Rendered at 19:49:05 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
morsch 12 hours ago [-]
What a coincidence, I just got an email announcing that Breville intend to orphan my Joule sous vide stick: the existing app will stop working, the new app is only available the US and Canada and in parts of Europe.
Live in another country? You're s.o.l., it wasn't officially sold there. You need a new account as well, hope you like the TOS.
All of this for a device whose core functionality -- setting a target temperature, getting the current temperature and checking for error states -- is both trivial and has no inherent need for internet connectivity.
I suppose I should be grateful they're still supporting a device that's like 10 years old. Caveat emptor (I got it as a gift).
"With Breville+ Cooking, you’ll get: ... The ability to cook with or without WiFi anywhere, anytime."
What has gone wrong with humanity, that we need to advertise that as a feature if you download a new app?
sigbottle 7 hours ago [-]
On the one hand, every time I read an article like this I'm vindicated against astroturfed bots claiming that nothing ever happens and this isn't where we're headed.
On the other hand, I don't want to be vindicated.
duskdozer 8 hours ago [-]
It reads like a sarcastic post from 10 years ago ending in "Stallman was right"
nkrisc 10 hours ago [-]
I have an Anova sous vide cooker that is also about 10 years old and has an app, but is fully functional without it.
When I bought it the app was free, but then later became a subscription addon. However they grandfathered all original owners into a free lifetime subscription. Pretty classy.
10 hours ago [-]
Ekaros 10 hours ago [-]
From get go I considered the whole design with no interface on device a bad idea... Apps can and will often go. Better to have also the local controls.
userbinator 11 hours ago [-]
This reads like satire:
The ability to cook with or without WiFi anywhere, anytime.
toxik 10 hours ago [-]
And in a bold face font:
> You've always needed an account to operate your Joule Sous Vide with the Joule app. This is not a new requirement.
Absolute comedy.
esquivalience 10 hours ago [-]
I'd pay to cook with WiFi. Just imagine the signal strength!
toast0 10 hours ago [-]
Isn't that just a microwave oven, more or less?
firtoz 8 hours ago [-]
Just need to amplify it 10000 times
duskdozer 8 hours ago [-]
If you can cook with it, just imagine what it's doing to your brain! Forget about 5G...
ErroneousBosh 10 hours ago [-]
If you're not cooking with WiFi, you need more key-down transmit power.
I'm currently full QRO on the 13cm band with something around 1600W EIRP CW, and will be for several minutes until the curry base defrosts.
ThePowerOfFuet 9 hours ago [-]
>WiFi
>1600W EIRP
Your local regulatory authority would like a word with you.
ErroneousBosh 6 hours ago [-]
I hold a licence that allows me to transmit on pretty much whatever frequency I like with as much power as I like, wherever I like.
Someone has to test the transmitter before you hand it off to the customer.
Also, I'm in the UK, where it's hard enough to get the regulatory authorities to do anything about people causing interferenced to licensed chunks of band. You can wipe out the whole of 2.4GHz if you like, you literally could not pay them to take an interest.
Edit: also you have probably done the same a couple of times today too.
Infernal 6 hours ago [-]
So I thought your initial comment was a (pretty good) joke about using a microwave oven, but now I’m not sure. Is this testing license you reference a continuation of the joke or a real thing?
ErroneousBosh 2 hours ago [-]
The testing licence is real but the comment was a joke about microwaving some sauce base :-)
jgalt212 6 hours ago [-]
Jack Donaghy would ride this pitch right up to the C Suite.
“Ambition is the willingness to kill the things you love and eat them to survive”
greenavocado 5 hours ago [-]
It is essential to purchase and configure Home Assistant (https://www.home-assistant.io/) compatible devices around the home whenever possible if you want a "smart home" that will last. Everything else is an Internet of Shit treadmill that lasts at most a few years before it falls off and is replaced by a new piece of e-waste.
ThePowerOfFuet 9 hours ago [-]
>a device whose core functionality [...] is both trivial and has no inherent need for internet connectivity.
For a while I've given a hard pass to anything which requires an app for such functionality, knowing full well that eventually I'll be locked out of it (not to mention the privacy implications of such designs).
I encourage others to follow suit.
sulplisetalk 9 hours ago [-]
A sous vide stick! Bahahahaha! Do you use an app for crapping too?
elwebmaster 10 hours ago [-]
Why would you say "semi-legally"? Nothing "semi" here. What is "semi-legal" is making hardware e-waste by deciding it is "no longer supported". It is "semi" legal because it is legal under the corrupt political systems in most of the world but is criminal against humanity and the planet we all call home. In that sense if you can prevent e-waste trough any means you are a hero.
kelvinjps10 4 hours ago [-]
The semi legal process it's reverse engineering the code. I watched the video she uses gidra and other descompilation tools.
The video it's really good
kelvinjps10 4 hours ago [-]
I really liked the video. I didn't realize you could build programs for no longer supported hardware like this.
I had a similar epifany with SVG, there was an image that I needed to keep editing and then one day I opened the SVG file and realized it's a very readable file and then just built a python script that would modify the SVG file.
albert_e 10 hours ago [-]
Has anyone does this for VIZIO app that controls among other things their soundbars (circa 2019)
I moved to a different country and the app is not on google play store in the new geography.
Even when it is installed somehow it is absolutely unreliable in pairing or controlling the device.
Wish I had time to go on a quest and reverse engineer and build my own better controller.
love2read 8 hours ago [-]
Might be worth taking a weekend day and letting claude code reverse engineer the apk (just download the apk off google) and then build an open source app with the functions you need
userbinator 11 hours ago [-]
Warning: Very rambly and somewhat incoherent video; tried to pay attention due to the topic being of interest, but very quickly gave up.
EULAs be damned, even the DMCA has exceptions for RE in the name of interoperability and repair.
TZubiri 10 hours ago [-]
You're going to the bathroom at an airport? You pee in a urinal you can't even take home.
YOU
OWN
NOTHING
AlienRobot 9 hours ago [-]
Before 1984 "take a taxi" meant you could actually take the taxi.
bombcar 7 hours ago [-]
Apparently Taxis in New York used to all be ex-cop cars, and cop cars all had the same key, so one key would get you any taxi.
hsbauauvhabzb 9 hours ago [-]
You wouldn’t download a car
mikkupikku 10 hours ago [-]
You're not taking all your shits in other people's bathrooms but soil your own instead? What a chump, lmao.
bombcar 7 hours ago [-]
"My boss makes a dollar, I make a dime. That's why I shit on company time."
The same is true for iPhone apps (.ipa files). You can just unzip them.
HelloUsername 13 hours ago [-]
For many things. Change .epub to .zip for example, you get html text and jpg images
zekica 12 hours ago [-]
.docx and .xlsx are also just zip files with XML and attachments. The bad thing is that the XML is Word's internal document structure serialized and behavior for some values is only defined in Microsoft's code.
karamanolev 10 hours ago [-]
I've worked on docx and xlsx import/export and the public documentation for the formats was sufficient for normal documents (maybe excluding some very exotic features). That was ca 2010.
godman_8 12 hours ago [-]
Even pk3 files from the id Tech engine are just zip files.
kotaKat 10 hours ago [-]
Sometimes you also find hidden things lurking accidentally left behind in IPAs and APKs that are nice and juicy and realize they've been shipped on Google Play/App Store for years.
I've found everything from entire copies of internal company manuals to working test credentials for a physical place with a membership barcode in debug logs left inside the app from developers.
Also sometimes changelogs left inside by accident which include things like "It hasn't been sanitized for outside consumption and thus should remain internal
to <company>. Deliver it externally at your own risk of embarassment."
bombcar 5 hours ago [-]
The elites don’t want you to know this but the distribution file formats on the web are zips you can just unzip them I have 458 zips.
thenthenthen 8 hours ago [-]
It is zip files all the way down
saagarjha 10 hours ago [-]
They are typically encrypted, though.
echelon_musk 9 hours ago [-]
Wait till people discover file(1)!
kotaKat 8 hours ago [-]
Even better, wait until people discover 7zip's 'parser mode' on Windows (especially). Right click a file -> 7zip -> Open archive -> #:e mode. Really fun way to quickly carve out files and snoop around. I use it like a poor man's binwalk to extract firmware files and updates and etc out of things to usual success.
