The whole #Supermicro debacle shows, in stark detail, the benefits of open hardware
When every part is in an open schematic, when even the resin PCB is an open standard, it’s a lot harder to hide malicious components
Couple this with open firmware (and more diverse suppliers than one or two giants) and the problem is significantly diminished
Opaque tech always leaves plenty of nooks to hide nefarious things
That said, this is a well-deserved kick in the pants for Big Tech
@cypnk I agree with what you're saying in principle but in this case even though Apple's and Amazon's audit teams both knew the schematics of their server boards yet it was still notoriously difficult to identify the offending modifications.
The technology required to scan for changes like that just 'isn't there' according to one of the sources.
Diversifying suppliers would surely help but as long as those suppliers are within China, they're still vulnerable
@letthewatersroar Yes, they’ll have to be geographically distributed as well. My understanding of proprietary chipsets is that a lot of it is dedicated to obfuscation as well (to keep competitors at bay). It’s like when map companies add fake streets to catch copied data
Simpler architectures can greatly enhance security here as that would make auditing an approachable task for more people and orgs
@cypnk My concern with all this is that it'll actually force companies to go the other way and start consolidating even more infrastructure under one umbrella.
How long until we have megacorps that produce and control all the hardware AND software in their product pipeline? They'll become even more inscrutable and with the right government/lobbying efforts they'll be powerful enough to write legislation that avoids auditing entirely.
Maybe I'm getting a little black mirror but y'know...
@letthewatersroar It’s healthy to consider these possibilities
I don’t know if they’ll consolidate, but Apple and Amazon are doing this already and they’re controlling the supply every step of the way
As for legislation, they’re not going to have it as easy as they used to. As much as we make fun of a tech-illiterate congress, many of the older people are being voted out and/or retiring. Younger people are already running for office and some are winning. That’ll rattle some cages
@icedquinn @cypnk There's a pretty large market of "pure-play foundries" (e.g. TSMC, GlobalFoundries) and "fabless chip companies" (e.g. AMD, Broadcom, MediaTek, NVIDIA, Qualcomm, ARM, Marvell, Xilinx, Altera, Realtek, Atheros, US$100B in annual sales in all) which requires the foundries to share the details of their manufacturing capabilities. Also, the fabless chip companies *really* want the chips they order to not have backdoors.
@icedquinn @cypnk I think you're right. John Q. Public can do a little better — she can design and fabricate 25 instances of a chip in a 28nm process from STMicroelectronics via CMP or CMC for €12000/mm². However, I think ST does require some kind of NDA, and the highest-resolution TSMC process available through MPW services like CMP, CMC, EUROPRACTICE, and MOSIS (which no longer publishes its prices) seems to be 65 nm (US$6500/mm²). No, wait, EUROPRACTICE offers TSMC 28nm & GlobalFoundries 22nm
@icedquinn @cypnk I think you can get started at a cost of under €2000 for your first chip sample, but that's 4mm² in 0.7μm. If a transistor is 4λ×10λ (I don't know how big they are, but that's a good ballpark) that would be about 200'000 transistors, roughly the size of an 80286, or 50 6502s, but a lot faster and with a lot less space for wirebonding.
@icedquinn @cypnk On a US$100k budget (5% of the cost of a house in San Francisco) you could fabricate something in TSMC's 28nm process or GlobalFoundries's 22nm process and get within an order of magnitude of Intel's or Xilinx's density and cost structure. Thanks to the end of Dennard scaling, your chip can be just as fast as theirs even though it's bigger; 22nm memory is from 2008 and 22nm CPUs are from 2012, and 32nm CPUs are from 2010.
A lot of modern semiconductor processing is not documented outside of academia because they fall under trade secrets. You will find no patent for finfet transistor mfg processing for that reason.
Intel actually does foundry work now, mostly for our FPGA products, but other prods are made by us
Think about it. The equipment is paid for (thus it's more profitable), the process is mature and robust (and therefore well understood), and less complex (cheaper for end customers).
Granted, it may not make sense to make these products in flagship fabs (like my own Fab32), but it does make sense to make them *somewhere*
@matt @kragen @icedquinn @cypnk i'm very interested in organic semiconductor manufacturing because there's research happening there on low-temp solution-processed all-printed processes, which could allow for small fabs on the scale of independent book/magazine printing presses, low up-front capital requirements
@matt @kragen @icedquinn @cypnk that's true, and while they're getting better all the time i doubt that gap can shrink by much. i expect it to be like 3d-printing, it's not for everything but has its uses. solar is i think a good example of a place where a huge cost/performance tradeoff could be appealing, and is where much of the printing research is focused. camera sensors are another, where silicon area cost is a big issue and speed is a non-issue past a certain threshold
@cascode @matt @icedquinn @cypnk I think organic synthesis is a lot trickier than rare-metal sourcing, generally speaking. The problem with, say, GaAs supply chains, isn't (as I understand it) that you need to get gallium, which is only about as expensive as silver. It's that you need gallium with <1ppm impurities. And I think organic semiconductors are a lot more tolerant, but I don't know why that might be.
@cascode @matt @icedquinn @cypnk What's your threshold for "low-capital"? The US$100k I suggested to get a 22nm chip working is, yeah, 40dB more expensive than a latte. But it's also 60dB less expensive than Intel. And you can get started at under €2000, which is only 23dB more expensive than a latte. Or, seen another way, it's less than a week's worth of billable work to pay for the fabrication of over six months of unpaid hobby chip design work.
1. in this scenario you are still buying time on someone else's tools, and therefore can't bring down iteration cost and operate at the whim of facility booking schedules (or however they like to phrase it)
2. who even has $100k to spend on something like this for hobbyist purposes? for those who do; great. but for most it's just a dream. and it doesn't pay forward, it's money spent into someone else's infrastructure.
@cascode @matt @icedquinn @cypnk Yeah, and MPW outfits don't tape out a wafer to the foundry when you want; they have an established schedule because most of the wafer is going to be someone else's projects. So maybe you're waiting six months or more for the design to get fabbed.
I think US$100k is a pretty reasonable amount of money for a small group of hacker friends to pool together for an ambitious project like this. I don't have the savings at the moment, though :)
Usually a mask is designed for a individual devices. The mask is literally what imprints the photolithography pattern onto the hardmask on the wafer. You need a mask (or multiple masks) for each layer of the process. I would not be surprised if it takes a dozen masks just for the transistors themselves, followed by another dozen for the metal interconnect layers.
@matt @icedquinn @cypnk MPW is kind of an opposite extreme of the semiconductor industry from the stuff you're doing at Intel. It stands for "multi-project wafer"; MPW organizations like MOSIS, CMP, CMC, and EUROPRACTICE take chip design projects from many different designers (hundreds to thousands) and combine them onto a single wafer. That's how it's possible to get 25 samples of a new chip design in any process node for less than €2000, or less than US$100K in 28nm.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!