This is rather misleading. The RTL8366 pictured in the tweet doesn't have an 8051 in it which is why it's absent from the datasheet. I don't see anything in this thread that contradicts this. The RTL8367 does have an 8051 in it, and it is covered in the datasheet. As near as I can tell this entire claim is based on reading a RTL8366 datasheet when the part in question was a RTL8367.
I'm not seeing anything nefarious here at all, the RTL8367 is designed for 'smart switches', the 8051 is there to run the webUI. In general, 8051s are _everywhere_, it's one of the most used IP cores in the world. I'd bet the average household has a a few dozen of them in various devises.
EDIT: Looking through some older tweets from the same author, I think the claim is based on pinout similarities between the RTL8366 and the RTL8367. My guess would be that these two parts are the same die and the RTL8366 parts are the ones where a defect was found in the CPU core which would be a likely source of manufacturing defects.
I've used similar parts, like bluetooth transceivers, where there are two SKUs: one is a cheaper commodity part and comes with built-in firmware.
The other more expensive part allows for modifiable firmware (and, thus, exposes the processor inside). My cynical POV is that the chipmaker knows they'll be spending more internally on SDK development/support and field rep time. So that needs to be recaptured in the cost of the part.
It is expensive to tape out a different chip. As 8051 originally was about 50000 transistors that’s peanuts nowadays.
Likely cheaper to manufacture a single chip and do market segmentation via software than manufacture two if the savings are measly (let’s assume 16nm process) 1/500 mm^2 per chip.
It's not so much the 'core' as the memory. For example it looks like the RTL8367 has 16KB of program memory, 32KB of data memory, 256bytes of SRAM and a 12KB nic buffer. These memory cells will make up the bulk of the transistors in the 8051 part of the chip and tend to be points of manufacturing failure. In many cases the chip would be designed with more memory than it needs under the assumption there will always be a few failures. So if you need 16KB, you design in 18KB and turn off the rows/banks that fail or test as the worst. If too many fail you sell it as next memory size down, or in this case you zap a couple fuses and sell it as the part without an MCU on board. Of course this doesn't always work, sometimes you need more of the non-perfect parts than you have to fill orders so you just zap the fuses anyway.
I think these are actually built on 150nm process. Using a modern process like 16nm would command some hefty premiums, and some redesign work. This is what old fabs end up manufacturing: high volume, low cost ICs.
But you're right about the rest. The segmentation is achieved with fuses and firmware.
Intel only taps out about three different dies per generation line I believe. For example the Skylake-SP line just has LCC, HCC and XCC dies, and the the whole multitude of their product line comes from those three.
There are also chips that support two different feature sets via a mode pin, but instead of documenting the mode pin, the modes are sold as separate products with the mode pin simply labeled as Vcc/ground/NC.
> My cynical POV is that the chipmaker knows they'll be spending more
I don't even see the cynicism. But, in any case, most people would probably consider the standard business school price finding advice to be more cynical: costs are a lower limit only. Beyond that, only the customer's willingness to pay is relevant.
Airline fares are good examples, or any of the food products being sold branded as well as unbranded/store-brand/generic/white label versions.
It’s probably just cheaper to include the 8051 in every part and disable it for people who have bought the cheaper part. The way that some Teslas are range handicapped and can be upgraded over the air and given out for free during emergencies.
Back in the day my father was a service tech for NCR retail systems. For one of the lines they shipped out every system fully loaded with ram and disk - however how much their customers got to use depended on jumper configurations which the service techs would set and verify. I think IBM does the same thing with their mainframes - they ship out fully loaded but you can only use what you pay for, the rest is used as hot stand-by for hardware failures.
The company I now work for does something similar. We sell our product at what is essentially max capacity, capping memory/disk space/CPU per the contract. When the customer needs the extra capacity or wishes to upgrade, all that’s required is some settings changes and a restart.
I remember someone telling me that the printer in my primary school was only a black printer. When they wanted to upgrade to colour, a technician came down and flipped a dip switch
Former NCR tech here. I can confirm the parent’s comment - we’d routinely have to validate/ensure jumpers based on entitlement. As for recovery, I worked for NCR once they regained their independence from ATT and they were still running themselves into the ground. By the time I left (around the era of the 7878) things improved slightly.
