<awygle>
note that flat rate padded envelopes exist as well
m_w has quit [Quit: leaving]
amclain has quit [Quit: Leaving]
scrts has quit [Ping timeout: 268 seconds]
scrts has joined ##openfpga
ZipCPU|Laptop has quit [Ping timeout: 260 seconds]
scrts has quit [Ping timeout: 240 seconds]
scrts has joined ##openfpga
<rqou>
woo, debian is absolutely refusing to load the radeon kernel module on boot
<rqou>
whatever, don't feel like fixing it right now
<jn__>
probably because of module signing?
<rqou>
not enabled on this machine
<rqou>
also, modprobing it manually works
<azonenberg>
Sooo
<azonenberg>
I'm gonna try to make a coolrunner killer bitstream
<rqou>
goddammit why
<azonenberg>
To see what happens when I set the "pull high" and "pull low" bits in every ZIA row at the same time
<azonenberg>
:p
<rqou>
do it to only one row first?
<azonenberg>
well yeah i'll start slow
<rqou>
it might actually survive, which would be funny
<azonenberg>
I know for a fact this will lead to 80 power-to-ground shorts throguh the pass transistors
<azonenberg>
(if i do them all)
<azonenberg>
Possible outcomes include: excessive current consumption and eventual device failure from electromigration in months
<azonenberg>
brownout of VCCINT causing a reboot (and boot loop until re-jtagged)
<azonenberg>
and brownout of VCCINT rendering the device unable to be programmed (insta-brick)
<azonenberg>
Or, blowing out a bond wire / bond pad / on die power bus from excessive current consumption (also insta-brick)
<azonenberg>
rqou: on that note
<rqou>
can you do something more useful like attempt to glitch the protection? :P
<azonenberg>
that's next on the list
<azonenberg>
:p
<azonenberg>
Do you have a jed file patch-up tool?
<azonenberg>
Something that fixes the checksums after you edit it
<azonenberg>
by hand
<rqou>
oh i just don't have checksums in my files :P
<azonenberg>
Lol
<azonenberg>
So, i guess i'll add a --ignore-checksum argument to jtagclient
<rqou>
as in, my tools don't add a "C" field (so no fuse checksum) and writes 0000 after ETX (which according to the spec disables the file checksum)
<azonenberg>
ah ok
<azonenberg>
Let me double check my loader and see if that will work
<rqou>
iirc iMPACT loads that just fine
<azonenberg>
oh i meant my app
<azonenberg>
i'm not using impact
<azonenberg>
impact doesnt work with my homebrew ftdi dongles
<rqou>
what happened to the infinity billion attempts at writing a bridge?
<azonenberg>
There were never any attempts, at least on my end
<azonenberg>
i've talked about it being nice to do
<azonenberg>
but never tried
<rqou>
various people have written various experimental bits and pieces over the years
<azonenberg>
OK, so
<azonenberg>
If there's no C field, my parser won't check the fuse checksum
<azonenberg>
i have to add support for disabling file checksums with 0000
<azonenberg>
i dont think i did that
<rqou>
yeah, i don't see why .jed internal checksums are useful
<rqou>
we have "real" checksum/hash algorithms
<azonenberg>
I think the format is meant to be streamed over a uart to a dumb peripheral
<azonenberg>
Just like g-code originally was
scrts has quit [Ping timeout: 240 seconds]
ZipCPU|Laptop has joined ##openfpga
scrts has joined ##openfpga
azonenberg_work has joined ##openfpga
theMagnumOrange has quit [Ping timeout: 255 seconds]
<cr1901_modern>
azonenberg: You've used the SPI Microchip PHYs correct?
<azonenberg>
Ages ago, yes
<azonenberg>
well
<azonenberg>
kinda-sorta
<azonenberg>
i used the enc424j600
<azonenberg>
but it was over the parallel bus
<azonenberg>
not the spi
<azonenberg>
And from an FPGA
<cr1901_modern>
close enough
<azonenberg>
it was a pain in the butt, GMII was easier by far
<cr1901_modern>
Can part of the built-in RAM be used as buffers before actually sending/after recv without risk of being overwritten by future incoming packets?
<azonenberg>
I believe so
<azonenberg>
you can set the range of the ram for rx to go
<rqou>
why would you use one of these?
