return to table of content

Show HN: I made a discrete logic network card

_factor
14 replies
8h44m

A network card with opaque firmware is a 0-day away from becoming a global catastrophe.

Even RISC-V based switches like the Vega use proprietary switch chips (Wuhan China designed FSL91030M specifically), which is no better.

You can verify input/output to a certain extent, but this doesn’t preclude a timer based function call or a tailored packet activation.

I wonder why our society tolerates these unknowns. With the push towards WiFi replacing the majority of home networking, I’m not confident it will change any day soon.

nonrandomstring
11 replies
8h1m

these unknowns

Sorry to throw a Rumsfeld at you, but I think these are "unknown unknowns".

If people were aware of the presence and significance of such critical knowledge voids I do not believe they would tolerate them.

I see it as the job of civic cybersecurity to bring precisely these sorts of things to wider attention and educate folk on why they are are problematic.

_factor
10 replies
7h24m

I think visibility is one aspect, but not the whole story. An average home user runs Windows and doesn’t necessarily care if a hypothetical backdoor could exist in their hardware/software stack.

They browse the web, do their banking, and share photos on SM after checking their mail and searching for Tiramisu recipes.

The existential threat to themselves is low, so they don’t dig further into the ramifications. Journalists, whistleblowers, activists, “undesirables”, those are the primary concerned parties.

The civic cybersecurity aspect needs to lay out a clear benefit to free speech and oppression which makes tangible sense to day to day life. I’m not quite sure how to spread this level of awareness, or highlight the importance of such measures in a way that hits home.

sdwr
5 replies
5h39m

Being worried about a hardware backdoor in your network card is more about technology fetishism than realistic threat analysis.

It's like suburbanites being worried about home invasion. Sure, it's technically possible to happen, but the concern reflects personal neuroses rather than practical considerations.

There's a disconnected, individual grandiosity in both cases - "what I have is so valuable that other people want to take it!". Conveniently, the solution always seems to be more individual actions to disconnect further. Security systems, lockdown, heightened fear of a shadowy Other.

jbboehr
3 replies
5h8m

"what I have is so valuable that other people want to take it!"

While I do agree this may apply somewhat to the original topic, your dig at suburbanites seems like a mischaracterization. Perhaps the upper/upper-middle classes feel this way. I would expect most other folks are primarily worried about being murdered during the event.

reaperducer
2 replies
3h33m

While I do agree this may apply somewhat to the original topic, your dig at suburbanites seems like a mischaracterization. I would expect most other folks are primarily worried about being murdered during the event.

With the murder rate in America near historic lows, I think the person you're replying to is spot-on. It's a lot of hysteria fueled by social media, foreign actors, and the fact that security paranoia is a very lucrative business for a lot of companies.

https://www.macrotrends.net/global-metrics/countries/USA/uni...

Yes, there has been a recent uptick, but it's still 30% below what it was 30 years ago. Heck, it's almost 20% lower than it was 100 years ago.

https://www.statista.com/statistics/1088644/homicide-suicide...

To find a U.S. murder rate lower than 2014, you have to go back to 1906.

But security companies, alarm companies, conservative politicians and their media partners, police unions, and others with a financial interest foam at the mouth to make it seem like things have never been worse.

nsxwolf
0 replies
3h16m

These statistics do not help anyone create a reasonable personal risk assessment.

Murder is at an all time low! But my sister in law is a drug addict, and last year she got mad so her boyfriend shot and killed a family member right in their nice suburban foyer.

There's more to it than that.

nonrandomstring
0 replies
3h18m

A fascinating finding is that the explosion of cybercrime (against the person, so scams, theft etc) inversely and almost perfectly tracks the fall in violent physical crimes like robbery, hijack, burglary [0].

This leads to the problematic idea that a high tolerance is given to cybercrime because it "shifts" it to a more acceptable form (given that all other factors, policing budgets, causes of crime etc remain constant).

That's one interesting conspiracy/explanation for why rampant digital crime is officially played down whereas almost non-existent street crime is "marketed" by Amazon Ring and other elements of the "Insecurity Industry"

[0] https://www.research.ed.ac.uk/en/publications/measuring-the-...

j33zusjuice
3 replies
6h38m

I get the sense it isn’t possible. “What do I have to hide?” “Who would target me?” “I have nothing worth stealing.” Sadly, all those are common replies to what you’re saying needs more awareness.

phkahler
2 replies
5h57m

> “What do I have to hide?”

Your gmail account - which is used for password resets from anywhere on earth

> “Who would target me?”

Criminals

> “I have nothing worth stealing.”

How about your identity?

HeyLaughingBoy
1 replies
5h42m

I think people understand cybersecurity very well in the context of a phone but don't think about it with desktops or laptops.

I let someone who was housesitting for a neighbor use my phone because she had left hers in the house and accidentally locked herself out. The neighbor called her back (on my phone of course) and she automatically handed it to me so I could unlock it.

My phone was never locked: too much of a pain to bother with.

It struck me then that I'm the only person I know who doesn't lock their phone. And that's primarily because I wasn't using Google Pay or had any information on that phone more sensitive than my mom's phone number.

For most people it seems that since a phone is a more personal item than their laptop, they instinctively do more to secure it.

nonrandomstring
0 replies
4h58m

I think people understand cybersecurity very well

People do understand the risks in cybersecurity very well [0].

Here we interviewed literally ransom strangers on the street, There are about 10 or 20 individuals in this episode but in fact I've interviewed over 100 now and it's all the same;

1) People are very aware of risks, phishing, backdoors, bad links, not scanning QR codes, not installing dodgy "apps"... they get it. Kids get it, Old people get it.

2) They are very aware of the consequences; "identity theft", being tricked, having money stolen, being embarrassed or blackmailed, loss of device or denial of service... Mums get it. Grannies get it.

3) There are daytime TV interviews with people crying their hearts out on camera after being scammed of their life savings. These are popular programmes presented by family presenters like Angela Rippon and Ester Ranzen in the UK.

4) They don't have the first clue who to turn to, or any sense of empowerment to do anything about it (other than abstain). Some think the government should step in. Others say schools and parents are responsible for educating kids from a young age in digital self defence.

So the old "What have I got to hide" trope is painfully naive now and limited to a few diehard old computer beards still in denial that their Internet got fucked-over by criminals.

I think it's important to be in touch with what real people (outside our echo chamber of developers and hackers) really think.

[0] https://cybershow.uk/episodes.php?id=18

pjc50
1 replies
5h42m

I wonder why our society tolerates these unknowns

Society tolerates an infinite number of unknowns because it's impossible to know everything, or even a microscopic corner of "everything". The tradeoff for every society larger than a subsistence farming village is things you can't see happening over your horizon that you have to trust. Or trust in the vague hope that someone else is checking and would notice if things went bad.

Wuhan

I had to look this up, and the business address is of course Shenzen, where you'd expect. https://milkv.io/about gives a Romanized address of "1603, Block B, FengHuang Zhigu Building No.50 Tiezai Road, Xixiang, Baoan Shenzhen, 518102 China", which is in a different administrative area from Wuhan and five hundred miles away. Not that it matters.

pbronez
0 replies
5h35m

Heh and farming, even subsistence farming, is at the mercy of weather/climate, animal migration patterns, human labor and thus health…

Nobody has perfect knowledge of their world. All we have are heuristics that work well enough to get by. It’s by definition impossible to anticipate out-of-context events that barge in like the Vogons.

Excession by Iain Banks is a fun exploration of this concept. It’s set in his “Culture” universe, where a hybrid human/AI culture enjoys an interstellar empire. Excession imagines that powerful civilization encountering a phenomenon that is as far beyond them as they are beyond us, or we are beyond the subsistence farmer.

yjftsjthsd-h
6 replies
5h43m

So this is for an all-custom computer, which is rather more impressive on its own (to say nothing of "So I made a C compiler."), but now I'm curious what the minimal implementation of an ethernet card for a "normal" PC would be. I suspect a lot of it would be very similar, up to that you could do checksums on the PC's CPU (probably just baked into the driver). It'd need to be attached - either bare serial or more usefully USB? And then you'd either need to write a "real" driver for it or else plumb through to userspace and do it there. For similar things I've eyeballed having the device implement https://en.wikipedia.org/wiki/USB_communications_device_clas... so it "just works" without needing to do your own driver, but I don't think that would play nice with things like doing all the checksums host-side. Or... while searching for that, I stumbled across https://en.wikipedia.org/wiki/Ethernet_over_USB , which maybe suggests that you can just build an adaptor that translates the physical connection to USB and then let the computer magically handle all the rest for you? Dunno, over my head.

pjc50
3 replies
5h35m

USB is arguably much more complicated than 10base2 internet, which pre-dates it by a long way. In fact, if you're trying to use either PCIe or USB to connect to a 10base2 ethernet network, either of those will be far more work than the Ethernet side.

You might be able to persuade a FTDI-style USB device to bit-bang 10base2 Ethernet for you. You'd implement a "PHY" side which translates the wire traffic to a clean bitstream and aligns the frame start and then just have the PC handle all of it in software for you.

yjftsjthsd-h
1 replies
5h13m

Oh, good point. I guess it depends on your usecase. I was thinking from the angle of not trusting premade network cards but trusting your USB chips.... which now that you point out, is also not a given. Maybe bare serial (just a wire per tx/rx), but it suddenly occurs to me that I don't know how that's actually connected to the CPU, and I think that approaching this from a security angle is a quick road to madness. OTOH... connecting a microcontroller to serial probably is the simplest option and as an engineering exercise is perfectly reasonable, if not exactly fast, but hey it's not like this was ever going to be performant.

pjc50
0 replies
4h58m

Maybe bare serial (just a wire per tx/rx), but it suddenly occurs to me that I don't know how that's actually connected to the CPU

In practice today, if you have a DB9 serial port, that goes into the section of the chipset which is concerned with all the "legacy" interfaces, which ultimately turns up on the PCIe bus like everything else.

I think that approaching this from a security angle is a quick road to madness

Yes.

15155
0 replies
24m

USB LS/FS are pretty implementable in select FPGAs and MCUs without a dedicated PHY.

ynoxinul
0 replies
4h39m

If a normal PC had an ISA bus (like they did 30 years ago), my network card could have been connected to it with just some minor modifications.

15155
0 replies
43m

Implementing NICs in FPGAs (typically with PCIe attachment) is super common.

Regarding USB: CDC-NCM isn't hard to implement in any MCU but implementing a USB HS PHY basically requires ASIC hardware.

If you use a $0.30 USB HS ULPI PHY, one could implement USB CDC-NCM in an FPGA pretty easily.

precompute
6 replies
13h32m

Very cool! How long did it take you? It's really impressive!

ynoxinul
5 replies
13h14m

Building the network module took about a month, but writing the compiler took much more time.

magicalhippo
1 replies
12h58m

writing the compiler took much more time

Impressive stuff.

I've dabbled wuth making my own ISA and softcore CPU in FPGA, but getting C code to compile has been a bit of a blocker.

I know there are some compilers one could try to port but my ISA is kinda esoteric so not straight forward, and so I considered just writing from scratch like you have.

ynoxinul
0 replies
12h54m

I know there are some compilers one could try to port but my ISA is kinda esoteric so not straight forward

Same. I tried digging into exsiting compilers, but they are either unsuitable at all or too complicated (clang).

artirdx
1 replies
12h26m

Very impressive! Could you share some books, training, experiences that helped you reach this stage so a hobbyist could catch up? There are so many parts - compiler design, basic electronics, computer architecture etc. Maybe a blog post.

ynoxinul
0 replies
10h12m

I have a CS/applied math background, my main job is software development, so I don't have problems with the software part. If you are interested in compiler design specifically, you can find a lot to read or to watch online.

When building my system, I was inspired by 8 bit retro computers like ZX Spectrum. Their architecture is straightforward and easy to understand.

Electronics just fascinates me, but I can't really point out a single source which gave me the insight. A lot of playing around with transistors, microcontrollers, logic gates gives the intution how to design stuff.

gigatexal
0 replies
13h5m

impressive work! a lot of it went over my head but still i could appreciate it being a real feat

mogoh
5 replies
8h20m

Sorry for this naive question, but isn't every network card build out of discrete logic components?

retrac
1 replies
8h9m

Discrete is the opposite of integrated, as in integrated circuit.

In practice, it means using multiple components. In a strict sense it means no integrated circuits at all, I suppose. But it's also a relative thing. So while a 7400 series chip is not a "discrete" component as most would think of it, using a hundred 7400 series chips to implement a processor is relatively more discrete than a microprocessor. (It's certainly not as integrated.)

Since the early 1980s, Ethernet interfaces have used used custom chips, because the amount of logic required would need dozens of gate-level chips otherwise (as seen here!)

mogoh
0 replies
8h0m

ah, that makes sense. Thanks!

SAI_Peregrinus
1 replies
8h5m

No, most use much more complicated ICs. This isn't fully discrete (individual transistors, diodes, etc.) but only uses 7400-series logic ICs, not ASICs.

dboreham
0 replies
1h40m

isn't fully discrete (individual transistors, diodes, etc.) but only uses 7400-series logic

Which is exactly what "discrete logic" means.

cfn
0 replies
8h6m

No, network cards use chipsets, meaning, most of the logic is inside one or two large ICs (Integrated Circuits). What the poster is doing is creating a card using the simplest existing ICs which contain simple logic circuits such as NANDs, multiplexers, etc.

jiveturkey
4 replies
11h21m

Fixing the frame length doesn’t have any effect on higher-level protocols because they encode the packet size in their headers and do not rely on the actual Ethernet frame length.

Interesting. I just wrote a packet decoder and I specifically verify at each layer that the lower layer length matches. So for IP, in my decoder the IP datagram length must match exactly the ethernet frame length + link layer header. I didn't do this to be pedantic but rather to detect short frames, and then I decided that long frames were also errors.

You (author) are using uIP but I wonder what Linux or any other modern OS does. You don't specifically mention interoperability but I wonder if you've tested that.

ynoxinul
2 replies
10h35m

I'm sending my long frames out to the network and no OS I have has any problem with that. I've read somewhere that long frames are actually used by some routers to store metadata after the packet.

jiveturkey
1 replies
1h41m

wireshark doesn’t complain either?

ynoxinul
0 replies
1h32m

Of course not. Long frames are totally valid.

darrin
0 replies
7h46m

Timestamps and other types of in-band network telemetry are sometimes inserted in the frame as a trailer (with a new FCS). If an application isn't looking for the L2 data, it's just ignored by the Linux IP stack.

RetroTechie
4 replies
10h7m

Very cool stuff!

Only nitpick I'd have is that author decided to use a custom-design cpu.

Ok, "discrete logic only!" is a valid choice. And then keeping complexity to a minimum weighs heavily. But the downsides of that choice are also considerable:

-No interrupts (which are very useful)

-No existing software base to tap from. Somewhat-useful C compiler helps.. somewhat.

But who am I to question author's choices for a hobby project like this? Great stuff in any case.

heinrichhartman
2 replies
9h22m

What does "discrete logic" mean in this case? Why would this prevent interrupts?

RetroTechie
1 replies
8h17m

What does "discrete logic" mean in this case?

74xx series ICs (eg. 74ACT family in case of the cpu, if I read correctly).

More generally, it may refer to "basic logic elements whose function is easily inspected".

Why would this prevent interrupts?

Not at all - in theory.

