This person is a PHP programmer according to their LinkedIn profile. They are just using the existing OMAPLoader tool and does not seem to have embedded device programming experience. I am not hopeful they will be able to write custom firmware for the thermostats.

LFP

> I am not hopeful they will be able to write custom firmware for the thermostats.

If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.

The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.

Sounds fishy, if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting, which is somewhat disconcerting.

>that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting

Because it uses https? OP gets around this by manually injecting his certificate, but if you have physical access to a device it's generally considered to be game over in most threat models.

> if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack

No. This is a thermostat at your home. It forwards its DNS requests to your router. Feel free to establish whatever security protocols you need there. Or, even better, host your own server.

Personally, I think this might be an even better approach. The Nest Gen1/2 UI was pretty slick. It would be a shame to have to use a custom firmware.

I agree, there's a "hammer and nail" problem here, it's impressive though that he used Ghidra to RE some of the API calls that the Nest binaries are making after having got root access - according to some of what Cody has said in the Reddit thread and on his Discord channel.

I have been working on REing the hardware itself to write drivers directly - for example at https://sett.homes/blogs/updates/the-lcd-display-reverse-eng....

I am designing whole new PCBs that mount in the Nest so that we have 100% firmware control over the device... time will tell if we can do the same thing on the Linux OS that the Nest currently runs on, or if custom hardware will be needed because the OS has too much locked down

I see it as a great starting point.

I agree that it's a great starting point

This was me. The LA party scene was wild in the late 2000s. I knew two girls who partied with "Good Time Charlie" and were vocal about it. I partied with one of them so I definitely got tested when I heard the news.

LFP

"partied" :D

Sex, drugs, karaoke?

Bad name. Try again:

https://www.symas.com/lmdb

LFP

You are going to hit a scaling limit from AWS on the # of VPC your org can have and have at the same time.

LFP

> old school opensource, which is a bit surprising from meta

Aren't you a cheeky lad? Metea turned out lots of open-source database systems:

* RocksDB

* Hive

* Presto

* Cassandra

* Velox

LFP

I should have been more precise, I have added an additional comment.

and, you know... React.

And ... PyTorch

Bad name. Too close to AlloyDB. Cross the Rubicon and rename it.

LFP

It is true that it is similar, but I like including my username "prefix" in my project names so unless I get a great idea for a name, I plan to keep it the same way.

Aybody actually use this? My boy Beats was all up in it but he said that it didn't work on Sybase.

LFP

What makes this "powerful"? It just looks like any other database web interface?

*LFP*

Besides all general features of sql consoles, TABLUM allows running queries on the results of the previous queries as well as mixing data from multiple data sources, and show the results in well-formatted and well-align tabular form.