<rqou>
historically they've been nice and buggy
<rqou>
er, at least the tcp/ip ones
<cr1901_modern>
rqou: B/c DIP
<cr1901_modern>
rqou: It's just an experiment, more seriously :P
<rqou>
dip is annoying too
<azonenberg>
TQFP ftw
<azonenberg>
if you must go with a leaded package
<azonenberg>
QFN preferred
scrts has quit [Ping timeout: 260 seconds]
CarpeOmnia has joined ##openfpga
scrts has joined ##openfpga
promach__ has joined ##openfpga
promach__ has quit [Client Quit]
<CarpeOmnia>
good morning fellow boolean algebreasts
<CarpeOmnia>
I swear that's how it's spelled
CarpeOmnia has quit [Quit: Leaving.]
CarpeOmnia has joined ##openfpga
<azonenberg_work>
Sooo
<azonenberg_work>
Suppose I have an IC that is supposed to draw <1 mA static
CarpeOmnia has quit [Client Quit]
<azonenberg_work>
and 10 mA dynamic at max load
<azonenberg_work>
Suppose I've managed to sink 100 mA in 2% of the die area
<azonenberg_work>
How long do you think it'll take it to die?>
<azonenberg_work>
Actual power dissipation is 180 mW in 0.06 mm^2
<azonenberg_work>
or 300 W/cm^2
<azonenberg_work>
so i imagine the ZIA is getting quite warm
<azonenberg_work>
but the chip package itself isn't too hot
<azonenberg_work>
it might be slightly warm to the touch
<azonenberg_work>
Gotcha!
<azonenberg_work>
It's toast
eduardo__ has joined ##openfpga
digshadow has quit [Ping timeout: 240 seconds]
eduardo_ has quit [Ping timeout: 255 seconds]
<rqou>
heh, housemate and i were just discussing how bidi text and vertical text interact
<rqou>
languages are hard
<rqou>
there's a w3c working draft trying to explain how this is supposed to work, and at one point it seems the authors gave up and put in an actual picture of a dead-tree book to demonstrate what's supposed to happen
<rqou>
azonenberg_work: was this one row shorted or all rows shorted?
CarpeOmnia has joined ##openfpga
digshadow has joined ##openfpga
<azonenberg>
rqou: all rows shorted all 8 bits wide
<azonenberg>
i set the muxes to feed DFFs on both ZIA groups
<azonenberg>
set one FB's DFFs high and the other FB's DFFs low
<CarpeOmnia>
hey
<azonenberg>
then shorted all FFs, plus the constant 1 and constant 0
<azonenberg>
No, i soldered the thing onto an adafruit tqfp44 breakout
<azonenberg>
hooked up power and jtag and nothing else
<azonenberg>
then kept on feeding it increasingly more fscked up bitstreams until it died
<CarpeOmnia>
hmm interesting
<azonenberg>
i tried a single internal short
<azonenberg>
that didn't kill it, didnt even get warm
<CarpeOmnia>
seems like a waste
<azonenberg>
so i kept upping the game until i had the entire routing shorted
<azonenberg>
no, it was useful data
<azonenberg>
now i know what it takes to kill one
<CarpeOmnia>
why would anyone want to short out an fpga?
<CarpeOmnia>
and fpga?
<azonenberg>
Lots of possibilities
<azonenberg>
imagine a DoS on amazon's ec2 fpga instances for starters
<CarpeOmnia>
that's what I'm getting at
<azonenberg>
I work in infosec, not EE
<azonenberg>
You can't defend against attacks you don't know about
<CarpeOmnia>
you've successfully proven that one of many architectures programmed into an FPGA can be fried
<rqou>
heh, i refuse to label myself "infosec"
<azonenberg>
CarpeOmnia: Yes, but i don't know if anyone has ever actually documented this happening before
<azonenberg>
there are vague warnings on forums etc
<CarpeOmnia>
I'm sure people have fucked up their FPGAs before
<azonenberg>
But i can actually point to a specific bitstream that kills this chip reliably under laboratory conditions
<azonenberg>
in about 15 minutes
<azonenberg>
And i can explain exactly why
<azonenberg>
That's something that can be studied
<CarpeOmnia>
particularly via jtag a very volatile interface
<CarpeOmnia>
have you ever heard of stuxnet?
<CarpeOmnia>
of course you have
<azonenberg>
Lol of course
<azonenberg>
I work with a guy whose primary full-time research focus is causing physical damage through digital methods, and ways to detect/avert such attacks
<CarpeOmnia>
well... essentially that's what they exploited... the JTAG on FPGAs to burn out rpm control
<azonenberg>
It was a bit more complex than that
<azonenberg>
and that was killing a mechanical system which is different
<CarpeOmnia>
no not really...
