Is that the tldr? It sure sounds like it's still on minimal life support.
Src: I'm one of the developers behind Flipper Zero.
You've surely launched a generation of perhaps-someday-responsible hackers into the world.
https://infosec.exchange/@millie/115719943870742405
> We need to normalize declaring software as finished. Not everything needs continuous updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.
Works well, and compiling modules like the epaper hacker tool is easy.
Which TBF, answering every monkey with a typewriter on the internet is a huge time commitment from any team.
> why have an official firmware if it's not at least slightly maintained.
Because it's still useful to have a blessed child so that people getting into the space have somewhere to start. You could accept zero additional PRs and it would still be a useful thing to have.The hardware is static so the rate of software rot is pretty low. It can effectively not be maintained as long as it's already in a stable state. Adding new features is cool and all but it also adds more bugs.
But the great thing is that there's a community, all using the same hardware, and people can fork. So people can still get those updates that they want. Maybe the only thing to do is create a community fork that is much more open but doesn't come with the same stability promises. But that can still be a lot of work, even if you get community maintainers
What part of their GPL-licensed firmware that is hosted in a public GitHub, do you consider not to be open-source?
1. They open sourced the entire Software under GPL from the start, and always pushed all their changes to that public github.
2. They supported the first-party firmware for years, including huge rewrites of the interfaces used by applications, etc.
3. They actively involved the community on many topics around the product and were always responsive.
They did their job very well, financed ONLY by one-time sales of hardware. NO subscription or additional licensing fees were ever charged.
There is still alot of potential in the hardware itself (e.g. Bluetooth/BLE, NFC Tag writing,...), and the Community is working on alot of different topics.
--
Tl;DR: The Flipper team is free to go and invest resources elsewhere now. Thanks for your support, keep up the great work!
There are many good examples of this working out great for the community, one that I am playing with recently is the community firmware for the Synthstrom Deluge music production workstation, where the community is just taking it into the stratosphere in terms of capabilities beyond the original factory firmware.
There will always be folks who want to share their work.
Another good example is the pwnagotchi scene, where the project is kept alive by its users due to the open source nature of the original firmware images.
Honestly, I thought the whole point was to make a popular unified platform where the community could come together and expand on it. I really can't imagine a centralized player can predict nor create all features that users might want. But it seems like Flipper did the right thing: make the software flexible and easy to expand upon.
I'm curious if the agentic-based code flows will start to optimize higher-order programming goals in future evolutions.
1. Code works
2. Code works in all situations
3. Code uses defensive practices for unanticipated situations
4. Code is maintainable
5. Code is well architected
6. Code minimizes impact of rot
Right now, it feels like AI coding is ~2.5, if left to its own devices without human guidance.Worrying about firmware development resources for a Flipper Zero seems a bit like concentrating on your bios instead of ongoing updates to Linux and the applications you use. Yeah, it's important, but it's probably exceedingly rare for the firmware here to need to change much.
At his old company, the sysadmins had been constantly putting out emergency fires!
... seeing how the "used to infinitely patched software" generation is unable to parse "done" is interesting.
Eventually, competence means nothing to do.
Most everyone who has a flipper runs something like Unleashed firmware, and most of the functionality is in the apps that people built, not in the actual firmware.
Some people get a lot of use out of it, but if you just saw that list of hardware and couldn't think of one area you'd apply it in, it's probably not going to be a useful device for you.
Versus "we forked the firmware to include a wide range of pentesting tools"
And then get banned for even saying the alternate firmware.
And seriously, this little thing is a wonderful hacker multitool. You can seriously fuck shit up with the hardware they included. For fucks sake, thats WHY they created it.
Adding the necessary hardware while refusing to support arbitrarily iLLegAl things is the best of both worlds.
And once you start talking about "jamming" and other 1337 h4x0r stuff - which is straight up illegal and can get you into trouble - on official platforms, don't get offended when that gets removed.
Now, that absolutely does NOT excuse Adkins on the discord from people asking how to get the PSK for garage door openers, and emulating the buttons. And especially since it was being asked by owners of said doors.
But you banned people with legitimate and legal uses too.
Good riddance to you all. I've stayed with 3rd party and steered others towards better actors than yourselves.
