> I needed a hardware MAC address filtering.
What I really love is the stack trace of reasoning, that's very pedagogical, and that you either worked out lots of things from first principles or felt the need to explain them is if from naive perspective.
Also, while impractical for real world networking I don't think this is just idle play. What with backdoors turning up in over-complex network network chips you may find a more serious readership/project motive in the future.
You might be able to persuade a FTDI-style USB device to bit-bang 10base2 Ethernet for you. You'd implement a "PHY" side which translates the wire traffic to a clean bitstream and aligns the frame start and then just have the PC handle all of it in software for you.
Regarding USB: CDC-NCM isn't hard to implement in any MCU but implementing a USB HS PHY basically requires ASIC hardware.
If you use a $0.30 USB HS ULPI PHY, one could implement USB CDC-NCM in an FPGA pretty easily.
Retirement is not something desirable for me, so maybe that's when I'll spend my time on hardware and software projects like this.
https://mirror.math.princeton.edu/pub/oldlinux/Linux.old/net...
IIRC it over-wrote the buffer the CPU tried to read with new packets from the network or something like that. I had it for a while in Linux and the performance really was bad. :-D
It's amazing how much stuff is hidden from view by drivers and firmware updates.
Mine is better because it has two buffers :) But still, only one received frame is kept.
Interesting. I just wrote a packet decoder and I specifically verify at each layer that the lower layer length matches. So for IP, in my decoder the IP datagram length must match exactly the ethernet frame length + link layer header. I didn't do this to be pedantic but rather to detect short frames, and then I decided that long frames were also errors.
You (author) are using uIP but I wonder what Linux or any other modern OS does. You don't specifically mention interoperability but I wonder if you've tested that.
Impressive stuff.
I've dabbled wuth making my own ISA and softcore CPU in FPGA, but getting C code to compile has been a bit of a blocker.
I know there are some compilers one could try to port but my ISA is kinda esoteric so not straight forward, and so I considered just writing from scratch like you have.
Longest 18 months of my life.
But reading (https://qdiv.dev/posts/eth-to-spi/) about somebody that made that chip from basic components is really awesome.
Thanks a lot !
You’ve got me curious of the use case, is it fascination or some other reason? From a security perspective, it seems straightforward to just encrypt the bytes before sending to the drive. That would ensure you can detect data being maliciously changed and/or protect against the drive somehow misusing the data.
All set to learn what a discrete logic network was.
I just went back and reread the 10BASE-T write up as well.
That’s super cool you can even get 2.6kB out of it.
In practice, it means using multiple components. In a strict sense it means no integrated circuits at all, I suppose. But it's also a relative thing. So while a 7400 series chip is not a "discrete" component as most would think of it, using a hundred 7400 series chips to implement a processor is relatively more discrete than a microprocessor. (It's certainly not as integrated.)
Since the early 1980s, Ethernet interfaces have used used custom chips, because the amount of logic required would need dozens of gate-level chips otherwise (as seen here!)
The software required to run a TCP/IP stack was also large, limiting the system to a handful of active sockets, and consuming large parts of the available CPU power to run something like Telnet or FTP.
It took a few years for CPUs to get more powerful, more RAM to become affordable, and for network hardware to become integrated onto the smaller boards like ISA or NuBus.
Which is exactly what "discrete logic" means.
Even RISC-V based switches like the Vega use proprietary switch chips (Wuhan China designed FSL91030M specifically), which is no better.
You can verify input/output to a certain extent, but this doesn’t preclude a timer based function call or a tailored packet activation.
I wonder why our society tolerates these unknowns. With the push towards WiFi replacing the majority of home networking, I’m not confident it will change any day soon.
Only nitpick I'd have is that author decided to use a custom-design cpu.
Ok, "discrete logic only!" is a valid choice. And then keeping complexity to a minimum weighs heavily. But the downsides of that choice are also considerable:
-No interrupts (which are very useful)
-No existing software base to tap from. Somewhat-useful C compiler helps.. somewhat.
But who am I to question author's choices for a hobby project like this? Great stuff in any case.
74xx series ICs (eg. 74ACT family in case of the cpu, if I read correctly).
More generally, it may refer to "basic logic elements whose function is easily inspected".
> Why would this prevent interrupts?
Not at all - in theory.
In practice, interrupt support tends to complicate cpu designs. Complicate = more logic = more ICs. So builder decided against it & chose not to implement interrupts on the cpu.
Sorry to throw a Rumsfeld at you, but I think these are "unknown unknowns".
