API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 11th, 2014
173
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 40.76 KB | None | 0 0
raw download clone embed print report
  1. 2014-07-11 10:32:03 --> Stman (~Stman@80.10.161.171) has joined #kosagi
  2. 2014-07-11 10:32:20 Stman o/
  3. 2014-07-11 10:34:33 Stman o/ bunnie
  4. 2014-07-11 10:35:19 Stman I had a suggestion for change on the novena : After talking with some of the TOR core dev team about Novena, last week, we came to the following conclusion :
  5. 2014-07-11 10:37:55 Stman We think it would be a good idea to have the FPGA "bitfile loading mode" options not "hardwired", but configurable with dip switch, with the possibility to choose betwen I2C or A serial flash e(e)prom : We think that nothing trustable can be done with the FPGA until the bitfile can be loaded securly into the FPGA = with a socket based serial e(e)prom that can be programmed with an external e(e)prom programmer.
  6. 2014-07-11 10:38:31 Stman Do you think this "little" change on your deisgn, that would take you less than 30 minutes to implement, including PCB changes, would be faisable ?
  7. 2014-07-11 10:45:23 shuffle2 ...
  8. 2014-07-11 10:51:21 jtang_ xobs, gonna try rebasing to master to see if my problem magically disappears
  9. 2014-07-11 10:51:24 dermiste Stman: what kind of attacks are you trying to fend off here ?
  10. 2014-07-11 10:51:34 jtang_ are you rebasing against tags or master when yu
  11. 2014-07-11 10:51:39 jtang_ you update the novena branch
  12. 2014-07-11 10:53:44 <-- Stman (~Stman@80.10.161.171) has quit (Ping timeout: 480 seconds)
  13. 2014-07-11 11:12:08 jtang_ xobs, it seems to be a kernel problem
  14. 2014-07-11 11:12:28 jtang_ i just rebased/rebuilt the kernel + modules and nbd is now working as expected
  15. 2014-07-11 11:13:09 jtang_ https://github.com/qbcode/novena-linux/tree/v3.16-rc5-novena -- rebased branch, i think i labelled it wrong
  16. 2014-07-11 11:13:16 jtang_ but it seems to work for me
  17. 2014-07-11 11:14:21 jtang_ need to test more!
  18. 2014-07-11 11:24:32 <-- modem (~modem@0001cb96.user.oftc.net) has quit (Remote host closed the connection)
  19. 2014-07-11 11:29:46 --> modem (~modem@0001cb96.user.oftc.net) has joined #kosagi
  20. 2014-07-11 11:41:31 jtang_ hmm, nbd / qemu-nbd isnt too reliable under precise on arm
  21. 2014-07-11 11:41:44 jtang_ i guess genfatfs and makedisk might be the way to go
  22. 2014-07-11 11:54:05 jtang_ intersting it looks like it is the kernel thats key difference
  23. 2014-07-11 11:54:18 --> linius (~linius@178-119-170-230.access.telenet.be) has joined #kosagi
  24. 2014-07-11 12:46:05 --> roybatty (~roybatty@p5498854A.dip0.t-ipconnect.de) has joined #kosagi
  25. 2014-07-11 12:59:52 <-- linius (~linius@178-119-170-230.access.telenet.be) has quit (Quit: linius)
  26. 2014-07-11 13:08:20 --> modem_ (~modem@LMontsouris-656-01-36-83.w80-15.abo.wanadoo.fr) has joined #kosagi
  27. 2014-07-11 13:12:08 <-- modem (~modem@0001cb96.user.oftc.net) has quit (Ping timeout: 480 seconds)
  28. 2014-07-11 13:24:05 --> KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has joined #kosagi
  29. 2014-07-11 13:30:48 --> nerick (~nerick@117.2.218.164) has joined #kosagi
  30. 2014-07-11 13:30:48 <-- nerick (~nerick@117.2.218.164) has quit
  31. 2014-07-11 13:30:49 <-- jan_ (~jan@113.94.233.220.static.exetel.com.au) has quit (Quit: Leaving)
  32. 2014-07-11 13:31:02 --> nerick (~nerick@117.2.218.164) has joined #kosagi
  33. 2014-07-11 13:35:31 --> Stman (~Stman@193.253.170.176) has joined #kosagi
  34. 2014-07-11 13:36:16 Stman shuffle2 Sorry I have been disconncted, did Bunnie answered me ?
  35. 2014-07-11 13:36:44 adj Stman, he didn't
  36. 2014-07-11 13:37:03 Stman Dunno, I have been disconnected for 2 or 3 hours
  37. 2014-07-11 13:37:15 Stman So maybe he did answer me but I didn't get it ?
  38. 2014-07-11 13:37:30 adj i have been connected
  39. 2014-07-11 13:37:38 adj i didn't see bunnie replying
  40. 2014-07-11 13:37:49 Stman Ah okay, thank you very much. I4ll wait then.
  41. 2014-07-11 13:37:55 Stman I'll wait then.
  42. 2014-07-11 13:38:53 adj Stman, but i doubt that they want to change the design at this stage...
  43. 2014-07-11 13:39:08 <-- nerick (~nerick@117.2.218.164) has quit (Ping timeout: 480 seconds)
  44. 2014-07-11 13:39:16 Stman Yes. I can understand that, but it is a very very minor change. I could do it myself.
  45. 2014-07-11 13:39:53 Stman Understand that without this new option for the FPGA, any "secure" project like building a super secure TOR router with a decicated processor running in the FPGA are OVER.
  46. 2014-07-11 13:39:55 --> nerick (~nerick@ns3297786.ovh.net) has joined #kosagi
  47. 2014-07-11 13:40:26 Stman And believe me, many many people were counting on novena to have people like me implementing secure TOR router in its FPGA. It's a very little change that really worth it.
  48. 2014-07-11 13:40:27 adj i don't understand why it is needed for security, so i don't know
  49. 2014-07-11 13:40:35 Stman Because for the moment,
  50. 2014-07-11 13:41:03 Stman the bitfile can be only injectoed into the FPGA through the I2C bus connected to Freescale IMX6 SoC.
  51. 2014-07-11 13:41:47 Stman As this SoC is not secure, and cannot be secured, it means that you have no warranty that the bitfile you're injecting into the FPGA has not been changed by an ad-hoc exploit running on the SoC
  52. 2014-07-11 13:41:57 Stman Do you understand the problem ?
