closed source? #1
Comments
|
for the curious edit: whoops, forgot
for the first partition |
|
a bit random grepping reveals that at least https://github.com/hodgef/react-simple-keyboard
|
|
We are wondering wheter open or not. |
|
At least, we will open most interfaces/API for images,HID operations, that DIYer can customize their own functions without dig hard into complex bsp sdk. |
|
I make a vote on twitter: https://x.com/SipeedIO/status/1810508366336115192 |
|
thank you for the comprehensive answer and also thanks for creating the poll. |
|
Not using X/Twitter either but wanting to emphasis on the open source aspect -> trust into the device being not equipped with a backdoor. Folks are fine using whatever commercial iKVM solution but once it's open hardware but comes from China they start to worry. Especially residents of the Five Eyes states who are absolutely fine with their governments/agencies spying on everyone on this planet are trained to believe that everything that originates from China must be evil. As such allowing users to build their own firmware image from sources will at least be a try to stop these 'concerns' your KVM device being backdoored by design. |
|
+1 for opensource without X account |
what about open backend(go), close frontend(react)? |
I don't think that will stop people talking about your device being backdoored... |
|
I bought a full and lite through the pre-order to check them out, but without the firmware being open source I do not think this will gain wide traction. I really want this project to be successful as it brings a near order of magnitude cost reduction (and size!) to the ip based KVM world . So take this as my (non X using) vote to work toward open source firmware. |
|
Also +1 on open source. |
|
If it's just for playing around, closed-source is fine, but if it involves projects or production data, then I wouldn't use it [I have already bought one]. |
|
i need HDMI to a monitor as well, is it possible with this hardware? or splitter? |
|
I have the LicheeRV Nano board and am familiar with PiKVM, how can I help you to finish? |
|
I'm waiting for the code to be open source before buying one :) |
I know many downvoted this. But if you’re willing to open source the backend and sell an SDK for enterprises that want to build their own front end anyways and integrate with their own Idps. Not sure. There might be something there |
|
Here's another strategy that can be a win-win for both Sipeed and regular consumers of your product: Commit to releasing it as opensource as soon as you've sold, say, 3000 units (arbitrary amount to be decided by Sipeed). Motivation behind this is:
As it stands right now I'm siding with @M0NsTeRRR's position: if there is no clear commitment to release it as opensource, I'm not interested since I know that sooner or later the binary will be reverse engineered and re-implemented as OSS anyway (plus all the other security and future maintenance related concerns outlined in this issue). EDIT: Current reversing efforts uncover worrying flaws: https://lichtlos.weblog.lol/2024/08/how-to-reverse-the-sipeed-nanokvm-firmware |
|
I bought it first, assuming it was OSS from the beginning. I'm gonna wait for the OSS release. I can see them adding new features to their private fw every few days, but I'd rather very much just use OSS. |
|
I already took some look at LicheeRV-Nano-Build and this is what I found so far:
The middleware should also be open-sourced (by the SoC vendor), it seems to be required for NanoKVM PS: To get a better overview of the hardware related changes, I splitted out opensbi, u-boot and linux, re-based it to the original project git: |
|
I almost finished my research on LicheeRV-Nano-Build and created the branches on forks of existing projects: https://github.com/scpcom/linux/tree/licheervnano-5.10.y https://github.com/scpcom/buildroot/tree/licheervnano-2023.11 https://github.com/scpcom/sophgo-fsbl/tree/licheervnano https://github.com/scpcom/sophgo-build/tree/licheervnano Currently I am locally connecting them together as submodules, I may create and publish a top-level repo next, to make it easier. If you look in the history you can see a replay of the commits to LicheeRV-Nano-Build splitted in to the sub projects. First I needed to find a point on the original project which is close to the current LicheeRV Nano version. Some notes about the content and references to the original projects: buildroot freertos fsbl host-tools linux_5.10 opensbi oss ramdisk u-boot-2021.10 The delta between LicheeRV-Nano-Build and the following repos (also some parts of the others) build middleware middleware/v2/sample/test_mmf (KVM Demo) middleware/v2/sample/test_mmf/media_server-1.0.1 If you add the missing parts you may be able to compile the libs found in |
|
Good reversing writeup on: https://lichtlos.weblog.lol/2024/08/how-to-reverse-the-sipeed-nanokvm-firmware |
|
Here is my version of the Nano-Build repo using the submodules described above: |
|
The frontend was recently open sourced, and the backend will be open sourced when the repository reaches 2k stars or the NanoKVM sells 10k units. See this tweet |
A good start, glad to see that ! |
|
They should open source everything in the first hand and not wait for whatever. I bought one too because I'm interested, but I can understand why people not want to buy it if it's running on closed source. |
|
How am I supposed to trust a device that gives backdoor access to my hardware, without the ability to run or maintain my own operating system or software for it? |
The NanoKVM is based on the LicheeRV Nano. If you want to make your own firmware, feel free, the information is located here. |
|
@polyzium I saw those claims that they tried to port kvmd and related code, which is why I am surprised to see that they have none in their end product. Overall the release process for this thing hasn't been transparent enough for what the product does (provide backdoor access to your hardware). I'm aware of all of the things I can do myself, but I haven't got my hands on the hardware yet, despite applying for the beta boards. I was looking forward to putting NixOS and kvmd on the device, or building open firmware with Nix, for it. |
|
h264 is working with my kvm_vision variant too now. |
