Forum logs for 27 Oct 2018
| deedbot: | http://qntra.net/2018/10/systemd-vulnerability-allows-crashing-systems-remotely-and-probably-executing-code-too-with-dhcpv6-packets/ << Qntra - SystemD Vulnerability Allows Crashing Systems Remotely (And Probably Executing Code Too) With DHCPv6 Packets | [00:13] |
| mircea_popescu: | o hey Mocky | [01:46] |
| Mocky: | good morning | [01:46] |
| mircea_popescu: | top systemd keks. pwn eins! | [01:46] |
| * BingoBoingo | still waiting to hear the new fope's identity | [01:47] |
| mircea_popescu: | BingoBoingo it was just a throway oneliner ic ame up with while walking off a steak, sadly no more there. | [01:50] |
| Mocky: | mircea_popescu, do you have any interest in kuwait? if so I can keep this lead warm on the back burner while I work qatar | [01:50] |
| mircea_popescu: | Mocky not particularly, but i mean... your gf or w/e. | [01:51] |
| BingoBoingo: | <mircea_popescu> BingoBoingo it was just a throway oneliner ic ame up with while walking off a steak, sadly no more there. << AH, I though maybe Tess Hollandaise died of excess mass and had been replaced as leader of the hamplanets by a younger, dumpier model | [01:55] |
| mircea_popescu: | fraid not. | [02:12] |
| deedbot: | http://trilema.com/2018/cabinas-genesis-y-otras-ostras/ << Trilema - Cabinas Genesis y otras ostras. | [02:57] |
| diana_coman: | http://trilema.com/forum-logs-for-26-oct-2018#2490435 - ok, I'll implement it this way then and we see | [03:54] |
| a111: | Logged on 2018-10-27 01:49 mircea_popescu: http://btcbase.org/log/2018-10-26#1866669 <<< this statement is too general. "which one has the largest first octet". that's it. | [03:54] |
| deedbot: | http://thetarpit.org/posts/y05/07e-hermannstadt-ii.html << The Tar Pit - Hermannstadt, part two: the huge-ass photo shoot | [07:44] |
| deedbot: | http://www.loper-os.org/?p=2593 << Loper OS - Can the Serpent Cipher fit in the ICE40 FPGA? | [12:36] |
| mircea_popescu: | asciilifeform basically, if it fits in 1/3 of the chip ? | [12:49] |
| asciilifeform: | approx, yes ( tho keep in mind that said chip, in order to do useful work, gotta have at least a bit of room for other things, unless one were to equip board with >1 ( not end of the world, they're, what, 8bux ) ) | [13:16] |
| hanbot: | mod6, ben_vulpes, et al: nicoleci sent 31 emails (as per http://btcbase.org/log/2018-10-13#1861765 ) to various news outlets last night, and will report any replies here. i expect more mail to go out this week, will update. | [13:17] |
| a111: | Logged on 2018-10-13 07:14 hanbot: anyway the idea is to have an exhaustive list of news outlets with their contact email made, after which i'll have her mail that blurb i expect something like a week's turnaround, and will report when it's done. | [13:17] |
| asciilifeform: | mircea_popescu: observe also that the sbox mechanism is 'bitsliced' (i.e. the bits move only 'vertically' there ) so potentially it can be shrunk at expense of speed . so the real puzzler isn't 'does serpent fit', it can almost certainly be shoehorned, but 'with how little/much unrollage' i.e. what resulting eating bitrate. | [13:18] |
| asciilifeform: | it is also possible that the equations can be simplified further, i did a fairly surface job of it, mostly by hand | [13:19] |
| asciilifeform: | literally 2hr's evening wurk. | [13:19] |
| asciilifeform: | btw, spoiler : i put the thing in an ice40-8k , simply did not have time to write up yet, and the fwd sbox in fact eats roughly 1/4 of the gates . which leaves the orig question wide open... | [13:21] |
| asciilifeform: | in other minutiae, the terms i left in xor-containing form, can of course be expressed in not/and/or , but this resulted in seven-term ORs , which i assumed is a greater delay than to let it use a xor LUT but this is not experimentally confirmed, and one might conceivably get better throughput if all of the terms were rewritten in the and/or/not form. | [13:24] |
| asciilifeform: | 'yosys' ( 'icestorm'-'s synthesizer, suggests a max clock rate of ~25Mhz for the posted form. ) | [13:25] |