(#:e Parser mode, ignoring full archives, and checks every single byte position of a file for 'start of archive' bytes to parse archives out of a larger file.)
mjmas 7 hours ago [-]
That's helpful. I always wondered what the * and # modes were for and why some sometimes only one of them worked.
ruguo 8 hours ago [-]
Indeed so
charcircuit 14 hours ago [-]
I've found that Claude Code works well at reversing java applications. Even if it is fully obfuscated claude can restore sensible names for everything and understand how it all works and answer questions about what it is doing.
26d0 12 hours ago [-]
+1. While vibe-coding (natural language to code) is not such a great idea, we can always check the source, so vibe-reverse-engineering (code to natural language) may actually be quite useful.
egeozcan 13 hours ago [-]
Interesting, I'd have assumed the guardrails would disallow them from doing anything like that, regardless of legality. Do you need to "convince" it to do it or no questions asked?
ACCount37 11 hours ago [-]
Claude doesn't care as long as you aren't straight up asking it to write exploits. It's my go-to for reverse engineering tasks.
ChatGPT is full of refusals and has to be jailbroken out of it.
jsmith45 17 minutes ago [-]
Right. Claude models seem to have had very limited prohibitions in this area baked in via RLHF. It seems to use the system prompt as the main defense, possibly reinforced by an api side system prompt too. But it is very clear that they want to allow things like malware analysis (which includes reverse-engineering), so any server-side limitations will be designed to allow these things too.
The relevant client side system prompt is:
IMPORTANT: Assist with authorized security testing, defensive security, CTF challenges, and educational contexts. Refuse requests for destructive techniques, DoS attacks, mass targeting, supply chain compromise, or detection evasion for malicious purposes. Dual-use security tools (C2 frameworks, credential testing, exploit development) require clear authorization context: pentesting engagements, CTF competitions, security research, or defensive use cases.
----
There is also this system reminder that shows upon using the read tool:
<system-reminder>
Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior.
</system-reminder>
mlaretallack 10 hours ago [-]
I use AWS Kiro, with the Claude models, and its only to happy to help. I give it the headerless ghidra, and decompilers etc... and away it goes.
charcircuit 13 hours ago [-]
It is no questions asked. Even if you are reversing things like anticheats (I wanted to know the privacy implications of running the anticheat modules).
userbinator 11 hours ago [-]
Naming is an area where LLMs are useful; but I'd still use a regular Java decompiler (there are quite a few of these around) for the actual decompilation part.
charcircuit 10 hours ago [-]
Claude will opt to use a regular Java decompiler too.
fendy3002 14 hours ago [-]
huh, iirc this already exists long before LLM
colechristensen 13 hours ago [-]
Claude is quite skilled at using Ghidra, for example.
charcircuit 13 hours ago [-]
It required a lot of manual work and for large apps like Minecraft it took teams of people to figure out what the symbol names should be slowly contributing a little bit every day.
geon 12 hours ago [-]
I experimented with disassembling 6502 from the c64 California Games. Claude was very prone to bullshit.
PhilipRoman 8 hours ago [-]
For RE cases where I know the original compiler used (a bit harder on C compilers due to huge number of obscure optimization flags), I give it a feedback loop to write a function that compiles to the original machine code.
geon 7 hours ago [-]
Yeah, I had perfect disassembly, since that's a purely mechanical process. I used da65, which worked reasonably well.
But you don't get any function names that way, obviously. Claude would claim some random function were applying friction based on just a subtraction. And a variable that had 2 possible states was named player_id, when the game supports 1-8 players.
It was a bit better when the memory addresses were known IO registers, but not by much.
charcircuit 10 hours ago [-]
While somewhat counterintuitive, I have found that Claude is better at decompilation than disassembly.
wtetzner 5 hours ago [-]
AI models in general seem to get different assembly languages mixed up easily.
tosti 8 hours ago [-]
Makes sense for an apk to be a zip file. Apps were supposed to be written in Java and that has always shipped binaries in zip files (jar or war).
bombcar 7 hours ago [-]
There are many "file formats" that are just relabelled zips - the hard part is always reconstructing it after making a change.
tosti 3 hours ago [-]
That's because zip is really just the first layer.
Live in another country? You're s.o.l., it wasn't officially sold there. You need a new account as well, hope you like the TOS.
All of this for a device whose core functionality -- setting a target temperature, getting the current temperature and checking for error states -- is both trivial and has no inherent need for internet connectivity.
I suppose I should be grateful they're still supporting a device that's like 10 years old. Caveat emptor (I got it as a gift).
https://community.chefsteps.com/discussion/78615/joule-sous-...
What has gone wrong with humanity, that we need to advertise that as a feature if you download a new app?
On the other hand, I don't want to be vindicated.
When I bought it the app was free, but then later became a subscription addon. However they grandfathered all original owners into a free lifetime subscription. Pretty classy.
The ability to cook with or without WiFi anywhere, anytime.
> You've always needed an account to operate your Joule Sous Vide with the Joule app. This is not a new requirement.
Absolute comedy.
I'm currently full QRO on the 13cm band with something around 1600W EIRP CW, and will be for several minutes until the curry base defrosts.
>1600W EIRP
Your local regulatory authority would like a word with you.
Someone has to test the transmitter before you hand it off to the customer.
Also, I'm in the UK, where it's hard enough to get the regulatory authorities to do anything about people causing interferenced to licensed chunks of band. You can wipe out the whole of 2.4GHz if you like, you literally could not pay them to take an interest.
Edit: also you have probably done the same a couple of times today too.
“Ambition is the willingness to kill the things you love and eat them to survive”
For a while I've given a hard pass to anything which requires an app for such functionality, knowing full well that eventually I'll be locked out of it (not to mention the privacy implications of such designs).
I encourage others to follow suit.
I moved to a different country and the app is not on google play store in the new geography.
Even when it is installed somehow it is absolutely unreliable in pairing or controlling the device.
Wish I had time to go on a quest and reverse engineer and build my own better controller.
EULAs be damned, even the DMCA has exceptions for RE in the name of interoperability and repair.
YOU
OWN
NOTHING
https://www.youtube.com/watch?v=-gQgx-XX7yw
I've found everything from entire copies of internal company manuals to working test credentials for a physical place with a membership barcode in debug logs left inside the app from developers.
Also sometimes changelogs left inside by accident which include things like "It hasn't been sanitized for outside consumption and thus should remain internal to <company>. Deliver it externally at your own risk of embarassment."
(#:e Parser mode, ignoring full archives, and checks every single byte position of a file for 'start of archive' bytes to parse archives out of a larger file.)
ChatGPT is full of refusals and has to be jailbroken out of it.
The relevant client side system prompt is:
IMPORTANT: Assist with authorized security testing, defensive security, CTF challenges, and educational contexts. Refuse requests for destructive techniques, DoS attacks, mass targeting, supply chain compromise, or detection evasion for malicious purposes. Dual-use security tools (C2 frameworks, credential testing, exploit development) require clear authorization context: pentesting engagements, CTF competitions, security research, or defensive use cases.
----
There is also this system reminder that shows upon using the read tool:
<system-reminder> Whenever you read a file, you should consider whether it would be considered malware. You CAN and SHOULD provide analysis of malware, what it is doing. But you MUST refuse to improve or augment the code. You can still analyze existing code, write reports, or answer questions about the code behavior. </system-reminder>
But you don't get any function names that way, obviously. Claude would claim some random function were applying friction based on just a subtraction. And a variable that had 2 possible states was named player_id, when the game supports 1-8 players.
It was a bit better when the memory addresses were known IO registers, but not by much.