You can subscribe to this list here.
2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(46) |
Jul
(23) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
---|---|---|---|---|---|---|---|---|---|---|---|---|
2004 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(1) |
Jun
(4) |
Jul
(32) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(3) |
Oct
|
Nov
|
Dec
|
2015 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
2016 |
Jan
(1) |
Feb
(4) |
Mar
(3) |
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
From: Plaxo P. <pu...@mx...> - 2008-09-24 18:59:35
|
JOE HUBBELL sent you an invitation to connect as business contacts on Pulse on August 25. That invitation will expire soon! Follow this link to accept JOE's invitation. http://pulse.plaxo.com/pulse/invite?i=40138438&k=1671472146&l=en_us&src=email&et=24&est=business&el=en_us Plaxo is free, easy to use and takes only a minute to join. Come see what JOE wants to share. Thanks! The Plaxo team More than 20 million people use Plaxo to keep in touch with the people they care about. Don't want to receive emails from Plaxo any more? Go to: http://www.plaxo.com/stop?src=email&et=24&est=business&el=en_us |
From: Plaxo P. <pu...@mx...> - 2008-09-24 18:59:32
|
JOE HUBBELL sent you an invitation to connect as business contacts on Pulse on August 25. That invitation will expire soon! Follow this link to accept JOE's invitation. http://pulse.plaxo.com/pulse/invite?i=40138438&k=1671472146&l=en_us&src=email&et=24&est=business&el=en_us Plaxo is free, easy to use and takes only a minute to join. Come see what JOE wants to share. Thanks! The Plaxo team More than 20 million people use Plaxo to keep in touch with the people they care about. Don't want to receive emails from Plaxo any more? Go to: http://www.plaxo.com/stop?src=email&et=24&est=business&el=en_us |
From: Plaxo P. <pu...@mx...> - 2008-09-24 18:59:31
|
JOE HUBBELL sent you an invitation to connect as business contacts on Pulse on August 25. That invitation will expire soon! Follow this link to accept JOE's invitation. http://pulse.plaxo.com/pulse/invite?i=40138438&k=1671472146&l=en_us&src=email&et=24&est=business&el=en_us Plaxo is free, easy to use and takes only a minute to join. Come see what JOE wants to share. Thanks! The Plaxo team More than 20 million people use Plaxo to keep in touch with the people they care about. Don't want to receive emails from Plaxo any more? Go to: http://www.plaxo.com/stop?src=email&et=24&est=business&el=en_us |
From: C. <cr...@xb...> - 2004-07-06 08:54:30
|
Sorry to say, but I agree, I'm not willin to start workin on the project again... On Tue, 06 Jul 2004 06:42:48 +0200, Tom Wirschell wrote: >On Tue, 2004-07-06 at 06:20, Mike Tangolics wrote: >> Sourceforge is hosting the files and this mailing list. >> >> However, I will respectfully decline to work anymore on this project as >> it is futile, more now than ever. > >Couldn't have said it better myself. > >Kind regards, > >Tom Wirschell >-- >I'm not like you Ginger. I'm stronger than you. >- You weren't the first 15 years of your life. >I was the last 15 minutes of yours. > - Ginger Snaps II - > > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > |
From: Tom W. <To...@Wi...> - 2004-07-06 04:42:53
|
On Tue, 2004-07-06 at 06:20, Mike Tangolics wrote: > Sourceforge is hosting the files and this mailing list. > > However, I will respectfully decline to work anymore on this project as > it is futile, more now than ever. Couldn't have said it better myself. Kind regards, Tom Wirschell -- I'm not like you Ginger. I'm stronger than you. - You weren't the first 15 years of your life. I was the last 15 minutes of yours. - Ginger Snaps II - |
From: Mike T. <mta...@pa...> - 2004-07-06 04:20:32
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sourceforge is hosting the files and this mailing list. However, I will respectfully decline to work anymore on this project as it is futile, more now than ever. Will wrote: | Forget the IRC logs, it's just perpetuating the arguement that seems to | be Mike C vs everyone else. Of course everyone on this list understands | the upsides and the downsides of the project. far better than I do. The | project _could_ be continued, SourceForge could host the website/files | and development /could/ pick up again. Instead of going off on that | arguement tanget, how many are for the continuation of the project and | how many against? yay or nay? | | Will McGinnis | | | Crazie wrote: | |> Goog question, I didn't even look at the logs, I just attached them... |> |> Guess my logs ended up gettin trimmed... Oh well, that's what happens |> when a channel dies... |> |> On Mon, 05 Jul 2004 23:15:58 +0200, Tom Wirschell wrote: |> |> >On Mon, 2004-07-05 at 22:29, Crazie wrote: |> >> Well I'm not sure if I'll be able to attach these, but here is what |> I have... |> > |> >That wasn't it... |> >What *IS* all that anyways? 95% of it is server messages :) |> > |> >Oh, and for those of you looking for some light reading, this link might |> >be entertaining: |> >_http://www.security-forums.com/forum/viewtopic.php?p=102230_ |> > |> >Kind regards, |> > |> >Tom Wirschell |> >-- |> >Face it son: You're an idiot. |> > - George Bush sr. - |> > |> > |> > |> >------------------------------------------------------- |> >This SF.Net email sponsored by Black Hat Briefings & Training. |> >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - |> >digital self defense, top technical experts, no vendor pitches, |> >unmatched networking opportunities. Visit _www.blackhat.com_ |> >_______________________________________________ |> >opx-devel mailing list |> >_op...@li..._ |> >_https://lists.sourceforge.net/lists/listinfo/opx-devel_ |> > |> | | | | | ------------------------------------------------------- | This SF.Net email sponsored by Black Hat Briefings & Training. | Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital | self defense, top technical experts, no vendor pitches, unmatched | networking opportunities. Visit www.blackhat.com | _______________________________________________ | opx-devel mailing list | opx...@li... | https://lists.sourceforge.net/lists/listinfo/opx-devel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA6iiN7ntAARlGIUERAs3MAKCNHV4feCLgnVjKWStx2+CYsrU4gwCbB91A 6ghrktzBaPRk6sJYRiiTu/Y= =7PG/ -----END PGP SIGNATURE----- |
From: Will <wi...@wh...> - 2004-07-05 22:26:58
|
Forget the IRC logs, it's just perpetuating the arguement that seems to be Mike C vs everyone else. Of course everyone on this list understands the upsides and the downsides of the project. far better than I do. The project _could_ be continued, SourceForge could host the website/files and development /could/ pick up again. Instead of going off on that arguement tanget, how many are for the continuation of the project and how many against? yay or nay? Will McGinnis Crazie wrote: > Goog question, I didn't even look at the logs, I just attached them... > > Guess my logs ended up gettin trimmed... Oh well, that's what happens > when a channel dies... > > On Mon, 05 Jul 2004 23:15:58 +0200, Tom Wirschell wrote: > > >On Mon, 2004-07-05 at 22:29, Crazie wrote: > >> Well I'm not sure if I'll be able to attach these, but here is what > I have... > > > >That wasn't it... > >What *IS* all that anyways? 95% of it is server messages :) > > > >Oh, and for those of you looking for some light reading, this link might > >be entertaining: > >_http://www.security-forums.com/forum/viewtopic.php?p=102230_ > > > >Kind regards, > > > >Tom Wirschell > >-- > >Face it son: You're an idiot. > > - George Bush sr. - > > > > > > > >------------------------------------------------------- > >This SF.Net email sponsored by Black Hat Briefings & Training. > >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > >digital self defense, top technical experts, no vendor pitches, > >unmatched networking opportunities. Visit _www.blackhat.com_ > >_______________________________________________ > >opx-devel mailing list > >_op...@li..._ > >_https://lists.sourceforge.net/lists/listinfo/opx-devel_ > > > |
