It’s almost over. I have to get my thesis signed, take a final, and give a demo and then that’ll be it. Degree #2 will be in my hands and I can begin the process of… well I’ll tell that story later.

I’ve been able to get practically nothing done on personal projects this year. I did manage to do some work with ACRIS and lpctrl to build an interface that would let me control my lighting system with my Novation Launchpad. I used this for a performance for MIT’s annual Steer Roast. I’ll do a demo video for this at some point soon. It was pretty cool, although I ran into some latency and crashing issues.

But I don’t want to talk about that either. I want to talk about the beat tracker I built and what it taught me about Bluespec. As I had posted before, I got it working a while ago and have been tweaking it a bit since then to make it work better. It figures out the tempo of most tracks pretty well, but there are some serious problems with the design and they all stem from the beat classifier module, i.e. the module that reports when it thought it detected a beat. First, it’s not very accurate — it should be using the variance of energies to determine how much higher the most recent energy has to be compared to the average energy. Secondly, it doesn’t report on how confident it thought it saw a beat. This is important because it should dictate how much the metronomes adjust their own phase.

I’m going to post a demo video up soon.

I made this project for Arvind’s Bluespec class, 6.375. Arvind was the professor whose grad student originally came up with the idea for Bluespec. The class had a bunch of labs where you’d learn different advantages of Bluespec over traditional hardware design. Theoretically, you’d do these labs, discover how magical this new programming paradigm is, and use it forever after for all your hardware design needs.

Now, don’t get me wrong. There’s some stuff that Bluespec does right. Or at least, there’s some stuff that the Bluespec developers have thought about that I think was good for them to think about. For example, Bluespec makes it easy to build complex state machines and circular pipelines using properly crafted rules. It features some nice libraries for manipulating numbers. But it doesn’t take these far enough. I had some thoughts with regard to developing a new language that would make it easy for developers to create their own number systems by specifying different attributes or capabilities (saturating vs. non-saturating arithmetic, unsigned vs. two’s complement vs. one’s complement vs. Gray coding number representation, etc.) One of these days, I’ll try to expand on that underlying idea to see if it’s actually useful… I think it will be.

Bluespec is great for prototyping and simulating your ideas — it allows you to produce a lot of hardware very fast and play around with subtle configuration changes. It makes producing a gold-standard, bit-accurate model really easy. This does not, however, mean that Bluespec is good for producing an actually implementable design. Something occurred to me while I was watching the other students in the group present on their project results: Bluespec adds a lot of overhead because it deceives people into thinking how much or little hardware a given portion of their design might produce.

For example, it’s pretty easy to make a FIFO in Bluespec. Do you want a FIFO? Easy, just mkFIFO(). But what does that actually produce? Well, it draws upon a 150-line verilog file corresponding to a FIFO of depth 1 (larger FIFOs are chained together, I think). And this file actually produces an enormous amount of hardware. But, it does make producing a nice pipeline much easier.

Most students in the class took an existing algorithm that solved some problem (like image compression, flow analysis, etc.), re-implemented it in Bluespec, and tested it on an FPGA to see if their results were actually accelerated. The interface that most students to push data onto and pull data off of the FPGA used was called SCE-MI; we had used this framework a few times during the class. But, it’s not really suitable for a lot of applications due to bandwidth and latency limitations.

It’s just… ugh, SO MUCH STUFF when the designs don’t have to be so large.

And it showed in the students’ results. Most students found while they achieved correctness, they got little to no actual speed-up. I also realized that most students in the class were algorithms/comp sci people and I was more or less the only hardware person in the group. It seemed like a lot of those people drew incorrect conclusions about hardware design being inefficient and not worth it. I just wanted to keep yelling “no, it’s Bluespec, I swear!”

I was the only one who had a live demo at the presentations. I was even lucky in a sense; I ran out of time to do a lot of the more complicated things that I wanted to do because it just took me forever to figure out how the hell Bluespec does things. For example, it turns out that their FixedPoint library makes some strange choices in its arithmetic library that make it impossible to do what I want it to do. Since my project also sat on a measly Spartan 3A FPGA, it was also hard to meet timing and resource constraints. In my talk, I kind of ripped on a few parts about BlueSpec that I really didn’t like and then later realized that Arvind had invited Bluespec engineers to the presentations. Oops.

They were actually surprised that I managed to get Bluespec to compile to a verilog module and include it in a VHDL project. Apparently that’s very rare. But to me, that’s probably the best way to use it: design optimized hardware with VHDL or verilog and then include the parts of your design that are complicated but not yet optimized (i.e. the Bluespec components). Then, as you optimize each of those modules, you can replace the Bluespec modules with low-level ones.

I think the summary here is this. At the beginning of the class, Arvind made the analogy that verilog is to Bluespec as assembly is to Java. I agree with this. Bluespec abstracts away a lot of low-level language features just as Java does to assembly; it makes accessing some of those low-level features possible, but inconvenient. The second part of his argument is that nowadays, we don’t care about how many registers our CPUs have if we write in Java, but we can still produce code that does things in a reasonable amount of time thanks to the fact that the tools that translate what we design into something machines understand are very good. I do not believe that this same philosophy ports to hardware. Hardware design is very different than software design. The reason this argument doesn’t hold in my opinion is that for the vast majority of hardware design cases, you are going to be pushing the very limits of what the hardware has available. In fact, given that microprocessors are getting better and encroaching on territories that FPGAs typically held, the remaining territories are areas where you’re trying to do super-optimized stuff. That doesn’t happen in software. In software, the majority of the use cases make it good enough to use a high level abstraction to accomplish things. In hardware, the majority of the use cases necessitate that you do a lot of low-level optimization. This is the fundamental fallacy of Bluespec, in my opinion — it does not properly reveal lower-level techniques for optimization.

