Andrew Zonenberg

@azonenberg@ioc.exchange
2.9K Followers
403 Following
19.9K Posts

Security and open source at the hardware/software interface. Embedded sec @ IOActive. Lead dev of ngscopeclient/libscopehal. GHz probe designer. Open source networking hardware. "So others may live"

Toots searchable on tootfinder.

ngscopeclienthttps://www.ngscopeclient.org/
Bloghttps://serd.es
LocationSeattle area
GitHubhttps://github.com/azonenberg
Andrew Zonenberg20m ago

Oof. Glad i only needed one of these.

@oshpark @pdp7 FYI.

One of three affected, no need to remake the order since i only needed a single unit but thought you'd want to know

Show threadAndrew Zonenberg15h ago
(update: fedora was definitely impacted by the same issue, which I think is now fixed, but I'd like someone to validate the fix)
Andrew Zonenberg15h ago

Can I get a Fedora user to test something on ngscopeclient for me?

Download the latest RPM from GitHub Actions CI (specifically the CI package, not one you've compiled yourself and install it.

Does it report a plausible version number
1) in the package itself
2) in the title bar
3) in the about dialog?

Just fixed a bug causing empty strings to appear instead of version numbers in the Debian CI builds and I'm not sure if Fedora was impacted too. It uses a similar build setup but I don't have a Fedora test VM handy right this moment

Show threadAndrew Zonenberg22h ago

@soatok Also what's the state of the art in gpu/custom hardware acceleration?

If someone wanted to build a modern day Deep Crack to go after RSA, what's the practical upper limit to someone with deep pockets and silicon design skills?

RSA-250 (829 bits) is afaik the public factorization record and that was a few thousand CPU years on 2020 era Xeons. What does that translate to with modern accelerators if someone wanted to fill a rack with NVIDIA H100s or custom 12nm ASICs?

Andrew Zonenberg22h ago

Crypto folks (maybe @soatok ): what's the latest estimates on difficulty of real world factorization attacks on a single 1024 bit RSA modulus?

Like, i know it's "plausible enough for a state level attacker to break that you shouldn't be using 1024 bit keys" but nobody's ever demonstrated an actual factorization yet.

So in terms of compute required... Are we talking $10K of cloud budget and a week, or all of us-west-2 until 2040? Somewhere in between?

Show threadAndrew Zonenberg1d ago

Actually https://github.com/ngscopeclient/scopehal-apps/issues/885 I'm not sure if this is better or worse lol.

Tl;dr they made the breaking change by accident and didn't realize it.

Build broken on recent Vulkan SDK versions due to acquireNextImage changing return type · Issue #885 · ngscopeclient/scopehal-apps

Old (1.3.296 and older): returns a std::pair<Result, uint32_t> When did the switchover happen?? New (1.4.321 and newer): returns a ResultValue<uint32_t>

GitHub
Andrew Zonenberg1d ago

I have a definite love-hate relationship with vulkan-hpp. Not using raw C vulkan calls is super nice...

But sudden build failures with no warning due to them making breaking changes to function return types? Not so nice. They seem to feel they can make breaking changes freely at any time and don't do a great job of documenting said changes.

Show threadAndrew Zonenberg2d ago
Actually maybe that's a good thing, when I'm not using it for work I at least can't ruin my life doing nothing but REing random chips 24/7.
Andrew Zonenberg2d ago

IC reverse engineering software is absolute crack for neurospicy brains.

Every time I'm on a project for work where I get to use it, I have to force myself to put it down when I'm supposed to be done with work for the day. You can probably tell how that's working out given that it's 2230 local time.

It's the most addictive puzzle game out there by a massive margin. There's the "fix stitch errors" mini-game, the "fine tune inter layer alignment" mini game, the "optimize feature extraction" mini game, dozens to hundreds of "what is this standard cell" mini games, and then the main "wtf does this giant netlist do" storyline.

If only it wasn't dongle-locked, export-restricted software sold at EDA-tool seat prices...

Show threadAndrew Zonenberg3d ago

So much infrastructure and setup work we should only have to do once and for the most part, once it's done things should Just Work(tm) after that.

Subsequent releases should be far more frequent and straightforward lol.

×
Show threadAndrew ZonenbergAug 8

I'm gonna say this is probably as good as it's going to get. In 5200 sec it drifted in phase by 146 degrees.

That's 7.78-5 Hz beat frequency (0.0778 millihertz) or a frequency error of 7.78e-12 .