From: C. <cr...@xb...> - 2004-07-05 21:32:19
|
Goog question, I didn't even look at the logs, I just attached them... Guess my logs ended up gettin trimmed... Oh well, that's what happens when a channel dies... On Mon, 05 Jul 2004 23:15:58 +0200, Tom Wirschell wrote: >On Mon, 2004-07-05 at 22:29, Crazie wrote: >> Well I'm not sure if I'll be able to attach these, but here is what I have... > >That wasn't it... >What *IS* all that anyways? 95% of it is server messages :) > >Oh, and for those of you looking for some light reading, this link might >be entertaining: >http://www.security-forums.com/forum/viewtopic.php?p=102230 > >Kind regards, > >Tom Wirschell >-- >Face it son: You're an idiot. > - George Bush sr. - > > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > |
From: Tom W. <To...@Wi...> - 2004-07-05 21:16:04
|
On Mon, 2004-07-05 at 22:29, Crazie wrote: > Well I'm not sure if I'll be able to attach these, but here is what I have... That wasn't it... What *IS* all that anyways? 95% of it is server messages :) Oh, and for those of you looking for some light reading, this link might be entertaining: http://www.security-forums.com/forum/viewtopic.php?p=102230 Kind regards, Tom Wirschell -- Face it son: You're an idiot. - George Bush sr. - |
From: C. <cr...@xb...> - 2004-07-05 20:29:00
|
Well I'm not sure if I'll be able to attach these, but here is what I have... |
From: <cr...@xb...> - 2004-07-05 19:13:16
|
On Mon, 05 Jul 2004 14:28:31 -0400, Mike Valstar wrote: >As far as i remember... it never "fell apart" we were doing good... it >was a little work for those of us actually doing something *cough* but >nothing we couldent handle... then one day the server just wasent >there. hmmm This is true, I remember working w/ Tom W on the linux client ALOT! Then I remember Curry never coming around anymore, and if he was around, he wouldn't answer any msgs that you sent to him. The one day the server just disappeared, so I offered to use one of my servers as a temp server till we got the original one back up, but ofcourse all my systems are WAY to slow for something like this. So in all I was never able to help out w/ the server. I even have a 10mbit and a 100mbit line that I could have put the server on. Just didn't have a powerful enough server for it... > >Mike Tangolics wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Yea...speaking of... anyone still have those logs? >> >> That was a weird few hours. >> >> And yes, I remember the protocol discussion and the options we had. I >> still think with a few obfuscation changes we could've cut the cheating >> down by at least half. And it wasn't too bad to begin with. >> >> Mike T >> >> Tom Wirschell wrote: >> | On Mon, 2004-07-05 at 15:06, Mike Curry wrote: >> | >> |>I spoke of using Encryption, you didn't seem to like that idea, >> because of >> |>your first idea "Open Source". Not very Smart Tom... >> | >> | >> | Like Mike V said, the thing was already open source when I joined up. >> | Not only that, it HAD to be Open Source because you were already using >> | NTL which was a GPL-licenced piece of software. >> | >> | Also note that at the time I joined there was a server with a >> completely >> | open protocol. While I was involved in the project someone, apparently >> | you, did talk about encrypting the protocol, and I was indeed against >> | it, precisely because it was Open Source. >> | >> | We would encrypt the data on the client-side prior to sending, but it >> | would still be the client who came up with a computed amount of blocks. >> | Since everybody has access to the client source, they would be able to >> | figure out at what point the amount of blocks gets encrypted, recode >> the >> | client so that it adds a few zeros to the amount, and VOILA! A fake >> | stats entry over an encrypted protocol. Now, maybe 'most' people aren't >> | sufficiently capable coders to dream up the required alteration, but >> | once the project took off I'm certain there would be plenty of people >> | who were sufficiently capable, and perfectly willing to boot. If >> | choosing not to go via this method qualifies me as being "not very >> | smart", well, so be it. I'd rather see a real fix to the problem, >> rather >> | than only moving it around a little. >> | >> | When we (Mike V or T and me) were talking about changing the >> protocol, I >> | was also planning to keep the networking and key storing parts out of >> | the client sources. It would probably be a violation of the GPL that we >> | were forced to adhere to, but given the context I doubt anybody would >> | disapprove. >> | We never reached the point where we'd have to find out though. >> | >> | Since it turns out you're on this mailing list, maybe you could >> | enlighten us about just what you think happened in those last few days >> | of the project. Kindly start from the point where Microsoft supposedly >> | shut down the site, and put in a little extra detail on your IRC >> session >> | via which you tried to explain what was happening. I'm sure I'm not the >> | only one still wondering about that one. >> | >> | Kind regards, >> | >> | Tom Wirschell >> | >> | >> | >> | >> | ------------------------------------------------------- >> | This SF.Net email sponsored by Black Hat Briefings & Training. >> | Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >> | digital self defense, top technical experts, no vendor pitches, >> | unmatched networking opportunities. Visit www.blackhat.com >> | _______________________________________________ >> | opx-devel mailing list >> | opx...@li... >> | https://lists.sourceforge.net/lists/listinfo/opx-devel >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.4 (GNU/Linux) >> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org >> >> iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k >> qRE4bGXE3GLCPBxJx14lxdw= >> =abQh >> -----END PGP SIGNATURE----- >> >> >> ------------------------------------------------------- >> This SF.Net email sponsored by Black Hat Briefings & Training. >> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital >> self defense, top technical experts, no vendor pitches, unmatched >> networking opportunities. Visit www.blackhat.com >> _______________________________________________ >> opx-devel mailing list >> opx...@li... >> https://lists.sourceforge.net/lists/listinfo/opx-devel > > > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > |
From: <cr...@xb...> - 2004-07-05 19:10:05
|
