spyked: re. nsa laptop thread: olimex ppl (huh, it seems I keep mentioning these folks) have a "diy laptop kit" whose specs are very similar to the c101pa (for comparison: http://archive.is/4cp8W vs. https://www.olimex.com/Products/DIY-Laptop/KITS/TERES-A64-WHITE/open-source-hardware , the latter doesn't seem to archive for some reason). it's a candidate for my (by now long) hw-to-buy list, the "open sores diy" aspect is otoh the biggest
spyked: selling point.
asciilifeform: spyked: it's utter rubbish
asciilifeform: blobulent slow arm, non-ips lcd, shitplastic case, toystore keyboard
asciilifeform: don't encourage the 'i can peddle liquishit parts that would've been spat on in china street markets decade ago , if i stamp Open on the box!' hucksters.
spyked: asciilifeform, could please expand re. "blobulent arm"? it's allwinner a53 afaik? I have no comments re. all other points other than: judging from what I hear, only alternative seems "bake own case/kbd/other parts or reuse ones from x60/whatever".
asciilifeform: spyked: i could be wrong re the blobs, but iirc there is no fully open loader for a53
asciilifeform: i was actually in line to buy the box myself, for something like a year, turn finally came but by that time i got to see the photos / reviews
asciilifeform: spyked: reusing parts from existing lappy is possible, tho tricky, you would have to reverse engineer the kbd matrix, buy its weirdo connector somewhere , make kbd scan controller, etc.
mircea_popescu: well, don't encourage the "ima make really strong damning statements without my notes" stuff either.
asciilifeform: i sat down to do this some yrs ago, then decided that life is too short
mircea_popescu: this what ? keep track of why you rejected $item ?!
asciilifeform: mircea_popescu: i can't properly damn it, not having suffered with it with own skin
mircea_popescu: yes, but you still had some sort of thought process.
asciilifeform: re upstack -- i do not currently have an 'allwinner', cannot comment re its uboot definitively.
mircea_popescu: so "it's utter rubbish" / "i suspect the os dyi may be sprinkling of holy water, but never checked this. let me know if you establish one way or the other" ?
asciilifeform: the physical chassis is the very solidly rubbish part
mircea_popescu: ah. right. cp is metal isn't it.
asciilifeform: all aluminum ( but the hinge cover, where antenna lives )
asciilifeform: and better kbd than $3k crapple ( tho similar to decade ago crapple )
mircea_popescu: i honestly dunno what diff it makes for what's intended as a cheap throwaway anyway
asciilifeform: kinda costly for throwaway
mircea_popescu: kbd... well... yeah. though i loathe laptop kbds equally anyway. nonstandard shape
asciilifeform: yea there is not and afaik has never been such a thing as a truly pleasant laptop kbd
mircea_popescu: cuz they insist on making them unwide.
asciilifeform: i have one with full width and numpad. believe or not
asciilifeform: still sucks
mircea_popescu: why the fuck they imagine ~this~ is engineering problem to solve is anyone's guess. but the laptop kbds they produce are reminiscent of lens-shaped dildos. WHY WOULD YOU
mircea_popescu: "oh, it's ERGONOMIC". no it isn't.
mircea_popescu: it's inhumane.
mircea_popescu: "but mp, who are you to define humanity" shut it. i said, shut it.
mircea_popescu: asciilifeform, really ? which is this one ?
asciilifeform: stinkpad w540
asciilifeform: ( massive tank of a box, 32G, 8core thing, multiple drive slots, kg power brick, etc . but still sad and shallow, vs x60, not even speaking of troo desktop, kbd )
asciilifeform: but -- has width... numpad, arrows.
mircea_popescu: asciilifeform, 340.5mm. not even close.
asciilifeform: i did most of the early trb on that thing
mircea_popescu: good for you but my hands are made for slapping bitches in place. 450mm plox ty.
asciilifeform: there's a 450mm lappy?
mircea_popescu: this is what i'm saying.
mircea_popescu: keyboard is the size it is. laptop builds around that, the size of the keyboard is not an open engineering problem.
asciilifeform: hell, i'd buy a lappy with a spring kbd. but can only dream of this.
mircea_popescu: yeah, we've not even got to the extra annoying extra short travel distance.
asciilifeform: and it keeps shrinking
asciilifeform: recent boxen feel just about like banging fingers on table
asciilifeform: with, of course, the grim end of the line, being the glass pseudokbd
mircea_popescu: in the immortal words of brick pollitt, "that will come too."
asciilifeform: already came, in pnojeism
asciilifeform: far upstack, re the 'cr50' thread -- asciilifeform woke up today and realized that we can simply cut #wp track on spi rom ( naturally after filling it with e.g. uboot )
asciilifeform: in other noose, i found the vendor binary for my particular box's cr50 (all ver strings match) : https://gsdview.appspot.com/chromeos-localmirror/distfiles/cr50.r0.0.10.w0.3.0.tbz2
asciilifeform: this is useful because there is not, apparently, any means for getting a locked h1 to disgorge its fw
asciilifeform: ( 0.3.0/cr50_v1.9308_25_B.45-d65d216 )
asciilifeform: the arch is, apparently, 'arm cortex m'
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/ << support crapola for the chip, apparently.
asciilifeform: more interestingly, https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/loader/verify.c << there ~is~ an rsa key embedded, apparently one variant for fw update
mod6: oh hey!
deedbot: http://qntra.net/2018/06/big-botnet-of-small-routers-gets-bigger/ << Qntra - Big Botnet Of Small Routers Gets Bigger
BingoBoingo: Watching this laptop get molested in channel in near real time is a complete joy.
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/rdd.c#20 << as i suspected, thing drives the receiving end of the debug snake ( the http://www.loper-os.org/?p=2415 item )
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/chip/g/config_chip.h#139 << implies that google does not actually hold all of the privkeys
mircea_popescu: anyway ; basically old lizzards hold exact same pov as tmsr, keeping rsa keys and letting the bumbling kiddies play about with the ecc.
asciilifeform: just like we found with the amd fritz
mircea_popescu: (ftr, i am not proposing this agreement as some kind of proof.)
phf: http://btcbase.org/log/2018-06-08#1821658 << they could also bring back 701c butterfly keyboard design, but i guess that's too gimicky.
a111: Logged on 2018-06-08 13:48 asciilifeform: stinkpad w540
phf: i used to get comments about ibook in the early 2000s, like old boomer types asking me about y2k or whatever. get the same reaction with x60 now, some guy on amtrak wanted to talk about bitcoin
BingoBoingo: The age of my laptop shocks Latinos and Latinas universally.
phf: oh those are a special category. my iranians also get distressed because i use old hardware.
asciilifeform: i was able to flash in the https://gsdview.appspot.com/chromeos-localmirror/distfiles/cr50.r0.0.10.w0.3.4.tbz2 image ; it supports a few moar commands, including 'rma open' returned-to-factory unlocker thing. but result was , unsurprisingly, 'with notes from hitler only' : http://www.loper-os.org/pub/c101pa/c101pa_unlock_nodice.txt
asciilifeform: the vendor's 'we'll unlock' pg (to be fair, mentioned in no docs anywhere, only in the python proggy in the src repo) is only a taunt.
asciilifeform: turns out also that this is the only routine that uses ecc crypto
asciilifeform: ( what can be flashed in : it gotta pass the rsa sig ; plus it gotta match the board id ; plus the version must be above the previous )
asciilifeform: so throwing in, e.g., old devkey-carryng versions, dunwork.
phf: ah, so it's a "we'll unlock but not for you"
asciilifeform: for hitler, happily unlocks.
asciilifeform: it's a deedbot-style challenge/response thing
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/common/rma_auth.c#176 << mechanism, for the curious.
asciilifeform: https://chromium.googlesource.com/chromiumos/platform/ec/+/master/common/rma_auth.c#254 << the magic moment where answer is checked.
phf: heh they are also using gentoo for their stuff.. https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/master/chromeos-base/chromeos-cr50-scripts/
asciilifeform: phf: all of google's linux-like crapola stack is gentoo-based
asciilifeform: they plagiarized it long, long ago
asciilifeform: ( complete with own ebuilds, etc )
asciilifeform: phf: if you are able to build the usb snake -- lemme know which cr50 turd ver is in your box
asciilifeform: http://btcbase.org/log/2018-06-08#1821694 << i actually had that box. the mechanism is clever but i suspect that it wears out ( my unit, to be fair, did not last long enuff for the kbd clockwork to wear out, mobo died 1st )
a111: Logged on 2018-06-08 17:08 phf: http://btcbase.org/log/2018-06-08#1821658 << they could also bring back 701c butterfly keyboard design, but i guess that's too gimicky.
asciilifeform: how the fuck is this a vuln tho
asciilifeform: 'ohnoez, user can flash his fw!'
asciilifeform: 'did not securely authenticate firmware updates'
asciilifeform: ohnoez, not tivoized properly!11
BingoBoingo: The vulnerability is "person physically in control of machine can fuck it as he likes"
deedbot: http://qntra.net/2018/06/security-researcher-continuing-to-receive-new-usg-charges-for-authoring-popular-code/ << Qntra - Security Researcher Continuing To Receive New USG Charges For Authoring Popular Code
mircea_popescu: https://www.google.com/chromeos/partner/console/cr50reset?challenge=ABXFGCMDADUJFPQ7J8MQUUSTGXGTRTVJ6Z548PWC8AGMGT2QJ4BT3TW4HJVU4XLPASB4GE78RSBKYEHC&hwid=BOB <<< ahahaha roflmao.
asciilifeform: reminiscent of old-time gsm carriers and their crippled handsets
mircea_popescu: looks like made by the exact same people, actually.
asciilifeform: https://archive.li/ZtbxL << clue re origin of 'h1'. seems like they took a 'metallization mask' fpga, a la early asicminer crapola, and run licensed cortex-m3 core .
mircea_popescu: http://btcbase.org/log/2018-06-08#1821721 << yup. you realise that as far as the imbeciles are concerned, once we break their laptop "security" it'll have been "terrorism" and "hacking" bla bla.
a111: Logged on 2018-06-08 18:31 asciilifeform: 'did not securely authenticate firmware updates'
asciilifeform: btw the #linux-rockchip d00d is definitely caught nao in telling a fib : 1) yes there is not one, but two magic keys (1 for flash updates, other for factory unlocker routine) and yes all deployed units can be popped via either
asciilifeform: and that's just the visible crapola.
asciilifeform: ( at first, unabashed usgology; then rebranded, disguised , as it was rolled out to production boards )
mircea_popescu: asciilifeform, isn't this fun tho
asciilifeform: will be moar fun when it pops.
mircea_popescu: "nation states". they can just say tmsr, why all the pretense.
mircea_popescu: meanwhile in contemporary etchings, https://78.media.tumblr.com/23e95b3188bc8b6198f810eab81e9572/tumblr_msz4naJTeh1snc50fo1_1280.jpg