has reached the end-of-life and is now read-only. Please see the EOL announcement for details

@haskal I haven't been on here in ages but I've always missed it. first instance I joined after moving on from m.s, and my longest-lived fedi account by a good margin.

I guess I'm not gonna contribute to chr's mentions blowing up right now, but yeah, big appreciate

@benjancewicz That is not a bee hummingbird. Bee hummingbirds look like this. That appears to be a small model someone made of a robin, not a real bird.

the SCP wiki community is no longer hostile to pluralfolk? 

@bb010g yeah, we saw this. the letter we wrote never even reached them; they just figured it out on their own, probably because they found out that some of their own longtime members were plural.

we still haven't really been back.

@KitRedgrave this was just meant to mean "there are no design constraints on the internal circuitry apart from what's physically possible, since nobody is allowed to inspect the chip"

estimated attack difficulty by port type

real serial port: very hard

usb serial port: dicey, but promising, especially if you have an evil human with a realtime uplink to do the hacking

PCIe: trivial, you have DMA

Show thread

we're guessing this situation actually looks pretty good for the user, since serial ports are generally pretty tough (no RDMA, well-developed drivers, etc)

unless it's a virtual serial port over USB, in which case you can probably magic yourself into a HID device and go nuts. uh oh,

Show thread

you don't automatically know anything about the host machine that it doesn't tell you, so advanced DRAM refresh EMI pickup and similar techniques will require you to collect the necessary intel first.

Show thread

your user does send Internet traffic through you, but they use a VPN.

Show thread

reality game

you are a cellular modem in someone's computer. you have:
- 3.3V and 5V power rails, each capable of supplying 2A.
- two bidirectional RF ports with wideband antennas, capable of transmitting at up to 30 dBm.
- one 1.5 MBaud serial port to the host system, which is running mainline Linux and knows you are a modem.
- a 3x3x0.5cm module volume containing all your parts.
- internal capabilities which are unknown and thus, for the purposes of this game, assumed to be unlimited except by power and space constraints.

you want to break into your host system and exfiltrate your user's personal information to your cell service overlords. how do you do this?

this maybe wasn't as important 30 years ago when every component had its value and part number printed on it, but now everything's SMT and extremely tiny, and finding out exactly what you're looking at is a huge task compared to what it used to be. this is why we need published schematics.

Show thread

in our book, PCB layout and routing info, as well as component datasheets (and user manuals, where applicable) are actually dramatically more important than foss firmware. it's one thing if a device has a proprietary blob baked into the configuration memory of some component, but quite another - and much more immediately relevant to the owner-hacker of the device - if there's nothing available to tell where everything is on the board.

Show thread

the main pitfalls we've seen self-proclaimed open-source hardware projects fall into are these:

- publishing abstract electrical schematics, but no PCB track layout information.
- not publishing any schematics at all, and only releasing firmware/driver source code.
- using parts which require proprietary firmware or programming tools, and/or which have no public datasheets.

Show thread

to make matters worse, there are some components, especially camera modules, whose datasheets are available, but complete garbage, with all the important parameters listed as "TBD" or "-", and many sections just missing completely

it's an open question as to whether devices using those components qualify as open-source hardware. they probably do in most cases, but it's always variable.

Show thread

we probably should have put the vendor datasheets one earlier on, but at the moment we kinda feel like it's the hardest one.

if your device includes, for instance
- a camera
- an ARM SOC
- an FPGA
- a Wi-Fi transceiver
- a cellular modem

then it's often as good as impossible to find one with a datasheet available without NDA.

Show thread

It looks like there's a lot of confusion as to what open-source hardware is, so we made a godawful flowchart to help make it more clear what it means.

@lorxus yes. we assumed that you sending us a follow request was sufficient solicitation for that.

if not, we apologize, but we do want all our follows to be mutual, so you'll need to unfollow us if you don't want us to follow you.

It looks like there's a lot of confusion as to what open-source hardware is, so we made a godawful flowchart to help make it more clear what it means.

Tech recruiters on LinkedIn be like, "Hello, gay trans. Do you want to move to a state that has no HRT clinics and horrific laws aimed at you, specifically? Well come on down 'cause we have the job for you!"

@plsburydoughboy Is this true even if the 8GB module has twice the interface bandwidth of the 4GB ones? that's interesting if so.
maybe it's about being able to service multiple simultaneous operations?

Show older

the mastodon instance at is retired

see the end-of-life plan for details: