opx-devel — Mailing list for developers of the clients.

[opx-devel] Your invitation from JOE HUBBELL is about to expire

[Plaxo P. <pu...@mx...>]

JOE HUBBELL sent you an invitation to connect as business
contacts on Pulse on August 25. That invitation will expire soon!
Follow this link to accept JOE's invitation.

http://pulse.plaxo.com/pulse/invite?i=40138438&k=1671472146&l=en_us&src=email&et=24&est=business&el=en_us

Plaxo is free, easy to use and takes only a minute to join. Come
see what JOE wants to share.

Thanks!
The Plaxo team

More than 20 million people use Plaxo to keep in touch with the
people they care about. 

Don't want to receive emails from Plaxo any more? Go to:
http://www.plaxo.com/stop?src=email&et=24&est=business&el=en_us

[opx-devel] Your invitation from JOE HUBBELL is about to expire

[Plaxo P. <pu...@mx...>]

JOE HUBBELL sent you an invitation to connect as business
contacts on Pulse on August 25. That invitation will expire soon!
Follow this link to accept JOE's invitation.

http://pulse.plaxo.com/pulse/invite?i=40138438&k=1671472146&l=en_us&src=email&et=24&est=business&el=en_us

Plaxo is free, easy to use and takes only a minute to join. Come
see what JOE wants to share.

Thanks!
The Plaxo team

More than 20 million people use Plaxo to keep in touch with the
people they care about. 

Don't want to receive emails from Plaxo any more? Go to:
http://www.plaxo.com/stop?src=email&et=24&est=business&el=en_us

[opx-devel] Your invitation from JOE HUBBELL is about to expire

[Plaxo P. <pu...@mx...>]

JOE HUBBELL sent you an invitation to connect as business
contacts on Pulse on August 25. That invitation will expire soon!
Follow this link to accept JOE's invitation.

http://pulse.plaxo.com/pulse/invite?i=40138438&k=1671472146&l=en_us&src=email&et=24&est=business&el=en_us

Plaxo is free, easy to use and takes only a minute to join. Come
see what JOE wants to share.

Thanks!
The Plaxo team

More than 20 million people use Plaxo to keep in touch with the
people they care about. 

Don't want to receive emails from Plaxo any more? Go to:
http://www.plaxo.com/stop?src=email&et=24&est=business&el=en_us

Re: [opx-devel] IRC logs

[C. <cr...@xb...>]

Sorry to say, but I agree, I'm not willin to start workin on the project again...


On Tue, 06 Jul 2004 06:42:48 +0200, Tom Wirschell wrote:

>On Tue, 2004-07-06 at 06:20, Mike Tangolics wrote:
>> Sourceforge is hosting the files and this mailing list.
>> 
>> However, I will respectfully decline to work anymore on this project as
>> it is futile, more now than ever.
>
>Couldn't have said it better myself.
>
>Kind regards,
>
>Tom Wirschell
>-- 
>I'm not like you Ginger. I'm stronger than you.
>- You weren't the first 15 years of your life.
>I was the last 15 minutes of yours.
>	- Ginger Snaps II -
>
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>

Re: [opx-devel] IRC logs

[Tom W. <To...@Wi...>]

On Tue, 2004-07-06 at 06:20, Mike Tangolics wrote:
> Sourceforge is hosting the files and this mailing list.
> 
> However, I will respectfully decline to work anymore on this project as
> it is futile, more now than ever.

Couldn't have said it better myself.

Kind regards,

Tom Wirschell
-- 
I'm not like you Ginger. I'm stronger than you.
- You weren't the first 15 years of your life.
I was the last 15 minutes of yours.
	- Ginger Snaps II -

Re: [opx-devel] IRC logs

[Mike T. <mta...@pa...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sourceforge is hosting the files and this mailing list.

However, I will respectfully decline to work anymore on this project as
it is futile, more now than ever.

Will wrote:
| Forget the IRC logs, it's just perpetuating the arguement that seems to
| be Mike C vs everyone else. Of course everyone on this list understands
| the upsides and the downsides of the project. far better than I do. The
| project _could_ be continued, SourceForge could host the website/files
| and development /could/ pick up again. Instead of going off on that
| arguement tanget, how many are for the continuation of the project and
| how many against? yay or nay?
|
| Will McGinnis
|
|
| Crazie wrote:
|
|> Goog question, I didn't even look at the logs, I just attached them...
|>
|> Guess my logs ended up gettin trimmed... Oh well, that's what happens
|> when a channel dies...
|>
|> On Mon, 05 Jul 2004 23:15:58 +0200, Tom Wirschell wrote:
|>
|> >On Mon, 2004-07-05 at 22:29, Crazie wrote:
|> >> Well I'm not sure if I'll be able to attach these, but here is what
|> I have...
|> >
|> >That wasn't it...
|> >What *IS* all that anyways? 95% of it is server messages :)
|> >
|> >Oh, and for those of you looking for some light reading, this link might
|> >be entertaining:
|> >_http://www.security-forums.com/forum/viewtopic.php?p=102230_
|> >
|> >Kind regards,
|> >
|> >Tom Wirschell
|> >--
|> >Face it son: You're an idiot.
|> > - George Bush sr. -
|> >
|> >
|> >
|> >-------------------------------------------------------
|> >This SF.Net email sponsored by Black Hat Briefings & Training.
|> >Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
|> >digital self defense, top technical experts, no vendor pitches,
|> >unmatched networking opportunities. Visit _www.blackhat.com_
|> >_______________________________________________
|> >opx-devel mailing list
|> >_op...@li..._
|> >_https://lists.sourceforge.net/lists/listinfo/opx-devel_
|> >
|>
|
|
|
|
| -------------------------------------------------------
| This SF.Net email sponsored by Black Hat Briefings & Training.
| Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital
| self defense, top technical experts, no vendor pitches, unmatched
| networking opportunities. Visit www.blackhat.com
| _______________________________________________
| opx-devel mailing list
| opx...@li...
| https://lists.sourceforge.net/lists/listinfo/opx-devel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA6iiN7ntAARlGIUERAs3MAKCNHV4feCLgnVjKWStx2+CYsrU4gwCbB91A
6ghrktzBaPRk6sJYRiiTu/Y=
=7PG/
-----END PGP SIGNATURE-----

Re: [opx-devel] IRC logs

[Will <wi...@wh...>]

Forget the IRC logs, it's just perpetuating the arguement that seems to 
be Mike C vs everyone else. Of course everyone on this list understands 
the upsides and the downsides of the project. far better than I do. The 
project _could_ be continued, SourceForge could host the website/files 
and development /could/ pick up again. Instead of going off on that 
arguement tanget, how many are for the continuation of the project and 
how many against? yay or nay?

Will McGinnis


Crazie wrote:

> Goog question, I didn't even look at the logs, I just attached them...
>
> Guess my logs ended up gettin trimmed... Oh well, that's what happens 
> when a channel dies...
>
> On Mon, 05 Jul 2004 23:15:58 +0200, Tom Wirschell wrote:
>
> >On Mon, 2004-07-05 at 22:29, Crazie wrote:
> >> Well I'm not sure if I'll be able to attach these, but here is what 
> I have...
> >
> >That wasn't it...
> >What *IS* all that anyways? 95% of it is server messages :)
> >
> >Oh, and for those of you looking for some light reading, this link might
> >be entertaining:
> >_http://www.security-forums.com/forum/viewtopic.php?p=102230_
> >
> >Kind regards,
> >
> >Tom Wirschell
> >--
> >Face it son: You're an idiot.
> > - George Bush sr. -
> >
> >
> >
> >-------------------------------------------------------
> >This SF.Net email sponsored by Black Hat Briefings & Training.
> >Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> >digital self defense, top technical experts, no vendor pitches,
> >unmatched networking opportunities. Visit _www.blackhat.com_
> >_______________________________________________
> >opx-devel mailing list
> >_op...@li..._
> >_https://lists.sourceforge.net/lists/listinfo/opx-devel_
> >
>

Re: [opx-devel] IRC logs

[C. <cr...@xb...>]

Goog question, I didn't even look at the logs, I just attached them...

Guess my logs ended up gettin trimmed... Oh well, that's what happens when a channel dies...

On Mon, 05 Jul 2004 23:15:58 +0200, Tom Wirschell wrote:

>On Mon, 2004-07-05 at 22:29, Crazie wrote:
>> Well I'm not sure if I'll be able to attach these, but here is what I have...
>
>That wasn't it...
>What *IS* all that anyways? 95% of it is server messages :)
>
>Oh, and for those of you looking for some light reading, this link might
>be entertaining:
>http://www.security-forums.com/forum/viewtopic.php?p=102230
>
>Kind regards,
>
>Tom Wirschell
>--
>Face it son: You're an idiot.
>    - George Bush sr. -
>
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>

Re: [opx-devel] IRC logs

[Tom W. <To...@Wi...>]

On Mon, 2004-07-05 at 22:29, Crazie wrote:
> Well I'm not sure if I'll be able to attach these, but here is what I have...

That wasn't it...
What *IS* all that anyways? 95% of it is server messages :)

Oh, and for those of you looking for some light reading, this link might
be entertaining:
http://www.security-forums.com/forum/viewtopic.php?p=102230

Kind regards,

Tom Wirschell
--
Face it son: You're an idiot.
    - George Bush sr. -

[opx-devel] IRC logs

[C. <cr...@xb...>]

Well I'm not sure if I'll be able to attach these, but here is what I have...

Re: [opx-devel] IRC

[<cr...@xb...>]

On Mon, 05 Jul 2004 14:28:31 -0400, Mike Valstar wrote:

>As far as i remember... it never "fell apart"  we were doing good...  it 
>was a little work for those of us actually doing something *cough* but 
>nothing we couldent handle...  then one day the server just wasent 
>there. hmmm

This is true, I remember working w/ Tom W on the linux client ALOT! Then I remember Curry never coming around anymore, and if he was around, he wouldn't answer any msgs that you sent to 
him. The one day the server just disappeared, so I offered to use one of my servers as a temp server till we got the original one back up, but ofcourse all my systems are WAY to slow for something 
like this. So in all I was never able to help out w/ the server. I even have a 10mbit and a 100mbit line that I could have put the server on. Just didn't have a powerful enough server for it...

>
>Mike Tangolics wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Yea...speaking of... anyone still have those logs?
>>
>> That was a weird few hours.
>>
>> And yes, I remember the protocol discussion and the options we had.  I
>> still think with a few obfuscation changes we could've cut the cheating
>> down by at least half.  And it wasn't too bad to begin with.
>>
>> Mike T
>>
>> Tom Wirschell wrote:
>> | On Mon, 2004-07-05 at 15:06, Mike Curry wrote:
>> |
>> |>I spoke of using Encryption, you didn't seem to like that idea, 
>> because of
>> |>your first idea "Open Source".  Not very Smart Tom...
>> |
>> |
>> | Like Mike V said, the thing was already open source when I joined up.
>> | Not only that, it HAD to be Open Source because you were already using
>> | NTL which was a GPL-licenced piece of software.
>> |
>> | Also note that at the time I joined there was a server with a 
>> completely
>> | open protocol. While I was involved in the project someone, apparently
>> | you, did talk about encrypting the protocol, and I was indeed against
>> | it, precisely because it was Open Source.
>> |
>> | We would encrypt the data on the client-side prior to sending, but it
>> | would still be the client who came up with a computed amount of blocks.
>> | Since everybody has access to the client source, they would be able to
>> | figure out at what point the amount of blocks gets encrypted, recode 
>> the
>> | client so that it adds a few zeros to the amount, and VOILA! A fake
>> | stats entry over an encrypted protocol. Now, maybe 'most' people aren't
>> | sufficiently capable coders to dream up the required alteration, but
>> | once the project took off I'm certain there would be plenty of people
>> | who were sufficiently capable, and perfectly willing to boot. If
>> | choosing not to go via this method qualifies me as being "not very
>> | smart", well, so be it. I'd rather see a real fix to the problem, 
>> rather
>> | than only moving it around a little.
>> |
>> | When we (Mike V or T and me) were talking about changing the 
>> protocol, I
>> | was also planning to keep the networking and key storing parts out of
>> | the client sources. It would probably be a violation of the GPL that we
>> | were forced to adhere to, but given the context I doubt anybody would
>> | disapprove.
>> | We never reached the point where we'd have to find out though.
>> |
>> | Since it turns out you're on this mailing list, maybe you could
>> | enlighten us about just what you think happened in those last few days
>> | of the project. Kindly start from the point where Microsoft supposedly
>> | shut down the site, and put in a little extra detail on your IRC 
>> session
>> | via which you tried to explain what was happening. I'm sure I'm not the
>> | only one still wondering about that one.
>> |
>> | Kind regards,
>> |
>> | Tom Wirschell
>> |
>> |
>> |
>> |
>> | -------------------------------------------------------
>> | This SF.Net email sponsored by Black Hat Briefings & Training.
>> | Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
>> | digital self defense, top technical experts, no vendor pitches,
>> | unmatched networking opportunities. Visit www.blackhat.com
>> | _______________________________________________
>> | opx-devel mailing list
>> | opx...@li...
>> | https://lists.sourceforge.net/lists/listinfo/opx-devel
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.2.4 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>>
>> iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k
>> qRE4bGXE3GLCPBxJx14lxdw=
>> =abQh
>> -----END PGP SIGNATURE-----
>>
>>
>> -------------------------------------------------------
>> This SF.Net email sponsored by Black Hat Briefings & Training.
>> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital 
>> self defense, top technical experts, no vendor pitches, unmatched 
>> networking opportunities. Visit www.blackhat.com
>> _______________________________________________
>> opx-devel mailing list
>> opx...@li...
>> https://lists.sourceforge.net/lists/listinfo/opx-devel
>
>
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>

Re: [opx-devel] IRC

[<cr...@xb...>]

I believe that I still have logs from the IRC chan, I will have to look. What are you looking for ?

On Mon, 05 Jul 2004 13:41:27 -0400, Mike Tangolics wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Yea...speaking of... anyone still have those logs?
>
>That was a weird few hours.
>
>And yes, I remember the protocol discussion and the options we had.  I
>still think with a few obfuscation changes we could've cut the cheating
>down by at least half.  And it wasn't too bad to begin with.
>
>Mike T
>
>Tom Wirschell wrote:
>| On Mon, 2004-07-05 at 15:06, Mike Curry wrote:
>|
>|>I spoke of using Encryption, you didn't seem to like that idea, because of
>|>your first idea "Open Source".  Not very Smart Tom...
>|
>|
>| Like Mike V said, the thing was already open source when I joined up.
>| Not only that, it HAD to be Open Source because you were already using
>| NTL which was a GPL-licenced piece of software.
>|
>| Also note that at the time I joined there was a server with a completely
>| open protocol. While I was involved in the project someone, apparently
>| you, did talk about encrypting the protocol, and I was indeed against
>| it, precisely because it was Open Source.
>|
>| We would encrypt the data on the client-side prior to sending, but it
>| would still be the client who came up with a computed amount of blocks.
>| Since everybody has access to the client source, they would be able to
>| figure out at what point the amount of blocks gets encrypted, recode the
>| client so that it adds a few zeros to the amount, and VOILA! A fake
>| stats entry over an encrypted protocol. Now, maybe 'most' people aren't
>| sufficiently capable coders to dream up the required alteration, but
>| once the project took off I'm certain there would be plenty of people
>| who were sufficiently capable, and perfectly willing to boot. If
>| choosing not to go via this method qualifies me as being "not very
>| smart", well, so be it. I'd rather see a real fix to the problem, rather
>| than only moving it around a little.
>|
>| When we (Mike V or T and me) were talking about changing the protocol, I
>| was also planning to keep the networking and key storing parts out of
>| the client sources. It would probably be a violation of the GPL that we
>| were forced to adhere to, but given the context I doubt anybody would
>| disapprove.
>| We never reached the point where we'd have to find out though.
>|
>| Since it turns out you're on this mailing list, maybe you could
>| enlighten us about just what you think happened in those last few days
>| of the project. Kindly start from the point where Microsoft supposedly
>| shut down the site, and put in a little extra detail on your IRC session
>| via which you tried to explain what was happening. I'm sure I'm not the
>| only one still wondering about that one.
>|
>| Kind regards,
>|
>| Tom Wirschell
>|
>|
>|
>|
>| -------------------------------------------------------
>| This SF.Net email sponsored by Black Hat Briefings & Training.
>| Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
>| digital self defense, top technical experts, no vendor pitches,
>| unmatched networking opportunities. Visit www.blackhat.com
>| _______________________________________________
>| opx-devel mailing list
>| opx...@li...
>| https://lists.sourceforge.net/lists/listinfo/opx-devel
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k
>qRE4bGXE3GLCPBxJx14lxdw=
>=abQh
>-----END PGP SIGNATURE-----
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>

Re: [opx-devel] IRC

[Mike V. <mik...@ge...>]

As far as i remember... it never "fell apart"  we were doing good...  it 
was a little work for those of us actually doing something *cough* but 
nothing we couldent handle...  then one day the server just wasent 
there. hmmm

Mike Tangolics wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Yea...speaking of... anyone still have those logs?
>
> That was a weird few hours.
>
> And yes, I remember the protocol discussion and the options we had.  I
> still think with a few obfuscation changes we could've cut the cheating
> down by at least half.  And it wasn't too bad to begin with.
>
> Mike T
>
> Tom Wirschell wrote:
> | On Mon, 2004-07-05 at 15:06, Mike Curry wrote:
> |
> |>I spoke of using Encryption, you didn't seem to like that idea, 
> because of
> |>your first idea "Open Source".  Not very Smart Tom...
> |
> |
> | Like Mike V said, the thing was already open source when I joined up.
> | Not only that, it HAD to be Open Source because you were already using
> | NTL which was a GPL-licenced piece of software.
> |
> | Also note that at the time I joined there was a server with a 
> completely
> | open protocol. While I was involved in the project someone, apparently
> | you, did talk about encrypting the protocol, and I was indeed against
> | it, precisely because it was Open Source.
> |
> | We would encrypt the data on the client-side prior to sending, but it
> | would still be the client who came up with a computed amount of blocks.
> | Since everybody has access to the client source, they would be able to
> | figure out at what point the amount of blocks gets encrypted, recode 
> the
> | client so that it adds a few zeros to the amount, and VOILA! A fake
> | stats entry over an encrypted protocol. Now, maybe 'most' people aren't
> | sufficiently capable coders to dream up the required alteration, but
> | once the project took off I'm certain there would be plenty of people
> | who were sufficiently capable, and perfectly willing to boot. If
> | choosing not to go via this method qualifies me as being "not very
> | smart", well, so be it. I'd rather see a real fix to the problem, 
> rather
> | than only moving it around a little.
> |
> | When we (Mike V or T and me) were talking about changing the 
> protocol, I
> | was also planning to keep the networking and key storing parts out of
> | the client sources. It would probably be a violation of the GPL that we
> | were forced to adhere to, but given the context I doubt anybody would
> | disapprove.
> | We never reached the point where we'd have to find out though.
> |
> | Since it turns out you're on this mailing list, maybe you could
> | enlighten us about just what you think happened in those last few days
> | of the project. Kindly start from the point where Microsoft supposedly
> | shut down the site, and put in a little extra detail on your IRC 
> session
> | via which you tried to explain what was happening. I'm sure I'm not the
> | only one still wondering about that one.
> |
> | Kind regards,
> |
> | Tom Wirschell
> |
> |
> |
> |
> | -------------------------------------------------------
> | This SF.Net email sponsored by Black Hat Briefings & Training.
> | Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> | digital self defense, top technical experts, no vendor pitches,
> | unmatched networking opportunities. Visit www.blackhat.com
> | _______________________________________________
> | opx-devel mailing list
> | opx...@li...
> | https://lists.sourceforge.net/lists/listinfo/opx-devel
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k
> qRE4bGXE3GLCPBxJx14lxdw=
> =abQh
> -----END PGP SIGNATURE-----
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital 
> self defense, top technical experts, no vendor pitches, unmatched 
> networking opportunities. Visit www.blackhat.com
> _______________________________________________
> opx-devel mailing list
> opx...@li...
> https://lists.sourceforge.net/lists/listinfo/opx-devel

[opx-devel] IRC

[Mike T. <mta...@pa...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yea...speaking of... anyone still have those logs?

