<awygle>
i had heard it before but i heard it again like two days ago
* awygle
has zero defcon-based regrets
* cr1901
wants to try a Gros Michel banana...
<qu1j0t3>
lol, i had the same impulse
<shapr>
cr1901: I knew about the bananas, and expect it to happen again
<cr1901>
That's the point of the linked article too... that it probably _will_ happen again (though since it was written they created a disease-resistant Cavendish)
<cr1901>
From what I can tell, Gros Michel are the "tasty" bananas and Cavendish are "not as tasty". But we don't have much of a choice since the former aren't mass produced
<cr1901>
(Still can buy them of course. Just not easy :P)
<cr1901>
In any case, that's 3 ppl who knew about banana history in this room about FPGAs. I guess I was just out of the loop...
<sorear>
i just have a lot of irrelevant information in general
<cr1901>
qu1j0t3: Is pineapple on pizza really okay? Is it REALLY?
<shapr>
cr1901: my approach to life is that everyone knows at least one thing I want to know, probably many things. So I like finding out what things I can learn from them.
<shapr>
though I'd argue the banana thing is "monocultures are bad"
<shapr>
same way the irish potato famine happened
<awygle>
If Gros Michel bananas taste like banana flavoring then the world has suffered a terrible loss
<awygle>
Banana flavoring tastes way better than bananas
<rqou>
esden_cloud, G33KatWork: ping again?
<sorear>
the political causes of the famine are more interesting than the botanical causes
<awygle>
always
<qu1j0t3>
awygle | Banana flavoring tastes way better than bananas // If I wanted to understand how offended some people are by pineapple on pizza, I could refer to this
futarisIRCcloud has joined ##openfpga
<awygle>
hahaha
<awygle>
bananas are mealy and tasteless cmv
<cr1901>
>Banana flavoring tastes way better than bananas
<cr1901>
This is quite quotable
<awygle>
feel free
<qu1j0t3>
awygle: interesting. i wonder if this is like the cilantro thing
<qu1j0t3>
cr1901: yeah i thought about different ways of tweeting it, but none really grabbed me
<qu1j0t3>
tbh none were not sad
Bike_ has joined ##openfpga
Bike has quit [Ping timeout: 268 seconds]
Bike_ is now known as Bike
* awygle
feels very judged
futarisIRCcloud has quit [Quit: Connection closed for inactivity]
<qu1j0t3>
:)
<qu1j0t3>
but maybe it is like the cilantro thing. i've just never heard of differing banana experiences.
rohitksingh_work has joined ##openfpga
rohitksingh_work has quit [Client Quit]
noobineer has joined ##openfpga
digshadow has quit [Ping timeout: 240 seconds]
azonenberg_work has quit [Ping timeout: 265 seconds]
<pie_>
"The tech worker mobilization underway at Amazon threatens these deals, and threatens to make Bezos less rich. So if the Bezos-owned @washingtonpost insists on continuing to run op-eds attacking those workers, the least it could do is acknowledge its conflict of interest."
<pie_>
awygle, eww banana flavoring tastes way worse than bananas
s1dev has quit [Ping timeout: 260 seconds]
mumptai has joined ##openfpga
Hamilton has quit [Remote host closed the connection]
Hamilton has joined ##openfpga
Hamilton has quit [Client Quit]
msgctl is now known as loonquawl
loonquawl is now known as msgctl
Miyu has joined ##openfpga
noobineer has joined ##openfpga
noobineer has quit [Ping timeout: 255 seconds]
X-Scale has quit [Ping timeout: 240 seconds]
ym has joined ##openfpga
X-Scale has joined ##openfpga
flaviusb has joined ##openfpga
ondrej3 has quit [Ping timeout: 240 seconds]
ondrej3 has joined ##openfpga
carl0s has joined ##openfpga
ondrej3 has quit [Quit: Leaving]
carl0s has left ##openfpga [##openfpga]
argh_ has left ##openfpga ["Leaving"]
grantsmith has joined ##openfpga
wpwrak has quit [Ping timeout: 240 seconds]
wpwrak has joined ##openfpga
azonenberg_work has quit [Ping timeout: 260 seconds]
azonenberg_work has joined ##openfpga
<awygle>
pie_: sorry your taste buds are atrophed :(
<awygle>
*atrophied
<rqou>
azonenberg_work: how do i convince $WORK that hashtag badgelife has a positive value for the company? :P :P :P
<rqou>
presumably i need something about blinky "cybers"? :P :P :P
<qu1j0t3>
it's OT, but i bet there are wildly varying kinds of banana flavour/essence too awygle pie_
<awygle>
yeah probably. i'm specifically thinking of banana runts, or to a lesser extent laffy taffy
<azonenberg_work>
lol
<pie_>
idk ive only noticed one type of banana flavor so fa
<pie_>
far
<pie_>
rebrand ##openbananaflavor
<azonenberg_work>
rqou: um, no idea
<rqou>
does ioactive not have hashtag badgelife?
