Provenance and trust are relevant for a remote KVM.
But I can't find any information on their Web site about who runs the JetKVM company, not even a partial name or handle of anyone, nor even what country they are in. Which seems odd for how much this product needs to be trusted.
Searching elsewhere, other than the company Web site... Crunchbase for JetKVM shows 2 people, who it says are based in Berlin, and who also share a principal company, BuildJet, which Crunchbase says is based in Estonia. The product reportedly ships from Shenzhen. BuildJet apparently is a YC company, but BuildJet's Web site has very similar lack of info identifying anyone or their location, again despite the high level of trust required for this product.
Are corporate customers who are putting these products into positions of serious trust -- into their CI, and remote access to inside their infrastructure -- doing any kind of vetting? When the official Web sites have zero information about who this is, are the customers getting the information some other way, before purchasing and deploying?
If these people are still running the companies, why aren't they or anyone else mentioned on the company Web sites? That would be helpful first step for trust for corporate use. So its absence is odd.
If you do this sort of thing often, I'd love to chat further. I'm basically trying to automate this sort of manual research around companies with a library of deep research APIs.
Had a show HN last week that seemed to go under the radar: https://news.ycombinator.com/item?id=45671087
We launched corporate hierarchy research and working on UBO now. From the corporate hierarchy standpoint, it looks like the Delaware entity fully owns the Estonian entity. Auto generated mermaid diagram from the deep research:
It's fairly easy to know how to poke around these businesses. Look up the people, the business, and the product. It's less fun when it involves linkedin. Every country has a database of business numbers to name and rough documentation. Dns look up can reveal some information. Social media typically finish the rest. These "founders" are often serial founders, with a ton of abandoned projects and a trail on product hunt, and other websites.
In this case, what really gets to me is the basic template website they're using; with image carousel but only one image... and the fact that they appeared to have paid influencers on youtube to shill their product.
It feels rushed, and not in a good way.
I noticed the template too. Someone mentioned recently that's actually a good risk signal - scammers often use the same site structure across domains.
On the research, you're absolutely right. It fits that sweet spot where it's just easy / boring / tedious enough to automate with the current generation of LLMs.
So, I should expect to see a new product launch of DoughnutKVM, to "round out your infrastructure woes", complete with vibe coded app interface and AI generated product images, here in the next week? ;P
Looks like you have a potentially great business for corporate compliance, if you can answer with plausibly high confidence (or indemnify?).
I only occasionally research companies, and it's from an engineering&product perspective, aside from corporate ownership compliance. (For example, I was asked to vet a little-known company as a prospective partner, for building our cloud infrastructure atop theirs. One of the first rapid low-cost, high-value things I could do, besides looking at their docs and trying their demos, was to skim through the history of business news about them.)
Interesting. That's actually where we started. We were doing automated research on vendors from a TPRM perspective and looking for data points around organizational security / reputation. Examples - if the company had been hacked before / how they responded, do they have a CISO, nth party vendors, are they SOC2 / FedRAMP certified, etc. Basically, predictors of risk / stability.
We realized the underlying business graph was the bottleneck though, so that's been our focus for some time. With that in place, we're now coming full circle on the risk research standpoint.
On your comment about confidence / liability, we're actually having conversations around that now and getting feedback. First step is exposing all the research and evidence directly to build trust, which is what we're doing now for the new corporate hierarchy system.
When I used to work in credit control and accounts receivable, the use of D-U-N-S numbers was how we tied a lot of this information together. It is similar to how SSN are used by credit rating agencies but for businesses and global (unlike the EIN).
If you want to feature a governance structure infamously hard to get right and impressive to use as an demo, IKEA/Ingka would be an good example.
Good idea! I picked a random California Ikea entity (IKEA US RETAIL LLC) and ran it through the system. Here's the output - current goal is to get to ultimate parent.
## Summary IKEA US RETAIL LLC is a limited liability company. It is wholly owned by IKEA Holding U.S., Inc., and ultimately controlled by Stichting INGKA Foundation, a Dutch foundation that owns Ingka Group.
## Graph
This is the permalink to the deep research result: https://savvyiq.ai/playground/entity-hierarchy/siq_31ro4EDce...Login gated
Sorry, habit. I've been debating on exposing these publicly, but they're expensive to create. We have a public interactive demo here for now: https://savvyiq.ai/products/entity-hierarchy
Here's the live mermaid editor version for the Ikea example: https://mermaid.live/edit#pako:eNqNkV9PwjAUxb9KcxPfRrO17E_3Y...