That was a weird few hours.

And yes, I remember the protocol discussion and the options we had.  I
still think with a few obfuscation changes we could've cut the cheating
down by at least half.  And it wasn't too bad to begin with.

Mike T

Tom Wirschell wrote:
| On Mon, 2004-07-05 at 15:06, Mike Curry wrote:
|
|>I spoke of using Encryption, you didn't seem to like that idea, because of
|>your first idea "Open Source".  Not very Smart Tom...
|
|
| Like Mike V said, the thing was already open source when I joined up.
| Not only that, it HAD to be Open Source because you were already using
| NTL which was a GPL-licenced piece of software.
|
| Also note that at the time I joined there was a server with a completely
| open protocol. While I was involved in the project someone, apparently
| you, did talk about encrypting the protocol, and I was indeed against
| it, precisely because it was Open Source.
|
| We would encrypt the data on the client-side prior to sending, but it
| would still be the client who came up with a computed amount of blocks.
| Since everybody has access to the client source, they would be able to
| figure out at what point the amount of blocks gets encrypted, recode the
| client so that it adds a few zeros to the amount, and VOILA! A fake
| stats entry over an encrypted protocol. Now, maybe 'most' people aren't
| sufficiently capable coders to dream up the required alteration, but
| once the project took off I'm certain there would be plenty of people
| who were sufficiently capable, and perfectly willing to boot. If
| choosing not to go via this method qualifies me as being "not very
| smart", well, so be it. I'd rather see a real fix to the problem, rather
| than only moving it around a little.
|
| When we (Mike V or T and me) were talking about changing the protocol, I
| was also planning to keep the networking and key storing parts out of
| the client sources. It would probably be a violation of the GPL that we
| were forced to adhere to, but given the context I doubt anybody would
| disapprove.
| We never reached the point where we'd have to find out though.
|
| Since it turns out you're on this mailing list, maybe you could
| enlighten us about just what you think happened in those last few days
| of the project. Kindly start from the point where Microsoft supposedly
| shut down the site, and put in a little extra detail on your IRC session
| via which you tried to explain what was happening. I'm sure I'm not the
| only one still wondering about that one.
|
| Kind regards,
|
| Tom Wirschell
|
|
|
|
| -------------------------------------------------------
| This SF.Net email sponsored by Black Hat Briefings & Training.
| Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
| digital self defense, top technical experts, no vendor pitches,
| unmatched networking opportunities. Visit www.blackhat.com
| _______________________________________________
| opx-devel mailing list
| opx...@li...
| https://lists.sourceforge.net/lists/listinfo/opx-devel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k
qRE4bGXE3GLCPBxJx14lxdw=
=abQh
-----END PGP SIGNATURE-----

RE: [opx-devel] Message from Mike C (fwd)

[Tom W. <To...@Wi...>]

On Mon, 2004-07-05 at 15:06, Mike Curry wrote:
> I spoke of using Encryption, you didn't seem to like that idea, because of
> your first idea "Open Source".  Not very Smart Tom... 

Like Mike V said, the thing was already open source when I joined up.
Not only that, it HAD to be Open Source because you were already using
NTL which was a GPL-licenced piece of software.

Also note that at the time I joined there was a server with a completely
open protocol. While I was involved in the project someone, apparently
you, did talk about encrypting the protocol, and I was indeed against
it, precisely because it was Open Source.

We would encrypt the data on the client-side prior to sending, but it
would still be the client who came up with a computed amount of blocks.
Since everybody has access to the client source, they would be able to
figure out at what point the amount of blocks gets encrypted, recode the
client so that it adds a few zeros to the amount, and VOILA! A fake
stats entry over an encrypted protocol. Now, maybe 'most' people aren't
sufficiently capable coders to dream up the required alteration, but
once the project took off I'm certain there would be plenty of people
who were sufficiently capable, and perfectly willing to boot. If
choosing not to go via this method qualifies me as being "not very
smart", well, so be it. I'd rather see a real fix to the problem, rather
than only moving it around a little.

When we (Mike V or T and me) were talking about changing the protocol, I
was also planning to keep the networking and key storing parts out of
the client sources. It would probably be a violation of the GPL that we
were forced to adhere to, but given the context I doubt anybody would
disapprove.
We never reached the point where we'd have to find out though.

Since it turns out you're on this mailing list, maybe you could
enlighten us about just what you think happened in those last few days
of the project. Kindly start from the point where Microsoft supposedly
shut down the site, and put in a little extra detail on your IRC session
via which you tried to explain what was happening. I'm sure I'm not the
only one still wondering about that one.

Kind regards,

Tom Wirschell

RE: [opx-devel] Message from Mike C (fwd)

[Mike C. <mcu...@ro...>]

Notice how things fell arpart after the server was rewritten? 

-----Original Message-----
From: opx...@li...
[mailto:opx...@li...] On Behalf Of Mike Curry
Sent: Monday, July 05, 2004 9:06 AM
To: 'Tom Wirschell'; opx...@li...
Subject: RE: [opx-devel] Message from Mike C (fwd)

I spoke of using Encryption, you didn't seem to like that idea, because of
your first idea "Open Source".  Not very Smart Tom... 

-----Original Message-----
From: opx...@li...
[mailto:opx...@li...] On Behalf Of Tom Wirschell
Sent: Monday, July 05, 2004 12:46 AM
To: opx...@li...
Subject: Re: [opx-devel] Message from Mike C (fwd)

On Mon, 2004-07-05 at 04:50, Mike Valstar wrote:
> Mike Curry wrote:
> 
> >Everything was find until you guys fucked everything up using Open
source. 
> >  
> >
> ???????

Mike C likes to think that people don't have tools like Ethereal that will
simply capture network traffic.
Yes, using open source, and thus giving people access to all our code, in
particular the networking module, was a mistake because it made things
waaaaay too easy, but people could simply capture the network traffic for 1
key submission, see the data, replace the numbers in there with their own
and be happy on their way. Not open sourcing that module would've helped,
but not by as much as he likes to believe.

Kind regards,

Tom Wirschell
--
I don't need a pass to pass this pass!
	- Groo The Wanderer -



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self
defense, top technical experts, no vendor pitches, unmatched networking
opportunities. Visit www.blackhat.com
_______________________________________________
opx-devel mailing list
opx...@li...
https://lists.sourceforge.net/lists/listinfo/opx-devel




-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self
defense, top technical experts, no vendor pitches, unmatched networking
opportunities. Visit www.blackhat.com
_______________________________________________
opx-devel mailing list
opx...@li...
https://lists.sourceforge.net/lists/listinfo/opx-devel

RE: [opx-devel] Message from Mike C (fwd)

[Mike C. <mcu...@ro...>]

I spoke of using Encryption, you didn't seem to like that idea, because of
your first idea "Open Source".  Not very Smart Tom... 

-----Original Message-----
From: opx...@li...
[mailto:opx...@li...] On Behalf Of Tom Wirschell
Sent: Monday, July 05, 2004 12:46 AM
To: opx...@li...
Subject: Re: [opx-devel] Message from Mike C (fwd)

On Mon, 2004-07-05 at 04:50, Mike Valstar wrote:
> Mike Curry wrote:
> 
> >Everything was find until you guys fucked everything up using Open
source. 
> >  
> >
> ???????

Mike C likes to think that people don't have tools like Ethereal that will
simply capture network traffic.
Yes, using open source, and thus giving people access to all our code, in
particular the networking module, was a mistake because it made things
waaaaay too easy, but people could simply capture the network traffic for 1
key submission, see the data, replace the numbers in there with their own
and be happy on their way. Not open sourcing that module would've helped,
but not by as much as he likes to believe.

Kind regards,

Tom Wirschell
--
I don't need a pass to pass this pass!
	- Groo The Wanderer -



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
opx-devel mailing list
opx...@li...
https://lists.sourceforge.net/lists/listinfo/opx-devel

Re: [opx-devel] Message from Mike C (fwd)

[Mike V. <mik...@ge...>]

Tom Wirschell wrote:

>On Mon, 2004-07-05 at 04:50, Mike Valstar wrote:
>  
>
>>Mike Curry wrote:
>>
>>    
>>
>>>Everything was find until you guys fucked everything up using Open source. 
>>> 
>>>
>>>      
>>>
>>???????
>>    
>>
>
>Mike C likes to think that people don't have tools like Ethereal that
>will simply capture network traffic.
>Yes, using open source, and thus giving people access to all our code,
>in particular the networking module, was a mistake because it made
>things waaaaay too easy, but people could simply capture the network
>traffic for 1 key submission, see the data, replace the numbers in there
>with their own and be happy on their way. Not open sourcing that module
>would've helped, but not by as much as he likes to believe.
>
>Kind regards,
>
>  
>
Well as far as cheating goes... it was fairly low...  only 1 incedent a 
week or so, and I actually think nobody ever actually read the code 
because we did not have 1,  not 1 false positive...   which if anyone 
had bothered reading the code was actually very easy.

also, as I am really the only one who was around from day 1 writing a 
client and such....  here is how it went,    
- I was working away on the neo project frontend when the xbox project 
opened back up.
- I volenteered to re-work my client to work with Curry's lil exe.  I 
did this.
- Later the source for the lil exe was opened up,  I did a quick read of 
it and suggested something that made the exe check 5,000 numbers in the 
time it used to take to do 2.  
- Aviad joined up and reworked the client some more, almost doubling the 
speed
- Tom joined up, wrote a linux client
- we updated my idea to do 5,000 in the time of 2 to about 50,000 in the 
time of 4 or so
- Tom & aviad later reworked the exe a bunch of times... i think we got 
another 2x speed increase perhaps more

so all in all i think we incresed the speed of the client by about 
100,000 fold perhaps more...   

Now for anyone thinking of making the client work in a decent amount of 
time,  well you would need to increase the speed by about 100 billion 
fold to do it before the sun explodes.  I truely belive as far as our 
method was concerened we were reaching the limit of speed. (for those 
that dont know, we were checking EVERY odd number from 0 to square root 
of the key)

P.S. ...   Curry opened the code first (I never asked him to), I only 
made a frontend to actually run the exe file he created.(which is also 
how my client for the neo project worked)   After he had released the 
code I actually integrated the code into the client and modified it.

Re: Re: [opx-devel] Message from Mike C (fwd)

[Mike T. <mta...@pa...>]

Wow... I'm sorry... but blaming it on open source is a massive reach
if I ever saw one.  First of all, when I was doing programming for
the
project, I found it easier to actually USE ETHEREAL to understand the
protocol, because I'm not the greatest when it comes to sockets in C.
 Tom is absolutely correct here, we needed a more secure protocol --
not the security throught obscurity closed-source approach.  The
flaws
with that kind of security are obvious.  Take for example, a
particular software company that decided to make a video game
console...

-------- Original Message --------

=3D=3D> From: Tom Wirschell <To...@Wi...>
=3D=3D> Date: Mon, 05 Jul 2004 06:45:37  0200

On Mon, 2004-07-05 at 04:50, Mike Valstar wrote: > Mike Curry wrote:
>
> >Everything was find until you guys fucked everything up using Open
source. > > > > > ???????

Mike C likes to think that people don't have tools like Ethereal that
will simply capture network traffic. Yes, using open source, and thus
giving people access to all our code, in particular the networking
module, was a mistake because it made things waaaaay too easy, but
people could simply capture the network traffic for 1 key submission,
see the data, replace the numbers in there with their own and be
happy
on their way. Not open sourcing that module would've helped, but not
by as much as he likes to believe.

Kind regards,

Tom Wirschell -- I don't need a pass to pass this pass!  - Groo The
Wanderer -



------------------------------------------------------- This SF.Net
email sponsored by Black Hat Briefings & Training. Attend Black Hat
Briefings & Training, Las Vegas July 24-29 - digital self defense,
top
technical experts, no vendor pitches, unmatched networking
opportunities. Visit www.blackhat.com
_______________________________________________ opx-devel mailing
list
opx...@li...
https://lists.sourceforge.net/lists/listinfo/opx-devel .

Re: [opx-devel] Message from Mike C (fwd)

[Tom W. <To...@Wi...>]

On Mon, 2004-07-05 at 04:50, Mike Valstar wrote:
> Mike Curry wrote:
> 
> >Everything was find until you guys fucked everything up using Open source. 
> >  
> >
> ???????

Mike C likes to think that people don't have tools like Ethereal that
will simply capture network traffic.
Yes, using open source, and thus giving people access to all our code,
in particular the networking module, was a mistake because it made
things waaaaay too easy, but people could simply capture the network
traffic for 1 key submission, see the data, replace the numbers in there
with their own and be happy on their way. Not open sourcing that module
would've helped, but not by as much as he likes to believe.

