Most of our site is built in react, and hosted on ec2. We use Amplify for the forms. It has a pretty nice UI, and automatically generates dynamo tables and graphQL apis for querying and modifying them. It also integrates with Cognito which is nice.
The best feature though is that you can import Figma components directly. I know Figma generates it's own code, but Amplify packages it up nicely so I can import it via cli.
I wouldn't use it for a personal project, but it is great for allowing non-programmers to contribute components. And the automatic updating dynamo tables is worth using the UI for input forms.
the bootloader installs the firmware. if you corrupt the bootloader, it can't install anything anymore. you'd need to physically access the chip to use an external flashing device.
Some devices have non-writable bootloaders. They have an internal fuse that blows after the first write, so the chip's bootloader is locked. That means you can always flash a new firmware, but you can't fix any bugs in the bootloader.
Or a JTAG interface that the chip has in silicon and recovery is always possible from bare-metal. Dunno if that’s technically in the MCU’s bootloader or if the boot loader comes after.
Still requires a truck roll but at least you don’t need a hot air workstation.
> Or a JTAG interface that the chip has in silicon and recovery is always possible from bare-metal. Dunno if that’s technically in the MCU’s bootloader or if the boot loader comes after.
If the vendor's actually trying to lock down the platform they'll usually burn the JTAG fuses as well. It's hit or miss though, I've definitely come across heavily locked down devices that still have JTAG/SWD enabled.
Edit: To your question, JTAG is usually physical silicon, not part of the bootloader.
> the bootloader installs the firmware. if you corrupt the bootloader, it can't install anything anymore.
That seems like awful design? Can't you have an alternate immutable bootloader that can only be enable with a physical switch? Or via some alternate port or something? That way they can update the live one while still having a fallback/downgrade path in case it has issues.
That's good idea I wish they would have such a "safety-switch".
However I assume that any malware doesn't want to be detected so I would have hard time knowing whether I should flip the switch or not, in a typical scenario.
That was likely the point that whoever did it was trying to make, that they were an extremely bad device.
1) The ISP exposed some form of external management they used to access them they shoudldn't have
2) The attacker overcame whatever security used on said management interface
3) Once in, the attacker could simply overwrite the first few sectors of the nand to make them unbootable without local hardware serial console.
4) There was no failsafe recovery mechanism it would seem
An actual "modem" would mostly likely prove volatile/immutable by nature, but anything with a "router" built into it is far more vulnerable that typically run for poorly secured tiny linux systems, and subject to Chinese enshittification.
Not sure where you saw an opening to insert religion into the discussion, but there are those out there who aren't happy to sit back in ignorant bliss and pretend some spiritual entity will just swoop in to clean up the mess we've made.
I for one am happy there are more people interested in finding solutions to problems than there are lazy thinkers who will resign themselves to believing problems just fix themselves without input.
using a systems language for a backend mainly gains throughput over python than latency. each request might not be faster but you can handle 100x more users.
it's not free, but it is explicit. it's nice for the code to explicitly define how the memory is being modified.
there are copies in java too, you just have to know how the runtime works to know what each line does.
They've stopped making Kindles with modems. Latest gen ones are WiFi only. Of course, the hardware might still be in there, just not available for book purchasing.
another common folly is thinking that paying puts you in a special tier. free stuff is solely funded by the value of data, ofc there are exceptions funded by donated money and hard work. The things that are made to make money though, don't suddenly stop using the value of your data because you pay for them.
Most of our site is built in react, and hosted on ec2. We use Amplify for the forms. It has a pretty nice UI, and automatically generates dynamo tables and graphQL apis for querying and modifying them. It also integrates with Cognito which is nice.
The best feature though is that you can import Figma components directly. I know Figma generates it's own code, but Amplify packages it up nicely so I can import it via cli.
I wouldn't use it for a personal project, but it is great for allowing non-programmers to contribute components. And the automatic updating dynamo tables is worth using the UI for input forms.
reply