Sipeed NanoKVM-PCIe
(cnx-software.com)26 points by zdw 14 hours ago | 22 comments
26 points by zdw 14 hours ago | 22 comments
toast0 10 hours ago | prev | next |
Looks like the pcie slot is just used for power?
I'd love to see something like this where the board had a basic video card, so you could use it in a system without any video output. Bonus if it also had a usb controller and a serial port, so it didn't need to loop to plugs (although some of that could happen on the internal side as well)
wolrah 2 hours ago | root | parent | next |
Likewise, I have never been able to get a satisfying answer as to why no one seems to be willing or able to put the same ASpeed AST2x00 chips that it seems half the OEM IPMI/iKVM/whatever solutions use on a standard PCIe card instead of embedding it in the motherboard or using some proprietary interface.
I have never been able to identify a technical barrier to doing this, the important features most people actually care about are implemented over a 1x PCIe link and USB, plus a couple of GPIOs to twiddle the power/reset button connections. Most OEM implementations also connect to the LPC bus and others on the server board to allow more in depth diagnostics, voltage logging, etc. but those are bonus features and not requirements for a useful product. I do not see any technical reason a useful generic PCIe implementation couldn't be produced, and as a result I have a strong feeling that the lack of such products is an intentional choice by one or more of the vendors involved to increase margins by pushing users who want these features up to entry level server boards instead of sticking a card in a higher-end desktop board that might better fit their needs.
toast0 an hour ago | root | parent |
M.2 A or E might be better for this actually. A lot of boarda have slots for wifi/bluetooth with PCIe and USB. Would need a cable to a panel mount network jack and to pull in the front panel switches.
wkat4242 10 hours ago | root | parent | prev |
Basically like Dell's old DRAC boards. They used to do exactly that.
smcleod 4 hours ago | prev | next |
I have the standalone unit and other than the painfully slow 100mbit Ethernet that's too slow to upload ISOs and which also doesn't work with many modern switches - it's really nice for the price.
The problem with a pcie one for me is that modern motherboards suffer from having hardly any PCIe ports - and when they do they're mashed in close to each other essentially making one useless if you have a decent GPU.
NetworkPerson 14 hours ago | prev | next |
From the article “It would be laughable to argue the low-end SG2002 AI SoC poses a threat to any country…”
I can see a great deal of trouble capable of coming from a networked device capable of watching the screens 24x7 and potentially intercepting passwords being entered. And those are the legitimate functions for this device. Wouldn’t take much to throw a reverse shell for external access if you wanted to be particularly nefarious.
Not saying there’s any evidence this kvm is malicious. But I probably wouldn’t put it in anything more than one of my toy home lab servers.
theamk 10 hours ago | root | parent |
I was worrying about typical Chinese cloud you cannot turn off (seems to be present on all cheap IP cameras), but this device is actually pretty good.
For remote access, there is no cloud. But you can BYO tailscale or FRP [0] (note: I really like the FRP idea, as it's trivial to self-host)
For updating, there is a central server. But at least the process seems to be manually-initiated [1].
I am not saying the firmware is backdoor-free, but at least it would be feasible to monitor/block all outgoing network connection attempts, and still have a functional device.
[0] https://wiki.sipeed.com/hardware/en/kvm/NanoKVM/network/tail...
[1] https://wiki.sipeed.com/hardware/en/kvm/NanoKVM/system/updat...
stevefan1999 9 hours ago | root | parent | next |
For FRP do you mean https://github.com/fatedier/frp?
poisonborz 8 hours ago | root | parent | prev | next |
You can selfhost the control server, look at headscale, all the clients support this.
wkat4242 10 hours ago | root | parent | prev |
What's FRP? Your source link speaks only of tailscale.
dzidol 2 hours ago | root | parent |
Just open the link about tailscale, in the page it's one tab below on the left.
metadat 12 hours ago | prev | next |
Are there feasible open alternatives to this closed-source blob? The fundamental capabilities seem nice, on paper.
Also, is there Windows / Mac compatibility?
wkat4242 10 hours ago | root | parent |
They are open sourcing it apparently. At least they promised.
And yes it works fine on windows. I've got one. Haven't tried it on Mac yet though.
mherkender 12 hours ago | prev | next |
This is a great device but I can't imagine giving so much power and control to a closed-source, self-updating device.
smcleod 4 hours ago | root | parent | next |
They opened the standalone unit, assuming this will be also?
theamk 10 hours ago | root | parent | prev |
Hey, billions of people use Windows and Mac OS.
navigate8310 10 hours ago | root | parent |
But billions of people don't use Sipeed NanoKVM that gets an OOBM access to critical infrastructure
wkat4242 10 hours ago | root | parent | next |
Yeah mine is on a non-internet-routed VLAN for that purpose. I access it through my vpn only. It doesn't even have outgoing internet access.
znpy 6 hours ago | root | parent | prev |
many more use closed source kvm solutions built-in into servers, so...
as an homelabber, i'm using HP's iLO on my gen8 microserver for example.
jauntywundrkind 11 hours ago | prev |
Worth mentioning Sophgo (CPU maker here) just got added to US Sanction list for helping China dodge semiconductor sanctions.
Apparently it's the Bitmain cryptominer folk? Nice context from Tom's.
https://www.tomshardware.com/tech-industry/artificial-intell...
Bluestein 39 minutes ago | root | parent |
Worth mentioning also, it apparently has non-configurable (to off) root:root SSH on by default, according to the comments ...
crest 31 minutes ago | next |
One the one hand adding radios (WiFi, LTe) to KVM over IP device sounds tempting on the other hand given the track record of KVM over IP devices it sound terrifying to give them the ability of bypass points of policy enforcement.