log☇︎
93400+ entries in 0.052s
a111: Logged on 2016-02-24 04:23 mircea_popescu: omfg alf sees the world like a bee-dog : in black and white and all pixelated.
danielpbarron: oda, also the true word of God
mircea_popescu: o wow, that reminds me
mircea_popescu: then again alf almost sounds like an anime character, doesn't seem to have hurt him any.
a111: Logged on 2018-06-11 18:33 apt-get: rude tbh, I've been using this one online for quite some time
mircea_popescu: http://btcbase.org/log/2018-06-11#1822546 << it's sorta like naming yourself Brick Curb, but hey, if that's what you actually want... ☝︎
mircea_popescu: eventually went to specialist store, bought 3 meters of double-width towel substance, had them rodeando it. 3 * 3500 + 3000 for the work = ~30 bux. now i have a proper beach towel, can seat five.
mircea_popescu: and in other fuck-this-failed-civilisation, NO SHOP in all the fucking town had a proper beach towel. the chinese overlords have decided all towels must be up to 1/3 size and that's it. "i want a towel king bed size" "you mean sheets ?" "no dood. towel." "here's the towels." "these are small."
deedbot: Provide a paste URL to the ascii-armored GPG public key or the full 40 character key fingerprint without spaces or dashes.
asciilifeform: mircea_popescu: i'm picturing the archaetypical baba yaga scoop
asciilifeform: oda: you can start with today's , let's say from http://btcbase.org/log/2018-06-11#1822562 point, the last set of cr50 people ☝︎
oda: asciilifeform: thanks, will do.
mircea_popescu: mostly terrorism and sexual perversion.
asciilifeform: oda: you will definitely want to read the log ( http://btcbase.org/log/ ) and use the search box.
oda: Just wanted to lurk a bit and see what sort of chat goes on here
oda: Hi, just got here after reading the cr50 article on loper-os
mircea_popescu: hand crafted wood. dood was beffudled, didn't really even want to sell it to me. "it's for ovens".
asciilifeform: with which in 10 minutes you can verify that, yes, independent fucking fritz chip
asciilifeform: BingoBoingo: i still find it lulzy how google apparently banked on nobody outside of their heathen pit getting hold of the fucking debug hose. ☟︎
asciilifeform: or better yet, if they dun show signs of a half-working brain, just !!down , dun hesitate, 'ваше слово, товарищ маузер!'(tm)(r)
a111: Logged on 2018-06-11 20:35 asciilifeform: so far my only clue that h1 actually runs the given fw , is that i was able to flash in a vendor update : http://btcbase.org/log/2018-06-08#1821699 and ended up with a slightly different, in the ways suggested by the src, console
a111: Logged on 2018-06-11 19:57 asciilifeform: swiftgeek: given your introduction ( http://btcbase.org/log/2018-06-11#1822589 ) i assume you may be interested in verifying fact that cr50 is not a subfunctionality of the ordinary (i.e. kept in winbond spi ) bootrom or the EC controller ('nuvoton' arm , visible in right hand of photo ). this is very simple to do:
asciilifeform: BingoBoingo ( and other awake folx ) , plz to point future 'fact checker' i_came_from_reddit folx, to http://btcbase.org/log/2018-06-11#1822821 + http://btcbase.org/log/2018-06-11#1822990 etc, if i'm off in meatland ☝︎☝︎
a111: Logged on 2016-12-16 14:31 mircea_popescu: japan got buldozed chiefly because of the utterly immoral attitude of thinking people at the time.
asciilifeform: not 1 would be caught dead giving half a shit re what it all adds up to
asciilifeform: one autist sqeals in delight designing shutter for the drone camera, another -- the rocket proximity cap, another -- likes to draw cute little octopi; etc
a111: Logged on 2018-06-11 01:35 asciilifeform: https://archive.li/A4vO1 << various lulz in re that famous octopus.
asciilifeform: see e.g. http://btcbase.org/log/2018-06-11#1822328 re their public end. ☝︎
asciilifeform: usg cultivates these, from childhood
asciilifeform: trinque: ever meet these folx in the flesh ?