I believe that I still have logs from the IRC chan, I will have to look. What are you looking for ? On Mon, 05 Jul 2004 13:41:27 -0400, Mike Tangolics wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >Yea...speaking of... anyone still have those logs? > >That was a weird few hours. > >And yes, I remember the protocol discussion and the options we had. I >still think with a few obfuscation changes we could've cut the cheating >down by at least half. And it wasn't too bad to begin with. > >Mike T > >Tom Wirschell wrote: >| On Mon, 2004-07-05 at 15:06, Mike Curry wrote: >| >|>I spoke of using Encryption, you didn't seem to like that idea, because of >|>your first idea "Open Source". Not very Smart Tom... >| >| >| Like Mike V said, the thing was already open source when I joined up. >| Not only that, it HAD to be Open Source because you were already using >| NTL which was a GPL-licenced piece of software. >| >| Also note that at the time I joined there was a server with a completely >| open protocol. While I was involved in the project someone, apparently >| you, did talk about encrypting the protocol, and I was indeed against >| it, precisely because it was Open Source. >| >| We would encrypt the data on the client-side prior to sending, but it >| would still be the client who came up with a computed amount of blocks. >| Since everybody has access to the client source, they would be able to >| figure out at what point the amount of blocks gets encrypted, recode the >| client so that it adds a few zeros to the amount, and VOILA! A fake >| stats entry over an encrypted protocol. Now, maybe 'most' people aren't >| sufficiently capable coders to dream up the required alteration, but >| once the project took off I'm certain there would be plenty of people >| who were sufficiently capable, and perfectly willing to boot. If >| choosing not to go via this method qualifies me as being "not very >| smart", well, so be it. I'd rather see a real fix to the problem, rather >| than only moving it around a little. >| >| When we (Mike V or T and me) were talking about changing the protocol, I >| was also planning to keep the networking and key storing parts out of >| the client sources. It would probably be a violation of the GPL that we >| were forced to adhere to, but given the context I doubt anybody would >| disapprove. >| We never reached the point where we'd have to find out though. >| >| Since it turns out you're on this mailing list, maybe you could >| enlighten us about just what you think happened in those last few days >| of the project. Kindly start from the point where Microsoft supposedly >| shut down the site, and put in a little extra detail on your IRC session >| via which you tried to explain what was happening. I'm sure I'm not the >| only one still wondering about that one. >| >| Kind regards, >| >| Tom Wirschell >| >| >| >| >| ------------------------------------------------------- >| This SF.Net email sponsored by Black Hat Briefings & Training. >| Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >| digital self defense, top technical experts, no vendor pitches, >| unmatched networking opportunities. Visit www.blackhat.com >| _______________________________________________ >| opx-devel mailing list >| opx...@li... >| https://lists.sourceforge.net/lists/listinfo/opx-devel > >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (GNU/Linux) >Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > >iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k >qRE4bGXE3GLCPBxJx14lxdw= >=abQh >-----END PGP SIGNATURE----- > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > |
From: Mike V. <mik...@ge...> - 2004-07-05 18:28:26
|
As far as i remember... it never "fell apart" we were doing good... it was a little work for those of us actually doing something *cough* but nothing we couldent handle... then one day the server just wasent there. hmmm Mike Tangolics wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Yea...speaking of... anyone still have those logs? > > That was a weird few hours. > > And yes, I remember the protocol discussion and the options we had. I > still think with a few obfuscation changes we could've cut the cheating > down by at least half. And it wasn't too bad to begin with. > > Mike T > > Tom Wirschell wrote: > | On Mon, 2004-07-05 at 15:06, Mike Curry wrote: > | > |>I spoke of using Encryption, you didn't seem to like that idea, > because of > |>your first idea "Open Source". Not very Smart Tom... > | > | > | Like Mike V said, the thing was already open source when I joined up. > | Not only that, it HAD to be Open Source because you were already using > | NTL which was a GPL-licenced piece of software. > | > | Also note that at the time I joined there was a server with a > completely > | open protocol. While I was involved in the project someone, apparently > | you, did talk about encrypting the protocol, and I was indeed against > | it, precisely because it was Open Source. > | > | We would encrypt the data on the client-side prior to sending, but it > | would still be the client who came up with a computed amount of blocks. > | Since everybody has access to the client source, they would be able to > | figure out at what point the amount of blocks gets encrypted, recode > the > | client so that it adds a few zeros to the amount, and VOILA! A fake > | stats entry over an encrypted protocol. Now, maybe 'most' people aren't > | sufficiently capable coders to dream up the required alteration, but > | once the project took off I'm certain there would be plenty of people > | who were sufficiently capable, and perfectly willing to boot. If > | choosing not to go via this method qualifies me as being "not very > | smart", well, so be it. I'd rather see a real fix to the problem, > rather > | than only moving it around a little. > | > | When we (Mike V or T and me) were talking about changing the > protocol, I > | was also planning to keep the networking and key storing parts out of > | the client sources. It would probably be a violation of the GPL that we > | were forced to adhere to, but given the context I doubt anybody would > | disapprove. > | We never reached the point where we'd have to find out though. > | > | Since it turns out you're on this mailing list, maybe you could > | enlighten us about just what you think happened in those last few days > | of the project. Kindly start from the point where Microsoft supposedly > | shut down the site, and put in a little extra detail on your IRC > session > | via which you tried to explain what was happening. I'm sure I'm not the > | only one still wondering about that one. > | > | Kind regards, > | > | Tom Wirschell > | > | > | > | > | ------------------------------------------------------- > | This SF.Net email sponsored by Black Hat Briefings & Training. > | Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > | digital self defense, top technical experts, no vendor pitches, > | unmatched networking opportunities. Visit www.blackhat.com > | _______________________________________________ > | opx-devel mailing list > | opx...@li... > | https://lists.sourceforge.net/lists/listinfo/opx-devel > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k > qRE4bGXE3GLCPBxJx14lxdw= > =abQh > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital > self defense, top technical experts, no vendor pitches, unmatched > networking opportunities. Visit www.blackhat.com > _______________________________________________ > opx-devel mailing list > opx...@li... > https://lists.sourceforge.net/lists/listinfo/opx-devel |
