log☇︎
92900+ entries in 0.053s
mircea_popescu: but they ARE fucked in the head, and specifically in the manner of http://btcbase.org/log/2018-04-13#1798415 ☝︎
asciilifeform: the amt of ~actual~ reversing, to date, by zeptobar, is ~0.
asciilifeform: the problem with zeptobars, is that they're a ~porn co.
mircea_popescu: asciilifeform, yes, and if zeptobars weren't fucked in the head, they'd have a !Z service here.
mircea_popescu: howsoever indignant my stepping on their faces in the dungeon may make your tingly sense.
asciilifeform: however must point out, serious work does cost money; e.g. time on electron microscope, we saw what costs; and there is a population of folx who can make use of it, but can't steal enuff time on instruments, or , if they can, allocated it for something that actually pays the bills
mircea_popescu: you're not going to reproduce the former by the latter ; just like you're not going to lure my slavegirls away by promising to be "a good sensitive guy with a great sense of humor". ☟︎
mircea_popescu: but this is not what you ask. what you ask is, "what does the $x mn do". well ? what does it ?
mircea_popescu: whereas their mothers were happy to appear in whistler's mother all decked in black.
asciilifeform: i think i grasp this
mircea_popescu: it does the thing where it's put in front of every soda joint, and before you know it 17 yos are willing to throw their panties at rolling stones and star in cocksucker blues.
mircea_popescu: the item where they ship pre-printed cutouts with the silouette of a girl, and a hole for the head, holding a $x mn check, DOES SOMETHING.
mircea_popescu: what's the whatever, $x mn check the star gets DO ?
mircea_popescu: ok. let's go back to the original tournament market, the hollywood studio. ☟︎
mircea_popescu: it's the ~advertising~ that does something. you understand this, do you ?
asciilifeform: if it were 'nothing', the holes from 2015 would still work.
mircea_popescu: but if their brain dun work enough for them to get thjemselves interested on their own, then what's your btc gonna do ?
asciilifeform: mircea_popescu: i don't expect that the google monkeys with access to the key, will willingly spill it ( tho this cannot be ruled out. ) idea was, possibly to get the same folks who currently sweat over ipnoje etc , interested.
asciilifeform: esp. if the derps begin to think that they've made an airtight trap.
asciilifeform: currently the thing is in a handful of boxes, but i suspect that it will spread.
asciilifeform: in so far as i can tell.
mircea_popescu: i'm jewish, that's what we do.
cnomad: cool me too
asciilifeform: mircea_popescu does, to extent, but won't admit!11
mircea_popescu: certainly consists of list of miserable overgrown avortons whose mothers should be really, really ashamed they waited.
asciilifeform: they have access to that privkey.
asciilifeform: mircea_popescu: the code repo contains list of meat names of good candidates to tie to a post.
mircea_popescu: i'm not convinced of anything, but i'd rather discuss it than not.
asciilifeform: at any rate, nothing's finalized, if mircea_popescu is convinced that this is dumb idea, i'ma call it off
mircea_popescu: because what the fuck else would you expect me to do.
mircea_popescu: ie, a) if indeed this guy exists that'd give tyou whatever for the whatever prize, and b) i know for certain that he wouldn;'t have otherwise, somehow then c) i'll send a gal over to tie him to a post, slice an inch of his abdomen, and slowly roll his inrtestine on a cat scratch pad.
asciilifeform: well i wrote the article. observe what sort of folx came thus far.
mircea_popescu: if they can't do this, measured as "don't do this", a) the argument they were intelligent is tenuous and b) paying them is exacrtly thr wrong thing to do.
mircea_popescu: asciilifeform, folks who can think are cordially invited to extract their head out of their ass, stop cohabiting with monkeys, join the republic.
mircea_popescu: "it doesn't cost me anything" is how filthy person ends up with bug infestation, "oh, the jam they eat cost me nothing".
asciilifeform: mircea_popescu: occasionally folks do break things. presently they're stuck 1) publishing, and it gets patched within a day by enemy 2) the enemy's bounties, paid in printolade
mircea_popescu: now you want to pay for cr-whatever. why ? do you expect it'll go any differently ? why ? and so on.
mircea_popescu: asciilifeform, think : paying for tits resulted, before your very eyes, in ever increasing levels of exam taking. yes ? you noticed this, yourself, i said nothing, you complained about it.
asciilifeform: ( and naturally contest would have finite time bound )
mircea_popescu: there wasn't a single noteworthy one in the whole bunch, yes ?
asciilifeform: refereeing will take some work. hence the call for a willing referee .
mircea_popescu: i didn't do that publicly for nothing, after all.
mircea_popescu: consider what "pay for tits" got.
asciilifeform: mircea_popescu is not expected to contribute to the prize pot, if he thinks it is waste of time.
mircea_popescu: this is a naive way of looking at things.
asciilifeform: the snsa boxen, in the hypothetical, will not contain google crapola.
mircea_popescu: i still don't see the merit in this "pay" approach.
asciilifeform: they make their dough via luser rapine, not iron.
mircea_popescu: the idea is to work things so we make more than they do.
mircea_popescu: yes, but you're making less than alphabet is from this deal.
asciilifeform: what public. asciilifeform , right here in torture room, will liberate.
mircea_popescu: i'd be surprised if "the public" has the werewithal to even liberate 500 of them, should a pill be available now.
mircea_popescu: but the blade cuts the wrong way.
asciilifeform: some time after we cure 500 units.
mircea_popescu: if it's software and it's found, well... they'll make a firmware upgrade yes.
a111: Logged on 2018-06-12 19:41 asciilifeform: well yes, for public use. with the caveat that we will not be giving the curative pill to google.
cnomad: oh this chip will get popped someday, it's certainly possible
mircea_popescu: asciilifeform, the only problem is, i'm paying bitcoin to fix google's crapolade ? this sounds a lot like the soviet-sponsored "criticism of capitalism"
asciilifeform: cnomad: it is quite conceivable that the artifact is airtight, and no one will collect the prize. however it is also conceivable that there is, e.g., buffer overflow somewhere in the mass of c crapola, and it can be rooted today, via the usb jack.
mircea_popescu: http://btcbase.org/log/2018-06-12#1823965 << it will onlty follow if you exist. without a registered key, you don't. nobody's going to even pretend "that cnomad guy" is a thing, different or differentiable from any other http://trilema.com/2014/ill-pay-for-your-tits/ ☝︎
mircea_popescu: if well grounded, that limit can be high indeed.
asciilifeform: and at any rate a pill that requires elaborate physical diddling is not suitable for mass curing.
asciilifeform: cnomad: chip appears to be rad-hard, to an extent, also. tho there is a plain physical limit as to rad-hardness of an object half a mm in thickness
mircea_popescu: the claim to the contrary is a political ploy put forth by the enemies of humanity.
a111: Logged on 2018-06-12 19:18 cnomad: is this a technical channel or a political or...?
mircea_popescu: http://btcbase.org/log/2018-06-12#1823930 << this difference doesn't exist. ☝︎
asciilifeform: cnomad: dpa won't do a lick of good, the boobytrap is a rsa pub sig check, no secrets involved
asciilifeform: well ideally he'd have a box to test $pill on
mircea_popescu: doesn't the referee have to be qualified ?
a111: Logged on 2018-06-12 18:48 asciilifeform considers idea of proclaiming a 1 btc prize for a working break of cr50 . any l1 folk interested in contributing to the prize chest , and/or overseeing the refereeing ?
asciilifeform: cnomad: main form of glitch hardening in cr50, going by the src, is the tactic of repeating the various crypto checks N times
mircea_popescu: "smart" cards are not usually all that hardened in practice.
cnomad: yeah they can be generic. Mass produce them so engineers can use them for TPMs and whatnot
cnomad: so this is likely some evolution of that
cnomad: from reading around a few months ago, they use a similar IC that's used for smart cards, which implement a lot of hardening measures like dual rail logic, security meshes, and various other hardening measures
cnomad: that being said, these chips are generally hardened against faulting / glitching / DPA attacks
cnomad: well the most likely non-firmware approach would be finding a way to glitch/fault it ☟︎
asciilifeform: i'ma brb, teatime ☟︎
asciilifeform: the break would ideally be applicable via the http://www.loper-os.org/?p=2415 debug device; or, at worst, by attaching to the test pads on the http://www.loper-os.org/pub/c101pa/h1.jpg pcb.
cnomad: well it could provide some insight into the target
cnomad: yeah, using a SEM/FIB is the easy way
asciilifeform: re 'weeks of nonstop work', understand that the break must be mass-applicable, it is not useful to flip the bits with electron beam in ~one~ particular cr50
asciilifeform: but until then, it is a kind of iphone
asciilifeform: then, e.g. the c101pa, becomes a pretty useful, general-purpose arm64 box.
asciilifeform: the objective is to neuter, once and for all, the nsa master key mechanism.
asciilifeform: so it is just as good to break the 'rma lock' mechanism, as the firmware verification, as i currently understand it.
asciilifeform: simply must point out, if as side effect of the break, the user-loaded data is nulled, this is not a problem for us.
asciilifeform: ( though as i understand it will also be possible as a side-effect of any general break. )
cnomad: but if you re-write the firmware, you own the tpm
asciilifeform: i do not particularly need extraction of user-loaded tpm crapola, it does not do anything for me.
cnomad: especially since this is a generic security chip with potentially more serious applications
asciilifeform: into all currently available cr50 boards, but in particular the c101pa.
asciilifeform: for my purposes, a proper break is when i can load in arbitrary firmware in place of the vendor's. ☟︎
cnomad: If someone popped this chip, I'd value it at _least_ 200k USD. we're talking about invasive analysis that requires equipment, weeks of non-stop work, and experience ☟︎
asciilifeform: ( if the jailbreak is published openly, the hole is likely to be closed in short order. this prolly does not need explaining. )
asciilifeform: well yes, for public use. with the caveat that we will not be giving the curative pill to google. ☟︎
cnomad: if the goal is to liberate it for public use, then it's easier to justify paying less than market rate
asciilifeform: out of curiosity, cnomad , do you think this is laughably small ?
cnomad: how much are you offering for liberating a cr50? fyi, it'll be a _hard_ target
asciilifeform: all you gotta do is to put it where ( http://somewhere/yourkey.txt, not https ) deedbot can see it, and then !!register thaturl .