Nevertheless, I had a lot of fun in this class and I learned a lot. My work with Bluespec really got me thinking about how I could design a hardware description language that could utilize some of the philosophies of cleanly defining state transitions and coming up with a better way of handling the translation between numeric representations.

In times like these where I’m taking two oh-shit-this-is-turning-out-to-be-more-work-than-I-thought-it-would-be classes while trying to finish an arguably overly-long-winded thesis (I’ve got like 3 of the 7 chapters to go and I’m already at almost 80 pages and like a quarter of the amount of figures I plan to include), yes, in times like these, I call upon every brain cell to stay focused to the tasks at hand so that I can make it through this semester while retaining at least a decent portion of what little sanity I still have.

And what does my brain do? But of course, it can’t stay focused on a single goddamn thing. Awesome. Instead, I seem to be coming up with ideas for new side projects, taking on more tasks and stuff that I know I will have little time for, and just generally struggling to keep my head on straight for a few hours.

I’ve been pretty good lately. I’ve been generally keeping up with 6.302, an analog feedback class that I decided to take to try to push myself out of my comfort zone a little bit. And as much as Bluespec makes my brain hurt when I try to write it, I seem to be making at least some progress on my final project for 6.375. And my thesis, well it’s getting there.

Except that for the past few hours, I seem to be gripped by the idea of a high security swiss army knife of sorts to protect important data. I basically saw a way to combine two previous project ideas (secure password storage and two-factor authentication dongles) under one master framework that, as best it can, balances personal security with convenience.

Here’s the idea in a nutshell. There are a series of modules, each with some function (like displaying a two-factor auth code or providing a secure key via mass storage or whatever). Some may be self-powered, but they don’t have to be. Each module has an RFID base station transciever chip on it that can talk to a challenge-response RFID transponder (I was originally looking at the TK5561 chip from Atmel, but they appear to be phasing out in favor of their 13MHz cousins). In order to use the module after it’s been powered up, you need to wave your RFID transponder tag over it. This will provide a key to the module which will decrypt sensitive data and unlock the module for use. When power is removed from the module, it is effectively automatically locked again. If the RFID transponder is destroyed, then the modules are basically rendered useless.

Oh yeah, that brings me to my next point. They all have some common interface to a computer so that they can be configured with the appropriate keys and so forth. In order to be able to configure a module after it’s built, I was thinking of having a limited password system. So, the user has like 5 tries to enter the correct maintenance password and if they fail, the device will lock forever and nothing short of uncapping the chip and flipping bits will do anything.

The primary use case in my mind is a hardware equivalent of the Iron Key. The Iron Key system is not my favorite because it requires the user to run a program on the host computer to unlock the drive before they can access it. I believe that the threat model they’re trying to fight is just the simple “oh shit, I dropped my flash drive somewhere between my office and the parking lot” and not trying to fight cases of malware on a given computer they might plug the drive into.

But the thing that bothers me is that I don’t want to have to run a program and type in a potentially weak password in order to be able to mount the drive; I’d rather have a hardware solution. RFID is perfect for this. Plug the module in, wave your hand over it, and the module unlocks and appears as a flash drive on your computer. I was thinking of implementing this with something like an ATMEGA32U4 with LUFA and a flash chip. The flash chip would hold some encrypted data and the AVR would essentially act as a USB storage driver that decrypts the flash data on demand as it flows.

We’re not talking a very big or fast drive here — a few megabytes at most and probably slow as hell. But that’s okay. I would mainly use this device for storing things like private certificates that themselves are used to encrypt and decrypt large blocks of data on the computer itself.

The second module I’d like to implement would be a device capable of performing Google’s two-factor authentication scheme. Their spec is published right now (it’s a pretty standard 2FA algo) and it’s not too hard to implement on an AVR (someone even did it on an old PocketStation device. My version would probably just use LEDs to display the decimal digits in binary., but yeah, same deal: press a button to fire it up and wave your RFID over it to get the unlock code.

I was thinking of putting the magical RFID transponder that unlocks everything onto my watch or something somehow; i.e. attach it to something that I simply never let out of my sight.

I think this approach is fairly secure, which is why I call it not-quite-tinfoil-hat-grade. It doesn’t handle cases where the machine you may be trying to use your module on itself is compromised, but I don’t intend to use it for that purpose. I’m only going to use them on trusted systems.

Maybe I can even figure out how to make a really large and decently fast flash drive so that I could run an entire VM from it. That’d be cool.

Woo paranoia! All this just to secure a couple of bank and email passwords. Overkill simply isn’t in my vocabulary.

I use port knocking on my most sensitive systems. “Security through obscurity doesn’t work yadda yadda” aside, I think it’s a pretty effective way to hide ports from being open all the time.

Previously, I had written a shell script that invoked nmap to do the job for me, but I wanted to streamline it, make it faster, and more generic. So, I wrote knocker, a configurable port knocking tool.

Basically, you give it the following info (either in a ~/.knocker config file or on the command line):

• target host
• target port to open
• command to run after opening
• open knock sequence
• close knock sequence

It then checks to see if the target port is already open. If it isn’t, it knocks the open sequence. It runs whatever command you want and then knocks the close sequence.

There are plenty of ways it can be improved, but it’s working happily for me right now.

I’d like to write a knock server (right now, I use knockd) that uses one-time authentication to cycle through sequences of ports, either as a time-based or counter-based system. Then, replay attacks are next to impossible!