asciilifeform: ye olde mk61 is moar of computer. even tho poor orcistan never even invented soldermask, pcb was bare, like if i made it here in my kitchen.
asciilifeform: 'killer micro' was colonized by microshit, and almost immediately began the march towards death, 'how do we keep plebes from copying gamez', culminating in today's boxen.
asciilifeform: the calculators, bk0010 ( tiny little pdp clone ! ), etc. is a sunken atlantis. it was all forgotten almost immediately when imported pc was carted in in qty
asciilifeform: complete with reference oscillograms. if yours dies (and not infrequently, it would) you were expected to repair.
asciilifeform: it is sorta hilarious how a good 50-60% of the popular (they were hand-copied, and machine had no nonvolatile memory, you had to throw in the proggy each time you flipped the power on ) gamez, were based on the very soviet-flavoured diff. eqn. models the factory manual suggested
asciilifeform: ( and there were astonishing oddities of other kinds, for this humble machine, e.g. a 'tetris' where, lacking a graphical display, you had to instead pick a numeric column where the piece drops, and give another number representing rotation, and keep whole thing in yer head... )
asciilifeform: that were in effect EXACTLY 'reactor control', but instead of sodium pump litres/sec, probability of runaway, etc. it was 'fucks per day', 'probability of VD', 'prob. of arrest', etc.
asciilifeform: so the hilarious bit, is that folx wrote variations on the theme, 'sim whore', 'bordello'
asciilifeform: one of these was 'reactor control' , with realistic constants, you had to ramp up reactor, control the rods and the sodium pump etc, object was to get max power but avoid meltdown☟︎
asciilifeform: but as the '90s marched on, the thing did not, apparently, immediately fade away and die ( troo comps remained expensive, rare, until '93-'94ish ); so folx continued to write and circulate samizdat gamez : http://lordbss.pp.ru/pmk.html
asciilifeform: rid paper, to work the labyrinths, tank battles, etc ) ;
asciilifeform: 'he will be a very well trained bear but never a world-class dancer' or how did it go.
asciilifeform: seems as if each set breaks new record.
asciilifeform: and holy fuq the sheer militant uselessness of each new crop of i_came_via_reddit weevils.
asciilifeform: ( recall kgb maslennikov ? 'we dun break keys, we buy'em' )
asciilifeform: an ounce of intel work would prolly beat ten pounds of lab wizardry in this case.
asciilifeform: the lulzy bit is that likely, a thousand or more unlocked units exist, in the hands of various derps
asciilifeform: i got various things. problem is that i do not currently have a popped unit where i can see the effect of $manipulation on rng (or any other part, aside from general 'it crashed')
asciilifeform: the fact that h1 started life as fpga, suggests this.
asciilifeform: prolly it's the typical on-chip ring oscillator, plus bit of whitener.
asciilifeform: ( the 'rma unlock' 32byte turd, is simply rng output )
asciilifeform: mircea_popescu: a break of the rng would also do the job. ( admittedly , tall order , but listed for completeness. )
asciilifeform: not merely 'gandalf', but 'idle gandalf'!11
asciilifeform: idea being, it would be a substantial help to have even one unlocked box to experiment with.
asciilifeform: but would prefer to find a purely softwaric pill (e.g. buffer overrun, or whatever means to get code exec)
asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing☟︎☟︎☟︎
asciilifeform: doubt that it's quite so trivial, typically you gotta find how to hold it in reset so it doesn't boot up to its current fritz contents
asciilifeform: does, dunnit. cuz its a flatbed. gets the chip markings, mostly, but the pcb itself is out of focus by mm or 2.
asciilifeform: meanwhile, in the entomological pit : https://en.wikipedia.org/wiki/Talk%3AFritz-chip >> 'I've deleted most of the article. The information here is already presented in a more up-to-date fashion at Trusted Computing, which is the correct title for the technology. "Fritz-chip" was never more than a moniker used by critics of the technology put forth by Sen. Hollings. The article now represents this fact. Warrens 23:24, 29 April 2006 (☟︎
asciilifeform: ( $nooseitem is not a gcrypt 0day, but gpg particular )
asciilifeform: right but eucrypt is not a gpg-riding proggy.
asciilifeform: status messages are parsed by programs to get information from gpg about the validity of a signature and an other parameters. Status messages are created with the option "--status-fd N" where N is a file descriptor. Now if N is 2 the status messages and the regular diagnostic messages share the stderr output channel. By using a made up file name in the message it is possible to fake status messages.'
asciilifeform: 'The OpenPGP protocol allows to include the file name of the original input file into a signed or encrypted message. During decryption and verification the GPG tool can display a notice with that file name. The displayed file name is not sanitized and as such may include line feeds or other control characters. This can be used inject terminal control sequences into the out and, worse, to fake the so-called status messages. These