From: Mike T. <mta...@pa...> - 2004-07-05 17:41:35
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yea...speaking of... anyone still have those logs? That was a weird few hours. And yes, I remember the protocol discussion and the options we had. I still think with a few obfuscation changes we could've cut the cheating down by at least half. And it wasn't too bad to begin with. Mike T Tom Wirschell wrote: | On Mon, 2004-07-05 at 15:06, Mike Curry wrote: | |>I spoke of using Encryption, you didn't seem to like that idea, because of |>your first idea "Open Source". Not very Smart Tom... | | | Like Mike V said, the thing was already open source when I joined up. | Not only that, it HAD to be Open Source because you were already using | NTL which was a GPL-licenced piece of software. | | Also note that at the time I joined there was a server with a completely | open protocol. While I was involved in the project someone, apparently | you, did talk about encrypting the protocol, and I was indeed against | it, precisely because it was Open Source. | | We would encrypt the data on the client-side prior to sending, but it | would still be the client who came up with a computed amount of blocks. | Since everybody has access to the client source, they would be able to | figure out at what point the amount of blocks gets encrypted, recode the | client so that it adds a few zeros to the amount, and VOILA! A fake | stats entry over an encrypted protocol. Now, maybe 'most' people aren't | sufficiently capable coders to dream up the required alteration, but | once the project took off I'm certain there would be plenty of people | who were sufficiently capable, and perfectly willing to boot. If | choosing not to go via this method qualifies me as being "not very | smart", well, so be it. I'd rather see a real fix to the problem, rather | than only moving it around a little. | | When we (Mike V or T and me) were talking about changing the protocol, I | was also planning to keep the networking and key storing parts out of | the client sources. It would probably be a violation of the GPL that we | were forced to adhere to, but given the context I doubt anybody would | disapprove. | We never reached the point where we'd have to find out though. | | Since it turns out you're on this mailing list, maybe you could | enlighten us about just what you think happened in those last few days | of the project. Kindly start from the point where Microsoft supposedly | shut down the site, and put in a little extra detail on your IRC session | via which you tried to explain what was happening. I'm sure I'm not the | only one still wondering about that one. | | Kind regards, | | Tom Wirschell | | | | | ------------------------------------------------------- | This SF.Net email sponsored by Black Hat Briefings & Training. | Attend Black Hat Briefings & Training, Las Vegas July 24-29 - | digital self defense, top technical experts, no vendor pitches, | unmatched networking opportunities. Visit www.blackhat.com | _______________________________________________ | opx-devel mailing list | opx...@li... | https://lists.sourceforge.net/lists/listinfo/opx-devel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA6ZLH7ntAARlGIUERAjDFAJ9Kxf9nUxWiuppux01N3y0JQmlg9ACdFi+k qRE4bGXE3GLCPBxJx14lxdw= =abQh -----END PGP SIGNATURE----- |
From: Tom W. <To...@Wi...> - 2004-07-05 17:19:08
|
On Mon, 2004-07-05 at 15:06, Mike Curry wrote: > I spoke of using Encryption, you didn't seem to like that idea, because of > your first idea "Open Source". Not very Smart Tom... Like Mike V said, the thing was already open source when I joined up. Not only that, it HAD to be Open Source because you were already using NTL which was a GPL-licenced piece of software. Also note that at the time I joined there was a server with a completely open protocol. While I was involved in the project someone, apparently you, did talk about encrypting the protocol, and I was indeed against it, precisely because it was Open Source. We would encrypt the data on the client-side prior to sending, but it would still be the client who came up with a computed amount of blocks. Since everybody has access to the client source, they would be able to figure out at what point the amount of blocks gets encrypted, recode the client so that it adds a few zeros to the amount, and VOILA! A fake stats entry over an encrypted protocol. Now, maybe 'most' people aren't sufficiently capable coders to dream up the required alteration, but once the project took off I'm certain there would be plenty of people who were sufficiently capable, and perfectly willing to boot. If choosing not to go via this method qualifies me as being "not very smart", well, so be it. I'd rather see a real fix to the problem, rather than only moving it around a little. When we (Mike V or T and me) were talking about changing the protocol, I was also planning to keep the networking and key storing parts out of the client sources. It would probably be a violation of the GPL that we were forced to adhere to, but given the context I doubt anybody would disapprove. We never reached the point where we'd have to find out though. Since it turns out you're on this mailing list, maybe you could enlighten us about just what you think happened in those last few days of the project. Kindly start from the point where Microsoft supposedly shut down the site, and put in a little extra detail on your IRC session via which you tried to explain what was happening. I'm sure I'm not the only one still wondering about that one. Kind regards, Tom Wirschell |
From: Mike C. <mcu...@ro...> - 2004-07-05 13:08:56
|
Notice how things fell arpart after the server was rewritten? -----Original Message----- From: opx...@li... [mailto:opx...@li...] On Behalf Of Mike Curry Sent: Monday, July 05, 2004 9:06 AM To: 'Tom Wirschell'; opx...@li... Subject: RE: [opx-devel] Message from Mike C (fwd) I spoke of using Encryption, you didn't seem to like that idea, because of your first idea "Open Source". Not very Smart Tom... -----Original Message----- From: opx...@li... [mailto:opx...@li...] On Behalf Of Tom Wirschell Sent: Monday, July 05, 2004 12:46 AM To: opx...@li... Subject: Re: [opx-devel] Message from Mike C (fwd) On Mon, 2004-07-05 at 04:50, Mike Valstar wrote: > Mike Curry wrote: > > >Everything was find until you guys fucked everything up using Open source. > > > > > ??????? Mike C likes to think that people don't have tools like Ethereal that will simply capture network traffic. Yes, using open source, and thus giving people access to all our code, in particular the networking module, was a mistake because it made things waaaaay too easy, but people could simply capture the network traffic for 1 key submission, see the data, replace the numbers in there with their own and be happy on their way. Not open sourcing that module would've helped, but not by as much as he likes to believe. Kind regards, Tom Wirschell -- I don't need a pass to pass this pass! - Groo The Wanderer - ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ opx-devel mailing list opx...@li... https://lists.sourceforge.net/lists/listinfo/opx-devel ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ opx-devel mailing list opx...@li... https://lists.sourceforge.net/lists/listinfo/opx-devel |
From: Mike C. <mcu...@ro...> - 2004-07-05 13:06:46