  53. 2014-07-11 13:42:17 adj yes, i understand now
  54. 2014-07-11 13:42:25 adj you don't turst the soc
  55. 2014-07-11 13:42:35 Stman No, we don't trust it at all.
  56. 2014-07-11 13:42:47 Stman And we are right to think like that.
  57. 2014-07-11 13:42:53 fun agreed
  58. 2014-07-11 13:42:57 Stman We are looking for military grade security level here.
  59. 2014-07-11 13:43:02 adj agree, too
  60. 2014-07-11 13:44:12 Stman We are just asking for a jumper, or a simple dip switch on the board to switch between two FPGA initialization mode : I2C or serial e(e)prom, and a new socket to have this serial e(e)prom on the board. This is very easy to change.
  61. 2014-07-11 13:44:13 adj so you want a hardware option to protect fpga configuration from the SOC
  62. 2014-07-11 13:44:18 Stman Yes.
  63. 2014-07-11 13:44:39 adj it really makes sense
  64. 2014-07-11 13:44:49 Stman We want it to be able to work like it is now, or we want also a secure alternate way to inject the bitfile into the FPGA with a serial prom
  65. 2014-07-11 13:45:41 Stman That is, being able to select, with a jumper, either I2C initialization with the I2C bus connected with the SoC, or a fully independant Serial e(e)prom (With a socket so that we can unglug it from the board to program it with external e(e)prom programmer).
  66. 2014-07-11 13:46:13 Stman This way, those who want to run a super secure processor on the FPGA will be assured that it is possible.
  67. 2014-07-11 13:46:19 Stman The rest of the design is okay for us.
  68. 2014-07-11 13:46:35 fun I am also interested in this
  69. 2014-07-11 13:47:18 <-- KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has quit (Ping timeout: 480 seconds)
  70. 2014-07-11 13:47:18 Stman If the FPGA cannot be initialized securely : It is "by design" cancelling any "security" application with the novena, and only limiting it to hardware hacker experimentation platform/applciaitons.
  71. 2014-07-11 13:47:27 Stman cool fun
  72. 2014-07-11 13:47:41 dermiste Stman: you don't trust the i.mx6, yet you trust the FPGA ?
  73. 2014-07-11 13:47:55 mrasmus routing a brand new jumper and socket does not sound like a very easy change, to me, given the complexity of the board and the nature and constraints of some of the lines around the FPGA; that doesn't really sound like a simple change, to me.
  74. 2014-07-11 13:48:13 mrasmus Also, that
  75. 2014-07-11 13:48:36 Stman Indeed, I don't trust the FPGA itself too, but I know the nature of the hardware backdoors that can be found in some FPGA (Mainly Remote JTAG control through any pin)
  76. 2014-07-11 13:48:44 Stman and this is it.
  77. 2014-07-11 13:49:00 Stman Let's say we have trick to "protect" against that.
  78. 2014-07-11 13:49:28 Stman Anyway, the idea here is to be sure the FPGA can be initialized with a not corrupted bitfile.
  79. 2014-07-11 13:49:40 Stman The question of the hardware bacldoors into the FPGA itself is another problem.
  80. 2014-07-11 13:50:06 mrasmus couldn't that be done simply by watching the line that's initializing it, checking the "write" for sanity?
  81. 2014-07-11 13:50:39 Stman Of course it could be done this way too, but to us, it was not a complicated change.
  82. 2014-07-11 13:51:00 Stman The socket of a serial CMS e(e)prom witj only 6 pins is very small.
  83. 2014-07-11 13:51:09 Stman Don't tell me there is no more room to route that.
  84. 2014-07-11 13:51:10 dermiste I would think the simplest path here is to make an extension board with gig ethernets, and fill base eth ports with epoxy
  85. 2014-07-11 13:51:19 Stman We will.
  86. 2014-07-11 13:51:20 dermiste and remove bt and wifi
  87. 2014-07-11 13:51:29 Stman But it doesn't solve the problem of the FPGA secure initialization.
  88. 2014-07-11 13:51:42 Stman We need PHY ethernet on an expansion board, and we will do it.
  89. 2014-07-11 13:51:46 Stman (I will)
  90. 2014-07-11 13:52:34 Stman I'm gonna download the schematic and PCB and the software he used to route it and make the change myself then, I swear this is no big deal, even if the board is already "full"
  91. 2014-07-11 13:52:44 mrasmus I don't know
  92. 2014-07-11 13:52:49 dermiste Stman: is it reasonable to say that no backdoor can be triggered from a completely out-of-the-network CPU ?
  93. 2014-07-11 13:52:52 mrasmus I was merely theorizing
  94. 2014-07-11 13:52:56 Stman I'm not asking him to add a 500 pin BGA chip :D
  95. 2014-07-11 13:53:35 mrasmus Oh, I know. I haven't poked at the layout in a while, I don't know how crowded things are
  96. 2014-07-11 13:53:57 mrasmus and I'm not a trained EE
  97. 2014-07-11 13:54:10 Stman dermiste : Before snowden I would have said YES (But beware to some peripherals ...), now I say NO.
  98. 2014-07-11 13:54:15 --> KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has joined #kosagi
  99. 2014-07-11 13:54:16 adj can be enough if the configuration can be locked from the soc once the bitfile is injected?
  100. 2014-07-11 13:54:18 Stman NSA can put RF shit into some chips.
  101. 2014-07-11 13:54:51 Stman Anyway, this is not this level of Lab/military attack we wanted to resist to, but more a remote hack attack.
  102. 2014-07-11 13:54:56 dermiste Stman: what is the name of this nsa product ?
  103. 2014-07-11 13:55:30 Stman TAO implants ? Heu, I don't know their names by heart, sorry.
  104. 2014-07-11 13:55:52 Stman But I know they do exist, and I perfectly understand the underlying concept.
  105. 2014-07-11 13:55:56 dermiste Stman: and would it require access to the fab line ?
  106. 2014-07-11 13:57:29 Stman Yes. And the corrupted chips then have to be subilized on board (I means, unsoldering the old one, soldering the new one instead)
  107. 2014-07-11 13:57:42 Stman Why do you wanna know that ?
  108. 2014-07-11 13:57:53 Stman What do you have in lind ?
