[seiji]

I always find reverse engineering things made by people amusing. We could just, you know, ask someone.

It's like when a new iPhone comes out and they throw the custom silicon under electron microscopes. It's entertaining, and I'm sure fun for the people doing it, but fighting information wars against ourselves just seems silly.

There are large problems humans don't have answers to, but we're busy making things then figuring out how the things we made work. Madness ensues.

[objclxt]

> There are large problems humans don't have answers to, but we're busy making things then figuring out how the things we made work

Many technologies have been developed or accelerated through the need to reverse engineer something. I would argue the techniques developed to break the Enigma Code during WW2 had profound effects on computing generally.

Often reverse engineering a technology can also allow you to make improvements the other party has yet to realise, catalysing new ideas and research.

Not that all this means you are necessarily wrong, although perhaps it is a little too idealistic to hope for a world where information isn't a valuable currency?

[seiji]

Think of it taken to extreme measures.

Imagine a company where Team Database releases a binary-only library to the rest of the company. They won't tell you how it works and you can't talk to them, but it seems to work well enough. Then one day, Team Website wants to do something else with the database (a new type of query, new type of storage model, something non-trivial). In this backwards company, Team Website spends months reverse engineering the library and protocol to hack their own functionality into it. That's mad, right?

A large view presents two views of knowledge: things humans know —and— things humans don't know. We're circling around rediscovering what other people have done while they sit there quite able to give us what we want to know.

Now, adversarial conditions prevent such blanket sharing: capitalism, sovereign nations, war, etc.

Think of Intel. In some ways, they control the pinnacle of CPU design that humanity can surface at this point in time. We don't have anybody to ask "well, what comes next?" in the 10 year CPU roadmap—we have to discover the future along the way.

We should spend more time asking "well, what comes next?" and less time rediscovering what people already know how to do (modulo it making you better at actually discovering new things, or just for fun, or for cyberwar, etc).

[guiomie]

I thought the enigma had been stolen from the U-571 ... ahah

[eru]

There's lots to the Enigma story. Yes, some have been recovered from the enemy, but that wasn't the beginning nor the end of decrypting them.

[jontas]

I just read the actual whitepaper (https://github.com/kholia/dedrop/blob/master/paper/accepted/...) and one of the interesting takeaways is that this particular reverse engineering resulted in the discovery of actual vulnerabilities that were responsibly reported to Dropbox and patched.

Simply asking Dropbox how this stuff worked would've (probably) never uncovered these security issues.

Edit:

Just wanted to add one more benefit of this attempt at reverse engineering, from the whitepaper's introduction:

> Our work reveals the internal API used by Dropbox client and makes it straightforward to write a portable open-source Dropbox client

[seiji]

Do you ever find it amazing we still run closed sourced software?

Is it not bad enough the Microsoft and Adobe hegemony force the entire world to have an attack surface wider than Jupiter to exploit at the whims of eastern european teenagers?

[jontas]

Open source alternatives exist for most major Microsoft and Adobe products. It is just a question of how much user experience you are willing to sacrifice for safety.

And open source products are not inherently safe--vulnerabilities are found in all software products, that is not a phenomenon limited to the closed source world.

[Volpe]

This isn't true.

Adobe's suite isn't just 'user experience'. It's functionality.

Show me an open source alternative to Premiere, or After Effects, or even easier: InDesign, Photoshop, Illustrator, Edge.

I bet for any open source alternative you find, I can show you a huge set of features that everyone uses, that it doesn't have.

[seiji]

In the real world, when you talk to people (serious Business People doing Business Things), they'll spout of gems of "can you send it to me in Adobe?" or "hey, is Adobe on this machine?"

I'm not too worried about exploits in After Effects or Lightroom.

Adobe = "pdf reader" to almost every computer user in the world. Adobe even took PDF out of their product name to just call it "Adobe Reader." (More appropriate name: Adobe Helps Hackers Slurp All Your Data Away ... Reader)

With Windows + Office + IE + Adobe Reader, you'll be safer just sending the bad guys your corporate secrets directly. It'll save you the shock of when you discover for the past six months all your data has been round robin copied to BIRC.

[wladimir]

Fighting any wars against ourselves seems silly. But the problem is that companies aren't that willing to share information, or it is only available for a large price and/or with restrictive NDAs. Also, finding out how things work is simply fun.

Say, I needed write a custom GPU driver for some device, either to improve performance for some specific application or to work outside the dependency or API constraints of the binary blob (like porting to another OS). Usually vendors provide no register level documentation about graphics hardware, so the only way to do this is by reverse engineering.

Another reason for reverse engineering can be to find backdoors and security vulnerabilities (like these guys did) or even for legal reasons to find whether some copyrighted (or GPLed) code was used.

No madness needed at all. Or maybe just a bit.