|
I spoke of using Encryption, you didn't seem to like that idea, because of your first idea "Open Source". Not very Smart Tom... -----Original Message----- From: opx...@li... [mailto:opx...@li...] On Behalf Of Tom Wirschell Sent: Monday, July 05, 2004 12:46 AM To: opx...@li... Subject: Re: [opx-devel] Message from Mike C (fwd) On Mon, 2004-07-05 at 04:50, Mike Valstar wrote: > Mike Curry wrote: > > >Everything was find until you guys fucked everything up using Open source. > > > > > ??????? Mike C likes to think that people don't have tools like Ethereal that will simply capture network traffic. Yes, using open source, and thus giving people access to all our code, in particular the networking module, was a mistake because it made things waaaaay too easy, but people could simply capture the network traffic for 1 key submission, see the data, replace the numbers in there with their own and be happy on their way. Not open sourcing that module would've helped, but not by as much as he likes to believe. Kind regards, Tom Wirschell -- I don't need a pass to pass this pass! - Groo The Wanderer - ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ opx-devel mailing list opx...@li... https://lists.sourceforge.net/lists/listinfo/opx-devel |
From: Mike V. <mik...@ge...> - 2004-07-05 07:07:39
|
Tom Wirschell wrote: >On Mon, 2004-07-05 at 04:50, Mike Valstar wrote: > > >>Mike Curry wrote: >> >> >> >>>Everything was find until you guys fucked everything up using Open source. >>> >>> >>> >>> >>??????? >> >> > >Mike C likes to think that people don't have tools like Ethereal that >will simply capture network traffic. >Yes, using open source, and thus giving people access to all our code, >in particular the networking module, was a mistake because it made >things waaaaay too easy, but people could simply capture the network >traffic for 1 key submission, see the data, replace the numbers in there >with their own and be happy on their way. Not open sourcing that module >would've helped, but not by as much as he likes to believe. > >Kind regards, > > > Well as far as cheating goes... it was fairly low... only 1 incedent a week or so, and I actually think nobody ever actually read the code because we did not have 1, not 1 false positive... which if anyone had bothered reading the code was actually very easy. also, as I am really the only one who was around from day 1 writing a client and such.... here is how it went, - I was working away on the neo project frontend when the xbox project opened back up. - I volenteered to re-work my client to work with Curry's lil exe. I did this. - Later the source for the lil exe was opened up, I did a quick read of it and suggested something that made the exe check 5,000 numbers in the time it used to take to do 2. - Aviad joined up and reworked the client some more, almost doubling the speed - Tom joined up, wrote a linux client - we updated my idea to do 5,000 in the time of 2 to about 50,000 in the time of 4 or so - Tom & aviad later reworked the exe a bunch of times... i think we got another 2x speed increase perhaps more so all in all i think we incresed the speed of the client by about 100,000 fold perhaps more... Now for anyone thinking of making the client work in a decent amount of time, well you would need to increase the speed by about 100 billion fold to do it before the sun explodes. I truely belive as far as our method was concerened we were reaching the limit of speed. (for those that dont know, we were checking EVERY odd number from 0 to square root of the key) P.S. ... Curry opened the code first (I never asked him to), I only made a frontend to actually run the exe file he created.(which is also how my client for the neo project worked) After he had released the code I actually integrated the code into the client and modified it. |
From: Mike T. <mta...@pa...> - 2004-07-05 06:18:23
|
Wow... I'm sorry... but blaming it on open source is a massive reach if I ever saw one. First of all, when I was doing programming for the project, I found it easier to actually USE ETHEREAL to understand the protocol, because I'm not the greatest when it comes to sockets in C. Tom is absolutely correct here, we needed a more secure protocol -- not the security throught obscurity closed-source approach. The flaws with that kind of security are obvious. Take for example, a particular software company that decided to make a video game console... -------- Original Message -------- =3D=3D> From: Tom Wirschell <To...@Wi...> =3D=3D> Date: Mon, 05 Jul 2004 06:45:37 0200 On Mon, 2004-07-05 at 04:50, Mike Valstar wrote: > Mike Curry wrote: > > >Everything was find until you guys fucked everything up using Open source. > > > > > ??????? Mike C likes to think that people don't have tools like Ethereal that will simply capture network traffic. Yes, using open source, and thus giving people access to all our code, in particular the networking module, was a mistake because it made things waaaaay too easy, but people could simply capture the network traffic for 1 key submission, see the data, replace the numbers in there with their own and be happy on their way. Not open sourcing that module would've helped, but not by as much as he likes to believe. Kind regards, Tom Wirschell -- I don't need a pass to pass this pass! - Groo The Wanderer - ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ opx-devel mailing list opx...@li... https://lists.sourceforge.net/lists/listinfo/opx-devel . |
From: Tom W. <To...@Wi...> - 2004-07-05 04:48:53
|
On Mon, 2004-07-05 at 04:50, Mike Valstar wrote: > Mike Curry wrote: > > >Everything was find until you guys fucked everything up using Open source. > > > > > ??????? Mike C likes to think that people don't have tools like Ethereal that will simply capture network traffic. Yes, using open source, and thus giving people access to all our code, in particular the networking module, was a mistake because it made things waaaaay too easy, but people could simply capture the network traffic for 1 key submission, see the data, replace the numbers in there with their own and be happy on their way. Not open sourcing that module would've helped, but not by as much as he likes to believe. Kind regards, Tom Wirschell -- I don't need a pass to pass this pass! - Groo The Wanderer - |
From: Mike V. <mik...@ge...> - 2004-07-05 03:18:53
|