In practice, interrupt support tends to complicate cpu designs. Complicate = more logic = more ICs. So builder decided against it & chose not to implement interrupts on the cpu.

dboreham
0 replies
1h36m

Just to clarify: CPUs built with discrete logic can definitely have interrupts (e.g. PDP-11/45, VAX 11/780).

ynoxinul
0 replies
9h52m

I started with a CPU and then built everything else around it. Using something like a Z80 just doesn't seem fun for me.

hubraumhugo
3 replies
13h13m

Super impresssive! I would absolutely love to work on such projects and admire the passion and countless hours that went into understanding and then building the system.

Retirement is not something desirable for me, so maybe that's when I'll spend my time on hardware and software projects like this.

MrGilbert
2 replies
11h42m

What's stopping you from starting today?

frabert
1 replies
11h37m

Lack of motivation to work on more technical stuff after having done the same all day at work? Mental exhaustion? Wanting to spend the remaining free time with loved ones instead?

pbronez
0 replies
5h31m

I’ve found it empowering to say “this is fascinating to me, and I would enjoy spending significant time diving into it, but I choose not to prioritize that right now.”

This works much better for me than simply griping that “I don’t have time to X”. It acknowledges that I COULD make time for X, but it isn’t worth the current cost.

actionfromafar
2 replies
11h41m

So, is it better or worse than the Etherlink 3c501 ? :-D

https://mirror.math.princeton.edu/pub/oldlinux/Linux.old/net...

IIRC it over-wrote the buffer the CPU tried to read with new packets from the network or something like that. I had it for a while in Linux and the performance really was bad. :-D

tech2
0 replies
11h18m

I remember the 3c590 (https://github.com/torvalds/linux/blob/20cb38a7af88dc40095da...) doing something awful too which required changing the PCI latency setting from 32 to 248 to avoid some catastrophic errors.

It's amazing how much stuff is hidden from view by drivers and firmware updates.

JonChesterfield
1 replies
9h41m

Towards the end is a link to a C compiler built for this project. https://github.com/imihajlow/ccpu-cc. Seems to have a linker and a libc as well. I have no real understanding of how complicated the hardware design part is but casually throwing a C compiler together is great.

lionkor
0 replies
9h32m

A C compiler written in Rust, in which the lang_c crate is used to parse the language.

whartung
0 replies
7h13m

So, I read this as a “discrete logic network” “card” rather than “discrete logic” “network card”.

All set to learn what a discrete logic network was.

samtho
0 replies
5h49m

This is really cool, I also love the modularity of this computer setup.

nonrandomstring
0 replies
10h56m

Beautiful work to share.

I needed a hardware MAC address filtering.

What I really love is the stack trace of reasoning, that's very pedagogical, and that you either worked out lots of things from first principles or felt the need to explain them is if from naive perspective.

Also, while impractical for real world networking I don't think this is just idle play. What with backdoors turning up in over-complex network network chips you may find a more serious readership/project motive in the future.

jfbenson
0 replies
10h0m

This is truly impressive, not just the work, but the way you have laid it out so simply and effectively. Huge kudos!

formerly_proven
0 replies
9h26m

Physically a lot smaller than DEC's first SSI Ethernet card(-set): https://i.ebayimg.com/images/g/NEYAAOSw-mZlg0lZ/s-l1600.jpg (DEC DEUNA, those boards are over a foot long), though also a lot fewer features. DEUNA is a "real" NIC, it has tx/rx queues and handles all that autonomously. Does DMA, too. It of course comes with it's own on-card PDP-11 to run it.

cushychicken
0 replies
10h50m

Man, that is really, really cool.

I just went back and reread the 10BASE-T write up as well.

That’s super cool you can even get 2.6kB out of it.

arnon
0 replies
6h25m

In Communication Systems Engineering studies we implemented ethernet signalling, then the TCP/IP stack including ARP and switching in Motorola 68k QUIC assembly.

Longest 18 months of my life.

amelius
0 replies
8h23m

This shows how easy it is to put a backdoor inside a chip that is connected to a network port.

amelius
0 replies
10h56m

Cool. Now waiting for a WiFi implementation :)