I don't think this is nearly at the stage of "corporate customers putting into serious trust"
Buildjet (the parent company) looks to be a pretty small company with currently modest revenue[1]. I agree that the absence of people on both webpages is sort of odd. I think it make more sense for their original service (CI workers) than it does for a hardware product.
https://ariregister.rik.ee/eng/company/16075023/Buildjet-O%C...
This guy on YouTube made several videos reviewing these and also doing some WireShark analysis, also on NanoKVM.
Personally I'd never use these on an interned facing network. But they can still be handy for local only.
https://m.youtube.com/watch?v=yHhdTRVvDFU&pp=0gcJCQYKAYcqIYz...
i got nanokvm pro desktop a couple of days ago. looks like what was before is no more now. i run tcpdump for a while, the only outbound connections are ntp
Is the piKVM mode really piKvm?
there is a button to switch. didn't click it. i also never used pikvm, so i won't know if it "Really it"
I think products like JetKVM are targeting hobbyists and small outfits; corporations who aren't on a public cloud are using stuff like idrac, ilo, or dedicated rackmount KVM hardware.
True. Small outfits can be a pretty big category of companies that don't have a fully locked-down enterprise security environment with clout who can insist that everything like that racked and put under their control.
Homelabbers tend to like rackmount. (I've owned multiple servers with such dedicated remote management/access hardware built in.)
JetKVM seems designed to be more a shadow IT at individual desks solution, for use at companies that don't prohibit and actively police that.
"Homelabbers" reminds me of the inimitable Rich Morin's and Vicki Brown's "Canta Forda Computer Lab". (Say it out loud!)
https://web.archive.org/web/20200312000527/http://www.cfcl.c...
>We get occasional inquiries about our name. In case you are wondering, it is a pun on "Can't afford a computer laboratory". (We have plenty of computers, to be sure, but the ideal computer laboratory will always be beyond our reach. :-)
>Inspiration for the name was drawn from Walker A. Tompkins, a family friend and prolific writer (of adventures, history, and westerns). Mr. Tompkins used the name "Canta Forda Rancho" for his home in Santa Barbara, CA.
Home lab is a subset of hobbyists. And many of them like mini PCs.
Yes me too. A lot of my stuff is NUCs and similar. Several of those nice ultra-cheap N100s. Amazing stuff
I have a "server" at home. It's just an old desktop. I use a PiKVM (similar to JetKVM) to manage it remotely when the kernel crashes or I fuck up the boot. It happens rarely, but it's nice I can just fix things remotely.
The PiKVM runs wireguard so it's reasonably secure. I assume JetKVM can do the same.
Thanks, needed a good laugh.
Putting a BMC or KVM on the Internet is hilariously unwise.
No need worry about dodgy remote desktop software — the attackers will be able to back door the firmware!
(Yes, iLO verifies firmware signatures… but yes they’ve had horrific vulnerabilities, worse than nightmares).
You don't put these devices on the public internet! You use Wireguard to control access. Think Tailscale or similar.
I'm joking a bit but these are exactly the entities that have fewer capabilities to detect malicious behavior.
Assuming JetKVM is operating in full good faith that doesn't mean they themselves aren't going to be the target. You compromise them and you compromise all their customers. That's true regardless of the company size, but is also the reason for transparency
The target market does not alleviate any concerns. Consumer grade hardware is used to build botnets and residential proxy networks. The latter could be used to get into your employer if they happen to have credentials and want to match your home IP to avoid detection.
IDrac often demands that the PC connecting to it be on the same network however, an rkvm like this let's you skip the pc-in-the-middle step.
Fine for one or two machines, but if you're dealing with a rack or more, an extra machine for management tools is no big deal.
Implying idrac, ilo and similar are somehow reputable?
There’s no way to know for sure, since they are closed-source and closed-hardware implementations. But they are backed by billion-dollar companies that lawyers can squeeze if they cause some sort of legally cognizable injury.
This is why I recently went with a PiKVM. Pricier and clunkier but much more open and transparent.
It does share similarity to a rebranded Sipeed NanoKVM model already sold in China.
Would have to dump the flash with proper tooling, and load up a clean OS on a blank chip to even begin checking for issues. Mostly, these gadgets are purposely built like garbage for a number of reasons.
If I needed a DIY KVM install for a home-theater, I'd just setup a https://pikvm.org/ install. =)
https://github.com/pikvm/pikvm/
The firmware is open source and you can compile and flash your own. You can even run your own version of their cloud access offering
https://github.com/jetkvm
Also you can SSH into it:
https://jetkvm.com/docs/advanced-usage/developing#developer-...
And the serial console is available over USB UART (SBU)
If it's attempting to be a covert op it's doing either a terrible job or a very advanced one.