<azonenberg>
They did not blow out the RPM control
<azonenberg>
they actually caused mechanical damage by accelerating and decelerating the rotors
<CarpeOmnia>
I'm not quite sure what they fed the jtag
<azonenberg>
using documented, intended behavior of the PLCs
<azonenberg>
this was not jtag afaik
<CarpeOmnia>
lol no...
<CarpeOmnia>
any deviation on the rpm
<azonenberg>
it was the standard vendor reflash protocol to the attached PC
<CarpeOmnia>
causes a centrifuge with precise weighting to go off balance
<azonenberg>
Of course
<CarpeOmnia>
to need to control anything
<CarpeOmnia>
and yes it was done via jtag
<azonenberg>
what i mean is, the control loop was being screwed with
<azonenberg>
in order to mess up the attached device
<azonenberg>
They did not fry the PLC
<CarpeOmnia>
why not?
<azonenberg>
the PLC was full of malware but physically and electrically functional
<CarpeOmnia>
actually no
<CarpeOmnia>
the most impressive part of stuxnet was it's ability to traverse networks a continually un-encapsulate to reach it's destination
<rqou>
i'm pretty sure azonenberg is right
<rqou>
iirc there are even dumps of the modified control loop blocks
<azonenberg>
I could always ask jason larsen
<azonenberg>
you know, the guy who pretty much pioneered the field of SCADA security
<azonenberg>
and works at IOA
<azonenberg>
:p
<rqou>
what kind of oxymoron is "SCADA security?" :P :P
<azonenberg>
ok let me rephrase
<CarpeOmnia>
sort've like
<azonenberg>
offensive SCADA research
<azonenberg>
:p
<rqou>
lol nice :P
<CarpeOmnia>
SHEILD
<CarpeOmnia>
I pioneer all sort've of dangerous things
<rqou>
oh btw azonenberg: yesterday at mtvre i was briefly talking to someone who works at yubico
<rqou>
(at mtvre)
<rqou>
and he told me that a lot of smartcard/access control vendors apparently claim that "security through obscurity" is part of their certification requirements
<rqou>
of course they don't say it that way
<azonenberg>
lol
<rqou>
but basically apparently revealing too much "trade secret" information somehow weakens their certification
<rqou>
some kind of check the box certification i assume
<azonenberg>
rqou: common criteria, eew
<azonenberg>
i dont know a ton about it
<CarpeOmnia>
UTI was offering a 24 hour trial period for their courses
<CarpeOmnia>
so I got my CEH going through all the course content and quizzes and exams
<CarpeOmnia>
CEH not impressive
<rqou>
iirc some "infosec" person was being a bit of a dick and said "the openssl developers have basically turned into (iirc common criteria) certification consultants"
<CarpeOmnia>
saving 300$ more so impressive
<azonenberg>
rqou: lol
<azonenberg>
and yeah CEH is silly
<rqou>
although that wasn't completely false
<azonenberg>
I dont think anyone at work has one
<azonenberg>
maybe one or two who got it before they knew better
<azonenberg>
CarpeOmnia: most of us go to places like REcon and S4
<rqou>
imho all "certifications" are pretty worthless
<azonenberg>
where there's the fun hardcore technical stuff
<azonenberg>
although some of us have spoken at BH/DC too
<rqou>
azonenberg: that scada sensor hacking looks like normal "lol, we pwned your embedded" to me
<rqou>
is it special just because it's scada?
<azonenberg>
rqou: yeah he does more interesting stuff too
<azonenberg>
But some of our work is pretty much that, there are entire communities of people who simply are not aware of various attack vectors
<azonenberg>
so sometimes we do talks at cons for those industries to try and educate them
<azonenberg>
so they don't make these mistakes in the first place
<rqou>
you know, i'm always surprised just how much we suck at disseminating information
<rqou>
oh btw free yak to shave for anybody here who is interested: apparently tools for hacking/sniffing NFC suck
<rqou>
plz 2 improve kthx :P
<cyrozap>
rqou: You just have to title the talks correctly, e.g., "Reverse Engineering the CoolRunner-II Bitstream Format [GONE WRONG] [ALMOST DIED!!!!]"
<CarpeOmnia>
what?
<rqou>
lolol
<CarpeOmnia>
oh
<CarpeOmnia>
I attend defcon on occasion
<CarpeOmnia>
takes place the same time as blackhat...