It certainly feels ethically questionable from a certain perspective. But we can look at it in a specific way. We want pricing to be fair. A typical customer's perspective of a fair price is that is should approximate the unit cost of production plus the up front development cost of a product amortized over units. In this view fairness, if a family of widgets all have the same hardware, and use the same based software to enable or disable different features, they should all have the same price.
However, there's another view of fairness (or maybe just a desirable feature of the markey). It should be possible for a customer to purchase only the features required to meet their requirements, and that they should be able to spend less money on less features.
Those two views of fairness can be in contradiction with each other.
The ability of a company to be able to provide a family of products at a variety of feature and price points cheaply is aided by their ability to do software based control of features. Use of a single physical platform reduces cost (which aids the final customer). If a company had to price everything at a single feature/price point, the average customer will see an increase in price to pay for features they do not want.
Anyhow, that's the argument. Still feels icky though.
Because then no one would buy the more expensive, higher margin car, purchases of which are indirectly subsidizing the cheaper one. This would push its price up.
The alternative is to design a car with a smaller battery pack. This would mean additional design work, and less efficiencies of scale. This would make the cost of both tiers of car go up.
I understand this, but it's shifty because they already sold a physical good at a certain cost at an agreed upon price. If they can't stand to offer the thing they already sold at a price they already got paid then maybe they should charge more.
The way this is phrased it's
just differing margins for the same physical good and no additional cost for the manufacturer to justify a higher price. (Not sure if this is an accurate assessment, but that is what I get from the comment.)
Suppose that once r&d is considered, two chips (single/dual core) cost roughly the same to manufacture.
I could sell everyone the 2 core processor and say sorry to customers needing less, you have to pay full price. Or I could maximize the market I can sell to, and offer the same product with a burned out pin that locks out the second core. Or even better, sell everyone a soft upgradable 1 core, so you buy the entry level product, and when/if you need it, you can buy into the upmarket model.
But the important part here is: ignoring r&d. Yes, the hardware I'm selling you could do more, but you're subsidizing fewer engineers, so you only get access to their efforts, not every effort my company has ever produced.
I don't need another over-explanation of such justifications. I referenced the phenomenon in CPUs elsewhere in this thread.
This part:
> Or even better, sell everyone a soft upgradable 1 core, so you buy the entry level product, and when/if you need it, you can buy into the upmarket model
... is still one that I would have trouble with, were I the manufacturer. I would be inclined to throw away profits on high end sales and price them all low for these scenarios, based on my desire to be fair to the customer and not run the thing like a casino with physically dubious upsells for what they already purchased. Yes you read that right. This is one reason why I am not in a position to be running Intel.
Let’s take this way of thinking to the field of software, where every additional license sold has essentially zero cost.
Are software companies allowed to charge a price for their free-to-produce products at all?
If they are, how would you justify that?
And why would that justification not apply to CPU vendors, if they’d label their hardware as freebies where you’re just paying for a perpetual license?
Software is not a physical good in the same way a CPU or a car is. Also, as you seem to acknowledge, when you purchase software, you are technically acquiring a license. Remove for a moment that this is controversial for some (see FSF). I think it would be a tougher sell to say when you buy a car or a piece of silicon that you don't own it. (There is firmware and microcode, sure.)
What about software that comes with a license key dongle? Now you're buying hardware as well. :-)
> Also, as you seem to acknowledge, when you purchase software, you are technically acquiring a license.
That's really just semantics.
When you buy a mainframe with some CPUs disabled, you're not only buying the hardware, you're also buying a license for the OS, which includes the ability to use a certain number of CPUs of the machine.
You're commenting earlier that you'd price the higher SKU the same as the lower SKU, but I think it's just as likely that you'd simply not make a higher SKU because there'd be no extra profit in doing so.
It may seem perverse that hardware is being sold with capabilities deliberately crippled, but doing so if often one of the only ways to justify developing these higher SKU capabilities to begin with. This kind of product differentiation makes it possible for customers to buy a higher SKUs that otherwise simply wouldn't exist.
If they can't stand to offer the thing they already sold at a price they already got paid then maybe they should charge more.
This, I think, is the crux of the matter.
Yes, they could just offer one model, at a price point somewhere between the two different models. However, now some customers who were happy with the lower-end model are priced entirely out of the market, which is bad both for those customers and the seller. Balancing that, customers for the higher-end version have paid less (good for them) and some new customers will have entered the market because the new features/price-point is attractive to them (good for them and the seller).
It's not obvious which of these will dominate (so whether everyone is net better off or not), but in the absence of any hard data relying on the self-interest of the seller to maximise their own benefit seems reasonable here.
For chips, it’s possible for a chip to go through the production process, but have a defect in part of it. When that happens, the manufacturer disabled access to that part, and sells it as a lower-capability product.
On the other hand, if everything came out good, then the manufacturer sells the part as the high-end product.
Yeah, I thought of when I first followed overclocking in the late 90s, and Intel had a reputation for selling artificially slow chips in those circles. But in that case rating the appropriate clock is a subjective exercise, and they don't want the part to start failing if pushed to its limits. GP here made it sound like it was rather more harmless in this case, not sure if that is a mistaken impression of mine or what.
Unless demand for the less expensive part exceeds the defect rate.
AMD CPUs, especially the 3-core parts, were often unlockable by re-enabling the disabled cores in BIOS. Lucky buyers could get 4 cores for the price of 3.
I'd agree, but there's little reason to speculate. If you can't run it (disabled by fuses), I'm not sure it matters... if you want to confirm the silicon presence, then a little concentrated sulfuric acid to take the package off, and just a 100x microscope and you'll be able to see the memories for the uP.
A strange accusation without proof.
Fair warning I can't open the Tweet, Twitter is blocking me... or maybe I uBlock them? so I'm making a statement in similar unsupported ignorance.
It's good to remember that things end up on HN because random people post them here, not because their original authors want them here. HN is not, as a rule, good at keeping this in mind, and tends to treat anything that lands on HN as if it was part of a discussion they are (1) a part of and (2) welcome to participate directly in.
I think it's in fact super healthy for people to set clear boundaries about how they engage with this place, and "this Twitter thread was not posted as a solicitation for an HN thread, or for HN people to jump onto my TL" is a very sane boundary indeed.
That people read this kind of boundary drawing as "hatred" is itself a good illustration of the issue!
Having made (what I thought were polite) comments on Reddit only to get down-voted into oblivion, I agree that HN has one of the most thoughtful and respectful communities I've participated in.
In my experience, it's pretty easy to misjudge the expected overall level and style of politeness in a given social space. Many people were raised with the idea of politeness being a safe default, but in some spaces being too polite can come off as aloof or condescending.
There have been a number of HN threads that have become quite, er, hostile or toxic in the past. The most recent example of this would the comment thread for this article: "Richard M. Stallman resigns" (https://news.ycombinator.com/item?id=20990583)
HN has a lot of smart people. People don't like being fact checked, especially when they believe they discovered something significant until experts show it was a basic misunderstanding.
This is the cannonical example of why HN gets it wrong. You really are not an expert in 99.99% of the topics on HN, so having this kind of holier than thou attitude is just really obnoxious.
And this is the canonical example of why Twitter gets it wrong :)
I'm not talking about myself. Never even remotely implied it.
HN is filled with the 0.1% that truly are experts on individual topics. You'll find people that wrote papers on quantum mechanics chiming in on QM discussions, people with decades of RF HW experience correcting those 5Ghz conspiracies, start-up founders jumping in on discussions, and (in this case) people that can read spec sheets and understand how systems like these are built and programmed.
No one's an expert on much, but plenty are experts on something. Twitter's often too shallow to even entertain the possibility of being wrong.
If you post something to the public internet, you cannot control where it ends up. If that is a problem for you, then you should probably not post on a non-private social media account. That doesn’t negate their right to delete their post after, of course, like this guy has done. Just can’t expect that nobody saw it or screenshotted it or whatever.
There's a wide chasm between good manners and legality. Don't get offended when your actions offend people. At best, it's hypocritical. Said differently: the legality of complaining about people being rude is already established. It isn't even slander/libel if you weren't actually rude, because being rude isn't a crime.
It's quite simple: Whitequark deleted the thread because there is a portion of users/readers on HN that are toxic and/or hostile. People don't want to deal with that type of traffic blowing up their Twitter notification feed.
Wow! I just went back some 20+ years ago going through 8051 instruction set while at the University. It's amazing how versatile and useful it still is.
A lot of devices use these simple microprocessors to do general management and talk to low speed buses
I remember in the times of region locked DVD players, some device hacks targeted the same processor inside the DVD player unit (I'm talking about the IDE/SATA drive, not the whole player)
I actually have a switch (TP-Link TL-SG105E "Easy Smart") that runs a whole Web UI on that built in CPU. It's quite neat, as the switch is 20$ yet has some "smart"-esque features :)
A reply in the twitter thread makes the most sense to me: "Interesting! I can imagine this being used to generate & monitor traffic for factory test."
That would make verification much easier and also explain why it's undocumented. Of course if there's a way for testers to use it, there's potentially a way for others to use it as well.
I see it like debug statements in code. If the only access you have to a function is from the inputs and returns, it's difficult to see where the issue lies when the return value is wrong. Having an internally accessible layer of I/O lets you bypass certain areas or get values at different steps to determine root cause. Could be useful for firmware testing, fixing ones that fail a normal test, and RMA's.
You would want to leave the circuitry in place for production because it's largely unnoticeable and changing it could introduce bugs.
>so apparently most unmanaged switches have a 8051 connected to the switch fabric inside.
would it occur to you that pretty much any switch on your network could be monitoring or injecting traffic? sure would not to me
>i wasn't previously aware that it's possible (it does makes sense i guess? doing switching entirely in gateware is more risky), and it's an absolutely incredible placement for a near-undetectable implant
The core is simple, small, cheap or even free, requires few resources, has plenty of tool support, is well-understood and well-documented, and is easy to debug and deploy. The 8051 is perfectly sufficient for many simple embedded applications that only require an 8-bit micro.
It's the instruction set that has been retained, not the silicon design. The variants these days are more power-efficient and powerful in terms of MIPS and peripherals, and have indeed benefited from years of R&D.
Yes but it's a bitch to program, multiple memory hierarchies and address spaces (at least 3), only one index register (hard to move stuff), and enough variants that "8051" is more of a species definition than of a particular architecture
(disclaimer: I sell an 8051 based product, have sold them in the past - never again)
Well, it's not as if we're using old stock 80xx chips. They're being laid out on modern foundry processes, AFAIK. With that comes most of the power efficiency.
So much about how processor design has evolved isn't about stuff we've learned, it's about how moore's law has allowed us to have more gates for the same cost, and "what is the best use of all these new gates". 8051s are still pretty competitive in their gate count niche.
It's sort of like how MIPS never really got a lot of traction outside of 5ish stage, in order, optional FPU designs. That's ultimately the gate count niche where they're still competitive.
It's an embedded application - if the core does the job exactly what it is intended to be, why upgrade? What do you expect more from an eth chip when it already provide full 1gbps capabilities? In other words, there is no room to be better. It could be more power efficient but it is alway efficient enough. Also changing the core will cost a huge amount of money as it needs to change the production line.
Using more recent tech such as ARM isn't always cheaper or better.
These 8/16bit cores are rarely used for the main function of the device. They often exist as a general purpose controller to glue together random logic. For example, they might implement the logic that makes the LED be blue when the device is on, and flash blue when the power button is held for 3 seconds, and then trigger a power off when held for 10 seconds (or whatever).
They sometimes might even exist along side of a fully 32bit ARM micro.
Yes. If only because ARM cores mean you need to pay a licensing fee, often times, whereas the 8051, 6502, etc, tend to have significantly better royalty agreements (in my understanding). Also, like the other post says, these aren't used for huge computational uses, it's more for really really basic stuff.
You'd be amazed at the amount of chips that have an 8051 in them...
That's a naive statement that presumes the design used today is mostly similar to the 40 year old design.
Even if it was the exact same circuit design, that's only a small part of what makes a processor and negates all of the advancements in chemistry, lithography, engineering, and everything thing else that goes into manufacturing a chip.
It's like saying "why are we still using scissors|staplers|brushed electric motors|internal combustion engines?"
What are the viable alternatives for every use case we currently use ICEs for?
Speaking as a member of a 2 electric car family, I can tell you the current EVs are not 100% replacements for ICE vehicles.
200+ mile EVs can easily supplant ICE vehicles in almost all use cases but they're still more expensive than the average selling price of a new car in the US. That says nothing about the used car market.
It’s fun when you find the firmware on periferals like this.
Did you know the processor in the b43 network cards use this really weird architecture developed by the company that made the backplane? It also doesn’t actually handle the radio baseband, that’s done entirely in hardware (If my reading of the firmware is correct.) Which makes me wonder why having more open source WiFi card firmware is rare, I guess it still handles calibration and some other things that you could use to intentionally make the card misbehave but it’s a lot more limited than I expected.
A few weeks back, I was working on trying to patch a BSD driver for another Realtek product (a wireless network adapter) and their were a handful of comments / source reference mentioning "8051". I assumed this to be the microcontroller and, out of curiosity, attempted to disassemble the provided firmware binaries, sadly to no avail.
Does realtek publish their documentation on products publicly? I found it interesting that the author of the tweet has, for example, a pinout.
No, they don't, and they usually don't answer to emails asking for it.
You may be lucky finding it at pudn.com or other datasheet-sharing websites, but not officially from them.
It's common with a lot of Chinese companies; they won't answer requests for datasheets, yet you can find them "leaked" elsewhere and they're not really bothered by it.
I suspect it's more of a "we're not interested in answering your questions, which you will certainly have if we give you a datasheet directly" than any real concern over IP.
Tweets make bad HN posts; not only because they disappear, but they're too short to have all the details, they don't capture a whole conversation, when they do it's disjointed and in pieces, people jump to conclusions, etc.
Also I got pinged by like a dozen different HN bots, because each time any of them tweets a link, Twitter thinks it's a quote-tweet and sends a notification. Annoying.
Old D-Link DGS-1008D switches with Vitesse chipsets also have a built-in 8051 for firmware (but only 8KB SPI flash loaded into 8KB of embedded RAM, so pretty useless). I think it's mostly used for the cable test when powering on the switch.
It's a documented part, the OP was just confusing two different parts/part revisions.
The paranoid would say "it's a hidden backdoor for running shady code". However, anyone with even a passing interest in embedded computing would recognize that it's designed to store and run official firmware; nothing shady or underhanded about it.
So in short, in this particular instance it's much ado about nothing.
The hardware doesn't care what it was designed for; it does what it's told. It is extremely plausible that capabilities which exist for testing purposes can also be exploited for running malware.
Correct, but the implication in the tweet was that it was secretly embedded by the manufacturer for nefarious purposes. The Twitter OP jumped to paranoid conclusions in part because of their obvious lack of understanding of even simple embedded hardware concepts.
You can kill someone with a hammer, but that doesn't mean the hammer was designed for killing.
Two different parts build using same silicon. Standard industry practice. ESP8266 started its life as a slave SDIO network card with undocumented master mode.
I'm not seeing anything nefarious here at all, the RTL8367 is designed for 'smart switches', the 8051 is there to run the webUI. In general, 8051s are _everywhere_, it's one of the most used IP cores in the world. I'd bet the average household has a a few dozen of them in various devises.
EDIT: Looking through some older tweets from the same author, I think the claim is based on pinout similarities between the RTL8366 and the RTL8367. My guess would be that these two parts are the same die and the RTL8366 parts are the ones where a defect was found in the CPU core which would be a likely source of manufacturing defects.