If people were aware of the presence and significance of such critical knowledge voids I do not believe they would tolerate them.
I see it as the job of civic cybersecurity to bring precisely these sorts of things to wider attention and educate folk on why they are are problematic.
They browse the web, do their banking, and share photos on SM after checking their mail and searching for Tiramisu recipes.
The existential threat to themselves is low, so they don’t dig further into the ramifications. Journalists, whistleblowers, activists, “undesirables”, those are the primary concerned parties.
The civic cybersecurity aspect needs to lay out a clear benefit to free speech and oppression which makes tangible sense to day to day life. I’m not quite sure how to spread this level of awareness, or highlight the importance of such measures in a way that hits home.
How much L3+ logic is in the NIC? Pretty sure by the time a packet hits the NIC it is encrypted. The lowest level (closest to hardware) encryption I know of happening is in the Linux kernel but isn't currently in production exactly because of security concerns.
If you are sending unencrypted packets on the network I can think of much more reasonable attack vectors for an attacker to try than planting a backdoor in the NIC firmware.
How would this not get detected by modern DPI?
And I don't know much about the internals of Palo Alto / Cisco etc network security appliances but I'm pretty sure they do have custom ASICs/ FPGAs for their switching logic purely because of this attack vector.
My conclusion: 1. Your home router is significantly more vulnerable 2. Your IoT devices are significantly more vulnerable 3. Any network packet going through the NIC is also going to the internet at large generally or see point 1 and 2. 4. The ISP hardware isn't exposed to this attack vector
Feel free to help my understanding, I could be wrong.
Society tolerates an infinite number of unknowns because it's impossible to know everything, or even a microscopic corner of "everything". The tradeoff for every society larger than a subsistence farming village is things you can't see happening over your horizon that you have to trust. Or trust in the vague hope that someone else is checking and would notice if things went bad.
> Wuhan
I had to look this up, and the business address is of course Shenzen, where you'd expect. https://milkv.io/about gives a Romanized address of "1603, Block B, FengHuang Zhigu Building No.50 Tiezai Road, Xixiang, Baoan Shenzhen, 518102 China", which is in a different administrative area from Wuhan and five hundred miles away. Not that it matters.
Nobody has perfect knowledge of their world. All we have are heuristics that work well enough to get by. It’s by definition impossible to anticipate out-of-context events that barge in like the Vogons.
Excession by Iain Banks is a fun exploration of this concept. It’s set in his “Culture” universe, where a hybrid human/AI culture enjoys an interstellar empire. Excession imagines that powerful civilization encountering a phenomenon that is as far beyond them as they are beyond us, or we are beyond the subsistence farmer.
In practice today, if you have a DB9 serial port, that goes into the section of the chipset which is concerned with all the "legacy" interfaces, which ultimately turns up on the PCIe bus like everything else.
> I think that approaching this from a security angle is a quick road to madness
Yes.
When building my system, I was inspired by 8 bit retro computers like ZX Spectrum. Their architecture is straightforward and easy to understand.
Electronics just fascinates me, but I can't really point out a single source which gave me the insight. A lot of playing around with transistors, microcontrollers, logic gates gives the intution how to design stuff.
Same. I tried digging into exsiting compilers, but they are either unsuitable at all or too complicated (clang).
"Discrete logic" computers usually use integrated RAM chips, but seeing as RAM is usually drawn separately from logic on block diagrams, I think this is still acceptable. However, the popular trick of using an EEPROM as a giant lookup table for your ALU is in my opinion not "discrete logic".
This works much better for me than simply griping that “I don’t have time to X”. It acknowledges that I COULD make time for X, but it isn’t worth the current cost.
It's like suburbanites being worried about home invasion. Sure, it's technically possible to happen, but the concern reflects personal neuroses rather than practical considerations.
There's a disconnected, individual grandiosity in both cases - "what I have is so valuable that other people want to take it!". Conveniently, the solution always seems to be more individual actions to disconnect further. Security systems, lockdown, heightened fear of a shadowy Other.
(I also think you are wrong in your risk asessment)
BTW, I also think you are very right about this. The Insecurity Industry preys on fear. But it offers no substantial solutions. That doesn't mean the risks aren't real. They are. Modern software engineering is a calamity. Everything is full of holes. What is at issue is motives. The insecurity industry doen't want anything fixed. It wants, as you say, to lock down all your stuff, control it, and make you pay twice or thrice to use your own property. A protection racket is very different from offering actual "security". I try to expand on that here [0]
While I do agree this may apply somewhat to the original topic, your dig at suburbanites seems like a mischaracterization. Perhaps the upper/upper-middle classes feel this way. I would expect most other folks are primarily worried about being murdered during the event.