<CarpeOmnia>
makes sense
<CarpeOmnia>
last time I was there someone set off a bomb in one of the lecture rooms
<azonenberg>
Lol a bomb? What sort / how big
<CarpeOmnia>
minimal not casualties, puff of smoke big enough to make people panic
<CarpeOmnia>
it wasn't like a smoke bomb silver nitrate and suga
<azonenberg>
Was that the imploding barrel in the scada village?
scrts has quit [Ping timeout: 240 seconds]
<azonenberg>
b/c if so i know the guy behind it
<azonenberg>
:p
<CarpeOmnia>
what conference?
<azonenberg>
defcon
<azonenberg>
forget which year, last year or the year before
<CarpeOmnia>
oh this was the 20th anniversary
<CarpeOmnia>
Anyways... I'm looking for skilled FPGA programmers
<CarpeOmnia>
to create the hack of the century
<CarpeOmnia>
it will be an industry killer
<azonenberg>
lol the gibson? :p
<CarpeOmnia>
a whole consumer base gone...
<rqou>
an ETH miner? :P
<CarpeOmnia>
nope
<CarpeOmnia>
nope
<CarpeOmnia>
lol... if it had been done
<azonenberg>
rqou: lol, is it hard to mine?
<CarpeOmnia>
it's impossible to mine
<rqou>
i have no idea
scrts has joined ##openfpga
<CarpeOmnia>
it's just not feasible
<CarpeOmnia>
anymore
<CarpeOmnia>
except for like mining for coins with unique words in them like people do with web domains
<rqou>
wait ETH isn't just a "replaced hash with scrypt" altcoin?
<CarpeOmnia>
okay... so are you guys fluent in VHDL?
<rqou>
not again
<CarpeOmnia>
sorry?
<rqou>
i've been working on like the third attempt to implement vhdl for yosys
<rqou>
vhdl is super hard to implement, and it isn't even good
<CarpeOmnia>
are you kidding
<CarpeOmnia>
it's brilliant
<CarpeOmnia>
Verilog appeals more to programmers
<CarpeOmnia>
VHDL appeals more to hardware engineers
<rqou>
verilog is also bad
<rqou>
all HDLs i've used are bad
<azonenberg>
Both suck but in my experience VHDL is worse
<rqou>
all DSLs i've used are also bad because of tooling difficulties
<CarpeOmnia>
so I'm guessing you guys use... logisim? lol
<rqou>
i actually have used that
<rqou>
buggy piece of java crap
<CarpeOmnia>
so then what do you guys use for FPGAs?
<CarpeOmnia>
this is an FPGA chat right?
<azonenberg>
Open source FPGA toolchains :p
<rqou>
verilog and deal with the suck :P
<azonenberg>
We all think the existing tools suck and are writing better stuff
<CarpeOmnia>
like a programming language
<rqou>
although i'll have to admit that logisim is pretty neat for teaching absolute beginners
<azonenberg>
My main target is place-and-route tools
<CarpeOmnia>
my main target is micro computers with specific purposes
<CarpeOmnia>
VHDL makes perfect sense to me, I don't understand how you guys could dislike it
<CarpeOmnia>
why don't you try using the original link location
<rqou>
er, what?
<cyrozap>
CarpeOmnia: So, exactly what are you trying to _do_? "it will be an industry killer" and "a whole consumer base gone..." triggered my BS detectors.
<rqou>
also heh i no longer remember how this cpu works at all
<CarpeOmnia>
lol
<rqou>
logisim sucks at comments
<CarpeOmnia>
not without an NDA and a Non-Compete Clause
<rqou>
azonenberg: another argument in support of not-schematics? :P
<azonenberg>
rqou: lol
<CarpeOmnia>
logism is uber glitch when it comes to moving components and often crashes
<azonenberg>
yes
<azonenberg>
schematics are awful
<CarpeOmnia>
I LOVE schematics!
<CarpeOmnia>
Anyways... where ya from cyrozap?