It is similar to NanoKVM-Pro, and indeed one may also install PiKVM on that commercial hardware.
Given that very distinctive "JetKVM" shape, I am now 99% sure I've seen this gadget someplace last year, If I recall the Mandarin Chinese name (difficult for me), I will post the hardware URI.
One may be surprised how much hardware includes unsigned firmware OTA updates. And someone will need to audit the stack to check if it has that common problem, and predict if it also has SoM specific Linux kernel requirements.
The Raspberry Pi foundation isn't just hardware, but comes with a proven 10 year OS lifecycle. =3
It's been on KickStarter for about a year at this point - could that be where you'd seen it?
The item was promoted on a China e-store site for awhile, and caught my eye given a video encoded streaming kvm at that price point seemed like "optimistic" marketing. I spend a lot of time sourcing electrical parts, optical components, and metric 304 steel fasteners on these sites.
It might be possible something popped up that looked very similar to the Kickstarter ad. Could also just have been a 4th container product run common with China CM exports. =3
> similarity to a rebranded Sipeed NanoKVM
That NanoKVM is RISC-V, the JetKVM is ARM Cortex-A7. Unlikely to be a rebrand.
That said the UI looks somewhat similar so Sipeed might have aped the JetKVM software part (which is FOSS)
The NanoKVM-Pro uses a AX631 2xA53 1.5G, which can apparently also support the PiKVM software.
The JetKVM uses RockChip RV1106G3. =3
For those prices I could buy an old PC to do out of band management and have over half the money left over. The appeal of JetKVM/NanoKVM is they're price competitive with an extra PC for a tiny fraction of the physical and power footprint.
For feature parity, the old PC will require USB OTG, HDMI input, wiring for ATX control, and a software stack.
Sipeed makes a PCIe KVM card for around $80 that drops into standard PC cases.
I'd assume it runs off the 5v standby power when the primary ATX supply is sleeping. =3
https://github.com/sipeed/NanoKVM?tab=readme-ov-file
A pi4 is $35 + parts, and can do a PXE server as well... but it is the OS/kernel upkeep that always hits proprietary devices.
Small recycled PCs can certainly work too, and reminds me of the https://guacamole.apache.org/ project. =3
The website mentions Kickstarter, and Kickstarter page [0] has "Founders" section. It's pretty fuzzy, but at least there are founders' names. But the country of jurisdiction is not mentioned anywhere, and it is very important for remote KVMs.
> Founder Team
> Our founders and team work remotely, scattered across the world, including Germany, China, and New Zealand. We gathered experience from the field of design to software engineering & hardware development. We are the right blend of people, sharing expertise in our team. We're server enthusiasts and thriving to create products that also, literally, work for us. Co-Founders of JetKVM - Adam Shiervani(left), Lian Duan(right)
> Lastly, we are not the only ones, who are dedicated and working full-time on this project. A number of contractors, specializing in various fields are helping us every day, to move forward and unfold the potential of our ideas.
[0] https://www.kickstarter.com/projects/jetkvm/jetkvm/descripti...
https://github.com/jetkvm/kvm/graphs/contributors gives us top contributors @ym and @adamshiervani both being Berlin-based, plus @IDisposable in Saint Louis, MO.
> Estonia
Dunno if this is still the case now but Coinbase used to have an IBAN in Estonia (or maybe Latvia, can't recall). The three baltic states became quite the EU tech hub lately.
> The product reportedly ships from Shenzhen
This is not unusual for low-count (<10000) orders and "cut the middleman" when you can't recoup the logistics cost of having a local stock.
Most products come out of Shenzen (or another) anyway, "shipped from" is quite a lousy indicator of anything.
I would appreciate a bit more transparency regarding some provenance bits but hey it's a niche Kickstarter still, not a full-blown scaled-up enterprise.
> Dunno if this is still the case now but Coinbase used to have an IBAN in Estonia (or maybe Latvia, can't recall). The three baltic states became quite the EU tech hub lately.
They've all made doing business remarkably easy - you can get a digital ID and open a bank account without ever being present in the country, and their digital offerings are based on solid crypto and not just centralization.
An incredible example of what modernizing government infrastructure and regulation can do. It's a shame that the cryptobros currently in charge of the US have basically nuked Central Bank Digital Currencies (CBDCs) so that they can continue to grift without supervision.
JetKVM is a YC-funded company, and Jeff Geerling has done at least one video on them
Estonia is (trying to be) the Delaware of the EU for companies. They make it deliberately convenient for any Europeans to incorporate there, so I wouldn't read much into that.
[dead]