Does it surprise you that a Russian product team would use these tactics?
It's worse in many ways too - it's a lot harder to gauge interest as the developer to understand how well any update will sell, and if the updates "stack", then a user only pays for the newest update to get all older features free. It's also worse from a cashflow perspective for the developer (but better for consumer) since they have to pre-build the update before any chance of getting paid for it.
If I buy a product and like it as-is then I don't necessarily want it to change over time.
Buy once is better, buy once with optional updates or periodic version releases is better still.
And generally speaking there is a lot of options that are excellent for developers but complete shit for the users. That's obvious, but it's also off the point in the context of fairness.
Then Minecraft pioneered the model of users paying once and getting free lifetime updates. And shortly thereafter various SaaS pioneered the model of the user paying monthly while the software barely changes.
And somehow we pretend like those two business models aren't both broken, and like the first one somehow doesn't work anymore
It is certainly a very well-known instance of it, but pioneered?
That is not to blame him, but I remember his writing being very influential with start up founders.
Maybe they can sell the hardware which includes 1 major upgrade release.
Maybe they can have a Kickstarter campaign to fund new releases.
I've heard people talk about this "solution" for over a decade, especially with crypto trying to justify itself, but I've never seen it successful.
developers all end up launching their own things and getting all the money up front in some way or another
more communities burned
You usually end up with insufficient donations to move anything, but now gained a bunch of users who think they own the devs and complain about every change which isn't that one thing they donated for...
Much easier fix: They already open-sourced everything, the official branch is sufficiently stable and feature-rich. People are free to fork and create something new, decoupled from the Flipper team and maybe even financed by donations if they want to.
natbennett•1d ago
mikepurvis•22h ago
givc•21h ago
I believe there are some more secure cards, like Mifare DESFire EV3 that do provide some security. You’d be shocked how insecure most RFID readers for security cards are.
p_l•21h ago
Some of that can be trivially cloned.
fragmede•21h ago
jchulce•21h ago
aarjaneiro•21h ago
natbennett•21h ago
In the case where it was most useful to make copies they did eventually replace the system with one where the keys weren’t copy able. Which was better!
GuB-42•21h ago
Some cards use some kind of challenge-response but are weak and are easily crackable.
Some cards have an anti-copy protection based on rolling codes, be careful with these. The idea is that when you use it to, say, open a door, the card sends a code to the reader and if correct, that code is burned and the reader replies with the next code, which is stored in the card for the next time, making every other copy (possibly including the original) unusable. If the card emulator doesn't store the rolling code, you are completely locked out.
Some cards have a proper challenge-response mechanism that works and can't be easily copied.
ethbr1•5h ago
But I'm guessing that's for serious security, where going to the guard shack is preferable to letting anyone unauthorized in?
Rebelgecko•19h ago
Larrikin•19h ago
Aachen•19h ago
It's a common mix-up (people barely differentiate between the terms anymore, though I'm surprised nobody in 2 hours mentioned it yet), basically RFID is (historically) an ID; a username. Like an ID field in a database. NFC is near-field communication: bidirectional. It does challenge-response and typically runs on hardened chips. But yeah people will call NFC chips RFID and RFID chips NFC all the time. Both are waterproof devices doing radio transmissions on wireless power and you can't tell them apart without using some equipment to try and read the chip type (even if most phones can do that nowadays), so I can understand the terminology generalisation
DaSHacka•19h ago
Recent UL-C/AES disclosure too IIRC
miladyincontrol•11h ago
gonzalohm•22h ago
gopalv•21h ago
This is not a rational purchase - most of the rule breaking done with the zero is for fun or convenience, rather than being truly illegal.
It used to be more fun before the hotels started handing out NFC unlocks with your phone.
Still, being able to send each other a key for a hotel room on Signal is a nice trick if you are traveling with a sufficiently tech savvy group of people.
natbennett•21h ago
HDBaseT•20h ago
Flipper Zero and its clones have always been pseudohacker nonsense. Fun little party trick I suppose.
EricBetts•14h ago
dzhiurgis•9h ago
pornel•17h ago
dzhiurgis•9h ago
pornel•16m ago