| asciilifeform: | hanbot: neato, ty | [13:25] |
| mircea_popescu: | asciilifeform so did you measure throughput of this thing ? | [13:27] |
| asciilifeform: | mircea_popescu: as in, whether it actually sboxates at the stated 25MHz ? notyet, gotta write a serial i/o thing for it, to do this. possibly later today. | [13:28] |
| asciilifeform: | i expect the sbox won't actually be the bottleneck in a full serpentron tho | [13:28] |
| asciilifeform: | rather, it'll be the rotational transforms. | [13:29] |
| asciilifeform: | those are blocking, i.e. take multiple clocks ea. | [13:29] |
| asciilifeform: | imho, if an ice40 can be coaxed into serpenting at , say, 1MB/s, it's worth sumthing, otherwise iffy | [13:30] |
| asciilifeform: | ( and conceivably, worth sumthing even if it takes having ~two~ on the board problem is that i dun presently have a board with 2 , to actually try ) | [13:31] |
| asciilifeform: | believe or not, seems like nobody has ever publicly baked a board with >1 | [13:32] |
| asciilifeform: | i've gathered afaik all of the commercial demo boards with ice40, they all have 1 ea. | [13:32] |
| asciilifeform: | if i were baking asic ( not sure why anybody would blow 'orbit' moneys on serpent asic, but for the sake of arg ) would unroll the sbox invocation the way it is unrolled in the pc serpent diana_coman is using, there'd be no reason not to have 128 or what, independent copies. but in the tight space of ice40 this is out of the question. | [13:38] |
| asciilifeform: | err, 32 | [13:39] |
| asciilifeform: | is the actual parallelism of the algo. the rotator would likewise win from having 32 physical instances, as obvious from http://ossasepia.com/2018/02/22/eucrypt-chapter-11-serpent/#selection-87.15048-87.17527 | [13:40] |
| asciilifeform: | so from that point it becomes a q of the actual gate delays. in principle a serpentron that does coupla 100MB/s is physically possible. ( just not on my desk, lol ) | [13:41] |
| asciilifeform: | i admit, the seekrit reason asciilifeform could even be arsed to pick the thing up, is that to write serpent in maximally algebraic form might tell us sumthing useful re the weakness. | [13:45] |
| asciilifeform: | ( the orig author, to be fair, did write it algebraically, but in imho somewhat cryptic form ) | [13:46] |
| mod6: | hanbot: That's awesome, thanks! | [13:46] |
| asciilifeform: | mircea_popescu: grr, typo, ~65~ not 25 | [13:48] |
| asciilifeform: | but funnily enuff, just from this 2hr lulz we already know moar than from my combined stash of http://btcbase.org/log/2018-10-26#1866343 pointlessly-murdered trees... | [13:51] |
| a111: | Logged on 2018-10-26 16:08 asciilifeform: mircea_popescu: in re these lulz, at one point asciilifeform dug for 'anybody ever verilog-ified serpent?' and found a stack of 'papers'. any src ? mno. but plenty of 'discussion' of supposed 'implementation', in the traditional nadia henninger style . | [13:51] |
| asciilifeform: | ohai mod6 | [13:53] |
| mod6: | hai, how goes alf? | [13:53] |
| asciilifeform: | mod6: slowly | [13:53] |
| mod6: | werd | [13:53] |
| asciilifeform: | mod6: goin' back to my very full ada plate | [13:53] |
| mod6: | yeah, sounds like you've got a lot you wanna work on. | [13:54] |
| asciilifeform: | mod6: that, + tall pile of saecular rubbish | [13:54] |
| mod6: | asciilifeform: *nod* | [13:57] |
| asciilifeform: | !#s from:|\n | [14:09] |
| a111: | 23 results for "from:|\\n", http://btcbase.org/log-search?q=from%3A%7C%5Cn | [14:09] |
| asciilifeform: | aah cr50 d00d | [14:10] |
| mircea_popescu: | i certainly see the point re "explore the space" and yes a serpent implemented as both eulora workhorse and verilog is better studied than just former. | [14:23] |
| asciilifeform: | !!up |\n | [14:23] |
| deedbot: | |\n voiced for 30 minutes. | [14:23] |
| mircea_popescu: | i don't even think there's anything wrong whatsoever with studying the damned thing. my reservations were strictly around investing any kind of "this is te republic's encryptodisk" flag on it\ | [14:23] |
| asciilifeform: | mircea_popescu: i view block ciphertrons as a 'slightly better than nuffin' kind of tech -- would slightly rather lose a serpented disk to enemy than naked one but that's about it | [14:24] |
| |\n: | hello, was wondering if you've heard anything about this in particular https://webcache.googleusercontent.com/search?q=cache:https://github.com/RUB-SysSec/Microcode/blob/master/ff_div/fx_payload_exec_linux32_fx_50.0_set_eip.html | [14:24] |
| mircea_popescu: | i'd rather hang the moron flattering himself with "enemy" that tried to lose me a disk than either of these. | [14:25] |
| mircea_popescu: | |\n suppose you start by introducing yourself and showing the minimum awareness of republican process of using sane fucking pastebins. | [14:25] |
| asciilifeform: | hang straight off the yardarm of dirigible, wainot | [14:25] |
| mircea_popescu: | asciilifeform cuz it attracts crows. | [14:25] |
| asciilifeform: | |\n: haven't seen, but if it actually worx, will be hilarious | [14:27] |
| asciilifeform: | mircea_popescu: linked item alleges that if one divides 0xa1a2a3a4 by 0xb1b2b3b4 on x86, triggers magic nsa hole. | [14:27] |
| asciilifeform: | http://p.bvulpes.com/pastes/jb4Pz/?raw=true << for perma-l0gz. | [14:27] |
| |\n: | not to mention that amount of such holes, of course if that works, is immense | [14:28] |
| asciilifeform: | |\n: where'dja come across this, and for what chip is it alleged to work ? | [14:28] |
| |\n: | on a local russian irc party | [14:29] |
| mircea_popescu: | is this more of that romanian fellow's "magical usb stick aliens" ? | [14:30] |
| mircea_popescu: | Firefox 50.0 32-bit on Linux << should be easy enough to test | [14:31] |
| asciilifeform: | eh |\n it's a duck : apparent source is https://ecc2017.coreboot.org/uploads/talk/presentation/38/Microcode.pdf talk , and demands a pre-diddled, per the recipe, old amd k8/k10 | [14:31] |
| mircea_popescu: | !Qcalc 2828046480 / 3432026256 | [14:31] |
| lobbesbot: | mircea_popescu: 0.824016563118 | [14:31] |
| asciilifeform: | mircea_popescu: piltdown man | [14:31] |
| mircea_popescu: | asciilifeform no, don't you remember this thing ? some dood went off deep end, that there's a cvasi-magical virus in his usb stick. cca 2015 vintage logs | [14:32] |
| asciilifeform: | ( flip to last pg ) | [14:32] |
| asciilifeform: | mircea_popescu: yes i recall very well. this one is genuine, tho, but one half of a rigged academi-demo, requires ~their~ microcode patch | [14:32] |
| asciilifeform: | rather than a wild thing. | [14:32] |
| asciilifeform: | 'As explained in Section 7.2, we use ASM.JS code in Firefox 50 to trigger the implemented x86 div Trojan. It is shown in Listing 9.' | [14:33] |
| mircea_popescu: | so basically this is a bug in asm.js ? | [14:33] |
| asciilifeform: | nah, it's part of a 'if you could patch microcode, here's how you might trigger the bomb' stage magic demo. | [14:33] |
| asciilifeform: | there's no 0day here. | [14:33] |
| asciilifeform: | evidently sumbody passed it off to |\n as an 0day | [14:34] |
| asciilifeform: | http://p.bvulpes.com/pastes/oFd2X/?raw=true << full text of the pdfturd, for the l0gz. | [14:34] |
| |\n: | well not really, i'm not too much 0day-aware kind of person as well | [14:34] |
| asciilifeform: | |\n: if it was shown to you as 'omfg exploit!111', you've been duped. | [14:35] |
| asciilifeform: | the given coad does nuffin on an off-the-shelf chip. it was an example meant to work with supplied microcode patch. | [14:35] |
| mircea_popescu: | of course, microcode patches happen in the wild, so it's not entirely meritless. | [14:35] |
| asciilifeform: | theoretically the trigger for the ~actual~ boobytrap in x86 cpu would look very similar, yes | [14:36] |
| asciilifeform: | mircea_popescu: not meritless, but not a weapon, toy store water gun, is the idea. | [14:36] |