|
@scpcom Is it possible that your changes make it upstream to the official firmware/linux (maybe not all changes but the improvements at least), basically into this repository? |
|
I know this will sound quite annoying, but I'm not able to truly understand all the comments and what happened with trying to fully open source the firmware/libraries: if someone buy a NanoKVM today, what kind of things can use/flash onto it to possibly only use open source components? There's still something closed source that must be used? What's the degree of risk using it, eventually? Sorry for this "non technical" question but as everyone else I'm concerned about security of the device, and I'm not able to truly understand (as someone that doesn't have it right now, but plan to buy it if everything matches) the degree of uncertainty/obscurity if I use the device like it is vs what's available as totally open source |
I already created two pull requests in September:
If you use the original sources from Sipeed you have to put them all together yourself, and not all official sources are published yet, you still would require some closed source libs. |
|
Let's talk about the 7 closed source libs remaining. libae.so, libaf.so, libawb.so: responsible for things like gain control If you have a Lichee RV Nano with camera module (a.k.a. MaixCAM) you may want to keep them. Many of the lib symbols are referenced but during runtime of NanoKVM only 3 of them are really used in addition to the (Un)Register functions: I did not want to harm the source code which is referencing ae, af and awb so I created dummy libs that almost do nothing: algo, json-c and miniz is only used in libcvi_bin.so, libcvi_bin_isp.so and libisp.so. On NanoKVM you will see not difference in quality, speed or functionality. Something about licenses: I put my own commits under BSD 3-clause. |
|
Now I took a look at the host-tools. The arm versions are from linaro and can be found here too: The riscv versions are based on Xuantie-900 GNU Toolchain V2.6.1 which can be found here: This contains almost all we need with one exception: T-Head does not seem to offer a repository for the riscv-musl libc submodule. The result can be found here: The scripts work standalone, for example you can copy build-riscv-thead-musl-toolchain.sh to somewhere else and run it there. It will clone all required code before build. |
|
All other pre-built host-tools like genimage are also build from source now, provided by linux, u-boot and buildroot: Building tailscale from source is now also possible with LicheeSG-Nano-Build: You can enable it with: |
|
It's rather sad to compare this botched attempt at open sourcing piece by piece with competitors like JetKVM, which manages to provide the full source code in a single repo. |
It's out of scope from this issue, but i don't see the source code of |
|
As far as I can see the jetkvm repo is just the app (web server) which is similar to the repository here: Can not be used standalone. |
|
From their Kickstarter update:
(Emphasis mine) |
And that is exactly my point. The product already exists and the open source part is still just a lip service. |
For me a kickstarter project like jetkvm is "just a lip service" by design. They may do it better but at this moment we can just guess. |
|
The source code for sipeed kvm_system was added here now: It is build with MaixCDK, if you use my repository you can enable it with: |
|
@scpcom amazing work, really glad someone is picking up here. You mentioned earlier:
But this did not accompany a link ;) Anyway, are you hosting/releasing any images for the nanokvm? I'd like to built it, but the 40+gb disk space requirement makes it a bit hard at the moment ... |
I only mentioned it for the toolchain, which can be found here: |
|
Since I added a new github workflow (inspired by sophgo-sg200x-debian), the build process is fully transparent now and you can download the resulting ready-to-use stable images here: I also started experimenting with Ubuntu (NanoKVM app and HDMI/camera input is already working, but keyboard/mouse control with USB gadget does not work): |
Do these work with the NanoKVM PCIe model, i.e. does your release include the updates in the official 1.3.0 release? |
|
It contains
The settings of the PCIe version are done by the init.d scripts (/etc/init.d/S15kvmhwd and more) which are also included. I do have a NanoKVM Lite and NanoKVM Full (Cube) for testing. |
Tried your latest build, initially I thought HDMI capture wasn't working on the nanokvm-pcie but I swapped from H264 to MJPEG and it sprung into life. On H264 I initially get the test-pattern of coloured stripes then when swapping back from MJPEG the site is stuck at "loading" with spinning dots. |
On NanoKVM Cube I can switch from H264 to MJPEG and vice versa without a problem. The only relevant difference between H264 and MJEPG is: MJPEG needs much more CPU on the client hardware (web browser) side. |
Thanks for getting a device to check, this device is powered via PoE as I haven't put it into a chassis yet. Don't think power is an issue as the PoE readout was well under 10W of draw, I think it was only using 3 or 4W. |
|
There is some update on the originial NanoKVM app: Update on my variant: Before we had 75M ION memory and about 160M for the OS. I also removed the use of the old pre-built libcvi_bin_isp, it is built from source too now. On the Debian/Ubuntu image NanoKVM is fully functional too now (as far as I tested), including:
PS: I can confirm that sometimes you get no picture on NanoKVM PCIe after login, but this also happend on the original image before I installed my on. On my images it always helped to move the mouse over the test pattern and the picture showed up. |
|
All the code is now open-source. And this issue is closed. We'll be adding more documentation and build scripts in the near future. For any other matters, please feel free to open a new issue for discussion. |
and others
interesting device, found it via https://www.cnx-software.com/2024/07/08/20-nanokvm-is-a-tiny-low-power-risc-v-kvm-over-ip-solution/#comments
but are you really planning to keep it closed source?
edit: finally ordered one 2 month later :)
The text was updated successfully, but these errors were encountered: