[HN Gopher] Sipeed NanoKVM-PCIe
___________________________________________________________________
Sipeed NanoKVM-PCIe
Author : zdw
Score : 33 points
Date : 2024-12-24 02:48 UTC (20 hours ago)
(HTM) web link (www.cnx-software.com)
(TXT) w3m dump (www.cnx-software.com)
| NetworkPerson wrote:
| From the article "It would be laughable to argue the low-end
| SG2002 AI SoC poses a threat to any country..."
|
| I can see a great deal of trouble capable of coming from a
| networked device capable of watching the screens 24x7 and
| potentially intercepting passwords being entered. And those are
| the legitimate functions for this device. Wouldn't take much to
| throw a reverse shell for external access if you wanted to be
| particularly nefarious.
|
| Not saying there's any evidence this kvm is malicious. But I
| probably wouldn't put it in anything more than one of my toy home
| lab servers.
| theamk wrote:
| I was worrying about typical Chinese cloud you cannot turn off
| (seems to be present on all cheap IP cameras), but this device
| is actually pretty good.
|
| For remote access, there is no cloud. But you can BYO tailscale
| or FRP [0] (note: I really like the FRP idea, as it's trivial
| to self-host)
|
| For updating, there is a central server. But at least the
| process seems to be manually-initiated [1].
|
| I am not saying the firmware is backdoor-free, but at least it
| would be feasible to monitor/block all outgoing network
| connection attempts, and still have a functional device.
|
| [0]
| https://wiki.sipeed.com/hardware/en/kvm/NanoKVM/network/tail...
|
| [1]
| https://wiki.sipeed.com/hardware/en/kvm/NanoKVM/system/updat...
| wkat4242 wrote:
| What's FRP? Your source link speaks only of tailscale.
| dzidol wrote:
| Just open the link about tailscale, in the page it's one
| tab below on the left.
| stevefan1999 wrote:
| For FRP do you mean https://github.com/fatedier/frp?
| poisonborz wrote:
| You can selfhost the control server, look at headscale, all
| the clients support this.
| mherkender wrote:
| This is a great device but I can't imagine giving so much power
| and control to a closed-source, self-updating device.
| theamk wrote:
| Hey, billions of people use Windows and Mac OS.
| navigate8310 wrote:
| But billions of people don't use Sipeed NanoKVM that gets an
| OOBM access to critical infrastructure
| wkat4242 wrote:
| Yeah mine is on a non-internet-routed VLAN for that
| purpose. I access it through my vpn only. It doesn't even
| have outgoing internet access.
| znpy wrote:
| many more use closed source kvm solutions built-in into
| servers, so...
|
| as an homelabber, i'm using HP's iLO on my gen8 microserver
| for example.
| smcleod wrote:
| They opened the standalone unit, assuming this will be also?
| metadat wrote:
| Are there feasible open alternatives to this closed-source blob?
| The fundamental capabilities seem nice, on paper.
|
| Also, is there Windows / Mac compatibility?
| wkat4242 wrote:
| They are open sourcing it apparently. At least they promised.
|
| And yes it works fine on windows. I've got one. Haven't tried
| it on Mac yet though.
| jauntywundrkind wrote:
| Worth mentioning Sophgo (CPU maker here) just got added to US
| Sanction list for helping China dodge semiconductor sanctions.
|
| Apparently it's the Bitmain cryptominer folk? Nice context from
| Tom's.
|
| https://www.tomshardware.com/tech-industry/artificial-intell...
| Bluestein wrote:
| Worth mentioning also, it apparently has non-configurable (to
| off) root:root SSH on by default, according to the comments ...
| toast0 wrote:
| Looks like the pcie slot is just used for power?
|
| I'd love to see something like this where the board had a basic
| video card, so you could use it in a system without any video
| output. Bonus if it also had a usb controller and a serial port,
| so it didn't need to loop to plugs (although some of that could
| happen on the internal side as well)
| wkat4242 wrote:
| Basically like Dell's old DRAC boards. They used to do exactly
| that.
| wolrah wrote:
| Likewise, I have never been able to get a satisfying answer as
| to why no one seems to be willing or able to put the same
| ASpeed AST2x00 chips that it seems half the OEM
| IPMI/iKVM/whatever solutions use on a standard PCIe card
| instead of embedding it in the motherboard or using some
| proprietary interface.
|
| I have never been able to identify a technical barrier to doing
| this, the important features most people actually care about
| are implemented over a 1x PCIe link and USB, plus a couple of
| GPIOs to twiddle the power/reset button connections. Most OEM
| implementations also connect to the LPC bus and others on the
| server board to allow more in depth diagnostics, voltage
| logging, etc. but those are bonus features and not requirements
| for a useful product. I do not see any technical reason a
| useful generic PCIe implementation couldn't be produced, and as
| a result I have a strong feeling that the lack of such products
| is an intentional choice by one or more of the vendors involved
| to increase margins by pushing users who want these features up
| to entry level server boards instead of sticking a card in a
| higher-end desktop board that might better fit their needs.
| toast0 wrote:
| M.2 A or E might be better for this actually. A lot of boarda
| have slots for wifi/bluetooth with PCIe and USB. Would need a
| cable to a panel mount network jack and to pull in the front
| panel switches.
| smcleod wrote:
| I have the standalone unit and other than the painfully slow
| 100mbit Ethernet that's too slow to upload ISOs and which also
| doesn't work with many modern switches - it's really nice for the
| price.
|
| The problem with a pcie one for me is that modern motherboards
| suffer from having hardly any PCIe ports - and when they do
| they're mashed in close to each other essentially making one
| useless if you have a decent GPU.
| crest wrote:
| One the one hand adding radios (WiFi, LTe) to KVM over IP device
| sounds tempting on the other hand given the track record of KVM
| over IP devices it sound terrifying to give them the ability of
| bypass points of policy enforcement.
___________________________________________________________________
(page generated 2024-12-24 23:02 UTC)