  109. 2014-07-11 13:57:55 dermiste ah, yeah, changing chips, of course
  110. 2014-07-11 13:57:57 Stman in mind ?
  111. 2014-07-11 13:58:01 adj Stman, do you trust the board?
  112. 2014-07-11 13:58:15 Stman The PCB itself ?
  113. 2014-07-11 13:58:25 adj will you inspect with x ray?
  114. 2014-07-11 13:58:28 adj yes, the pcb
  115. 2014-07-11 13:58:32 dermiste If they change chips, then you might as well consider that every simple chip is backdoored ...
  116. 2014-07-11 13:58:34 Stman Well :
  117. 2014-07-11 13:59:30 Stman This board can be routed in a way it is only possible to inspect it with Xray because of multi-layer, etc ... and it could also be routed in an "old way", old fashion 2 sides PCB that can be checked with a simple scanner.
  118. 2014-07-11 13:59:36 Stman These are implementations constraints.
  119. 2014-07-11 13:59:47 Stman I am interested in these constraints :
  120. 2014-07-11 14:00:08 Stman I prefer a much larger board I can check, than a tiny one I can't check ALL BY MYLSELF
  121. 2014-07-11 14:00:20 Stman (But okay, I'm a big paranoid that trust nobody)
  122. 2014-07-11 14:00:30 Stman (But I'm still alive :D)
  123. 2014-07-11 14:00:35 adj me too
  124. 2014-07-11 14:01:05 adj how large needs to be make to route a 10 layer pcb into a 2 layer one?
  125. 2014-07-11 14:01:48 new299 Stman: http://www.homebrewcpu.com/overview.htm
  126. 2014-07-11 14:01:51 Stman I would say : 2 to 3 times bigger board. It's not "that" big.
  127. 2014-07-11 14:02:12 Stman And less use of BGA sockets.
  128. 2014-07-11 14:02:18 Stman I hate BGA socket anyway
  129. 2014-07-11 14:02:23 Stman Fuck the BGA sockets :D
  130. 2014-07-11 14:02:50 Stman Then all this depends on your priorities.
  131. 2014-07-11 14:02:57 adj id i.mx6 available without BGA?
  132. 2014-07-11 14:02:59 adj is
  133. 2014-07-11 14:03:38 Stman My priority list is 1) Security & control 2) Security & control 3) Security & control over my system.
  134. 2014-07-11 14:03:47 Stman adj : I guess.
  135. 2014-07-11 14:03:51 mrasmus That board does not a laptop make
  136. 2014-07-11 14:04:00 Stman Nop
  137. 2014-07-11 14:04:12 Stman Or like the old ones . But anyway,
  138. 2014-07-11 14:04:25 Stman If you wanna super slim thing you can still buy a mac book air.
  139. 2014-07-11 14:04:35 Stman But sex toyz included :D
  140. 2014-07-11 14:04:45 adj as far as i know the allwinner A13 is the only armv7 without BGA
  141. 2014-07-11 14:05:25 new299 adj: yep that's the only one I've seen.
  142. 2014-07-11 14:05:40 new299 adj: the boards are pretty cheap though https://www.olimex.com/Products/OLinuXino/A13/A13-OLinuXino/open-source-hardware
  143. 2014-07-11 14:05:52 adj Stman, anyway, i hope you can get this change in the novena board
  144. 2014-07-11 14:05:58 Stman BGA was invented, to me, with military strategy behind, no to save that much space on board, but to prevent end user from hacking the stuff.
  145. 2014-07-11 14:06:38 Stman Unsoldering Weller station to unsolder BGA cost, first model, 25000 €
  146. 2014-07-11 14:07:10 Stman adj : I hope too
  147. 2014-07-11 14:07:28 adj Stman, thanks to snowden this is the first thing that you said that sounds paranoid (BGA being invented to prevent hacking)
  148. 2014-07-11 14:07:46 Stman Anyway, having a second model of novena routed with "old fashion 2 sided PCB" is an interesting idea for those looking for more control
  149. 2014-07-11 14:08:38 new299 Stman: I'd say that's just a totally different product, you should go make it.
  150. 2014-07-11 14:08:44 Stman not everybody here (I guess nobody) has teh toolz to inspect a 10 layer PCB with XRAY :D
  151. 2014-07-11 14:08:55 Stman new299 : Agree
  152. 2014-07-11 14:09:11 Stman But there are a lot of friendz i know that would more interested in this 2nd version
  153. 2014-07-11 14:09:43 new299 Stman: you can go buy https://www.olimex.com/Products/OLinuXino/A13/A13-OLinuXino/open-source-hardware it's probably nearer what you want.
  154. 2014-07-11 14:10:49 adj yes, i think that you can make the pcb and soldering yourself
  155. 2014-07-11 14:11:29 adj but is it enough for a router/firewall?
  156. 2014-07-11 14:11:47 adj not fpga, ethernet etc.
  157. 2014-07-11 14:12:00 Stman Nope.
  158. 2014-07-11 14:12:40 --> paulk-collins (~paulk@162.38.30.137) has joined #kosagi
  159. 2014-07-11 14:12:55 Stman At least, some hacker friends from the core TOR dev team ask me to benchmark Novena hardware design in order to build the most secure TOR router possible. Like it is now, it is not going to reach the security level they are looking for.
  160. 2014-07-11 14:15:02 --> jedahan (~jedahan@cpe-72-229-222-157.nyc.res.rr.com) has joined #kosagi
  161. 2014-07-11 14:15:21 --> jlf (~user@50-0-131-126.dsl.dynamic.sonic.net) has joined #kosagi
  162. 2014-07-11 14:17:37 new299 Stman: is there anything that does?
  163. 2014-07-11 14:22:43 jtang_ keep it off the network?
  164. 2014-07-11 14:22:54 jtang_ stick in a faraday cage
  165. 2014-07-11 14:23:06 mrasmus seems counterproductive for a TOR router
  166. 2014-07-11 14:23:18 <-- KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has quit (Ping timeout: 480 seconds)
  167. 2014-07-11 14:25:27 jtang_ heh probably
  168. 2014-07-11 14:28:28 <-- nerick (~nerick@ns3297786.ovh.net) has quit (Ping timeout: 480 seconds)
  169. 2014-07-11 14:35:48 --> nerick (~nerick@ns3297786.ovh.net) has joined #kosagi
  170. 2014-07-11 14:38:12 --> KBme (~r00t@LAubervilliers-656-01-10-28.w217-128.abo.wanadoo.fr) has joined #kosagi
  171. 2014-07-11 14:38:25 adj new299, more practical than homebrewcpu could be openrisc
  172. 2014-07-11 14:48:00 new299 adj: on an FPGA? sounds risky! :)
  173. 2014-07-11 14:48:10 <-- bunnie (~bunnie@210.23.18.169) has quit (Remote host closed the connection)
  174. 2014-07-11 14:48:34 mrasmus Am I gonna be the one to make the "more like sounds risc-y" pun? I think I am.
  175. 2014-07-11 14:49:02 new299 mrasmus: looks like it! :)
  176. 2014-07-11 14:50:07 <-- mgcheung (~mgcheung@pool-71-184-252-203.bstnma.fios.verizon.net) has quit (Ping timeout: 480 seconds)
  177. 2014-07-11 14:50:59 adj fpga or asic
  178. 2014-07-11 14:51:41 adj but Stman is trusting the fpga for the router, but not for the cpu?
  179. 2014-07-11 14:52:16 new299 doesn't make much sense to me.
  180. 2014-07-11 14:53:12 adj homebrewcpu uses IC, not sure if we can trust them
  181. 2014-07-11 14:53:20 new299 moreover the fpga bitstreams are all synthesised using closed source tools...
  182. 2014-07-11 14:53:23 mrasmus ^^
  183. 2014-07-11 14:53:44 new299 adj: I've heard the NSA are backdooring 74 series logic now.
  184. 2014-07-11 14:53:57 adj ^_^
  185. 2014-07-11 14:54:28 mrasmus I'd love to hear bunnie's take on it. I just feel like monitoring the loading process covers the vector he's concerned about, and, well… the bitstream that needs sanity-checking is a proprietary and closed thing in the first place.
  186. 2014-07-11 14:56:00 new299 I think bunnie is pretty much a pragmatist.
  187. 2014-07-11 14:56:05 --> OmegaPhil1 (~kvirc@82-71-20-171.dsl.in-addr.zen.co.uk) has joined #kosagi
  188. 2014-07-11 14:56:35 adj sure, he uses windows, solidworks and altium
  189. 2014-07-11 14:56:44 mrasmus Yes, but he also understands and is sympathetic towards the security-conscious.
  190. 2014-07-11 14:56:54 Stman back
  191. 2014-07-11 14:56:56 Stman Yes.
  192. 2014-07-11 14:57:07 mrasmus I doubt he'll make this hardware change, but it'll be interesting to see his response
  193. 2014-07-11 14:57:07 Stman I trust the FPGA but not Asic.
  194. 2014-07-11 14:57:16 Stman Of course, I am dreaming of Free FPGA
  195. 2014-07-11 14:57:21 Stman One day they will exist.
  196. 2014-07-11 14:57:27 mrasmus But not in this form factor
  197. 2014-07-11 14:57:42 Stman This day, our digital privacy and freedom will be finally back.
  198. 2014-07-11 14:57:51 adj you need to trust both fpga design _and_ manufacturing
  199. 2014-07-11 14:58:03 Stman adj : Are you sure ?
  200. 2014-07-11 14:58:09 new299 ...and the compiler...
  201. 2014-07-11 14:58:16 adj sure
  202. 2014-07-11 14:58:17 mrasmus you can verify fabrication
  203. 2014-07-11 14:58:24 <-- OmegaPhil (~kvirc@82-71-20-171.dsl.in-addr.zen.co.uk) has quit
  204. 2014-07-11 14:58:29 Stman backdooring 74xx or any other "simple gate" stuff looks like CRAZY.
  205. 2014-07-11 14:58:34 Stman But these guys ARE crazy.
  206. 2014-07-11 14:58:42 Stman Anyway,
  207. 2014-07-11 14:58:48 jtang_ heh compilers, i remember some joker stuck some 'extra' stuff into a compiler for the fun of it, then they redistributed the compiler
  208. 2014-07-11 14:58:49 new299 hahaha :)
  209. 2014-07-11 14:58:55 adj Stman, i thought thar backdooring 74xx was a joke
  210. 2014-07-11 14:59:04 Stman To me it is a joke
  211. 2014-07-11 14:59:16 Stman But they could do it, but well, it would mean it is the end then.
  212. 2014-07-11 14:59:38 Stman remember : I'm a highly paranoid person : I see spies and backdoors EVERYWHERE :D
  213. 2014-07-11 14:59:45 mrasmus Stman: What's the point of saying "one day we'll have a free and open FPGA" in the context of making an argument for a modification to Novena's board design/arguing that the FPGA can be trusted but not the ASIC
  214. 2014-07-11 14:59:46 Stman ;-p
  215. 2014-07-11 15:00:10 new299 Stman, it's true. You could see if the truth table check out with a multimeter... but... who knows what the NSA has been doing to multimeters!
  216. 2014-07-11 15:00:12 adj you can grow you own silicon crystals and dopping yourself to get transistors
  217. 2014-07-11 15:00:28 Stman mrasmus : The only Free Digital electronic component we have today are the EPROM that have a windowd that let you see (and check) the dice.
  218. 2014-07-11 15:00:50 Stman If you have of course all the revers engineering tools to revers transistors into logic etc...
  219. 2014-07-11 15:01:13 Stman new299 :
  220. 2014-07-11 15:01:23 Stman Detecting backdoors in FPGA is easy.
  221. 2014-07-11 15:01:33 mrasmus how's that, Stman?
  222. 2014-07-11 15:01:51 Stman Slowing down the side channels that can trigger them : It's fun, but you never know what they can imagine, so, it's an endless task.
  223. 2014-07-11 15:02:09 mrasmus when the bitstream format that defines the functionality of it is created in a closed-source fashion
  224. 2014-07-11 15:02:14 Stman Nick (TOR chief architect) suggest, for detecting backdoors usage in FPGA, a simple trick :
  225. 2014-07-11 15:02:25 Stman simpel and known, but perfect in this case :
  226. 2014-07-11 15:02:49 Stman Use two different FPGA from two different fab : Xilinx and altera, and to the same design on both of them :
  227. 2014-07-11 15:03:06 Stman Then build a PCB that make them work fully synchronized.
  228. 2014-07-11 15:03:26 Stman And also some comparator to check that the results are always the same.
