What I really love is the stack trace of reasoning, that's very
pedagogical, and that you either worked out lots of things from first
principles or felt the need to explain them is if from naive
perspective.
Also, while impractical for real world networking I don't think this
is just idle play. What with backdoors turning up in over-complex
network network chips you may find a more serious readership/project
motive in the future.
I do wonder how many exploits are hidden in modern day silicon, i mean we find exploits almost daily in code of a few thousand lines of code, meanwhile we've got microchips that are basically the equivalent of billions of lines of code in hardcoded silicon
So this is for an all-custom computer, which is rather more impressive on its own (to say nothing of "So I made a C compiler."), but now I'm curious what the minimal implementation of an ethernet card for a "normal" PC would be. I suspect a lot of it would be very similar, up to that you could do checksums on the PC's CPU (probably just baked into the driver). It'd need to be attached - either bare serial or more usefully USB? And then you'd either need to write a "real" driver for it or else plumb through to userspace and do it there. For similar things I've eyeballed having the device implement https://en.wikipedia.org/wiki/USB_communications_device_clas... so it "just works" without needing to do your own driver, but I don't think that would play nice with things like doing all the checksums host-side. Or... while searching for that, I stumbled across https://en.wikipedia.org/wiki/Ethernet_over_USB , which maybe suggests that you can just build an adaptor that translates the physical connection to USB and then let the computer magically handle all the rest for you? Dunno, over my head.
USB is arguably much more complicated than 10base2 internet, which pre-dates it by a long way. In fact, if you're trying to use either PCIe or USB to connect to a 10base2 ethernet network, either of those will be far more work than the Ethernet side.
You might be able to persuade a FTDI-style USB device to bit-bang 10base2 Ethernet for you. You'd implement a "PHY" side which translates the wire traffic to a clean bitstream and aligns the frame start and then just have the PC handle all of it in software for you.
Oh, good point. I guess it depends on your usecase. I was thinking from the angle of not trusting premade network cards but trusting your USB chips.... which now that you point out, is also not a given. Maybe bare serial (just a wire per tx/rx), but it suddenly occurs to me that I don't know how that's actually connected to the CPU, and I think that approaching this from a security angle is a quick road to madness. OTOH... connecting a microcontroller to serial probably is the simplest option and as an engineering exercise is perfectly reasonable, if not exactly fast, but hey it's not like this was ever going to be performant.
> Maybe bare serial (just a wire per tx/rx), but it suddenly occurs to me that I don't know how that's actually connected to the CPU
In practice today, if you have a DB9 serial port, that goes into the section of the chipset which is concerned with all the "legacy" interfaces, which ultimately turns up on the PCIe bus like everything else.
> I think that approaching this from a security angle is a quick road to madness
Ironically, USB SS is more implementable than USB HS without a dedicated PHY. USB SS's PHY is just standard CML differential signaling used for almost all modern high-speed protocols like PCIe or SATA (but with an LFPS extension for link negotiation), most FPGAs already have built-in support for it. Meanwhile USB HS's PHY is a completely non-standard one: it's LVDS-like but the signals are not fully differential, it's half-duplex and needs bus arbitration, etc - only USB HS PHYs speak this odd language.
Funnily enough modern machines have ISA in form of LPC bus used for few of the common peripherals (TPM) that can be used in ISA-compatible mode, and you can get LPC to ISA adapters.
not being pedantic, just rounding out the record, ISA's follow-on, EISA, had already been around a while and was already sunsetting 30 years ago because PCI had already been invented. VESA also was ending its brief flash of glory.
Towards the end is a link to a C compiler built for this project. https://github.com/imihajlow/ccpu-cc. Seems to have a linker and a libc as well. I have no real understanding of how complicated the hardware design part is but casually throwing a C compiler together is great.
Super impresssive! I would absolutely love to work on such projects and admire the passion and countless hours that went into understanding and then building the system.
Retirement is not something desirable for me, so maybe that's when I'll spend my time on hardware and software projects like this.
Lack of motivation to work on more technical stuff after having done the same all day at work? Mental exhaustion? Wanting to spend the remaining free time with loved ones instead?
I’ve found it empowering to say “this is fascinating to me, and I would enjoy spending significant time diving into it, but I choose not to prioritize that right now.”