trinque: for one, I'd expect anyone who spent enough time in one to come out the other side schizophrenic
trinque: perhaps the compartmentalized nonsense factory is not such a strong longterm strategy
danielpbarron: crack smokers will burn any time they can get ahold of, granted they generally glob onto other cracker smokers of the have-money-to-buy-more variety
asciilifeform: because somehow this is not insulting to the intelligence of the fucking fruit fly stuck to my display. not even speaking of the l1 lordship.
asciilifeform: it'd be one thing if, say, google dev showed up and 'yes i'ma pgp to mircea_popescu the magic key', or even 'here's the schem'. but nooo, instead they come to 'explain' to us how 'tpm can be used to benefit you' . ☟︎
a111: Logged on 2018-06-11 22:15 BingoBoingo: Well, living in the land of Mate crackpipes you get to see this behavior taken to extremes. They are playing the game where they TRY to burn as many man hours as possible in an unproductive manner.
asciilifeform: http://btcbase.org/log/2018-06-11#1823242 << naaah BingoBoingo , see, different thing. the crack smokers for the most part only burn ~own~ time. ~these~ folx, they want to burn yours, and mine. ☝︎
asciilifeform: they dun make tards, apparently even, like they used to. i swear , the tards from 10y ago were not this thick.
asciilifeform: the very notion that anything whatsoever happening on a nato-produced 22nm die is 'owner controlled'...
a111: Logged on 2018-06-11 21:24 hl`: that's actually a fair point too. as implemented in e.g. PCs nowadays, even putting the closed firmware issues aside, the way they are integrated is _not_ secure. they're just connected using open pins to the CPU, you could easily replay everything
asciilifeform: upstack, observe the lulzfest, where http://btcbase.org/log/2018-06-11#1823026 and then http://btcbase.org/log/2018-06-11#1823205 demands fritz on-die in cpu ! for 'security!' ☝︎☝︎
asciilifeform: the nonseekrit -- with the bulk of the implementation detail.
asciilifeform: seekrit committee generally concerned with specifics of applications (i.e. anything where you gotta know the identity of intended victim, say)
asciilifeform: each wunderwaffen has a seekrit committee , with nsa-vetted gentry, and a larger nonseekrit ('commercial'), for ladling out grantolade to academics and quasiacademics
asciilifeform: (i.e. snarfing up that delish printolade like there's no tomorrow )
asciilifeform: in darpa land they do what in civilized world is called 'освоение бюджета'.
BingoBoingo: Productivity is dangerous. In Uruguay the danger is raising the bar and taking away from crack pipe time. In DARPA land the dangers being fended off are myriad.
BingoBoingo: Well, living in the land of Mate crackpipes you get to see this behavior taken to extremes. They are playing the game where they TRY to burn as many man hours as possible in an unproductive manner. ☟︎
asciilifeform: afaik boneh et al are still there, still pushing the same lulzoil
a111: Logged on 2017-09-15 23:48 asciilifeform: kanzure: i spilled the beans from a similar darpa conference that i attended, in the heart of the beast itself, few yrs back ( it's in the l0gz, spoiler : multilinear map homomorphic crypto is bunkum ) and still waiting for gasenwagen
a111: Logged on 2018-06-11 21:15 swiftgeek: DARPA was messing with that a lot
asciilifeform: http://btcbase.org/log/2018-06-11#1823179 << phunphakt, asciilifeform ( in ascii_butugychag period ) was a slave in precisely that bit of idiocy, sat in the peanut gallery at the derp committee, etc ☝︎
asciilifeform: ^ dun forget what they're famous for..
asciilifeform: it isn't clear that all of their derpery has to date added up to any 'gets done'
BingoBoingo: that, or to repeat the "common" process they are sure gets done all the time. ☟︎
asciilifeform: 'go to repair shop!' the cheek.
asciilifeform: BingoBoingo: it isn't clear to me, what, if anything, these folx wanted, other than to waste our time.
BingoBoingo: And with the read only brains, only hope they have is that they are interesting enough to an MP for them to recieve their exploitable crash that re-enables write access.
BingoBoingo: Well for most people, wife replaced while they sleep would probably be +EV
asciilifeform: rotten old fungus man rms, you can say whatever about, but he was exactly on target re how this particular item will go, back in '97. first, 'it only stores keys, harmless!' ( and won't give'em up to usg Because Reasons ... ) then 'ok now it can rewrite fw' 'yer lying, they Would Never!11!!' '...'
asciilifeform: BingoBoingo: somehow the derps obsess with 'wife replaced while you sleep' scenario. aaaand then go on to advocate elaborate tpmdildo that makes this scenario actually workable.
BingoBoingo: <hl`> that doesn't protect against physical attacks. << Buy a dog and carry a hammer
asciilifeform: if anyone was puzzle re naggum's remark concerning 'read only brains' -- here they are!
asciilifeform apologizes to log reader for having allowed this waste of time to clutter the chan.
asciilifeform: in one ear and out the other, apparently . ☟︎
swiftgeek: anyway that covers everything for me, i can only wait for more docs to appear (or dead boards)
swiftgeek: anyway so far there is no root of trust implemented in SoC that respect end user
swiftgeek: and TPM implemented so poorly that it doesn't reset x86 with it
swiftgeek: but exploiting TPM firmware so much that it resets
swiftgeek: yep that makes it possible even with root of trust
hl`: (see TPM reset attacks. the TPM specification people claim that these were fixed with TPM1.2, this is not correct however)
hl`: that's actually a fair point too. as implemented in e.g. PCs nowadays, even putting the closed firmware issues aside, the way they are integrated is _not_ secure. they're just connected using open pins to the CPU, you could easily replay everything ☟︎
swiftgeek: and in x86 case that happens to be EC
swiftgeek: otherwise i will exploit other device on the bus and replay it remotely
swiftgeek: hl`: anyway only with proper root of trust you can measure all stages with tpm
asciilifeform brb, teatime
asciilifeform: any other notion of 'root of trust' is fritzian.
asciilifeform: back upthread -- discussion of 'roots of trust' WILL start with , at the very MINIMUM, iron where i can fucking see the transistors through optical microscope. and never with anything else.
swiftgeek: nah i was just referring that qcom code is generating code that generates to generate code that (....)
asciilifeform: if anybody told you otherwise, he is a dirty liar, and probably selling snake oil.
asciilifeform: ( and there is no known complexity class pindown of factoring. )
asciilifeform: there is not even a proof that the difficulty of rsa is equivalent to that of factoring.
asciilifeform: and in particular a reduction of ~every~ generated key, rather than avg case.
asciilifeform: at any rate there does not currently exist ANY usable crypto algo, of any purpose, for which a complexity class reduction to any class is known.
swiftgeek: and not at all for anyone trying to exploit it xD
asciilifeform: it exists strictly to slightly increase the headache for reversers, and is not interesting tech from my pov
asciilifeform: http://btcbase.org/log/2015-08-12#1236209 << see also thread ☝︎
swiftgeek: asciilifeform: no this is qualcomm modem code
asciilifeform: hl`: this is a perpetuum mobile.
hl`: i.e., you'd have to solve the halting problem to write a program which can analyse the generated programs in the general case, meaning that any computational malevolence (compromised silicon, etc.) can only compute the result of the algorithm by executing it unless someone solves the halting problem
swiftgeek: DARPA was messing with that a lot ☟︎
asciilifeform: this is an eprom. and i've had them in physical possession long enuff to know that they weren't touched by fucking nato. and , on top of this, i can physically photo the crystal without decap.
swiftgeek: asciilifeform: those packages are expensive and cute :)
hl`: general case - basically using the halting problem as a trapdoor function.
hl`: asciilifeform: that's actually an interesting idea - i've toyed with a similar idea previously, though for different applications. basically, my idea was to come up with some way of algorithmically generating algorithms such that the algorithm generator can know the correct answer computationally easily, but where the structure of the algorithm is highly randomised such that it resists analysis in the
asciilifeform: let's take an example of trustworthy iron : K573RF4 ( https://eandc.ru/pdf/mikroskhema/k573rf4.pdf ) ☟︎
swiftgeek: cost / power efficiency / tooling
swiftgeek: you wouldn't go below 65nm if you are sane for tpm
asciilifeform: if you cannot determine via physical means that the proggy as-published is actually executing on the given device
asciilifeform: which resolves to 1) i wrote the code 2) i know that the die was not built in advance to subvert the functionality of said code