| asciilifeform: | mircea_popescu: needs diddled bios + the crown jewels of intel/amd, to diddle microcode (intel's is rsa'd, amd's simply obscure/undoc'd) , and if yer diddling bios can make much simpler trap. but yes, would work | [14:37] |
| asciilifeform: | i saw |\n's snippet and thought 'loox familiar' and sure enuff it was in that 2017 piece. | [14:38] |
| mircea_popescu: | aha | [14:38] |
| asciilifeform: | |\n get yourself a key already and reg with deedbot | [14:38] |
| asciilifeform: | !!help | [14:38] |
| deedbot: | http://deedbot.org/help.html | [14:38] |
| asciilifeform: | mircea_popescu: http://btcbase.org/log/2018-10-27#1866787 << for the record >> http://trilema.com/2013/badbios-aka-badlydonedamagecontrol/ | [14:40] |
| a111: | Logged on 2018-10-27 18:32 mircea_popescu: asciilifeform no, don't you remember this thing ? some dood went off deep end, that there's a cvasi-magical virus in his usb stick. cca 2015 vintage logs | [14:40] |
| asciilifeform: | famous lulgem | [14:40] |
| asciilifeform: | observe that the gag vanished without a trace. | [14:41] |
| mircea_popescu: | you know ? | [14:41] |
| mircea_popescu: | shit-at-wall strategy. | [14:41] |
| asciilifeform: | it went to where all cheap psyops lulz go when they die. | [14:42] |
| mircea_popescu: | mit ? | [14:42] |
| asciilifeform: | sorta like the usual 'hey i found nessie' 'wouldja like to borrow my diving gear and thermal cam?' 'mmm nessie is invisible to thermal cam and what's a diving mask' '...' | [14:44] |
| asciilifeform: | in today's variation, 'hey i found a dead mermaid' 'um, this is a bloated dolphin carcass' '...' | [14:45] |
| * asciilifeform | bbl:meat | [14:48] |
| mircea_popescu: | asciilifeform here's a q : how feasible/costly would it be to have an array of tiny switches ? say 32x8 ? | [18:00] |
| mircea_popescu: | bring back ye olde switch-bootloading!!! | [18:00] |
| asciilifeform: | mircea_popescu: what sorta switches are you thinking of ? if it's ye olde DIPs, nobody cancelled'em, they're maybe a dime for a block of 8, and look today exactly as you remember then from yer 286 | [18:50] |
| asciilifeform: | or are we talking spring-loaded thingies for reading punched card, or wat. | [18:51] |
| asciilifeform: | archaetypical example, say, https://archive.is/0IRmv photo | [18:52] |
| asciilifeform: | i'll point out that nobody ever booted from '32x8 block' tho, if you recall folx booted from 8 (or 9 or whatever your byte bitness) + 'forward' button, word-at-a-time | [18:53] |
| asciilifeform: | flipping massive grid with fingers is a bitch | [18:54] |
| asciilifeform: | on subj : https://archive.is/7ILm0 << notbad illustration of how pdp was booted. | [18:55] |
| asciilifeform: | ( the classic pdp-8, that is ) | [18:55] |
| asciilifeform: | actually scrach that, it's a terrible illustration. but i dun have a good one handy. | [18:56] |
| asciilifeform: | mircea_popescu: if it's for cipher keys -- imho terrible idea to have ~all~ the key bits as physical switched in parallel, third party has no biznis being able to see the key simply by getting a peek at a keyed box with eyes | [18:59] |
| asciilifeform: | *switches in | [19:00] |
| asciilifeform: | ( you also wanna be able to unkey a box at a second's notice, and that aint happening with parallel key-as-switches, either ) | [19:10] |
| asciilifeform: | it's why usg lost its precious keyz when bestkorea took famous ship 'pueblo' | [19:10] |
| asciilifeform: | ( iirc the prescribed key-wipe mechanism was a brick of dynamite, and the crew decided it wanted to live a bit moar ) | [19:11] |
| deedbot: | http://bingology.net/2018/10/27/peso-watch-october-2018-edition/ << Bingology - BingoBoingo's Blog - Peso Watch October 2018 Edition | [19:12] |
| mod6: | !!ledger | [19:57] |
| deedbot: | http://p.bvulpes.com/pastes/GNpJi/?raw=true | [19:57] |
| mod6: | !!sent-invoices | [19:57] |
| deedbot: | http://p.bvulpes.com/pastes/ySf7t/?raw=true | [19:57] |
| deedbot: | http://www.loper-os.org/?p=2627 << Loper OS - Serpent in ICE40, Part 2. | [21:17] |
| mircea_popescu: | alf is evidently having fun. | [23:28] |
Category: Logs