Kind regards,

Tom Wirschell
-- 
I don't need a pass to pass this pass!
	- Groo The Wanderer -

Re: [opx-devel] Message from Mike C (fwd)

[Mike V. <mik...@ge...>]

Heh, yeah my fault :)

Mike Tangolics wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> The main issue is that there is no real need for this key anymore.  The
> Xbox was cracked long ago, you can now run anything you want on it.
> Personally, I like being involved when things are cutting edge and are
> breaking new ground.  I even sold my Xbox because I'm not that
> interested in it anymore.  The only thing this key is good for is
> flaunting in MS's face and then they'll just sue your ass, or better yet
> imprison you for some god awful crime against "national security" but I
> won't even get into that...
>
> Btw guys.. you'll be interested to know Mike Valstar _has_ been replying
> to this thread as well, but made the mistake I did originally and sent
> it only to the writer, not the list.  =)
>
> Tom Wirschell wrote:
> | On Sun, 2004-07-04 at 22:36, Will wrote:
> |
> |>That's just the same as abandoning the project!
> |
> |
> | Newsflash, kiddo. That's exactly what we did.
> |
> |
> |>Maybe the current source code could be reworked to integrate the better
> |>features of the source code used to crack the ECCP-109 but this isn't
> |>even close to a solution.
> |
> |
> | My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that
> | they both require a distributed network to brute-force them. There 
> isn't
> | any algorithm tweak you can apply to both to magically make things go
> | faster. Oh, and perhaps you'll want to take another look at those
> | numbers I sent out earlier. Consider what kind of *MASSIVE* improvement
> | you'll need to make to the algorithm to make its cracking feasible.
> |
> |
> |>To continue the project now the word of it must be spread. I'm doing
> |>what I can but I don't have any connections to people high up with Xbox
> |>Scene or the Xbox Linux Project. It would be great if the project was
> |>somehow mentioned in news posts on their sites. To some the project
> |>itself may seem impractical but just the idea of getting the key keeps
> |>me going.
> |
> |
> | Think about this for a second. You're trying to rally the troops. To do
> | what? What's needed to do that? Where are those things you need? What
> | can you do to get them?
> |
> | Lemme help you with that. You need:
> | 1) Math guys. The kind that win Nobel Prizes. Because I can almost
> | guarantee you that if someone finds a way to make the cracking of RSA
> | more feasible, that person will go down in history as one of the
> | greatest minds of our time.
> | 2) Infrastructure. You want to do this in a distributed fashion, you'll
> | need a couple of servers that can take a bit of a beating. In the
> | beginning 1 will do fine, but plan ahead. Expect it to grow. Know to
> | what volume it can/will grow without falling over. Because if it does,
> | your project will invariably suffer. You are aware that there are
> | kiddies out there with fat pipes at their disposal and nothing 
> better to
> | do than point them at your server for a solid week, right?
> | 3) Server software. You know it'll be a distributed project, so you 
> need
> | a protocol, and a server that will be able to talk it. Oh, and that
> | server needs to be set up in such a way that it can take a beating. The
> | server software has to be resilient from the get-go, and the same goes
> | for the protocol. People *LOVE* cheating.
> | 4) Client software. At first it just has to work. Once things take off
> | you'll get to making them more efficient. Hell, the first client we had
> | ran at roughly 1/10th the speed the last one did.
> | 5) Machines. This is the point where you rally the troops, point at all
> | the stuff you've got ready for them, and you'll be able to convince 
> them
> | that the concept is feasible. Showing people that your goal is
> | attainable within a given timeframe (and saying that you're sure you'll
> | get it in under 10 years should be enough) and being able to back it up
> | will make people become willing to run your programs.
> |
> | Now, these points you need to go through in the order they are listed.
> |
> | When we started, Mike C had point 4 in the pocket and was going 
> after 5.
> | We came in to improve the clients, and guess what? Point 3 turned 
> out to
> | have been overlooked. The protocol was a joke, and soon everybody was
> | cheating. We tried to solve this problem, but point 5 was suffering and
> | people were leaving the project in droves.
> | Then point 2, which at first seemed to be okay, turned out to be crap.
> | Again we tried our best to fix things but point 5 suffered even 
> more. In
> | the end that one became our Waterloo.
> | And the reason we didn't start over was because point 1 was missing. We
> | realised it back then, but figured what the hell. I donno about the 
> rest
> | of the crew, but I'm not making that mistake again.
> |
> | Kind regards,
> |
> | Tom Wirschell
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFA6JyU7ntAARlGIUERAhfhAKCZBeLvEpzIRspnga8TDWn8JthzRwCgvVzM
> JXYbSIDcKVAN9RG8jD2y7ag=
> =hHxR
> -----END PGP SIGNATURE-----
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital 
> self defense, top technical experts, no vendor pitches, unmatched 
> networking opportunities. Visit www.blackhat.com
> _______________________________________________
> opx-devel mailing list
> opx...@li...
> https://lists.sourceforge.net/lists/listinfo/opx-devel

Re: [opx-devel] Message from Mike C (fwd)

[Mike V. <mik...@ge...>]

Mike Curry wrote:

>Everything was find until you guys fucked everything up using Open source. 
>  
>
???????