With the murder rate in America near historic lows, I think the person you're replying to is spot-on. It's a lot of hysteria fueled by social media, foreign actors, and the fact that security paranoia is a very lucrative business for a lot of companies.
https://www.macrotrends.net/global-metrics/countries/USA/uni...
Yes, there has been a recent uptick, but it's still 30% below what it was 30 years ago. Heck, it's almost 20% lower than it was 100 years ago.
https://www.statista.com/statistics/1088644/homicide-suicide...
To find a U.S. murder rate lower than 2014, you have to go back to 1906.
But security companies, alarm companies, conservative politicians and their media partners, police unions, and others with a financial interest foam at the mouth to make it seem like things have never been worse.
Your gmail account - which is used for password resets from anywhere on earth
>> “Who would target me?”
Criminals
>> “I have nothing worth stealing.”
How about your identity?
I let someone who was housesitting for a neighbor use my phone because she had left hers in the house and accidentally locked herself out. The neighbor called her back (on my phone of course) and she automatically handed it to me so I could unlock it.
My phone was never locked: too much of a pain to bother with.
It struck me then that I'm the only person I know who doesn't lock their phone. And that's primarily because I wasn't using Google Pay or had any information on that phone more sensitive than my mom's phone number.
For most people it seems that since a phone is a more personal item than their laptop, they instinctively do more to secure it.
People do understand the risks in cybersecurity very well [0].
Here we interviewed literally ransom strangers on the street, There are about 10 or 20 individuals in this episode but in fact I've interviewed over 100 now and it's all the same;
1) People are very aware of risks, phishing, backdoors, bad links, not scanning QR codes, not installing dodgy "apps"... they get it. Kids get it, Old people get it.
2) They are very aware of the consequences; "identity theft", being tricked, having money stolen, being embarrassed or blackmailed, loss of device or denial of service... Mums get it. Grannies get it.
3) There are daytime TV interviews with people crying their hearts out on camera after being scammed of their life savings. These are popular programmes presented by family presenters like Angela Rippon and Ester Ranzen in the UK.
4) They don't have the first clue who to turn to, or any sense of empowerment to do anything about it (other than abstain). Some think the government should step in. Others say schools and parents are responsible for educating kids from a young age in digital self defence.
So the old "What have I got to hide" trope is painfully naive now and limited to a few diehard old computer beards still in denial that their Internet got fucked-over by criminals.
I think it's important to be in touch with what real people (outside our echo chamber of developers and hackers) really think.
First, I agree with everything you just said about rising fear and the total disconnect of actual risk from how it is presented.
See my response above to sdwr viz emerging protection rackets in computer security, and my later comment about Ross Anderson's important paper after which I (and Edward Snowden) have found the words "Insecurity Industry" rolls off the tongue - for example Amazon's Ring Doorbell ecosystem which cynically preys on distorted perceptions of suburban crimes.
Other people have commented on that here, and I think they are correct. But let's not allow that to distract us from the reality that cybersecurity is in an appalling state and that the risks are very, very real, and getting worse.
The "insecurity industry" exploits that - while offing no substantial solution, and indeed has no interest in fixing things (as a principal agent problem) - but that's separate from the threat reality.
A great way to understand this might come from reading some of Bruce Schneier's wonderfully clear writing on security theatre and security perception. They sell the problem and the solution. Fear and safety often come in the same packaging, like those Taco kits or fruit and yogurt combos.
Anyway - not wishing to end argumentatively but "minimising" is appropriate because sdwr makes aspersions to grandiosity. It is a really strong characteristic to gaslight or undermine the other as "over-dramatic" etc, not just downplaying the facts. respects.
Murder is at an all time low! But my sister in law is a drug addict, and last year she got mad so her boyfriend shot and killed a family member right in their nice suburban foyer.
There's more to it than that.
Most people worrying about home invasions arent thinking about it being their niece.
This leads to the problematic idea that a high tolerance is given to cybercrime because it "shifts" it to a more acceptable form (given that all other factors, policing budgets, causes of crime etc remain constant).
That's one interesting conspiracy/explanation for why rampant digital crime is officially played down whereas almost non-existent street crime is "marketed" by Amazon Ring and other elements of the "Insecurity Industry"
[0] https://www.research.ed.ac.uk/en/publications/measuring-the-...
