190 entries in 0.12s
robwhiz22: asciilifeform, I can tell you that for others who have purchased services like this from me they have been extremely pleased with the results. But I can't do weeks of work on spec. (without payment.)
robwhiz22: asciilifeform, for what it's worth I am not associated with any agency - my analysis, and follow-on proposal, is my own. Moreover some parts are high-level and you will have to repeat some of the work you've done if you so choose.
robwhiz22: asciilifeform, fine. But I think if you're saying a link was zapped it would make sense to mention it.
robwhiz22: (I often change it to a day or an hour or whatever)
robwhiz22: You never change "Paste expiration" from the default, Never?
robwhiz22: asciilifeform, your pastebin was removed?
robwhiz22: asciilifeform, nobody cares about your pastebin
robwhiz22: asciilifeform, moreover I always state my reasoning and am not associated with a group - the NSA M.O. is to just silently give directions on what to do.
robwhiz22: asciilifeform, I have not given you any recommendations that are low-level enough to match that description.
robwhiz22: It's probably because \ is an escape in whatever scripting language this bot is hacked together in :) :)
robwhiz22: asciilifeform, why is tor sinning?
robwhiz22: Why don't you check which IP's have accessed it? Google tracks and shows you.
robwhiz22: TestingUnoDosTre, yes, definitely.
robwhiz22: It was supposed to just be a summaary so, you know, I'm not just claiming to have something.
robwhiz22: Well, to be fair, I didn't expect it to be posted publicly so I did not clean it up for public disclosure. Since then I've also had to explain the mitigation on point 2.
robwhiz22: But at any rate if this is the forum where any serious business negotiation goes on, so be it.
robwhiz22: Yes, I would have expected you to see them when I came in here to follow up (as that was the only reply I received from Mr. Popescu).
robwhiz22: asciilifeform, I asked you - Have you also seen my emails to Polimedia?
robwhiz22: spam is a "healthy" mixture of "ham" and "pork"..."shoulder"
robwhiz22: Hi, this channel flashed. I think it's ridiculous to voice me only if I am spoken to.
robwhiz22: So far they have slipped over 4 months on a delivery schedule, and have a non-functional product for the usage described.
robwhiz22: So, if someone is an investor in n.nsa they can commission the internal design proposals (and briefer security overview of the current Cardano). They can own the results until/unless N.NSA uses it, and if N.NSA never ships anything, then it won't be a total loss to the investor.
robwhiz22: Also, ad hominem name-calling (obviously) doesn't improve designs. However, I have had bosses that swear like sailors, so I will let it slide.
robwhiz22: asciilifeform, you have misunderstood me and I do not intend to receive any internal informatoin about your supply chain, designs, or anything else. I would just contribute based on what I have found publicly.
robwhiz22: Out of my experience, it does help to receive half up-front and then half when I state the documents are prepared and show their existence and length.
robwhiz22: I don't need any details or any input from you. The process doesn't need to be iterative.
robwhiz22: (This is a shorter document and will remain at a higher level. It is not a low-level security audit.)
robwhiz22: asciilifeform, I will include an analysis of whether you can rely on your chip design which cannot be reflashed over USB, as part of the first part (the Cardano A full document).
robwhiz22: asciilifeform, there are vectors (social/business/etc) to reflashing over USB that you should think of before considering silicon boobytraps.
robwhiz22: asciilifeform, if you were "sure" you wouldn't have offered a bounty. The purpose of the bounty is to motivate active, friendly attack.
robwhiz22: asciilifeform, this, coming from someone who isn't sure whether his chips can be reflashed over USB :)
robwhiz22: asciilifeform, I am also not selling completed designs but rather internal high-level proposals for your consideration.
robwhiz22: asciilifeform, manufacturing is actually a smaller value-add than design, because someone can always copy your finalized designs.
robwhiz22: asciilifeform, I guarantee you that you will see very big value in your resulting market. In additition, no longer selling snake oil- i.e. a product that actually works in the usage cases offered - is its own reward.
robwhiz22: fluffypony, for both of those reasons it would not make very much sense for me to take their idea and compete with them. They're just the ones to do it. (Or so I thought.)
robwhiz22: fluffypony, as mircea_popescu and asciilifeform have shown by slipping 4 months on their delivery schedule, it is extremely difficult to bring a security product to market. Plus, it's their idea. It really would be better for them to have the proposals for their consideration. I suppose they can also share in here if they want wider feedback.
robwhiz22: well, mircea_popescu has said in channel that he put me on ignore (a strange reaction after inviting me in here.) As I presume he and the chief engineer make joint decisions, the only way the investors in s.nsa will have the benefits of the new design, and corrections to the existing design, is if they pay for them as part of supporting their investment. ("Adding value", so they say.)
