mircea_popescu: BingoBoingo, fwi, "No word from oil insiders on interest in the shambling cryptographic provenance solutions still in search of a problem to solve and customers to buy it; but this has not deterred Team Cockchain ("Smokin' it!" ®) from announcing eleventeen different projects to disrupt this massive industry from its mother's basement." makes 0 sense to me.
asciilifeform: i had nfi mircea_popescu welded !! world turned upside down!1111
mircea_popescu: http://btcbase.org/log/2018-06-13#1824464 << in perhaps better formulation, the very point of having arbiter is so as to avoid exam taking ; the whole point of having "written contract" (import here pizarro's coc, import here the "opposable instrument" thread with trinque, etc) is to permit exam taking. these are contrary design constraints.
a111: Logged on 2018-06-13 00:07 phf: yes, but if you are going to establish a procedure why do you need an arbitrator, or in other words, i don't see a point of separate arbitrator if the process is your own
a111: Logged on 2018-06-12 23:39 asciilifeform: phf: you will test using your c101pa. and so you will need the debug snake, i will need to put the output of sysinfo , ver , brd , etc cr50 console commands into the statement.
a111: Logged on 2018-06-13 00:06 asciilifeform: phf: correct, full overwrite of whole 256kB fw space with arbitrary bits . repeatably.
a111: Logged on 2018-06-13 00:07 asciilifeform: after $time , phf goes and buys, from amazon, a c101pa , and administers the pill. if it is cured just the same as his current one, the other half of prize is to be awarded.
phf: http://btcbase.org/log/2018-06-13#1824502 << right. it's also not a good idea for an arbiter to sign someone else's exam, as if it's anything but. i've offered to run the proposed experiments without arbitrating, but that's not what ascii wants.
a111: Logged on 2018-06-13 00:30 mircea_popescu: http://btcbase.org/log/2018-06-13#1824464 << in perhaps better formulation, the very point of having arbiter is so as to avoid exam taking ; the whole point of having "written contract" (import here pizarro's coc, import here the "opposable instrument" thread with trinque, etc) is to permit exam taking. these are contrary design constraints.
asciilifeform: mircea_popescu: pogo ? they're as usable as ever as soon as somebody gets trb into 256MB, lol
phf: asciilifeform: i'm up for a job of contest arbiter, i don't think that what you're proposing is arbitration. i thought that you're going to give goals, and it's up to me to evaluate if the goals have been achieved. but you want me to merely verify your procedure. that's fine, but that doesn't make me an arbitrator.
mircea_popescu: i think you conflate economics and coolness. for one thing, an original trinitron bought the year sony came out with them was like 5k ? or some shit like that. for the other thing, 1k from 1988 is like 10-15k today. so... i don't see the $100k price tag that'd merely cover inflation.
mircea_popescu: meanwhile the same money put in bitcoin went from $2 to whatever the fuck.
a111: Logged on 2018-06-12 21:02 asciilifeform: it isn't even wholly about the machines, from asciilifeform's pov, asciilifeform would like to see the enemy bleed some, hear the laments , see the mules driven before him, etc
asciilifeform: mircea_popescu: the cost on my end , to buy and transport, was about 300bux. now you can prolly turn this into a few grand, if you compare against 'keep coin in pocket' , sure
asciilifeform: but by this token nothing ever wins against 'keep in pocket' afaik.
asciilifeform: and if comes the hour that we need 500 clean boxes, for whatever, e.g. unattended shortwave relays, there they are.
mircea_popescu: anyway, your design is dysfunctional in that (even allowing for it modelling somewhat close to reality, which i have no faith it does) suppose today someone gives you a working pill, and june 27th google patches the hole. and the someone says "dood, i have nfi, i honestly didn't tell anyone anything".
mircea_popescu: you may have no need, but putative player has no way to control wtf will hapen in a month.
asciilifeform: he does not, correct. therefore he is to be cognizant that he is taking a chance.
asciilifeform: but in any case it must be in his interest to not immediately run to enemy.
mircea_popescu: well, to me this seems a much larger risk than the possible insolvency of alf.
asciilifeform: if mircea_popescu can think of some kindler, gentler means of arranging this incentive, asciilifeform is all ears
asciilifeform: but asciilifeform has NO desire to simply pile btc on top of google's 500k or whatver, bounty.
mircea_popescu: seems to me that if the one is looking to eat out of his work, he'll likely not even know you exist. because the sort of people dumb enough to depend on their daily labour for their sustenance while at the same time smart enough to reverse engineer are a very narrowly defined set. one is guaranteedly pantsuit.
mircea_popescu: whereas if he knows about you, it seems altogether unlikely he'd even consider talking to google about it, and for the same reasons.
mircea_popescu: so... i can't imagine the problem you're trying tro approach even exists, which is why i can't come up with a way to solve it.
asciilifeform: by this logic ( and i suspect that mircea_popescu is right , in earlier thread ) there's no point .
mircea_popescu: well looky, i'm not trying to ruin your fun here, but if yo uwant me to try an follow along ima try as best i can. so far, it's not taking me far.
phf: asciilifeform: my thinking is that your goals ("didn't leak to google") ought to be separate from the testing procedures ("can buy from amazon in a month"). some of your goals are potentially untestable and it's up to whoever's doing independent verification to come up with the procedure for testing, or dismiss the goal as untestable. then up to you to either find a different arbiter, or agree not to pursue one of the goals. i think that providing both
phf: goals and procedures inadvertently put the arbiter in the position of affirming that the goal has been or been not achieved but without following own procedures. in other words you want me to potentially call that the source has been leaked to google, but rely on a procedure that i can't possibly consider adequate for the verification.
asciilifeform: phf: i'm still waiting to hear why the test algo i proposed, somehow resolves to 'untestable'
asciilifeform: imho i have described enough of a mechanical litmus, that a referee can stand on solid ground.
asciilifeform: phf: if you still feel like refereeing, feel free to propose own set of procedure , to asciilifeform .
asciilifeform: ( if 'he made this bizarre algo and i cannot make heads or tails of it' is the obstacle )
mircea_popescu: consider this : i set up a tent at porcfest, advertising "mp slavegirl intake". and there is sure enough a lengthy line of bikini clad beauties before it. i also put slavegirl in tent, and instruct her to reject the ugly ones. ugliness is "mechanically testably alf 3.o" defined as "lacks third tit". end of day, my slavegirl's pretty downcast.
mircea_popescu: "what the fuck is your problem ?" "i just spent all day telling teenagers they're ugly because they don't have three tits".
phf: i don't think "can still buy and diddle of amazon in a month" is adequate test for "didn't leak the patch to google". but i don't think there's a procedure to test the goal in general (see absence of evidence above). perhaps you could restate the goal, but then whatever restatement i'm not sure it will be under the control of the participant. in fact as mircea_popescu pointed out, a restatement of this particular goal simply introduces a random element
asciilifeform: thing is more or less guaranteed to get some attention in enemy camp.
asciilifeform: on top of whatever massage already done ( and much as i hate to say it, it seems like a fairly high quality boobytrap )
asciilifeform: y'know, sorta like those italian all-plastic mines with three anti-handling detonators.
asciilifeform: all in all, i'd rather not have the contest at all, than to chance to give coin to fucking alice_m to add coin cherry to the top of a google bounty cake.
asciilifeform: phf: speaking of which, consider the easiest winner , if the anti-patch condition is absent -- a google shitmonkey who knows the hole already and 'wins' on the monday right prior to patch tuesday.
mircea_popescu: it's entirely there, that's exactly how this "foss" shit works, by sexiness.
phf: "wanted: johnny pistolas. $1000 dead or alive. bounty not accepted from relatives."
asciilifeform: phf: no, again, 'bounty not accepted if he turns up alive within month of 'his' head being brought in'
mircea_popescu: asciilifeform, notice how well arbitering works! i have no way to specify ~whether~ im actually paying a coin into this shipile or not. NOR DO I CARE. i'm just letting you arbiter.
mircea_popescu: phf, "bounty $100 paid for any information of whereabouts of dangerous criminal, except if he shoots the police and escapes"
asciilifeform: if mircea_popescu doesn't see how the contest can be set up without creating a refereeing clusterfuck, or enriching alice_m, then i refuse to ask him to put any coin into any such thing.
asciilifeform: but if one of the folx tuned in, knows how to make the binomial add up, plox to write in.
mircea_popescu: asciilifeform, honestly, it was a pretty entertaining and informatrive discussion, by my lights. what mosfilm always wanted to make and never managed.
cnomad: it might be harder to assemble a team than a contest, but you'll prolly have better results
asciilifeform: revisiting upstack : i categorically refuse to pay for any cr50 related work that does not produce a working and practically applicable pill. because there is no way to ensure that 'paid to advance art' rather than 'paid 10 derps' mortgages and student loans'
cnomad: well that's where reputation comes into play
asciilifeform: cnomad: on the contrary, the shitstack that passes for modern pc and its soft, is result of 'hire a team'.
a111: Logged on 2018-06-13 01:49 asciilifeform: revisiting upstack : i categorically refuse to pay for any cr50 related work that does not produce a working and practically applicable pill. because there is no way to ensure that 'paid to advance art' rather than 'paid 10 derps' mortgages and student loans'
mircea_popescu: though, amusingly, the costa rican standard of food service is "solo bueno", which literally means they'll waive charges for items you didn;t like.
asciilifeform: mircea_popescu: if d00d never returns, he'll get gc'd at some point, neh
a111: Logged on 2018-06-08 13:41 asciilifeform: re upstack -- i do not currently have an 'allwinner', cannot comment re its uboot definitively.
spyked: by uboot) and a 'bl31.bin' (again, no idea why, bl31 "secure runtime" crap is part of arm bsp).
spyked: I've also found some work aimed at replacing some blobs ( https://github.com/crust-firmware/crust ), but I've currently no way of checking whether that really works (don't have an allwinner board atm), so this is where my digging stopped.
mircea_popescu: spyked, ill tell you why. cuz most "geeks" that are "interested" can't compile anything.
mircea_popescu: if you include the bins they get to play-pretend along. MOAR USERS
a111: Logged on 2018-06-13 12:56 spyked: mircea_popescu, that's what I thought too, but it's a different item. apparently a binary for separate core in allwinner SoCs, http://linux-sunxi.org/AR100 prolly their version of fritz chip.
asciilifeform: ( and not, as some might think, using a dartboard, lol )
asciilifeform: 'world's greatest magician cannot pull a rabbit out of a hat unless the rabbit is actually in the hat' or how did it go.
mircea_popescu: it's there, they're just all effectually crippled. like dood that has enough sense to not try going at it without fume hood who nevertheless doesn't enough sense to recognize that "you asked for it" is a very poor excuse indeed for registering an expired key.
asciilifeform: lol maybe he read our mega-thread re how gpg expiration is bogus
mircea_popescu: it's the exact equivalent of "aluminum is not available in the crust [because it's chemically bound with crap so strongly we don't know how to tear it apart [until electrolysis is made possible by cheap electricity]]".
mircea_popescu: "even the greatest magician can't produce metallic aluminum from sample until he has hydro plant"
asciilifeform: aha, similar. ( in washington there is a gigantic monument , tipped with fist-sized piece of aluminum, pre-electrolysis / alcoa co. , when it was priceless ; prior to being installed on monument, thing was exhibited in new york, folx were permitted to... step over it, in a museum, 'i stepped over washington's monument!11' )
asciilifeform: ( incidentally, the 'now you can charge from ordinary usb!' was a bait-and-switch crock of shit, plugging usb-c into ordinary usb doesn't supply even 10% of the needed current, what the thing does with its brick is to negotiate a much higher voltage, up to iirc 40v )
asciilifeform: admittedly the brick is a standard part, rather than a googlism. but still ugly.
mircea_popescu: instead of telling daughter how she'd better take 1st place at tailhooker's coed beauty contest if she wants any supper, there she was "raising awareness" about "equality in the workplace". well now!