<cyrozap>
CarpeOmnia: If you want NDA's and non-compete agreements, you're in the wrong channel, friendo :)
<rqou>
you won't love schematics when you're the TA and you have to write "DO NOT MOVE/ADD/CHANGE ANY INPUT OR OUTPUT PINS!" :P
<CarpeOmnia>
cyrozap... I'm looking for employees
<azonenberg>
Well, this isn't the spot to find them
<cyrozap>
CarpeOmnia: Try ##fpga
<CarpeOmnia>
thnx
<CarpeOmnia>
it's been a loonnggg time since I used IRC
pie_ has quit [Read error: Connection reset by peer]
pie_ has joined ##openfpga
pie__ has joined ##openfpga
pie__ has quit [Remote host closed the connection]
pie_ has quit [Ping timeout: 268 seconds]
Hootch has joined ##openfpga
scrts has quit [Ping timeout: 246 seconds]
scrts has joined ##openfpga
jeandet has joined ##openfpga
scrts has quit [Ping timeout: 240 seconds]
seu has quit [Remote host closed the connection]
seu has joined ##openfpga
scrts has joined ##openfpga
scrts has quit [Ping timeout: 276 seconds]
scrts has joined ##openfpga
scrts has quit [Ping timeout: 260 seconds]
scrts has joined ##openfpga
Hootch has quit [Ping timeout: 276 seconds]
Hootch has joined ##openfpga
pie_ has joined ##openfpga
jeandet_ has joined ##openfpga
jeandet has quit [Ping timeout: 240 seconds]
jeandet__ has joined ##openfpga
jeandet_ has quit [Read error: Connection reset by peer]
jeandet__ has quit [Client Quit]
scrts has quit [Ping timeout: 248 seconds]
scrts has joined ##openfpga
jeandet_ has joined ##openfpga
jeandet has joined ##openfpga
jeandet_ has quit [Quit: Leaving]
theMagnumOrange has joined ##openfpga
indy has quit [Ping timeout: 268 seconds]
pie_ has quit [Remote host closed the connection]
pie_ has joined ##openfpga
ZipCPU|Laptop has quit [Ping timeout: 240 seconds]
amclain has joined ##openfpga
<awygle>
rqou: wow, logisim CPU.... memories! would that happen to be a five stage MIPS pipeline from CS61C?
<rqou>
awygle: lol good guess
<rqou>
yes, this was CS61C, but it's only a two-stage MIPS-like
<balrog>
rqou: why is VHDL synthesis such a mess?
<rqou>
generics
<rqou>
they're much more powerful than you would expect given the time period, but yet there's no type inferencing to give you "actually useful" features
<rqou>
subtype_indication is the second biggest mess
azonenberg_work has quit [Ping timeout: 276 seconds]
<qu1j0t3>
well this would be partly why people are turning to more principled substrate languages, eh?
<rqou>
right, but we need better interchange formats, intermediate representations, and cosimulation protocols
<rqou>
otherwise interop will always suck
* qu1j0t3
nods
<qu1j0t3>
open-ness!!!
<rqou>
because right now what we have seems to be EDIF, "lol idk," and "herp derp about one quarter of VPI, and a different one quarter for each tool"
everbrew has quit [Ping timeout: 240 seconds]
everbrew has joined ##openfpga
digshadow has quit [Quit: Leaving.]
<awygle>
i suppose GHDL's backend is useless? that's where i'd start looking, to see if i could fuse their frontend with yosys somehow
<rqou>
so ghdl is written in ada
<rqou>
so there's that :P
<awygle>
...... o.
<rqou>
iirc it also doesn't support any of the insane features like generic packages or subtype_indication
<rqou>
and it wasn't at all obvious how one would add those
<rqou>
afaict these features have to be designed in from the start
<awygle>
they seem to have some form of both of those but i don't know vhdl well enough to evaluate *shrug*
<balrog>
rqou: I think they do support those insane features but I'm not sure
<balrog>
also ada, hah
mifune has joined ##openfpga
scrts has quit [Ping timeout: 260 seconds]
scrts has joined ##openfpga
m_w has joined ##openfpga
azonenberg_work has joined ##openfpga
azonenberg_work has quit [Client Quit]
azonenberg_work has joined ##openfpga
ZipCPU|Laptop has joined ##openfpga
ZipCPU|Laptop has quit [Client Quit]
Hootch has quit [Quit: Leaving]
m_w has quit [Quit: leaving]
m_w has joined ##openfpga
mifune has quit [Ping timeout: 260 seconds]
scrts has quit [Ping timeout: 255 seconds]
scrts has joined ##openfpga
<lain>
ghdl doesn't support the thing where you can reference signals by hierarchy, which makes me sad cause that'd be heckin nice for testbenches
<lain>
the ghdl author has written a yosys-ghdl thing though
<lain>
it's still very alpha stage but it exists
digshadow has joined ##openfpga
digshadow has quit [Client Quit]
digshadow has joined ##openfpga
<azonenberg_work>
yeah does yosys support it?
digshadow has quit [Ping timeout: 276 seconds]
<balrog>
azonenberg_work: support what?
<azonenberg_work>
balrog: hierarchial name referencing
<balrog>
ahhhh
<azonenberg_work>
so like assert(foo.bar.baz == 1)