robwhiz22: mircea_popescu, I could be wrong of course.
robwhiz22: mircea_popescu, however I believe you are not interested in selling snake oil and would be genuinely interested in creating a product that meets your basic claims about it.
robwhiz22: mircea_popescu, if you were not interested I would have expected that reply from you to one of my two follow-up emails.
robwhiz22: fluffypony, it's an EXTREMELY unusual request from mircea_popescu that business be conducted here.
robwhiz22: fluffypony, I've never made a sale in apublic forum like htis.
robwhiz22: They will only receive a copy of the proposal if mircea_popescu and asciilifeform decide to share it however. It is important not to get people's expectations up if some feature won't be included in the first iteration, for example.
robwhiz22: If investors are here they may read the private proposal and step up to pay for the report and internal design proposal. 15sdNNq9Rk8JM7VENnPvPeoCwTW7ScHHZA
robwhiz22: fluffypony, the amount isn't totally fixed.
robwhiz22: fluffypony, the amount varies. I've taken into consideration the fact that Polimedia is a 'startup' and also not asking for any equity, royalty, etc. It's also trailblazing something radically new.
robwhiz22: asciilifeform, like I said if you are convincing people to trust an insecure design that is unfit for the usage case you sell, you are a fraud. Convincing people to trust it is fraudulent.
robwhiz22: asciilifeform, it is not a main sourcecoming. I've only summarized things that render the Cardano totally unfit in its present form.
robwhiz22: asciilifeform, the issue you brought up about reflashing is one that I wanted to address very briefly in the shorter write-up on the Cardano A. I believe you've found microcontrollers that can't be reflashed from USB.
robwhiz22: asciilifeform, moreover perhaps attention to detail is what caused some of the shipping delays to begin with. This is why I wrote with a proposal to help while things can be helped.
robwhiz22: asciilifeform, they are not fools. So far you haven't shipped something broken, and have the time and resources to fix things.
robwhiz22: fluffypony I think they have sufficient investment to cover the design. It's a very low amount due to the category being totally new.
robwhiz22: asciilifeform, it was my understanding that you and mircea_popescu have taken investment for it. Why would you use it to manufacture sometihng faulty that does not meet its described usage case? That is fraudulent.
robwhiz22: (by 'this idea' I mean your device.)
robwhiz22: asciilifeform Because the machine is unfit to be manufactured today. Why would I "wait for it" and have this idea totally disappear, instead of being iterated on and working and being something big.
robwhiz22: (bounce, I've received agreements)
robwhiz22: mircea_popescu and asciilifeform are selling hte snake oil that they will fix this. They have taken investment for it. Their solution is totally broken and unfit for this usage case.
robwhiz22: he keyring passphrase would in all likelihood compromise that key."
robwhiz22: The idea of the Cardano is quite simple. It is described in mircea_popescu's specs:
http://trilema.com/2013/snsa-first-product-the-cardano/ -- it says, "Consider the case of visiting a random net cafe or public library. Without Cardano you are in a relatively tough spot : even should you carry your gpg keyring and gpg software on a USB stick, and even should you be able to install gpg software on the respective computer, typing in t
robwhiz22: Apocalyptic, but it's only snake oil in the current design :)
robwhiz22: Apocalyptic, yes. And the snake oil being sold here is that if you have an attacker with physical access, then if you have a Cardano you haven't lost. It's snake oil.
robwhiz22: bounce, the audience for that letter was Mircea who I think understands security to a certain level. I am happy to explain any of the points, but it was not a public document.
robwhiz22: Apocalyptic, did you read the pastebin? It was not cleaned up for a public disclosure but I can answer any questions on it.
robwhiz22: ThickAsThieves, new architectures for radically new product categories don't write themselves. It will take me six weeks just to come up with 20-50 pages at a high-level.
robwhiz22: ThickAsThieves, I offered 3 specific ways in which the Cardano fails to meet its mission.
robwhiz22: asciilifeform, and you are the same kind of "engineer" as the ones who promise a perpetual motion machine and take investment for it from people they dupe. How does this help the conversatoin?
robwhiz22: asciilifeform, as mentioned ad hominem attacks don't improve a design. I can say that usually, companies will have several iterations of completely internal design proposals that htey will consider. I've never heard of a company that wanted to ship products thta would have wanted proposals (even from consultants etc) to be public in this way.
robwhiz22: I did not intend for nubbins` to publish those two pastebins. I can answer any questions on them.
robwhiz22: mircea_popescu, that is a good policy.
robwhiz22: mircea_popescu, I'll try to reach you tomorrow. What is the best time to talk in here?
robwhiz22: mircea_popescu, I will have to go soon.