<rqou>
they apparently have a big party though
<awygle>
huh, is ioa a Big Deal?
* awygle
always assumed they were just some local outfit
<rqou>
i don't really get how the business side of the "infosec industry" works
<awygle>
as an outsider, infosec is increasingly weird to me
<rqou>
I'm an insider now and it's still weird
<pie_>
wait rqou is now in infosec?
<pie_>
didnt know rqou got a jerb
<pie_>
dammit rqou why are you being a functional human being :p
<jn__>
rqou: i thought it's step 1: do something impressive (blackhat talks, stunt hacking, etc.), step 2: get hired for whatever boring and unrelated infosec job the client needs to get done
<pie_>
lol, stunt hacking
<rqou>
i basically did that, except the things i did weren't quite that impressive
<rqou>
also, i bet azonenberg_work's favorite banana flavoring is isoamyl acetate :P
<rqou>
(unless he doesn't actually do this step of respirator fit testing)
<azonenberg_work>
awygle: IOA normally throws a massive party at defcon - they skipped it last year for some reason (new marketing guy didnt get brought up in time or something)
<azonenberg_work>
basically they rent out the entire pool at bally's
<azonenberg_work>
all of the cabanas, the pool itself, the bars, everything
<azonenberg_work>
hire some live entertainment and bartenders
<pie_>
oh so IOA does that
<azonenberg_work>
i can imagine it's quite expensive but apparently it pays for itself pretty quickly
<rqou>
how?
<azonenberg_work>
Get prospective clients drunk and happy then hand them a business card? lol
<azonenberg_work>
idk
<awygle>
simply the capital (or credit float) implied by such a thing implies a much larger Deal Size than i'd been thinking
<azonenberg_work>
But apparently the sales guys think its worth it
<azonenberg_work>
awygle: We're a global company - not a big one but still
<balrog>
I like the REcon parties (still bummed that I missed out this year!)
<azonenberg_work>
we have both corporate and engineering offices in seattle, then a mostly-sales office in london (some technical folks there)
<azonenberg_work>
a second hardware lab in madrid
<azonenberg_work>
a new office opening up in... dubai i think
<rqou>
wut
<azonenberg_work>
a bunch of remote folks in buenos aires but no office there yet afaik
<awygle>
you know how you meet surgeons who became surgeons because they have some sort of deep seated need to open people up? this is how i increasingly feel about most security professionals
<awygle>
maybe it's just the reporting but i never hear anything about people taking steps to improve security, just people hackin' stuff
<azonenberg_work>
awygle: Yeah its the reporting
<jn__>
the offensive side is definitely louder
<azonenberg_work>
The reality is a lot less sexy and a lot more paperwork :p
<awygle>
paperwork is software for humans cmv
<azonenberg_work>
Every bug i put in a report needs to be accompanied by risk assessment, recommendations for patching, etc
<rqou>
heh that's better than us
<awygle>
yeah but even that is like, not what i mean. it's still fundamentally "find bug, fix bug", right?
<azonenberg_work>
On the more research-y side there are efforts to close off entire classes of bugs
<rqou>
$WORK has actually made architectural changes as a result of red team activities
<azonenberg_work>
We try to get involved with ongoing clients early in the design cycle
<azonenberg_work>
i've sat down with software leads and architects to go over designs before they're implemented
<awygle>
the only time i hear about actually making the industry better is in the context of rust (basically), which is much closer to what i mean but still isn't the systematic industry-wide process improvement i'd really prefer to see
<azonenberg_work>
And try to eliminate poor/dangerous architectural choices before the bugs even exist
<rqou>
e.g. $WORK killed Jenkins (*cough* *cough* Homebrew)
<awygle>
is jenkins bad now?
<rqou>
it's too easy to misconfigure insecurely
* awygle
, as is all too common lately, suddenly returns to full consciousness and realizes he's picking fights for no good reason
<awygle>
sorry, ignore my frustration in this inappropriate venue lol
<rqou>
let's just say that the recent Homebrew vuln is like 95% identical to several internal red team exercises
<daveshah>
My only experience with infosec was getting a free rucksack from Netcraft in the UK
<daveshah>
It's served me a good three years now
<daveshah>
Was for getting a certain grade in A-level (=high school) computing
<azonenberg_work>
Sooo i'm working on a design that needs a one-hot comparator
<azonenberg_work>
Basically one bit A<X and one A>X
<azonenberg_work>
Wondering if a greenpak is overkill
<azonenberg_work>
So far i dont see other logic that needs to get shoved in there
<rqou>
how's the analog performance?