  229. 2014-07-11 15:03:43 Stman Of course, this approach is complexifying a lot the PCB / mother board design
  230. 2014-07-11 15:03:46 Stman It has a cost.
  231. 2014-07-11 15:03:50 Stman But it works :
  232. 2014-07-11 15:04:03 adj then you know that both xilinx and altera are subverted
  233. 2014-07-11 15:04:05 Stman NSA can barely activate FPGA back exactly at the same time for the two FPGA :
  234. 2014-07-11 15:04:06 mrasmus "perfect" tells me there's a flaw
  235. 2014-07-11 15:04:06 new299 unless they'vethought of that.
  236. 2014-07-11 15:04:18 Stman Well.
  237. 2014-07-11 15:04:22 Stman They could.
  238. 2014-07-11 15:04:41 mrasmus Any time I hear the word "perfect" in a description of something in the security world, my confidence index drops by 60-80%.
  239. 2014-07-11 15:04:51 adj too much conspiranoid chat for me now
  240. 2014-07-11 15:04:57 Stman But playing this game, compairing two different systems, I think the defender has an advantage always on the attacker (the nsa)
  241. 2014-07-11 15:04:58 mrasmus same here
  242. 2014-07-11 15:05:11 mrasmus to adj's comment, that is
  243. 2014-07-11 15:05:12 Stman adj :
  244. 2014-07-11 15:05:16 Stman Look :
  245. 2014-07-11 15:05:21 Stman Both FPGA have different architecture :
  246. 2014-07-11 15:05:41 Stman The backdoors cannot down bitfile and activate them AT THE same time for both FPGA
  247. 2014-07-11 15:05:48 Stman It is impossible.
  248. 2014-07-11 15:05:59 new299 why do they need to activate an exploit.
  249. 2014-07-11 15:06:04 mrasmus What about a subversion at the bitstream level that subverts functionality
  250. 2014-07-11 15:06:06 Stman Particularily if both FPGA are not the same.
  251. 2014-07-11 15:06:15 mrasmus when you have a closed-source bitgen tool
  252. 2014-07-11 15:06:28 mrasmus that'd be my attack vector, and you haven't said a word that tells me you've considered it
  253. 2014-07-11 15:06:40 Stman mrasmus : This is another question Stallman has been telling me about Free FPGA :
  254. 2014-07-11 15:06:55 Stman Software compiling, and placing/routing software are never free
  255. 2014-07-11 15:07:00 Stman I know this issue too.
  256. 2014-07-11 15:07:04 Stman Anyway,
  257. 2014-07-11 15:07:07 Stman again,
  258. 2014-07-11 15:07:25 Stman But VHDL comoiler based on GCC/LLVM are free
  259. 2014-07-11 15:07:44 adj Stman, an fpga can have a cpu core inside, what's the diference with what you don't like about novena?
  260. 2014-07-11 15:07:45 mrasmus so are you saying that you'll eventually have a free bitgen stack for this specific FPGA?
  261. 2014-07-11 15:08:14 Stman Usign two very different FPGA for running the same design for implementing a processor is a very good and efficient strategy, but it has a cost of course, but the security level is greatly improoved. They do this strategy in planes for calculations too.
  262. 2014-07-11 15:08:22 Stman adj :
  263. 2014-07-11 15:08:24 Stman Yes.
  264. 2014-07-11 15:08:26 Stman Well.
  265. 2014-07-11 15:08:35 Stman This discussions would be much better on a mumble server
  266. 2014-07-11 15:08:39 Stman more interactive
  267. 2014-07-11 15:08:56 Stman adj :
  268. 2014-07-11 15:09:00 mrasmus you keep talking about "Free FPGA" like it's an actual thing, but if it were, it'd be new hardware in a new package that is completely irrelevant to the conversation
  269. 2014-07-11 15:09:01 new299 Stman, you could just use CPUs from 2 different vendors...
  270. 2014-07-11 15:09:31 Stman FYI : I am working the design of a new architecture of secure processor that by design stop ALL the familly and friends from Buffer & Stack overflow families.
  271. 2014-07-11 15:09:36 Stman Including ROP.
  272. 2014-07-11 15:09:38 Stman exploit.
  273. 2014-07-11 15:09:53 Stman The last piece of the puzzle pissing to implement them is free FPGA.
  274. 2014-07-11 15:09:58 adj well, if bunnie can make you proposal great, but i don't need it
  275. 2014-07-11 15:10:02 adj good luck
  276. 2014-07-11 15:10:08 Stman I am for now obliged to "play" with COTS FPGA that of course can be backdoored.
  277. 2014-07-11 15:10:11 Stman Anyway.
  278. 2014-07-11 15:10:23 Stman adj :
  279. 2014-07-11 15:10:29 Stman It's really a little change, really.
  280. 2014-07-11 15:10:38 Stman many hacker will greatly appreciate that.
  281. 2014-07-11 15:10:44 fun Stman: I hope it makes it into the final version :)
  282. 2014-07-11 15:10:47 Stman in particular, futur client from the TOR team.
  283. 2014-07-11 15:10:49 new299 you'll likely have to wait until the current FPGA patents expire until you get a free FPGA...
  284. 2014-07-11 15:11:09 Stman new299 : Or go to brazil.
  285. 2014-07-11 15:11:17 gmaxwell new299: any idea when the bulk of FPGA patents expire? ... their design is so simple overall... I'm constantly sad how expensive they are.
  286. 2014-07-11 15:11:35 Stman brazil said "fuck you" for AID pills & their patents
  287. 2014-07-11 15:11:43 new299 gmaxwell: no I did look into it a while back though.
  288. 2014-07-11 15:12:03 Stman anyway, they have not patented everything
  289. 2014-07-11 15:12:05 new299 Stman: does Brazil have a lot of fab capacity?
  290. 2014-07-11 15:12:10 Stman It is possible to imagine new design for FPGA
  291. 2014-07-11 15:12:21 new299 Stman: go for it.
  292. 2014-07-11 15:12:31 Stman new299 : Not more than they had for HIV drugs in the past. They just built them.
  293. 2014-07-11 15:12:52 Stman new299 : If other come with me, let go all together
  294. 2014-07-11 15:13:00 mrasmus still not seeing how a new FPGA design matters when we're talking about this board
  295. 2014-07-11 15:13:09 new299 Stman: do you have funding lined up?
  296. 2014-07-11 15:13:10 Stman In order to have this dream come true, we have a fucking hard political lobbying to make.
  297. 2014-07-11 15:13:24 Stman The EU parlament could pay for such plant.
  298. 2014-07-11 15:13:36 Stman But we just need efficient people doing the right lobbying.
  299. 2014-07-11 15:14:05 fun might be worth talking to epfsug
  300. 2014-07-11 15:14:11 fun might be able to help
  301. 2014-07-11 15:14:18 Stman I've asked Appelbaum if he was okay to promote Free FPGA at the european parlament. I still have no answer, but it is clear I would be very disapointed if he would refuse to do us this favor.
  302. 2014-07-11 15:14:29 new299 Stman: The EU parlament to pay for a fab, to circumvent patents in Brazil, hmmm could be a tough sell. :)
  303. 2014-07-11 15:14:42 Stman :p
  304. 2014-07-11 15:14:55 mrasmus I'm getting a headache from lack of pragmatism in here, I'm gonna take my leave
  305. 2014-07-11 15:15:02 new299 Stman: you should go to google ventures instead. :)
  306. 2014-07-11 15:15:22 adj i don't think that EU money is needed to make a fab
  307. 2014-07-11 15:15:23 Stman mrasmus Dreaming is the first step, always. We need to have a clear vision of what is needed and explore all the possibilities.
  308. 2014-07-11 15:15:27 adj not so expensive
  309. 2014-07-11 15:15:30 new299 mrasmus: hahaha, I'm waiting to see how far this goes.
  310. 2014-07-11 15:15:46 Stman adj : That's what some hacker friends think too.
  311. 2014-07-11 15:15:53 new299 adj: um... fabs are reasonably expensive
  312. 2014-07-11 15:15:57 Stman yIt is clear that if we can stay autonomous, then, the better
  313. 2014-07-11 15:16:08 Stman There is also another waty to explore : IC printing technologies.
  314. 2014-07-11 15:16:24 Stman There are already IC printer for printing RFID tags.
  315. 2014-07-11 15:16:27 Stman Low cost ones.
  316. 2014-07-11 15:16:46 new299 Stman: I'm not entirely sure they have the same performance requirements as FPGAs...
  317. 2014-07-11 15:17:04 Stman Of course, every transistor in those IC printing printers are WAY TOO BIG for now, and can only be used to implement very small designs, but the idea is interesting. like for 3D printing.
  318. 2014-07-11 15:17:12 Stman new299 : Of course.
  319. 2014-07-11 15:17:13 adj small companies or universities can make IC
  320. 2014-07-11 15:17:17 Stman It's just another possible path.
  321. 2014-07-11 15:17:24 Stman For the future let's say
  322. 2014-07-11 15:17:31 Stman But it's interesting to know it.
  323. 2014-07-11 15:17:37 Stman To keep that in mind.
  324. 2014-07-11 15:17:43 Stman BRB
  325. 2014-07-11 15:20:01 Stman What do I mean with Free FPGA :
  326. 2014-07-11 15:20:09 new299 Stman: so you can buy a 1 micron line for ~250K USD.
  327. 2014-07-11 15:20:21 new299 like an old fab line from the 80s.
  328. 2014-07-11 15:20:30 Stman 1) Fully free software tool chain : Free VDHL compiler, and Free Place/route into an FPGA arch tools.
  329. 2014-07-11 15:20:32 new299 but you're not going to be making FPGAs...
  330. 2014-07-11 15:21:03 Stman 2) Free FPGA "chips", with a window, like for an EPROM, so that End-User can take a photo of the dice, and check it.
  331. 2014-07-11 15:21:04 adj new299, why not?
  332. 2014-07-11 15:21:25 Stman 3) a transparent plastic lead chip carier
  333. 2014-07-11 15:21:42 Stman So that one can check there is other other "toyz" inside the plastic.
  334. 2014-07-11 15:21:59 adj Stman, the backdoor is _under_ what you see
  335. 2014-07-11 15:22:03 Stman With these 3 conditions, if the can make, we have our freedom and privacy back, and we can start rebuilding a new internet, a free one.
  336. 2014-07-11 15:22:26 Stman Are you talking about Dopant attack on the dice ?
  337. 2014-07-11 15:22:39 new299 adj: you're not going to enough transistors on a device to do anything useful. You might be able to do something like a PLD I guess.
  338. 2014-07-11 15:22:47 Stman Dopant atack have almost no interest on FPGA, unlike on a RND generator
  339. 2014-07-11 15:23:26 adj or just die stacking
  340. 2014-07-11 15:23:56 adj 3d electronics
  341. 2014-07-11 15:23:56 Stman Yes.
  342. 2014-07-11 15:23:58 adj don't know
  343. 2014-07-11 15:24:02 Stman Yes I know that.
  344. 2014-07-11 15:24:09 Stman These are easy problem to solve :
  345. 2014-07-11 15:24:37 adj living in our imperfect world is another solution
  346. 2014-07-11 15:24:38 Stman We can afford having a little R&D on way to build these chips so that we can warranty to the end user the easy possibility to control the whole thing.
  347. 2014-07-11 15:24:47 Stman This would just be our 1rst priority
  348. 2014-07-11 15:25:09 Stman adj : Never. I'm a radical crypto-anarchist & I want my fucking freedom back.
  349. 2014-07-11 15:25:23 Stman Don't want any agency to fuck me any longer in teh silicium.
  350. 2014-07-11 15:25:53 adj i also want my perfect freedom, my perfect security, my perfect job...
  351. 2014-07-11 15:26:04 adj i'm not going to get it
  352. 2014-07-11 15:26:06 Stman * and a perfect boy friend
  353. 2014-07-11 15:26:26 Stman adj : I you don't dream, then it means they "killed" you.
  354. 2014-07-11 15:26:35 Stman Free FPGA are sincerly at our reach.
  355. 2014-07-11 15:26:40 Stman It's not science fiction.
  356. 2014-07-11 15:26:45 Stman We could do it.
  357. 2014-07-11 15:26:48 new299 the problem is if your solution is "I need to build a fab", you'll never do it. So you should focus on reasonable pragmatic solutions.
  358. 2014-07-11 15:27:09 Stman It is just a difficult project, because doing these thing require lot's of organization, money, and motivation.