This works much better for me than simply griping that “I don’t have time to X”. It acknowledges that I COULD make time for X, but it isn’t worth the current cost.
Yeah, same here: after a day of staring at code on a screen, it's hard to get motivated to look at more code at home. I'd rather watch a movie with my family.
IIRC it over-wrote the buffer the CPU tried to read with new packets from the network or something like that. I had it for a while in Linux and the performance really was bad. :-D
> Fixing the frame length doesn’t have any effect on higher-level protocols because they encode the packet size in their headers and do not rely on the actual Ethernet frame length.
Interesting. I just wrote a packet decoder and I specifically verify at each layer that the lower layer length matches. So for IP, in my decoder the IP datagram length must match exactly the ethernet frame length + link layer header. I didn't do this to be pedantic but rather to detect short frames, and then I decided that long frames were also errors.
You (author) are using uIP but I wonder what Linux or any other modern OS does. You don't specifically mention interoperability but I wonder if you've tested that.
I'm sending my long frames out to the network and no OS I have has any problem with that. I've read somewhere that long frames are actually used by some routers to store metadata after the packet.
Timestamps and other types of in-band network telemetry are sometimes inserted in the frame as a trailer (with a new FCS). If an application isn't looking for the L2 data, it's just ignored by the Linux IP stack.
Physically a lot smaller than DEC's first SSI Ethernet card(-set): https://i.ebayimg.com/images/g/NEYAAOSw-mZlg0lZ/s-l1600.jpg (DEC DEUNA, those boards are over a foot long), though also a lot fewer features. DEUNA is a "real" NIC, it has tx/rx queues and handles all that autonomously. Does DMA, too. It of course comes with it's own on-card PDP-11 to run it.
I've dabbled wuth making my own ISA and softcore CPU in FPGA, but getting C code to compile has been a bit of a blocker.
I know there are some compilers one could try to port but my ISA is kinda esoteric so not straight forward, and so I considered just writing from scratch like you have.
Very impressive! Could you share some books, training, experiences that helped you reach this stage so a hobbyist could catch up? There are so many parts - compiler design, basic electronics, computer architecture etc. Maybe a blog post.
I have a CS/applied math background, my main job is software development, so I don't have problems with the software part. If you are interested in compiler design specifically, you can find a lot to read or to watch online.
When building my system, I was inspired by 8 bit retro computers like ZX Spectrum. Their architecture is straightforward and easy to understand.
Electronics just fascinates me, but I can't really point out a single source which gave me the insight. A lot of playing around with transistors, microcontrollers, logic gates gives the intution how to design stuff.
In Communication Systems Engineering studies we implemented ethernet signalling, then the TCP/IP stack including ARP and switching in Motorola 68k QUIC assembly.
I would like to see a hard disk with all open source software.
This sounds extremely challenging, even just the physical construction.
My thought is to take an EXISTING hard disk and replace the software.
I think one problem is may some of the chips , it is hard / challenging to obtain programming information.
> I would like to see a hard disk with all open source software.
You’ve got me curious of the use case, is it fascination or some other reason? From a security perspective, it seems straightforward to just encrypt the bytes before sending to the drive. That would ensure you can detect data being maliciously changed and/or protect against the drive somehow misusing the data.
You can replace the controller board all together, the electrical interface should not be that hard. You have to spin the spindle, jiggle the heads and send/receive the data. The main problem I see here is that modern hard drives have enormous, unimaginable information density. There must be so many tricks how they achieve that (and do that reliably!). You have to re-trace the steps the hard drive industry has made in the last 50 years.
Discrete is the opposite of integrated, as in integrated circuit.
In practice, it means using multiple components. In a strict sense it means no integrated circuits at all, I suppose. But it's also a relative thing. So while a 7400 series chip is not a "discrete" component as most would think of it, using a hundred 7400 series chips to implement a processor is relatively more discrete than a microprocessor. (It's certainly not as integrated.)
Since the early 1980s, Ethernet interfaces have used used custom chips, because the amount of logic required would need dozens of gate-level chips otherwise (as seen here!)