<azonenberg_work>
I dont need that much
<azonenberg_work>
i'm actually now wondering if i could eliminate the comparator entirely
<azonenberg_work>
since i have an ADC monitoring the same rail
<azonenberg_work>
i might be able to do the comparison host side since it doesnt have to be fast at all
<azonenberg_work>
i'm basically checking of an external VCCIO is above or below 3.3V
<azonenberg_work>
if*
<azonenberg_work>
And i was gonna have an i2c io expander there for other reasons
<azonenberg_work>
So i could maybe just use that
<pie_>
awygle, talk to qu1j0t3 lmao
<pie_>
about process
<pie_>
whitequark, context for your latest tweet? xD
<qu1j0t3>
it has been rather burning up the twitterz
<qu1j0t3>
and the ircz
<whitequark>
people like the cso at facebook and chief seceng at chrome are acting like children whose favorite movie was insulted by that boy from over the street
s1dev has joined ##openfpga
* whitequark
glares at the tweet
<whitequark>
im wondering if one of them is going to whine in replies eventually or not
<whitequark>
happened before
<pie_>
whitequark, sorry i meat the ctos/whatever
s1dev has quit [Client Quit]
<pie_>
ah and then you clear that up two lines later
<qu1j0t3>
well this is basically the definition of ``butthurt'' so
<qu1j0t3>
whitequark: Well I can read your tweet two ways -- in fact the first way i interpreted was, the threads it brought out in my feeds bringing a lot more detailed evidence to back up the xkcd
<qu1j0t3>
whitequark: I wasn't sure if you were side-eyeing those ... mostly the butthurt theme has not been in my feeds ... yet
<pie_>
is it bad that i immediately thought butthurt without any context at all (except having seen the xkcd)
<azonenberg_work>
So, on the internal side we have an ESD clamp diode that can handle short spikes but not sustained overcurrent
<azonenberg_work>
Then we split the signal into AC and DC paths
<azonenberg_work>
AC path is C16, passes AC signals basically untouched but blocks low frequencies
<azonenberg_work>
The idea here is that a DC overvoltage will be blocked rather than melting the clamp diodes
<gruetzkopf>
the internal clamping diodes?
<azonenberg_work>
D1
<azonenberg_work>
Those are for ESD suppression
<gruetzkopf>
ah, specialised usb clamping things
<azonenberg_work>
its a high speed USB3 clamp diode (this is not usb but i'm using the chip for low capacitance)
<azonenberg_work>
Then on the DC path D2/D3 are Schottky clamp diodes to ensure the DC component of the signal doesn't go out of range (ground to VCCO)
<azonenberg_work>
L1
<azonenberg_work>
and L2 are to block the high speed signal from seeing the parasitic C of the diodes, which will be substnatial
<azonenberg_work>
They'll probably be ferrites of some sort? TBD
<gruetzkopf>
looks plausible
<azonenberg_work>
then R16 is to limit current through the DC path to protect the diodes during sustained overvoltage
<gruetzkopf>
what's gonna run over it?
<azonenberg_work>
and R15 is a series terminator for the output
<gruetzkopf>
$diff-sig?
<azonenberg_work>
Arbitrary single ended digital IO from 1.2 to 5V VCCO levels and up to 500 Mbps data rates
<azonenberg_work>
test equipment
<azonenberg_work>
This is the newest iteration of the STARSHIPRAIDER I/O cell
<azonenberg_work>
The goal is to survive a DC short to +/- 12V
<azonenberg_work>
without exceeding absolute max of any component in the system
<azonenberg_work>
Doing that while also being able to do 1.8V at several hundred Mbps is HARD :p
<gruetzkopf>
heh, guess who has to accept shorts to mains :(
<azonenberg_work>
I mostly work on low voltage stuff
<azonenberg_work>
The goal here is that you can probe any two points on a typical wallwart-powered gizmo
<azonenberg_work>
Yeah for the moment its a hard threshold with a resistor-programmed hysteresis
<azonenberg_work>
i'll set it to something sane like 25 mV or so
<gruetzkopf>
usually good enough
<azonenberg_work>
The VCCO is generated by a power opamp tracking a DAC reference
<gruetzkopf>
what's your target for sink/source current?