  359. 2014-07-11 15:27:35 adj yes, that's the reason we are going to get a computer from bunnie and xobs, not Stman
  360. 2014-07-11 15:27:38 Stman But if it is the cost of freedom, believe me, it will be very easy, with time, to convince many many software hackers to support us.
  361. 2014-07-11 15:27:48 new299 which is for the most part what I believe has guided the development of novena. It's a reasonable and pragmatic solution to a bunch of problems hackers have.
  362. 2014-07-11 15:28:01 Stman adj :
  363. 2014-07-11 15:28:05 Stman Why do you say that ?
  364. 2014-07-11 15:28:42 Stman Do you fear freedom ?
  365. 2014-07-11 15:29:19 adj because novena is for me the nearest computer from perfection
  366. 2014-07-11 15:29:33 adj so i take it
  367. 2014-07-11 15:29:33 Stman Well.
  368. 2014-07-11 15:29:40 Stman It's okay.
  369. 2014-07-11 15:29:45 Stman I play the same game.
  370. 2014-07-11 15:29:54 Stman I4ll let you know when my "try" will be ready.
  371. 2014-07-11 15:29:55 adj that's pragmatism
  372. 2014-07-11 15:30:04 Stman I'm quite pragmatic too.
  373. 2014-07-11 15:30:21 adj just when you wake up
  374. 2014-07-11 15:30:33 Stman What's wrong with saying : "The last piece of the puzzle for freedom are free FPGA, I wish we would move our asses to have some ?"
  375. 2014-07-11 15:30:49 mrasmus Still not seeing the relevance of the free FPGA discussion to the novena board design. At all.
  376. 2014-07-11 15:31:03 Stman mrasmus : We shifted.
  377. 2014-07-11 15:31:03 adj mrasmus, agree
  378. 2014-07-11 15:31:05 mrasmus Like, yes, cool, go build a free fpga, I'll love it and use it when you do
  379. 2014-07-11 15:31:16 Stman Well, back to the roots :
  380. 2014-07-11 15:31:34 Stman I've came here just to ask for a minor change on the design of the novena didn't I ?
  381. 2014-07-11 15:31:37 mrasmus you used free FPGA to justify your redesign request
  382. 2014-07-11 15:32:15 adj this is easy, just ask bunnie to change the design a couple of days before sending for production
  383. 2014-07-11 15:32:17 Stman mrasmus : I never loose any opportunity to speak the truth about what is needed to have freedom back to all of us.
  384. 2014-07-11 15:32:20 mrasmus I'm saying "bitstream is the bigger vector, your claimed risk can be mitigated with a much less significant redesign if any at all (I don't actually know if the programming lines for the FPGA are sniffable as designed)
  385. 2014-07-11 15:32:48 Stman mrasmus : I agree with that.
  386. 2014-07-11 15:32:49 mrasmus Stman: You just come in at the bottom of the ninth on a hardware project that's been going through multiple revisions to ask for a minor revision with little justification
  387. 2014-07-11 15:33:05 mrasmus and "minor" should be in quotes
  388. 2014-07-11 15:33:23 Stman mrasmus : Well, This minor change has a lot of importance in term of attack surface regarding the FPGA.
  389. 2014-07-11 15:33:25 mrasmus with the complexity and density of this board
  390. 2014-07-11 15:33:29 mrasmus I disagree
  391. 2014-07-11 15:33:34 mrasmus you've failed to convince me of that
  392. 2014-07-11 15:33:47 Stman It's just a question of goals & priorities mrasmus !
  393. 2014-07-11 15:33:59 Stman mrasmus : I'm used to that.
  394. 2014-07-11 15:34:16 mrasmus you're used to failing to convince people that something is justified?
  395. 2014-07-11 15:34:18 Stman Then, have ypu "perfect board" with an FPGA were you can't even garantee the bitfile.
  396. 2014-07-11 15:34:29 Stman It's a choice. And a risk.
  397. 2014-07-11 15:34:34 Stman I won't take it personnaly.
  398. 2014-07-11 15:34:37 mrasmus I disagree on your premise
  399. 2014-07-11 15:34:43 mrasmus I'm not saying that I don't think the security is worthwhile
  400. 2014-07-11 15:34:59 <-- nerick (~nerick@ns3297786.ovh.net) has quit (Ping timeout: 480 seconds)
  401. 2014-07-11 15:35:09 mrasmus I'm saying that the bit burning operation can likely be verified as is
  402. 2014-07-11 15:35:12 Stman Okay, go and convince the more radical of the TOR team that we don't give a shit if the bitfile gets corrupted before transfered to the FPGA.
  403. 2014-07-11 15:35:20 Stman Tell that to snowden for example.
  404. 2014-07-11 15:35:32 mrasmus Aaaand you're bullshitting, now
  405. 2014-07-11 15:35:43 mrasmus What I'm saying is the transfer process can be monitored
  406. 2014-07-11 15:35:49 mrasmus and that would be sufficient
  407. 2014-07-11 15:35:50 Stman Yes.
  408. 2014-07-11 15:35:58 mrasmus that's giving a shit
  409. 2014-07-11 15:36:07 mrasmus that's giving a shit if it gets corrupted or not
  410. 2014-07-11 15:36:07 Stman IF the track of I2C bus is not imprisonned in a layer of the PCB.
  411. 2014-07-11 15:36:16 mrasmus that's a valid question; I don't know the answer
  412. 2014-07-11 15:36:18 Stman okay on that
  413. 2014-07-11 15:36:37 mrasmus but you're saying that wouldn't be sufficient, and your proposed solution is the right way, and that's impractical
  414. 2014-07-11 15:36:48 Stman No, I didn't say that.
  415. 2014-07-11 15:37:23 mrasmus you argued in a fashion that did not acknowledge the verification process as valid
  416. 2014-07-11 15:37:33 Stman It's just, there two main approach to solve this issue : Prevention/detection, or by design, the problem doesn't exist because we use an external serial e(e)prom. I prefer the second.
  417. 2014-07-11 15:37:40 Stman But both can do the trick.
  418. 2014-07-11 15:37:46 Stman I like "by design" things.
  419. 2014-07-11 15:37:52 Stman (PAranoid approach)
  420. 2014-07-11 15:39:41 Stman I maintain that it's just one more jumper on the board and just the addition of a 6 pin chip.