In the early 1980s, an Ethernet adaptor required a lot of board space. They were often of similar complexity to the main CPU board. For example, this is DEC's first Unibus Ethernet: https://gunkies.org/w/images/1/16/DEUNA.jpg, which occupied two boards.
The software required to run a TCP/IP stack was also large, limiting the system to a handful of active sockets, and consuming large parts of the available CPU power to run something like Telnet or FTP.
It took a few years for CPUs to get more powerful, more RAM to become affordable, and for network hardware to become integrated onto the smaller boards like ISA or NuBus.
No, network cards use chipsets, meaning, most of the logic is inside one or two large ICs (Integrated Circuits). What the poster is doing is creating a card using the simplest existing ICs which contain simple logic circuits such as NANDs, multiplexers, etc.
No, most use much more complicated ICs. This isn't fully discrete (individual transistors, diodes, etc.) but only uses 7400-series logic ICs, not ASICs.
Although they're not common nowadays, the 7400 series includes some more highly integrated parts, including a complete ALU. There's no exact criteria for what "discrete logic" means, but I don't think anybody would accept a complete integrated ALU. To me, it means things like gates, multiplexers, or flip-flops: things that can be made with a few tens of transistors at most.
"Discrete logic" computers usually use integrated RAM chips, but seeing as RAM is usually drawn separately from logic on block diagrams, I think this is still acceptable. However, the popular trick of using an EEPROM as a giant lookup table for your ALU is in my opinion not "discrete logic".
A network card with opaque firmware is a 0-day away from becoming a global catastrophe.
Even RISC-V based switches like the Vega use proprietary switch chips (Wuhan China designed FSL91030M specifically), which is no better.
You can verify input/output to a certain extent, but this doesn’t preclude a timer based function call or a tailored packet activation.
I wonder why our society tolerates these unknowns. With the push towards WiFi replacing the majority of home networking, I’m not confident it will change any day soon.
Sorry to throw a Rumsfeld at you, but I think these are "unknown
unknowns".
If people were aware of the presence and significance of such critical
knowledge voids I do not believe they would tolerate them.
I see it as the job of civic cybersecurity to bring precisely these
sorts of things to wider attention and educate folk on why they are
are problematic.
I think visibility is one aspect, but not the whole story. An average home user runs Windows and doesn’t necessarily care if a hypothetical backdoor could exist in their hardware/software stack.
They browse the web, do their banking, and share photos on SM after checking their mail and searching for Tiramisu recipes.
The existential threat to themselves is low, so they don’t dig further into the ramifications. Journalists, whistleblowers, activists, “undesirables”, those are the primary concerned parties.
The civic cybersecurity aspect needs to lay out a clear benefit to free speech and oppression which makes tangible sense to day to day life. I’m not quite sure how to spread this level of awareness, or highlight the importance of such measures in a way that hits home.
Being worried about a hardware backdoor in your network card is more about technology fetishism than realistic threat analysis.
It's like suburbanites being worried about home invasion. Sure, it's technically possible to happen, but the concern reflects personal neuroses rather than practical considerations.
There's a disconnected, individual grandiosity in both cases - "what I have is so valuable that other people want to take it!". Conveniently, the solution always seems to be more individual actions to disconnect further. Security systems, lockdown, heightened fear of a shadowy Other.
That is not minimizing. Minimizing from a psychological perspective is to present an event that has occurred as unimportant or insignificant. Had the OP said "suburbanites have nothing to worry about if they are targeted in a home invasion" would be an example of minimizing. The rising fear about crime in general, or home invasion in particular, is a disconnect from the actual risk of either happening to oneself. Violent crime overall is somewhere south of 25 incidents per 1,000. That's 2.5%. Which is 2-3x less than it was 30 or 40 years ago. Increased visibility in the media along with influence peddlers in social media whip up fear and neuroses for more clicks/income that make things appear worse than they ever have been. Which tends to lead people to believe the false narrative that "life was better when I was a (much more uninformed) child/young adult."
First, I agree with everything you just said about rising fear
and the total disconnect of actual risk from how it is presented.
See my response above to sdwr viz emerging protection rackets in
computer security, and my later comment about Ross Anderson's
important paper after which I (and Edward Snowden) have found the
words "Insecurity Industry" rolls off the tongue - for example
Amazon's Ring Doorbell ecosystem which cynically preys on distorted
perceptions of suburban crimes.