>-----Original Message-----
>From: opx...@li...
>[mailto:opx...@li...] On Behalf Of Tom Wirschell
>Sent: Sunday, July 04, 2004 5:17 PM
>To: opx...@li...
>Subject: Re: [opx-devel] Message from Mike C (fwd)
>
>On Sun, 2004-07-04 at 22:36, Will wrote:
>  
>
>>That's just the same as abandoning the project!
>>    
>>
>
>Newsflash, kiddo. That's exactly what we did.
>
>  
>
>>Maybe the current source code could be reworked to integrate the 
>>better features of the source code used to crack the ECCP-109 but this 
>>isn't even close to a solution.
>>    
>>
>
>My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that they
>both require a distributed network to brute-force them. There isn't any
>algorithm tweak you can apply to both to magically make things go faster.
>Oh, and perhaps you'll want to take another look at those numbers I sent out
>earlier. Consider what kind of *MASSIVE* improvement you'll need to make to
>the algorithm to make its cracking feasible.
>
>  
>
>>To continue the project now the word of it must be spread. I'm doing 
>>what I can but I don't have any connections to people high up with 
>>Xbox Scene or the Xbox Linux Project. It would be great if the project 
>>was somehow mentioned in news posts on their sites. To some the 
>>project itself may seem impractical but just the idea of getting the 
>>key keeps me going.
>>    
>>
>
>Think about this for a second. You're trying to rally the troops. To do
>what? What's needed to do that? Where are those things you need? What can
>you do to get them?
>
>Lemme help you with that. You need:
>1) Math guys. The kind that win Nobel Prizes. Because I can almost guarantee
>you that if someone finds a way to make the cracking of RSA more feasible,
>that person will go down in history as one of the greatest minds of our
>time.
>2) Infrastructure. You want to do this in a distributed fashion, you'll need
>a couple of servers that can take a bit of a beating. In the beginning 1
>will do fine, but plan ahead. Expect it to grow. Know to what volume it
>can/will grow without falling over. Because if it does, your project will
>invariably suffer. You are aware that there are kiddies out there with fat
>pipes at their disposal and nothing better to do than point them at your
>server for a solid week, right?
>3) Server software. You know it'll be a distributed project, so you need a
>protocol, and a server that will be able to talk it. Oh, and that server
>needs to be set up in such a way that it can take a beating. The server
>software has to be resilient from the get-go, and the same goes for the
>protocol. People *LOVE* cheating.
>4) Client software. At first it just has to work. Once things take off
>you'll get to making them more efficient. Hell, the first client we had ran
>at roughly 1/10th the speed the last one did.
>5) Machines. This is the point where you rally the troops, point at all the
>stuff you've got ready for them, and you'll be able to convince them that
>the concept is feasible. Showing people that your goal is attainable within
>a given timeframe (and saying that you're sure you'll get it in under 10
>years should be enough) and being able to back it up will make people become
>willing to run your programs.
>
>Now, these points you need to go through in the order they are listed.
>
>When we started, Mike C had point 4 in the pocket and was going after 5.
>We came in to improve the clients, and guess what? Point 3 turned out to
>have been overlooked. The protocol was a joke, and soon everybody was
>cheating. We tried to solve this problem, but point 5 was suffering and
>people were leaving the project in droves.
>Then point 2, which at first seemed to be okay, turned out to be crap.
>Again we tried our best to fix things but point 5 suffered even more. In the
>end that one became our Waterloo.
>And the reason we didn't start over was because point 1 was missing. We
>realised it back then, but figured what the hell. I donno about the rest of
>the crew, but I'm not making that mistake again.
>
>Kind regards,
>
>Tom Wirschell
>--
>I don't need a pass to pass this pass!
>	- Groo The Wanderer -
>
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>
>
>
>
>-------------------------------------------------------
>This SF.Net email sponsored by Black Hat Briefings & Training.
>Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
>digital self defense, top technical experts, no vendor pitches, 
>unmatched networking opportunities. Visit www.blackhat.com
>_______________________________________________
>opx-devel mailing list
>opx...@li...
>https://lists.sourceforge.net/lists/listinfo/opx-devel
>  
>

RE: [opx-devel] Message from Mike C (fwd)

[Mike C. <mcu...@ro...>]

Everything was find until you guys fucked everything up using Open source. 

-----Original Message-----
From: opx...@li...
[mailto:opx...@li...] On Behalf Of Tom Wirschell
Sent: Sunday, July 04, 2004 5:17 PM
To: opx...@li...
Subject: Re: [opx-devel] Message from Mike C (fwd)

On Sun, 2004-07-04 at 22:36, Will wrote:
> That's just the same as abandoning the project!

Newsflash, kiddo. That's exactly what we did.

> Maybe the current source code could be reworked to integrate the 
> better features of the source code used to crack the ECCP-109 but this 
> isn't even close to a solution.

My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that they
both require a distributed network to brute-force them. There isn't any
algorithm tweak you can apply to both to magically make things go faster.
Oh, and perhaps you'll want to take another look at those numbers I sent out
earlier. Consider what kind of *MASSIVE* improvement you'll need to make to
the algorithm to make its cracking feasible.

> To continue the project now the word of it must be spread. I'm doing 
> what I can but I don't have any connections to people high up with 
> Xbox Scene or the Xbox Linux Project. It would be great if the project 
> was somehow mentioned in news posts on their sites. To some the 
> project itself may seem impractical but just the idea of getting the 
> key keeps me going.

Think about this for a second. You're trying to rally the troops. To do
what? What's needed to do that? Where are those things you need? What can
you do to get them?

Lemme help you with that. You need:
1) Math guys. The kind that win Nobel Prizes. Because I can almost guarantee
you that if someone finds a way to make the cracking of RSA more feasible,
that person will go down in history as one of the greatest minds of our
time.
2) Infrastructure. You want to do this in a distributed fashion, you'll need
a couple of servers that can take a bit of a beating. In the beginning 1
will do fine, but plan ahead. Expect it to grow. Know to what volume it
can/will grow without falling over. Because if it does, your project will
invariably suffer. You are aware that there are kiddies out there with fat
pipes at their disposal and nothing better to do than point them at your
server for a solid week, right?
3) Server software. You know it'll be a distributed project, so you need a
protocol, and a server that will be able to talk it. Oh, and that server
needs to be set up in such a way that it can take a beating. The server
software has to be resilient from the get-go, and the same goes for the
protocol. People *LOVE* cheating.
4) Client software. At first it just has to work. Once things take off
you'll get to making them more efficient. Hell, the first client we had ran
at roughly 1/10th the speed the last one did.
5) Machines. This is the point where you rally the troops, point at all the
stuff you've got ready for them, and you'll be able to convince them that
the concept is feasible. Showing people that your goal is attainable within
a given timeframe (and saying that you're sure you'll get it in under 10
years should be enough) and being able to back it up will make people become
willing to run your programs.

Now, these points you need to go through in the order they are listed.

When we started, Mike C had point 4 in the pocket and was going after 5.
We came in to improve the clients, and guess what? Point 3 turned out to
have been overlooked. The protocol was a joke, and soon everybody was
cheating. We tried to solve this problem, but point 5 was suffering and
people were leaving the project in droves.
Then point 2, which at first seemed to be okay, turned out to be crap.
Again we tried our best to fix things but point 5 suffered even more. In the
end that one became our Waterloo.
And the reason we didn't start over was because point 1 was missing. We
realised it back then, but figured what the hell. I donno about the rest of
the crew, but I'm not making that mistake again.

Kind regards,

Tom Wirschell
--
I don't need a pass to pass this pass!
	- Groo The Wanderer -



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
opx-devel mailing list
opx...@li...
https://lists.sourceforge.net/lists/listinfo/opx-devel

Re: [opx-devel] Message from Mike C (fwd)

[Mike T. <mta...@pa...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The main issue is that there is no real need for this key anymore.  The
Xbox was cracked long ago, you can now run anything you want on it.
Personally, I like being involved when things are cutting edge and are
breaking new ground.  I even sold my Xbox because I'm not that
interested in it anymore.  The only thing this key is good for is
flaunting in MS's face and then they'll just sue your ass, or better yet
imprison you for some god awful crime against "national security" but I
won't even get into that...