  421. 2014-07-11 15:39:46 Stman It's not the end of the world.
  422. 2014-07-11 15:39:58 new299 Stman: all the gerbers are available I believe go take a look at where the I2C the FPGA uses goes.. that would be something useufl.
  423. 2014-07-11 15:40:00 Stman It doesn't mean the whole re-routing of the PCB.
  424. 2014-07-11 15:40:11 Stman Yes I will new299 :
  425. 2014-07-11 15:40:20 Stman It's the best answer I can have : Let's try to do it.
  426. 2014-07-11 15:40:35 mrasmus 6 pin footprint
  427. 2014-07-11 15:40:41 mrasmus I'm hoping you're not asking for it to be populated
  428. 2014-07-11 15:40:44 Stman Yep.
  429. 2014-07-11 15:40:52 mrasmus good
  430. 2014-07-11 15:41:10 Stman small SMD's or socket chips.
  431. 2014-07-11 15:41:32 Stman Anyway, it's not the surface of an old 68000 in DIP package with its 64 pins.
  432. 2014-07-11 15:43:03 Stman mrasmus : My best "fair" answer is to have a look a the PCB with the editor and see .
  433. 2014-07-11 15:43:28 new299 Stman: you don't even need to use the (closed source) editor. The gerbers are around I believe.
  434. 2014-07-11 15:43:35 mrasmus ^^
  435. 2014-07-11 15:43:46 Stman If the gerber are available, cool.
  436. 2014-07-11 15:43:53 mrasmus We're talking Altium, that's a few thousand dollars IIRC
  437. 2014-07-11 15:44:11 Stman But I guess it's even faster to work directly with the Schematics / PCB software directly.
  438. 2014-07-11 15:44:12 new299 about 5K USD I think yea.
  439. 2014-07-11 15:44:13 mrasmus gerbers are all on the wiki
  440. 2014-07-11 15:45:04 new299 ah there's the fpga JTAG actually.
  441. 2014-07-11 15:45:25 Stman new299 : rooted to a SIL connector ?
  442. 2014-07-11 15:45:27 --> ooo (~ooo@4VXAACQAR.tor-irc.dnsbl.oftc.net) has joined #kosagi
  443. 2014-07-11 15:45:30 new299 yea
  444. 2014-07-11 15:45:33 Stman routed
  445. 2014-07-11 15:45:37 Stman :-s
  446. 2014-07-11 15:45:39 new299 populated
  447. 2014-07-11 15:45:43 new299 on the board I have here.
  448. 2014-07-11 15:45:44 Stman yep !
  449. 2014-07-11 15:46:26 new299 right yea, well it's a BGA part so I doubt you're really going to get that fully exposed on the top layer...
  450. 2014-07-11 15:46:28 Stman This is cool.
  451. 2014-07-11 15:46:41 new299 but it's populated and on a SIL yea.
  452. 2014-07-11 15:46:54 Stman I mean, it's a second way to inject bitfile then.
  453. 2014-07-11 15:47:27 Stman So we could just cut the tracks on the i2C bus if they are going through the external layer of ther PCB.
  454. 2014-07-11 15:47:33 Stman Sometimes we can have a little luck :D
  455. 2014-07-11 15:48:01 Stman In that case, we would inject the bitfile from an JTAG probe. Cool.
  456. 2014-07-11 15:48:02 new299 actually there seems to be a bus going from the CPU directly to the FPGA as well on the top layer.
  457. 2014-07-11 15:48:18 mrasmus There's a lot going between the two
  458. 2014-07-11 15:48:36 Stman Yes, there is a muxed ADDR/DATA bus between both.
  459. 2014-07-11 15:48:51 new299 so yea, anyway check the gerbers.
  460. 2014-07-11 15:49:10 mrasmus that seems like the logical move before requesting changes to a board, tbh
  461. 2014-07-11 15:49:19 Stman We won't be able to get any deeper here until playing with the shcematics / PCB software or viewing the Gerber files of the PCB (Hard if 10 layers)
  462. 2014-07-11 15:52:47 new299 have you even looked in the schematic pdf yet?
  463. 2014-07-11 15:53:04 Stman Yep
  464. 2014-07-11 15:53:13 Stman OF course.
  465. 2014-07-11 15:53:35 Stman I've been asked by some TOR guys to give my opinion on the design, focusing on the FPGA.
  466. 2014-07-11 15:53:51 Stman Bunnie himself gave me some more details.
  467. 2014-07-11 15:54:12 Stman Because I was in a hurry. TOR team came to paris last week. And it does not happen that often.
  468. 2014-07-11 15:54:29 Stman Anyway, YES, i had a look at the schematics.
  469. 2014-07-11 15:54:56 Stman I am an electronic engineer : I design routers and stuff like that, so this is very "known" territory to me.
  470. 2014-07-11 15:56:08 Stman The question I was asked by some guys from the TOR team was: The way the FPGA is "inserted" into this design, could we have secure TOR routers running on it : What would be missing, if anything is missing. This is the question they asked me.
  471. 2014-07-11 15:57:09 Stman I have to go for now, but i'll be back another day, so we can go on talking for those who are interested. I can also be found on twitter @Stmanfr ... 'Nice Week End to all ... o/
  472. 2014-07-11 15:57:51 <-- Stman (~Stman@193.253.170.176) has quit (Quit: My MacBook Pro has gone to sleep. ZZZzzz…)
  473. 2014-07-11 15:59:44 new299 well that was entertaining I guess.
  474. 2014-07-11 16:00:09 k3nt hah
  475. 2014-07-11 16:00:56 * k3nt sat on the sideline watching
  476. 2014-07-11 16:04:25 new299 "Quit: My MacBook Pro has gone to sleep." hahaha classic.
  477. 2014-07-11 16:04:44 mrasmus … *wow*
  478. 2014-07-11 16:05:05 new299 that's awesome. :)
  479. 2014-07-11 16:05:16 mrasmus I guess he *is* pragmatic, sometimes
  480. 2014-07-11 16:11:42 dermiste Maybe it's a red herring, to lure the spooks into wasting sploitz and reveal themselves ... ;)
  481. 2014-07-11 16:15:52 adj what? conversation ended?
  482. 2014-07-11 16:15:58 adj is was doing pop corn :-(
  483. 2014-07-11 16:16:03 adj I was
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!