Other people have commented on that here, and I think they are
correct. But let's not allow that to distract us from the reality that
cybersecurity is in an appalling state and that the risks are very,
very real, and getting worse.
The "insecurity industry" exploits that - while offing no substantial
solution, and indeed has no interest in fixing things (as a principal
agent problem) - but that's separate from the threat reality.
A great way to understand this might come from reading some of Bruce
Schneier's wonderfully clear writing on security theatre and security
perception. They sell the problem and the solution. Fear and safety
often come in the same packaging, like those Taco kits or fruit and
yogurt combos.
Anyway - not wishing to end argumentatively but "minimising" is
appropriate because sdwr makes aspersions to grandiosity. It is a
really strong characteristic to gaslight or undermine the other as
"over-dramatic" etc, not just downplaying the facts.
respects.
> Conveniently, the solution always seems to be more individual actions
to disconnect further. Security systems, lockdown, heightened fear of
a shadowy Other.
BTW, I also think you are very right about this. The Insecurity
Industry preys on fear. But it offers no substantial solutions. That
doesn't mean the risks aren't real. They are. Modern software
engineering is a calamity. Everything is full of holes. What is at
issue is motives. The insecurity industry doen't want anything
fixed. It wants, as you say, to lock down all your stuff, control it,
and make you pay twice or thrice to use your own property. A
protection racket is very different from offering actual "security". I
try to expand on that here [0]
> "what I have is so valuable that other people want to take it!"
While I do agree this may apply somewhat to the original topic, your dig at suburbanites seems like a mischaracterization. Perhaps the upper/upper-middle classes feel this way. I would expect most other folks are primarily worried about being murdered during the event.
While I do agree this may apply somewhat to the original topic, your dig at suburbanites seems like a mischaracterization. I would expect most other folks are primarily worried about being murdered during the event.
With the murder rate in America near historic lows, I think the person you're replying to is spot-on. It's a lot of hysteria fueled by social media, foreign actors, and the fact that security paranoia is a very lucrative business for a lot of companies.
To find a U.S. murder rate lower than 2014, you have to go back to 1906.
But security companies, alarm companies, conservative politicians and their media partners, police unions, and others with a financial interest foam at the mouth to make it seem like things have never been worse.
These statistics do not help anyone create a reasonable personal risk assessment.
Murder is at an all time low! But my sister in law is a drug addict, and last year she got mad so her boyfriend shot and killed a family member right in their nice suburban foyer.
A fascinating finding is that the explosion of cybercrime (against the
person, so scams, theft etc) inversely and almost perfectly tracks the
fall in violent physical crimes like robbery, hijack, burglary [0].
This leads to the problematic idea that a high tolerance is given to
cybercrime because it "shifts" it to a more acceptable form (given
that all other factors, policing budgets, causes of crime etc remain
constant).
That's one interesting conspiracy/explanation for why rampant digital
crime is officially played down whereas almost non-existent street
crime is "marketed" by Amazon Ring and other elements of the
"Insecurity Industry"
I get the sense it isn’t possible. “What do I have to hide?” “Who would target me?” “I have nothing worth stealing.” Sadly, all those are common replies to what you’re saying needs more awareness.
I think people understand cybersecurity very well in the context of a phone but don't think about it with desktops or laptops.
I let someone who was housesitting for a neighbor use my phone because she had left hers in the house and accidentally locked herself out. The neighbor called her back (on my phone of course) and she automatically handed it to me so I could unlock it.
My phone was never locked: too much of a pain to bother with.
It struck me then that I'm the only person I know who doesn't lock their phone. And that's primarily because I wasn't using Google Pay or had any information on that phone more sensitive than my mom's phone number.
For most people it seems that since a phone is a more personal item than their laptop, they instinctively do more to secure it.
> I think people understand cybersecurity very well
People do understand the risks in cybersecurity very well [0].
Here we interviewed literally ransom strangers on the street, There are
about 10 or 20 individuals in this episode but in fact I've
interviewed over 100 now and it's all the same;
1) People are very aware of risks, phishing, backdoors, bad links,
not scanning QR codes, not installing dodgy "apps"... they get
it. Kids get it, Old people get it.
2) They are very aware of the consequences; "identity theft", being
tricked, having money stolen, being embarrassed or blackmailed, loss
of device or denial of service... Mums get it. Grannies get it.
3) There are daytime TV interviews with people crying their hearts
out on camera after being scammed of their life savings. These are
popular programmes presented by family presenters like Angela Rippon
and Ester Ranzen in the UK.
4) They don't have the first clue who to turn to, or any sense of
empowerment to do anything about it (other than abstain). Some think
the government should step in. Others say schools and parents are
responsible for educating kids from a young age in digital self
defence.
So the old "What have I got to hide" trope is painfully naive now and
limited to a few diehard old computer beards still in denial that
their Internet got fucked-over by criminals.
I think it's important to be in touch with what real people (outside
our echo chamber of developers and hackers) really think.
Not to be oblivious but what is the attack vector here versus attacking the router on the other end of the cable which has known vulnerabilities?
How much L3+ logic is in the NIC? Pretty sure by the time a packet hits the NIC it is encrypted. The lowest level (closest to hardware) encryption I know of happening is in the Linux kernel but isn't currently in production exactly because of security concerns.
If you are sending unencrypted packets on the network I can think of much more reasonable attack vectors for an attacker to try than planting a backdoor in the NIC firmware.
How would this not get detected by modern DPI?
And I don't know much about the internals of Palo Alto / Cisco etc network security appliances but I'm pretty sure they do have custom ASICs/ FPGAs for their switching logic purely because of this attack vector.
My conclusion:
1. Your home router is significantly more vulnerable
2. Your IoT devices are significantly more vulnerable
3. Any network packet going through the NIC is also going to the internet at large generally or see point 1 and 2.
4. The ISP hardware isn't exposed to this attack vector
Feel free to help my understanding, I could be wrong.
> I wonder why our society tolerates these unknowns
Society tolerates an infinite number of unknowns because it's impossible to know everything, or even a microscopic corner of "everything". The tradeoff for every society larger than a subsistence farming village is things you can't see happening over your horizon that you have to trust. Or trust in the vague hope that someone else is checking and would notice if things went bad.
> Wuhan
I had to look this up, and the business address is of course Shenzen, where you'd expect. https://milkv.io/about gives a Romanized address of "1603, Block B, FengHuang Zhigu Building No.50 Tiezai Road, Xixiang, Baoan Shenzhen, 518102 China", which is in a different administrative area from Wuhan and five hundred miles away. Not that it matters.
Heh and farming, even subsistence farming, is at the mercy of weather/climate, animal migration patterns, human labor and thus health…
Nobody has perfect knowledge of their world. All we have are heuristics that work well enough to get by. It’s by definition impossible to anticipate out-of-context events that barge in like the Vogons.
Excession by Iain Banks is a fun exploration of this concept. It’s set in his “Culture” universe, where a hybrid human/AI culture enjoys an interstellar empire. Excession imagines that powerful civilization encountering a phenomenon that is as far beyond them as they are beyond us, or we are beyond the subsistence farmer.
Only nitpick I'd have is that author decided to use a custom-design cpu.
Ok, "discrete logic only!" is a valid choice. And then keeping complexity to a minimum weighs heavily. But the downsides of that choice are also considerable:
-No interrupts (which are very useful)
-No existing software base to tap from. Somewhat-useful C compiler helps.. somewhat.
But who am I to question author's choices for a hobby project like this? Great stuff in any case.
74xx series ICs (eg. 74ACT family in case of the cpu, if I read correctly).
More generally, it may refer to "basic logic elements whose function is easily inspected".
> Why would this prevent interrupts?
Not at all - in theory.
In practice, interrupt support tends to complicate cpu designs. Complicate = more logic = more ICs. So builder decided against it & chose not to implement interrupts on the cpu.
> I needed a hardware MAC address filtering.
What I really love is the stack trace of reasoning, that's very pedagogical, and that you either worked out lots of things from first principles or felt the need to explain them is if from naive perspective.
Also, while impractical for real world networking I don't think this is just idle play. What with backdoors turning up in over-complex network network chips you may find a more serious readership/project motive in the future.