Btw guys.. you'll be interested to know Mike Valstar _has_ been replying
to this thread as well, but made the mistake I did originally and sent
it only to the writer, not the list.  =)

Tom Wirschell wrote:
| On Sun, 2004-07-04 at 22:36, Will wrote:
|
|>That's just the same as abandoning the project!
|
|
| Newsflash, kiddo. That's exactly what we did.
|
|
|>Maybe the current source code could be reworked to integrate the better
|>features of the source code used to crack the ECCP-109 but this isn't
|>even close to a solution.
|
|
| My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that
| they both require a distributed network to brute-force them. There isn't
| any algorithm tweak you can apply to both to magically make things go
| faster. Oh, and perhaps you'll want to take another look at those
| numbers I sent out earlier. Consider what kind of *MASSIVE* improvement
| you'll need to make to the algorithm to make its cracking feasible.
|
|
|>To continue the project now the word of it must be spread. I'm doing
|>what I can but I don't have any connections to people high up with Xbox
|>Scene or the Xbox Linux Project. It would be great if the project was
|>somehow mentioned in news posts on their sites. To some the project
|>itself may seem impractical but just the idea of getting the key keeps
|>me going.
|
|
| Think about this for a second. You're trying to rally the troops. To do
| what? What's needed to do that? Where are those things you need? What
| can you do to get them?
|
| Lemme help you with that. You need:
| 1) Math guys. The kind that win Nobel Prizes. Because I can almost
| guarantee you that if someone finds a way to make the cracking of RSA
| more feasible, that person will go down in history as one of the
| greatest minds of our time.
| 2) Infrastructure. You want to do this in a distributed fashion, you'll
| need a couple of servers that can take a bit of a beating. In the
| beginning 1 will do fine, but plan ahead. Expect it to grow. Know to
| what volume it can/will grow without falling over. Because if it does,
| your project will invariably suffer. You are aware that there are
| kiddies out there with fat pipes at their disposal and nothing better to
| do than point them at your server for a solid week, right?
| 3) Server software. You know it'll be a distributed project, so you need
| a protocol, and a server that will be able to talk it. Oh, and that
| server needs to be set up in such a way that it can take a beating. The
| server software has to be resilient from the get-go, and the same goes
| for the protocol. People *LOVE* cheating.
| 4) Client software. At first it just has to work. Once things take off
| you'll get to making them more efficient. Hell, the first client we had
| ran at roughly 1/10th the speed the last one did.
| 5) Machines. This is the point where you rally the troops, point at all
| the stuff you've got ready for them, and you'll be able to convince them
| that the concept is feasible. Showing people that your goal is
| attainable within a given timeframe (and saying that you're sure you'll
| get it in under 10 years should be enough) and being able to back it up
| will make people become willing to run your programs.
|
| Now, these points you need to go through in the order they are listed.
|
| When we started, Mike C had point 4 in the pocket and was going after 5.
| We came in to improve the clients, and guess what? Point 3 turned out to
| have been overlooked. The protocol was a joke, and soon everybody was
| cheating. We tried to solve this problem, but point 5 was suffering and
| people were leaving the project in droves.
| Then point 2, which at first seemed to be okay, turned out to be crap.
| Again we tried our best to fix things but point 5 suffered even more. In
| the end that one became our Waterloo.
| And the reason we didn't start over was because point 1 was missing. We
| realised it back then, but figured what the hell. I donno about the rest
| of the crew, but I'm not making that mistake again.
|
| Kind regards,
|
| Tom Wirschell

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA6JyU7ntAARlGIUERAhfhAKCZBeLvEpzIRspnga8TDWn8JthzRwCgvVzM
JXYbSIDcKVAN9RG8jD2y7ag=
=hHxR
-----END PGP SIGNATURE-----

Re: [opx-devel] Message from Mike C (fwd)

[Tom W. <To...@Wi...>]

On Sun, 2004-07-04 at 22:36, Will wrote:
> That's just the same as abandoning the project!

Newsflash, kiddo. That's exactly what we did.

> Maybe the current source code could be reworked to integrate the better
> features of the source code used to crack the ECCP-109 but this isn't
> even close to a solution.

My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that
they both require a distributed network to brute-force them. There isn't
any algorithm tweak you can apply to both to magically make things go
faster. Oh, and perhaps you'll want to take another look at those
numbers I sent out earlier. Consider what kind of *MASSIVE* improvement
you'll need to make to the algorithm to make its cracking feasible.

> To continue the project now the word of it must be spread. I'm doing 
> what I can but I don't have any connections to people high up with Xbox 
> Scene or the Xbox Linux Project. It would be great if the project was 
> somehow mentioned in news posts on their sites. To some the project 
> itself may seem impractical but just the idea of getting the key keeps 
> me going.

Think about this for a second. You're trying to rally the troops. To do
what? What's needed to do that? Where are those things you need? What
can you do to get them?

Lemme help you with that. You need:
1) Math guys. The kind that win Nobel Prizes. Because I can almost
guarantee you that if someone finds a way to make the cracking of RSA
more feasible, that person will go down in history as one of the
greatest minds of our time.
2) Infrastructure. You want to do this in a distributed fashion, you'll
need a couple of servers that can take a bit of a beating. In the
beginning 1 will do fine, but plan ahead. Expect it to grow. Know to
what volume it can/will grow without falling over. Because if it does,
your project will invariably suffer. You are aware that there are
kiddies out there with fat pipes at their disposal and nothing better to
do than point them at your server for a solid week, right?
3) Server software. You know it'll be a distributed project, so you need
a protocol, and a server that will be able to talk it. Oh, and that
server needs to be set up in such a way that it can take a beating. The
server software has to be resilient from the get-go, and the same goes
for the protocol. People *LOVE* cheating.
4) Client software. At first it just has to work. Once things take off
you'll get to making them more efficient. Hell, the first client we had
ran at roughly 1/10th the speed the last one did.
5) Machines. This is the point where you rally the troops, point at all
the stuff you've got ready for them, and you'll be able to convince them
that the concept is feasible. Showing people that your goal is
attainable within a given timeframe (and saying that you're sure you'll
get it in under 10 years should be enough) and being able to back it up
will make people become willing to run your programs.

Now, these points you need to go through in the order they are listed.

When we started, Mike C had point 4 in the pocket and was going after 5.
We came in to improve the clients, and guess what? Point 3 turned out to
have been overlooked. The protocol was a joke, and soon everybody was
cheating. We tried to solve this problem, but point 5 was suffering and
people were leaving the project in droves.
Then point 2, which at first seemed to be okay, turned out to be crap.
Again we tried our best to fix things but point 5 suffered even more. In
the end that one became our Waterloo.
And the reason we didn't start over was because point 1 was missing. We
realised it back then, but figured what the hell. I donno about the rest
of the crew, but I'm not making that mistake again.

Kind regards,

Tom Wirschell
-- 
I don't need a pass to pass this pass!
	- Groo The Wanderer -