Heh, yeah my fault :) Mike Tangolics wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The main issue is that there is no real need for this key anymore. The > Xbox was cracked long ago, you can now run anything you want on it. > Personally, I like being involved when things are cutting edge and are > breaking new ground. I even sold my Xbox because I'm not that > interested in it anymore. The only thing this key is good for is > flaunting in MS's face and then they'll just sue your ass, or better yet > imprison you for some god awful crime against "national security" but I > won't even get into that... > > Btw guys.. you'll be interested to know Mike Valstar _has_ been replying > to this thread as well, but made the mistake I did originally and sent > it only to the writer, not the list. =) > > Tom Wirschell wrote: > | On Sun, 2004-07-04 at 22:36, Will wrote: > | > |>That's just the same as abandoning the project! > | > | > | Newsflash, kiddo. That's exactly what we did. > | > | > |>Maybe the current source code could be reworked to integrate the better > |>features of the source code used to crack the ECCP-109 but this isn't > |>even close to a solution. > | > | > | My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that > | they both require a distributed network to brute-force them. There > isn't > | any algorithm tweak you can apply to both to magically make things go > | faster. Oh, and perhaps you'll want to take another look at those > | numbers I sent out earlier. Consider what kind of *MASSIVE* improvement > | you'll need to make to the algorithm to make its cracking feasible. > | > | > |>To continue the project now the word of it must be spread. I'm doing > |>what I can but I don't have any connections to people high up with Xbox > |>Scene or the Xbox Linux Project. It would be great if the project was > |>somehow mentioned in news posts on their sites. To some the project > |>itself may seem impractical but just the idea of getting the key keeps > |>me going. > | > | > | Think about this for a second. You're trying to rally the troops. To do > | what? What's needed to do that? Where are those things you need? What > | can you do to get them? > | > | Lemme help you with that. You need: > | 1) Math guys. The kind that win Nobel Prizes. Because I can almost > | guarantee you that if someone finds a way to make the cracking of RSA > | more feasible, that person will go down in history as one of the > | greatest minds of our time. > | 2) Infrastructure. You want to do this in a distributed fashion, you'll > | need a couple of servers that can take a bit of a beating. In the > | beginning 1 will do fine, but plan ahead. Expect it to grow. Know to > | what volume it can/will grow without falling over. Because if it does, > | your project will invariably suffer. You are aware that there are > | kiddies out there with fat pipes at their disposal and nothing > better to > | do than point them at your server for a solid week, right? > | 3) Server software. You know it'll be a distributed project, so you > need > | a protocol, and a server that will be able to talk it. Oh, and that > | server needs to be set up in such a way that it can take a beating. The > | server software has to be resilient from the get-go, and the same goes > | for the protocol. People *LOVE* cheating. > | 4) Client software. At first it just has to work. Once things take off > | you'll get to making them more efficient. Hell, the first client we had > | ran at roughly 1/10th the speed the last one did. > | 5) Machines. This is the point where you rally the troops, point at all > | the stuff you've got ready for them, and you'll be able to convince > them > | that the concept is feasible. Showing people that your goal is > | attainable within a given timeframe (and saying that you're sure you'll > | get it in under 10 years should be enough) and being able to back it up > | will make people become willing to run your programs. > | > | Now, these points you need to go through in the order they are listed. > | > | When we started, Mike C had point 4 in the pocket and was going > after 5. > | We came in to improve the clients, and guess what? Point 3 turned > out to > | have been overlooked. The protocol was a joke, and soon everybody was > | cheating. We tried to solve this problem, but point 5 was suffering and > | people were leaving the project in droves. > | Then point 2, which at first seemed to be okay, turned out to be crap. > | Again we tried our best to fix things but point 5 suffered even > more. In > | the end that one became our Waterloo. > | And the reason we didn't start over was because point 1 was missing. We > | realised it back then, but figured what the hell. I donno about the > rest > | of the crew, but I'm not making that mistake again. > | > | Kind regards, > | > | Tom Wirschell > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFA6JyU7ntAARlGIUERAhfhAKCZBeLvEpzIRspnga8TDWn8JthzRwCgvVzM > JXYbSIDcKVAN9RG8jD2y7ag= > =hHxR > -----END PGP SIGNATURE----- > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital > self defense, top technical experts, no vendor pitches, unmatched > networking opportunities. Visit www.blackhat.com > _______________________________________________ > opx-devel mailing list > opx...@li... > https://lists.sourceforge.net/lists/listinfo/opx-devel |
From: Mike V. <mik...@ge...> - 2004-07-05 02:52:04
|
Mike Curry wrote: >Everything was find until you guys fucked everything up using Open source. > > ??????? >-----Original Message----- >From: opx...@li... >[mailto:opx...@li...] On Behalf Of Tom Wirschell >Sent: Sunday, July 04, 2004 5:17 PM >To: opx...@li... >Subject: Re: [opx-devel] Message from Mike C (fwd) > >On Sun, 2004-07-04 at 22:36, Will wrote: > > >>That's just the same as abandoning the project! >> >> > >Newsflash, kiddo. That's exactly what we did. > > > >>Maybe the current source code could be reworked to integrate the >>better features of the source code used to crack the ECCP-109 but this >>isn't even close to a solution. >> >> > >My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that they >both require a distributed network to brute-force them. There isn't any >algorithm tweak you can apply to both to magically make things go faster. >Oh, and perhaps you'll want to take another look at those numbers I sent out >earlier. Consider what kind of *MASSIVE* improvement you'll need to make to >the algorithm to make its cracking feasible. > > > >>To continue the project now the word of it must be spread. I'm doing >>what I can but I don't have any connections to people high up with >>Xbox Scene or the Xbox Linux Project. It would be great if the project >>was somehow mentioned in news posts on their sites. To some the >>project itself may seem impractical but just the idea of getting the >>key keeps me going. >> >> > >Think about this for a second. You're trying to rally the troops. To do >what? What's needed to do that? Where are those things you need? What can >you do to get them? > >Lemme help you with that. You need: >1) Math guys. The kind that win Nobel Prizes. Because I can almost guarantee >you that if someone finds a way to make the cracking of RSA more feasible, >that person will go down in history as one of the greatest minds of our >time. >2) Infrastructure. You want to do this in a distributed fashion, you'll need >a couple of servers that can take a bit of a beating. In the beginning 1 >will do fine, but plan ahead. Expect it to grow. Know to what volume it >can/will grow without falling over. Because if it does, your project will >invariably suffer. You are aware that there are kiddies out there with fat >pipes at their disposal and nothing better to do than point them at your >server for a solid week, right? >3) Server software. You know it'll be a distributed project, so you need a >protocol, and a server that will be able to talk it. Oh, and that server >needs to be set up in such a way that it can take a beating. The server >software has to be resilient from the get-go, and the same goes for the >protocol. People *LOVE* cheating. >4) Client software. At first it just has to work. Once things take off >you'll get to making them more efficient. Hell, the first client we had ran >at roughly 1/10th the speed the last one did. >5) Machines. This is the point where you rally the troops, point at all the >stuff you've got ready for them, and you'll be able to convince them that >the concept is feasible. Showing people that your goal is attainable within >a given timeframe (and saying that you're sure you'll get it in under 10 >years should be enough) and being able to back it up will make people become >willing to run your programs. > >Now, these points you need to go through in the order they are listed. > >When we started, Mike C had point 4 in the pocket and was going after 5. >We came in to improve the clients, and guess what? Point 3 turned out to >have been overlooked. The protocol was a joke, and soon everybody was >cheating. We tried to solve this problem, but point 5 was suffering and >people were leaving the project in droves. >Then point 2, which at first seemed to be okay, turned out to be crap. >Again we tried our best to fix things but point 5 suffered even more. In the >end that one became our Waterloo. >And the reason we didn't start over was because point 1 was missing. We >realised it back then, but figured what the hell. I donno about the rest of >the crew, but I'm not making that mistake again. > >Kind regards, > >Tom Wirschell >-- >I don't need a pass to pass this pass! > - Groo The Wanderer - > > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > > > > >------------------------------------------------------- >This SF.Net email sponsored by Black Hat Briefings & Training. >Attend Black Hat Briefings & Training, Las Vegas July 24-29 - >digital self defense, top technical experts, no vendor pitches, >unmatched networking opportunities. Visit www.blackhat.com >_______________________________________________ >opx-devel mailing list >opx...@li... >https://lists.sourceforge.net/lists/listinfo/opx-devel > > |
From: Mike C. <mcu...@ro...> - 2004-07-05 02:06:28
|
Everything was find until you guys fucked everything up using Open source. -----Original Message----- From: opx...@li... [mailto:opx...@li...] On Behalf Of Tom Wirschell Sent: Sunday, July 04, 2004 5:17 PM To: opx...@li... Subject: Re: [opx-devel] Message from Mike C (fwd) On Sun, 2004-07-04 at 22:36, Will wrote: > That's just the same as abandoning the project! Newsflash, kiddo. That's exactly what we did. > Maybe the current source code could be reworked to integrate the > better features of the source code used to crack the ECCP-109 but this > isn't even close to a solution. My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that they both require a distributed network to brute-force them. There isn't any algorithm tweak you can apply to both to magically make things go faster. Oh, and perhaps you'll want to take another look at those numbers I sent out earlier. Consider what kind of *MASSIVE* improvement you'll need to make to the algorithm to make its cracking feasible. > To continue the project now the word of it must be spread. I'm doing > what I can but I don't have any connections to people high up with > Xbox Scene or the Xbox Linux Project. It would be great if the project > was somehow mentioned in news posts on their sites. To some the > project itself may seem impractical but just the idea of getting the > key keeps me going. Think about this for a second. You're trying to rally the troops. To do what? What's needed to do that? Where are those things you need? What can you do to get them? Lemme help you with that. You need: 1) Math guys. The kind that win Nobel Prizes. Because I can almost guarantee you that if someone finds a way to make the cracking of RSA more feasible, that person will go down in history as one of the greatest minds of our time. 2) Infrastructure. You want to do this in a distributed fashion, you'll need a couple of servers that can take a bit of a beating. In the beginning 1 will do fine, but plan ahead. Expect it to grow. Know to what volume it can/will grow without falling over. Because if it does, your project will invariably suffer. You are aware that there are kiddies out there with fat pipes at their disposal and nothing better to do than point them at your server for a solid week, right? 3) Server software. You know it'll be a distributed project, so you need a protocol, and a server that will be able to talk it. Oh, and that server needs to be set up in such a way that it can take a beating. The server software has to be resilient from the get-go, and the same goes for the protocol. People *LOVE* cheating. 4) Client software. At first it just has to work. Once things take off you'll get to making them more efficient. Hell, the first client we had ran at roughly 1/10th the speed the last one did. 5) Machines. This is the point where you rally the troops, point at all the stuff you've got ready for them, and you'll be able to convince them that the concept is feasible. Showing people that your goal is attainable within a given timeframe (and saying that you're sure you'll get it in under 10 years should be enough) and being able to back it up will make people become willing to run your programs. Now, these points you need to go through in the order they are listed. When we started, Mike C had point 4 in the pocket and was going after 5. We came in to improve the clients, and guess what? Point 3 turned out to have been overlooked. The protocol was a joke, and soon everybody was cheating. We tried to solve this problem, but point 5 was suffering and people were leaving the project in droves. Then point 2, which at first seemed to be okay, turned out to be crap. Again we tried our best to fix things but point 5 suffered even more. In the end that one became our Waterloo. And the reason we didn't start over was because point 1 was missing. We realised it back then, but figured what the hell. I donno about the rest of the crew, but I'm not making that mistake again. Kind regards, Tom Wirschell -- I don't need a pass to pass this pass! - Groo The Wanderer - ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ opx-devel mailing list opx...@li... https://lists.sourceforge.net/lists/listinfo/opx-devel |
From: Mike T. <mta...@pa...> - 2004-07-05 01:23:21
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The main issue is that there is no real need for this key anymore. The Xbox was cracked long ago, you can now run anything you want on it. Personally, I like being involved when things are cutting edge and are breaking new ground. I even sold my Xbox because I'm not that interested in it anymore. The only thing this key is good for is flaunting in MS's face and then they'll just sue your ass, or better yet imprison you for some god awful crime against "national security" but I won't even get into that... Btw guys.. you'll be interested to know Mike Valstar _has_ been replying to this thread as well, but made the mistake I did originally and sent it only to the writer, not the list. =) Tom Wirschell wrote: | On Sun, 2004-07-04 at 22:36, Will wrote: | |>That's just the same as abandoning the project! | | | Newsflash, kiddo. That's exactly what we did. | | |>Maybe the current source code could be reworked to integrate the better |>features of the source code used to crack the ECCP-109 but this isn't |>even close to a solution. | | | My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that | they both require a distributed network to brute-force them. There isn't | any algorithm tweak you can apply to both to magically make things go | faster. Oh, and perhaps you'll want to take another look at those | numbers I sent out earlier. Consider what kind of *MASSIVE* improvement | you'll need to make to the algorithm to make its cracking feasible. | | |>To continue the project now the word of it must be spread. I'm doing |>what I can but I don't have any connections to people high up with Xbox |>Scene or the Xbox Linux Project. It would be great if the project was |>somehow mentioned in news posts on their sites. To some the project |>itself may seem impractical but just the idea of getting the key keeps |>me going. | | | Think about this for a second. You're trying to rally the troops. To do | what? What's needed to do that? Where are those things you need? What | can you do to get them? | | Lemme help you with that. You need: | 1) Math guys. The kind that win Nobel Prizes. Because I can almost | guarantee you that if someone finds a way to make the cracking of RSA | more feasible, that person will go down in history as one of the | greatest minds of our time. | 2) Infrastructure. You want to do this in a distributed fashion, you'll | need a couple of servers that can take a bit of a beating. In the | beginning 1 will do fine, but plan ahead. Expect it to grow. Know to | what volume it can/will grow without falling over. Because if it does, | your project will invariably suffer. You are aware that there are | kiddies out there with fat pipes at their disposal and nothing better to | do than point them at your server for a solid week, right? | 3) Server software. You know it'll be a distributed project, so you need | a protocol, and a server that will be able to talk it. Oh, and that | server needs to be set up in such a way that it can take a beating. The | server software has to be resilient from the get-go, and the same goes | for the protocol. People *LOVE* cheating. | 4) Client software. At first it just has to work. Once things take off | you'll get to making them more efficient. Hell, the first client we had | ran at roughly 1/10th the speed the last one did. | 5) Machines. This is the point where you rally the troops, point at all | the stuff you've got ready for them, and you'll be able to convince them | that the concept is feasible. Showing people that your goal is | attainable within a given timeframe (and saying that you're sure you'll | get it in under 10 years should be enough) and being able to back it up | will make people become willing to run your programs. | | Now, these points you need to go through in the order they are listed. | | When we started, Mike C had point 4 in the pocket and was going after 5. | We came in to improve the clients, and guess what? Point 3 turned out to | have been overlooked. The protocol was a joke, and soon everybody was | cheating. We tried to solve this problem, but point 5 was suffering and | people were leaving the project in droves. | Then point 2, which at first seemed to be okay, turned out to be crap. | Again we tried our best to fix things but point 5 suffered even more. In | the end that one became our Waterloo. | And the reason we didn't start over was because point 1 was missing. We | realised it back then, but figured what the hell. I donno about the rest | of the crew, but I'm not making that mistake again. | | Kind regards, | | Tom Wirschell -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA6JyU7ntAARlGIUERAhfhAKCZBeLvEpzIRspnga8TDWn8JthzRwCgvVzM JXYbSIDcKVAN9RG8jD2y7ag= =hHxR -----END PGP SIGNATURE----- |
From: Tom W. <To...@Wi...> - 2004-07-04 21:19:11
|
On Sun, 2004-07-04 at 22:36, Will wrote: > That's just the same as abandoning the project! Newsflash, kiddo. That's exactly what we did. > Maybe the current source code could be reworked to integrate the better > features of the source code used to crack the ECCP-109 but this isn't > even close to a solution. My goodness. The only way ECCP-109 and RSA-2048 are equivalent is that they both require a distributed network to brute-force them. There isn't any algorithm tweak you can apply to both to magically make things go faster. Oh, and perhaps you'll want to take another look at those numbers I sent out earlier. Consider what kind of *MASSIVE* improvement you'll need to make to the algorithm to make its cracking feasible. > To continue the project now the word of it must be spread. I'm doing > what I can but I don't have any connections to people high up with Xbox > Scene or the Xbox Linux Project. It would be great if the project was > somehow mentioned in news posts on their sites. To some the project > itself may seem impractical but just the idea of getting the key keeps > me going. Think about this for a second. You're trying to rally the troops. To do what? What's needed to do that? Where are those things you need? What can you do to get them? Lemme help you with that. You need: 1) Math guys. The kind that win Nobel Prizes. Because I can almost guarantee you that if someone finds a way to make the cracking of RSA more feasible, that person will go down in history as one of the greatest minds of our time. 2) Infrastructure. You want to do this in a distributed fashion, you'll need a couple of servers that can take a bit of a beating. In the beginning 1 will do fine, but plan ahead. Expect it to grow. Know to what volume it can/will grow without falling over. Because if it does, your project will invariably suffer. You are aware that there are kiddies out there with fat pipes at their disposal and nothing better to do than point them at your server for a solid week, right? 3) Server software. You know it'll be a distributed project, so you need a protocol, and a server that will be able to talk it. Oh, and that server needs to be set up in such a way that it can take a beating. The server software has to be resilient from the get-go, and the same goes for the protocol. People *LOVE* cheating. 4) Client software. At first it just has to work. Once things take off you'll get to making them more efficient. Hell, the first client we had ran at roughly 1/10th the speed the last one did. 5) Machines. This is the point where you rally the troops, point at all the stuff you've got ready for them, and you'll be able to convince them that the concept is feasible. Showing people that your goal is attainable within a given timeframe (and saying that you're sure you'll get it in under 10 years should be enough) and being able to back it up will make people become willing to run your programs. Now, these points you need to go through in the order they are listed. When we started, Mike C had point 4 in the pocket and was going after 5. We came in to improve the clients, and guess what? Point 3 turned out to have been overlooked. The protocol was a joke, and soon everybody was cheating. We tried to solve this problem, but point 5 was suffering and people were leaving the project in droves. Then point 2, which at first seemed to be okay, turned out to be crap. Again we tried our best to fix things but point 5 suffered even more. In the end that one became our Waterloo. And the reason we didn't start over was because point 1 was missing. We realised it back then, but figured what the hell. I donno about the rest of the crew, but I'm not making that mistake again. Kind regards, Tom Wirschell -- I don't need a pass to pass this pass! - Groo The Wanderer - |