a refereee

asciilifeform: cnomad: main form of glitch hardening in cr50, going by the src, is the tactic of repeating the various crypto checks N times

asciilifeform back

asciilifeform: i'ma brb, teatime ☟︎

asciilifeform: the expense of decapping ~each~ cr50 in each box, is prohibitive, and makes whole proposition uninteresting

asciilifeform: the break would ideally be applicable via the http://www.loper-os.org/?p=2415 debug device; or, at worst, by attaching to the test pads on the http://www.loper-os.org/pub/c101pa/h1.jpg pcb.

asciilifeform: but does us 0 good

asciilifeform: re 'weeks of nonstop work', understand that the break must be mass-applicable, it is not useful to flip the bits with electron beam in ~one~ particular cr50

asciilifeform: but until then, it is a kind of iphone

asciilifeform: then, e.g. the c101pa, becomes a pretty useful, general-purpose arm64 box.

asciilifeform: the objective is to neuter, once and for all, the nsa master key mechanism.

asciilifeform: so it is just as good to break the 'rma lock' mechanism, as the firmware verification, as i currently understand it.

asciilifeform: simply must point out, if as side effect of the break, the user-loaded data is nulled, this is not a problem for us.

asciilifeform: correct.

asciilifeform: ( though as i understand it will also be possible as a side-effect of any general break. )

asciilifeform: i do not particularly need extraction of user-loaded tpm crapola, it does not do anything for me.

asciilifeform: sure.

asciilifeform: into all currently available cr50 boards, but in particular the c101pa.

asciilifeform: for my purposes, a proper break is when i can load in arbitrary firmware in place of the vendor's. ☟︎

asciilifeform: !!up cnomad

asciilifeform: ( if the jailbreak is published openly, the hole is likely to be closed in short order. this prolly does not need explaining. )

asciilifeform: we will make cured machines available, at reasonable cost.

asciilifeform: well yes, for public use. with the caveat that we will not be giving the curative pill to google. ☟︎

asciilifeform: how large a bounty would pique your interest, cnomad ?

asciilifeform: hm?

asciilifeform: out of curiosity, cnomad , do you think this is laughably small ?

asciilifeform: cnomad: not determined yet. at least 1btc.

asciilifeform: all you gotta do is to put it where ( http://somewhere/yourkey.txt, not https ) deedbot can see it, and then !!register thaturl .

asciilifeform: this doesn't do anything for us. but do consider !!register'ing a gpg key.

asciilifeform: cnomad: there is a www front-end for the wot; this , for example : http://wot.deedbot.org/17215D118B7239507FAFED98B98228A001ABFFC7.html is me.

asciilifeform: ( how am i to know whom to pay ? and if the magic answer is sent plaintext, it will land in the fleanode nsa trap and immediately get shared with the enemy. )

asciilifeform: so, for example, i am considering declaring a btc bounty for cr50 break. but it will only be available to folks in the wot, for the very obvious reason .

asciilifeform: nor will anyone attempt to communicate in confidence with you, without gpg pubkey.

asciilifeform: until you are in the wot, 'you' do not exist, it is not difficult to hijack a fleanode nick.

asciilifeform: it won't, if you ain't in the wot.

asciilifeform: you do not have to use your meatspace name, or anything of the kind. simply need gpg key, one that you won't lose.

asciilifeform: however, if you wish to work with the people here ( and this is where the serious coin lives ) you will want to get in the deedbot wot.

asciilifeform: then you will probably be satisfied with reading the log. typically it takes 6month of reading, to grasp what's going on.

asciilifeform: and you can start developing reputation.

asciilifeform: cnomad: then i will rate you, and you will be able to speak when there is no one to manually give you voice.

asciilifeform: !!help

asciilifeform: cnomad: please consider registering a pgp key with deedbot :

asciilifeform: hence how you found article, i will guess. good.

asciilifeform: so yes, generally you won't hear what they do not want you to hear, if google search if your main source.

asciilifeform: cnomad: you will probably not be surprised to hear that google doctors its search results.