<azonenberg_work>
The DAC voltage is controlled by the host FPGA over I2C and can either be set to an arbitrary voltage of your choice, or to a runtime-selectable fraction of an external reference voltage monitored by an ADC
<azonenberg_work>
The low voltage driver has 12 mA output and the high voltage driver has 24 mA output
<azonenberg_work>
Both drop slightly at the low end of their range
digshadow has quit [Ping timeout: 240 seconds]
<azonenberg_work>
oh also, the VCCO power rail will have a shunt resistor on it
<azonenberg_work>
to monitor actual voltage and current
<gruetzkopf>
all 1-gate 74*VC*145?
<azonenberg_work>
Yes, i havent found anything better
<azonenberg_work>
(So if you have a dead short to ground or something, it will be able to shut down VCCO and tristate all outputs)
<gruetzkopf>
this sounds reasonable
<azonenberg_work>
This is a prototype 2 channel system
<azonenberg_work>
The full version will be 8 channels on a card
<azonenberg_work>
4 cards on the host system
<azonenberg_work>
with separate vcci/vcco levels
<gruetzkopf>
there's yakshaving to be had for a +++ version
<azonenberg_work>
Thats why the io cards are socketed :)
<gruetzkopf>
(per pin current measurement and stuff like that)
<gruetzkopf>
for a particularly annoying legacy application i had to build stuff like that (even including programmable current limit per IO)
<azonenberg_work>
oh fuuun
<azonenberg_work>
yeah this is already going to be $$$
<azonenberg_work>
i dont want to make it worse without a good reason
<azonenberg_work>
my focus for the moment is on talking to every plausible single ended digital logic standard you might encounter in commodity embedded hardware, with the exception of SSTL for DRAM
<gruetzkopf>
fair enough
<azonenberg_work>
And being immune to damage if you probe anything in the +/- 12V range
<azonenberg_work>
with the exception of high energy RF like a SMPS inductor output or something
<azonenberg_work>
That will go right through the AC path and probably blow out the protection diode
<pie_>
AC is scary :<
<pie_>
well. moar inductors i guess
<pie_>
(nevermind i have no idea what im talking about)
<gruetzkopf>
whats projected BOM cost like right now?
<azonenberg_work>
gruetzkopf: Not cheap? :p
<azonenberg_work>
i'm targeting about $1K for a finished unit all told, i forget if that included PCB or not
<azonenberg_work>
The host board will have a large 7-series FPGA, 10GbE SFP+, 1GbE copper interface, 4GB of DDR3, and four io card connectors
<azonenberg_work>
I'm at $24.24 (lol) right now for the prototype io card but i havent finished picking parts
<azonenberg_work>
that's for 2 channels
<azonenberg_work>
Level shifters, the dual comparator, analog switches, then the common stuff (VCCO DACs, Vref ADC, overcurrent protection, etc)
<azonenberg_work>
But not the qstrips
<azonenberg_work>
or the PCB
<azonenberg_work>
That goes up to $44.66 after adding the qstrips... those things are not cheap
X-Scale has joined ##openfpga
<rqou>
heeey azonenberg_work, can I interest you in some pic32 reverse engineering?
<azonenberg_work>
what about it?
<rqou>
this year's defcon badge uses one
<rqou>
a pic32mm
<azonenberg_work>
oh shiny
<rqou>
i have a flash dump but can't seem to get it to disassemble properly
<rqou>
and the memory map doesn't make sense to me
<azonenberg_work>
You have a full dump? Send me a link
<azonenberg_work>
And which PIC?
<rqou>
pic32mm0256gpm048
<azonenberg_work>
So where's the dump?
<azonenberg_work>
And how did you generate it?
<rqou>
please wait :P
<rqou>
and no readback protection
<azonenberg_work>
Yeah but i mean, using a pickit? or what tool
<azonenberg_work>
i.e. how confident are you the dump is accurate
<rqou>
yeah PICKit3
<azonenberg_work>
and complete
<rqou>
idk i used a PICKit3 with the mplab production tool
<azonenberg_work>
ok that should give a good result
<kc8apf>
I just got back over to Cesar's. Going to check out HHV and voting machine
<rqou>
also, power budgeting for badges is apparently pretty hard
<kc8apf>
Cash rationing seems to be challenging
<rqou>
random idea for badges: i want to make a "malicious" sympetrum (dragonfly) badge that can force neighboring badges into patterns you control
<rqou>
i wonder how not anused borgel would be? :P
indy has joined ##openfpga
<azonenberg_work>
So the thing that makes more fun reversing mips
<azonenberg_work>
is the kseg/kuseg plus caching fun
<azonenberg_work>
so the same phys addr is mapped in like 3 places :p
<rqou>
yeah, that's the part that I know nothing about
<azonenberg_work>
So phys addr 0x 1FC* is mapped to virtual 0x9FC* and 0xBFC*
<azonenberg_work>
q3k: how do you this?
<q3k>
azonenberg_work: i didn't actually do anything related to remapping
<azonenberg_work>
Right now i have everything mapped to kseg0
<q3k>
azonenberg_work: opened the file in ida, remembered I didn't like reversing mips, closed ida
<azonenberg_work>
and both kseg1 and kuseg are unusable
<azonenberg_work>
lol
<q3k>
i would honestly just rebuild the ihex manually in python
<q3k>
instead of dicking about with elf
<q3k>
or just move the sections around in ida itself
<azonenberg_work>
i'm talking in ida
<azonenberg_work>
if i want to make two segments backed by the same memory
<q3k>
you can't lol
<azonenberg_work>
and, ideally, with annotations etc kept in sync
<azonenberg_work>
Welp
<azonenberg_work>
So i guess the next best would be to manually copy the memory
<q3k>
yes
<azonenberg_work>
i have real work to do right now though
<azonenberg_work>
So savin this for later :p
<rqou>
azonenberg_work: not going to make reversing this your "didn't get to go to defcon" compensating? :P
<azonenberg_work>
Nope
<azonenberg_work>
I have a starshipraider to build
<rqou>
do you even have cow-orkers right now? didn't they all go to defcon?
<rqou>
also, not a goddamn house?
<azonenberg_work>
$work is paying me to do starshipraider
<azonenberg_work>
not construction
<q3k>
azonenberg_work: that's pretty cool.
<azonenberg_work>
For this week at least
<azonenberg_work>
no billable work this week b/c everyone is at defcon except me and like one other
<azonenberg_work>
so we're doing research :p
<rqou>
whee, somebody here is running a "follow the ball under the cups" scam here
<rqou>
i thought only Eastern Europeans did this
<q3k>
i need to find more customers to bill for odd hw projects.
<azonenberg_work>
rqou: lol that scam is as old as scams
<azonenberg_work>
also i just have to pick out component values for a few passives
<azonenberg_work>
and i'm good to start layout on the v0.2 io card
<kc8apf>
One of the voting machines has an xc2 on it. Seems to be just an LED controller.
<kc8apf>
These board designs are trash
<q3k>
pix?
<rqou>
hmm, some of us just might happen to have a tool to disassemble those bitstreams
<q3k>
rqou: do you have an icebox_vlog like tool?
<rqou>
these pedestrian routing setups are trash
<rqou>
q3k: not quite, but yes
<rqou>
q3k: i apparently suck at coding soni couldn't properly generate verilog
<rqou>
*so i
<rqou>
so it instead generates a (structural) yosys json netlist
<q3k>
that's more than enough
<azonenberg_work>
But you can write_verilog from that right?
<q3k>
yep, you should
<azonenberg_work>
kc8apf: did you pull the bitfile?
<rqou>
you then run this through some undocumented yosys steps and then you can write_verilog
<q3k>
although it's not gonna have nice metadata like icebox_vlog outputs
<q3k>
(in comments
<q3k>
)
<kc8apf>
azonenberg_work: nope. I didn't bring any hardware.
<kc8apf>
I'll get a pic in a few minutes. Left when the camera crew showed up
<q3k>
... camera crew at a hacking con?
<azonenberg_work>
q3k: yeah the voting machine village tends to get media attention
<azonenberg_work>
they're generally good about letting people disappear if they dont want to be filmed
<q3k>
bleh
<q3k>
only 4 months left until congress
<rqou>
oh yeah some day we need to drag azonenberg_work to ccc
<azonenberg_work>
next year
<azonenberg_work>
i'm like 35 hours negative on PTO right now
<azonenberg_work>
:p
<florolf>
there's also a cccamp next year :p
<q3k>
yes!
<florolf>
azonenberg_work: i've been reading ipc 7525 and they recommend against aperture reduction when doing lead-free reflow (and overpasting fine-pitch bga in that case)
<florolf>
what's your take on that?
<azonenberg_work>
florolf: I generally do 1:1 aperture sizes these days
<azonenberg_work>
have not found it necessary to over-paste
<azonenberg_work>
the only thing i do reduction on is large QFN thermal pads
<azonenberg_work>
where i break it up into a grid
<florolf>
yeah, that's the only case where they recommend any kind of significant reduction