BingoBoingo: In other parasites: "The University of Oxford is being mocked for an email in which administrators suggested that the "highly developed social conscience" of students draws homeless people to the city of Oxford"
a111: Logged on 2018-06-13 15:15 asciilifeform: meanwhile , in sad noose, cr50 apparently would be a 1st-class bitch to fully replace, it ( among errything else ) also does the power brick negotiation thing
a111: Logged on 2018-06-11 15:46 asciilifeform: one interesting observation, is that the update mechanism lets you flash in arbitrary crapola into 'rw' section ( it simply won't jump to it if it doesn't pass rsa(sha256(payload)) ) . so theoretically could put a nop sled there, ending with jump into the magic half of unlock routine. and then expose the thing to beta/gamma, and perhaps in a few months it will Do The Right Thing
asciilifeform: phf: i was thinking of producing a coupla dozen snakes, to hand out to people, but per yesterday's mircea_popescu thread it seems not to be worth it
phf: asciilifeform: i think you _might've_ misunderstood the thread. the point seem to have been not so much that the whole attempt is pointless, but it's the framing that was questionable. if you make a couple of snakes and send them at own expense to interested l1/l2, i don't see how it won't be worthwhile. we just don't have any idle reversers, who want to take a stab at it for the lulz, available at the moment.
asciilifeform: ( unlike, say, certain pnoje makers, where you ~can~ ransom the unlock )
asciilifeform: my current understanding is that the 'rma unlock' thing is used during factory refurb, so asus et al prolly have it
phf: asciilifeform: i suspect chromeos partner console is on a need to have basis. if it's just oem partners, then i'm out of luck, but if there's some flexibility there, then yes, there are official channels
asciilifeform: phf: see if you can get 1, if can also get 2... it'd be useful for glitching experiments
asciilifeform: ...and potentially for dpa experiment. rma unlock , turns out , generates a disposable seekrit ( good for N tries, i fughet what N is ) , encrypts to google's ecc pubkey, and expects to be given the magic string back, to unlock
asciilifeform: in a rigged fw, could run this routine and watch for dpa correlates.
asciilifeform: the 'add 5% random NOPs during hashing' is not a watertight pill against dpa.
asciilifeform: but would need at least 1 actually popped cr50 chip, to tune the probe.
asciilifeform: if one could guess the 32byte magic even 0.01% of the time, could unlock a unit in a day or three.
asciilifeform: likewise, with a popped unit it will be possible to take multi-GB samples of the onboard rng, and examine this.
asciilifeform: in other lulz, 'The signature verification routine in Enigmail 126.96.36.199, GPGTools 2018.2, and python-gnupg 0.4.2 parse the output of GnuPG 2.2.6 with a “--status-fd 2” option, which allows remote attackers to spoof arbitrary signatures via the embedded “filename” parameter in OpenPGP literal data packets, if the user has the verbose option set in their gpg.conf file.'
asciilifeform: and '...interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.' etc
mircea_popescu: http://btcbase.org/log/2018-06-13#1824856 << to be plain, the argument is "hey, you just watched this dood produce broken reasoning in the vein of replacing 'it is my responsibility to register you rightly told me i fucked up the process, for which i am ashamed as i should be, it is after all my responsibility to have my keys' with 'you asked me to register [therefore you somehow owe me somthing, you totally weren't pointing
a111: Logged on 2018-06-13 02:09 trinque: I dun recall kicking, or even telling the guy to leave.
mircea_popescu: out my factual and utterly obvious shortcoming], i'm doing you a favour, tough breaks for you that '''the server''' was out of date [which totally isn't my failure, inasmuch as it was my server, that's why i keep it around, to randomly dissociate when things happen]' without skipping a beat. it's therefore reasonable to expect similar breaks from reality to be triggered in similar circumstances. inasmuch as the setting broken
mircea_popescu: bones hospital doesn't jump on the broken bones to make the point the bones are broken, might as well abstain from pointing out to 14 yo cunts captive in 40yo reverse engineer's bodies that they're transparently and for everyone evidently 14 yo cunts."
mircea_popescu: that said : i don't specifically care either way, but now explicitly.
mircea_popescu: in any case, the "unhappenings" we've been laughing at aren't ~alien~ technology. they're how the victims of child abuse react to the world "naturally", in the sense of, having had it browbeat into them by the shameful harpies of http://btcbase.org/log/2018-06-13#1824975 ; both in the family and at "school" / football practice / we.
a111: Logged on 2018-06-13 15:42 mircea_popescu: it's gonna be such an open season of old woman head on pike soon enough. "but what did i do ?!" "you were someone's mom in the 90s/00s weren;'t you ?" "yes i was!" "fuck you, bitch."
mod6: Hi all, Pizarro is working on some advertising materials - in particular banner ads that can be placed on blogs / sites. We'll be coming up with some sort of amount we can pay for advertisers per month to have this up on their homepages / main pages.
trinque: it's fair; I can be slightly more tolerant of noobery
mod6: I just created one, and I encourage all involved to throw their hat in the ring. Typical sizing I have found for these are: 446px x 63px
mircea_popescu: trinque, hey, i'm specifically not even asking you to. fuck them, let them learn to live in the world before asking the world to change to accomodate.
a111: Logged on 2018-06-13 16:56 phf: asciilifeform: i think you _might've_ misunderstood the thread. the point seem to have been not so much that the whole attempt is pointless, but it's the framing that was questionable. if you make a couple of snakes and send them at own expense to interested l1/l2, i don't see how it won't be worthwhile. we just don't have any idle reversers, who want to take a stab at it for the lulz, available at the moment.
a111: Logged on 2018-06-13 17:44 phf: asciilifeform: i suspect chromeos partner console is on a need to have basis. if it's just oem partners, then i'm out of luck, but if there's some flexibility there, then yes, there are official channels
a111: Logged on 2018-06-12 21:04 mircea_popescu: also, i can say it is extremely unlikely your preliminary "thousands" figure is correct.
ben_vulpes: second step in clickbank signup is "who do you bank with and what's your ssn"
mircea_popescu: ben_vulpes, the reason it's interesting is that it is the de-facto home of ~anyone left who's still doing cpa.
mircea_popescu: sorta like you trying to get into porn -- you can't complain about "having trouble with gfy.com", and so on.
mircea_popescu: http://btcbase.org/log/2018-06-13#1825015 << what "software development" even is for. this great foss movement that gave us so many wonderful things, such as a firm guarantee to the usg that there's AT LEAST a little idiocy in everyone's computer no matter what.
a111: Logged on 2018-06-13 18:56 asciilifeform: and '...interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.' etc
mircea_popescu: lobbes, alternatively, if you find actually interesting banner selling ppl i'll both pay you for the effort and buy their banners to help take some load off zee pizarro. you have almost enough here to start your own "digital media" agency, just need to hire some worthless ditzen now and is all set!
asciilifeform: mircea_popescu: the uruguay locals ? they eat (yes, eat) pot by the pound, it looked like
ben_vulpes: seems like clickbank wants to own the entire payment flow, and looks at first blush to only eat credit cards
mircea_popescu: possible. in other similar lulz, juicy ads (whom, incidentally, i remember from the days the dood starting it was a junior/nobody with a "new project!!", 15+ years ago) refuses to deal with crypto because "we are respectable company".
asciilifeform: regular installments, asciilifeform tbh does not follow subj in realtime
asciilifeform: 'The authors of the new 66-page paper do not have emails or documents that prove that Bitfinex knew about or was responsible for price manipulation. The researchers relied on the millions of transaction records that are captured on the public ledgers...' << lol
asciilifeform: 'helped government authorities and academics spot suspicious activity in the past' << didjaknow.
ben_vulpes: i had some suspicious activity in the alley around my trash last week, where's my blockchain analysis support
ben_vulpes: asciilifeform: i am similarly poorly equipped to speculate/trade, but now at recent lows strikes me as a bad time to convert btc to cash (unless it goes lower, ofc)
mircea_popescu: well, consider the situation in the field. the unearned income acct hurt, in that pizarro will have to service in the future in excess of current fiat value ; the capital goods acct helped, in that the servers it owns are worth more in btc than they were when bought.
asciilifeform: i haven't any idea is it's a local min or the beginning of a slide back into 2015 or whichever way, my voodoo is weak
asciilifeform: mircea_popescu: aah i think i get it. 'iron is the master of them all'(tm)(r)
mircea_popescu: yes, if pizarro had 10 btc worth of gear end of q1, then pizarro'd have had 15+ btc worth of gear today.
mircea_popescu: it didn't, so it could be argued it "missed out" on earning 5btc for its principals. but that argument, like any other icahn-speculative truths, is weak.
mircea_popescu: still : cash position protects against fiat depreciation (which is why unearned income acct hurt, it's a negative cash acct) ; whereas tangibles position protects against fiat appreciation.
mircea_popescu: currently the financial position of pizarro is long cash / short tangibles (90/10 or something like that is the split iirc ?) meaning it will gain when fiat depreciates and lose when it appreciates.