Security – Machdyne

Posted on May 15, 2025May 15, 2025 by machdyne

Build a Trusted Network with Klinge

Klinge is an FPGA-based blade server suitable for building trusted networks. Klinge is especially suitable for this because its SOC/CPU is completely auditable and can be built and updated using 100% open-source software.

This post is a quick guide for setting up a private trusted network using two Klinge servers and a 5-port switch. This guide assumes you’re using Kakao Linux. Check out our Half10 repo for a 3D-printable rack system.

The network will look like this:

[ Internet ]
  |
[ Router / LAN (untrusted) ]
  |
[ Klinge #1 - DMZ (semi-trusted) ]
  |
[ Klinge #2 - Perimeter (trusted) ]
  |
[ 5-port switch - Trusted LAN ]

In this setup the perimeter can act as a firewall limiting or completely excluding traffic from the DMZ to the trusted network.

Here are the benefits of this setup according to ChatGPT:

Feature	One Server	Two Servers
Security Zones	Single, flat	Clearly separated (DMZ vs LAN)
Defense-in-Depth	No	Yes
Exposure Management	High	Minimized
Compromise Containment	Poor	Better (breach isolation)
Policy Granularity	Limited	Fine-grained control
Service Isolation	Minimal	Strong

Configuration

Connecting the Ethernet cables is straightforward. The eth0 port on Klinge #1 connects to your existing LAN and the eth1 port connects to the eth0 port of Klinge #2. The eth1 port of Klinge #2 connects to the 5-port switch, which is the trusted network.

Configuring Klinge #1 (DMZ):

# enable ip forwarding
$ cat net.ipv4.ip_forward=1 >> /etc/sysctl.conf
$ sysctl -p

# edit /etc/network/interfaces:
auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
address 10.10.10.1
netmask 255.255.255.0

Configuring Klinge #2 (Perimeter):

# edit /etc/network/interfaces:
auto eth0
iface eth0 inet static
address 10.10.10.2
netmask 255.255.255.0

auto eth1
iface eth1 inet static
address 10.20.0.1
netmask 255.255.0.0

# to configure DHCP on the trusted LAN, edit /etc/dnsmasq.conf:
interface=eth1
dhcp-range=10.20.0.100,10.20.0.199,12h
dhcp-option=6,10.20.0.1

# to use this server as the nameserver, edit /etc/resolv.conf:
nameserver ::1
nameserver 127.0.0.1

# to set hostnames for static IPs, edit /etc/hosts:
127.0.0.1 localhost
10.20.0.1 perimeter
10.20.0.80 my-laptop

Here’s an example of a similar setup in a 10″ rack used by Grai for a long-term storage solution based on Ebenstahl:

Thanks for reading.

Posted on November 15, 2024August 11, 2025 by machdyne

Zwölf Microcontroller Platform

Zwölf is an open microcontroller platform for simple embedded applications that require long-term data retention and/or long-term functionality.

Zwölf modules are available in a versatile package that can be soldered surface mount, through-hole (DIP-12) or used as a removable module with a DIP socket or spring contacts. The modules are also compatible with 6-pin PMOD sockets.

While the modules are built with a variety of MCUs, FPGAs and memories from various vendors, each module is partially pin-compatible and implements the same code-compatible stack-based CPU and a common interface for control and programming.

Zwölf is still under development, for more information please contact us or join the discussion on our BBS.

Tools

Spielplatz is a evaluation/development board.
Wolfsjunge is a minimal controller/programmer.
Wolfshöhle is a minimal breakout/host board with 16 digital GPIOs.
Tunken is a 12-pin DIP to spring socket adapter.
Wolfszahn is a 6-pin SIP to spring socket adapter.
Wolfsfeld is a stand-alone FPGA-based handheld computer that can emulate and program Zwölf modules.

Resources

Zwölf GitHub repo

Zwölf Family Roadmap

Device	Controller	Memory	Potential Lifespan¹	Data Retention	Cost
LS0x	MCU	OTP + EEPROM	5+ years	100-200 years	Low
LS1x	MCU	Flash + FRAM	5-20 years	200 years	Higher
LS2x	FPGA	Flash + FRAM	20-100 years	200 years	Highest
LS3x	MCU	FRAM	100 years	200 years	Higher
LS5x	Custom silicon	FRAM/EEPROM	100 years	100-200 years	Low

¹ Potential lifespan is an estimate of how long the device could potentially operate under ideal conditions.

Posted on October 30, 2023 by machdyne

Freedom of Thought

Deep thinking often requires writing. The writing down of thoughts can be affected by perceived privacy. Thus, the erosion of perceived privacy may reduce the capacity for deep thought.

I’ve always been interested in writing. I believe that in order to write interesting things, you can’t censor yourself, you have to write the first thought that pops into your mind. For me at least, this process requires privacy, because you’re putting down drafts of personal, unpolished thoughts, some of which you disagree with, and some you might find embarrassing, offensive or ridiculous and wouldn’t want others reading.

Over the years my perception of privacy while writing has diminished as computers have become more complex. I had essentially given up on the belief that any privacy existed when using a computer. Today, even the most advanced and security conscious users can’t be completely certain that they have total privacy.

This is a big part of what set me on the mission of creating computers that I could understand and trust at all levels. The computers that we’re making are simple enough to understand and even their CPUs can be audited. My hope is that these computers can help to restore, at least, perceived privacy, and potentially unleash more freedom of thought.

The computer itself isn’t the only threat vector, there is also the input and output devices. These are also difficult challenges but we hope to eventually offer solutions for them as well.

You can follow us on X and GitHub for the latest updates.