Thomas Kindler

It can be unsettling when you notice that a technical assumption you've been making for 40 years has quietly expired. This happened to me a few minutes ago. I maintain a game called "greed". It's an old-style game from the days of character-cell terminals. Not quite a classic deserving of museum status like Colossal Cave Adventure or nethack, but worth keeping alive because it's still solidly playable. And people still are playing it, because yesterday I got a minor bug report about it. Nothing user-visible, just a silly C build problem. I fixed it. Then, because I'm generally trying to get my old C projects out of C into more modern and safer languages, I tried asking my robot friend to port it to Rust. Which it promptly did. But then I noticed something that irritated me. The Rust code had a bunch of unsafe blocks in it, which went directly against my reasons for moving it to Rust. On further examination, I discovered that it was calling the C curses library to do its screen painting. This is where I have to explain about curses. It's an ancient C library for writing TUIs. It looks in your environment for a variable named TERM, uses its value to dredge a bunch of magic strings out of a system-wide database called "terminfo" that tells it how to manipulate your terminal, and then uses those magic strings for screen painting. On modern systems, TERM is always some variant of a color ANSI terminal. In times past, when people attached a wild variety of character cell terminals to Unix systems rather than just sitting at the console, it could have been lots of other things. Those days are gone, but the habit of always going through terminfo so you can support a couple of hundred terminal types has persisted. I prod robot friend to find me a pure Rust equivalent of curses so I don't have to do unsafe and call C code. It says, yes, there is such a thing and it's called crossterm. I tell it: change this code to use crossterm. Robot friend grinds for a bit, and then tells me it can't do that because I don't have cargo (the Rust package manager) installed. This is because I never write Rust by hand. When I ship programs written in Rust, it's because I ported them from some other language and don't expect to ever touch them again without having a robot to do the code-grinding for me. This is when things get slightly strange. It tells me that instead of porting to crossterm, it has written into the greed Rust source its own little screen-painting backend the implements a subset of curses calls and (this is the important part) assumes it's talking to a color ANSI terminal. Robot friend is not an old Unix hand. It doesn't know the unwritten law of the deep magic that you always go through terminfo because...because you might have to support hundreds of terminal types that no longer exist in this century? I blink. I look at the Rust code for the back end. It is small and elegant. No more unsafe. No more dragging around a bunch of C library code. This is ... the right thing? I push it to the public repository. What sealed the deal is that code, even code in a language as rebarbative as Rust, is wet clay now. If, against all odds I get a bug report that says somebody wants to play greed on something that isn't an ANSI terminal emulator, reinstating full curses support will take a one-sentence prompt to my robot friend and mere minutes. I hadn't had to directly confront before the fact that the entire set of assumptions that made TERM and terminfo a thing are as obsolete as dial-up acoustic modems. Still, the moment when I tossed away one of the ancient laws of Unix coding felt a bit like the universe lurching sideways. Indeed do many things come to pass...

Fast, cheap AI-assisted decompilation of binary code is here. Which means code secrecy is dead. Decompilers in themselves are not a new technology. Security researchers have employed them for years to analyze compiled malware. There's been some limited use by others, notably by hobbyists decompiling abandonware games. But there were a couple of issues that prevented this from becoming common practice. One is simply that running decompilers was difficult. It wasn't as simple as feed in binary, get out source; it needed a person with specialist skills prepared to do spelunking through wildernesses of machine code and object formats. The other problem was that decompilation didn't give you anything like the explanatory comments that had been in the original code, so you could easily wind up with code that you could read without being able to understand or modify it. Now large language models are busily smashing both of those barriers flat. They're better at the kind of detail analysis required to run the human side of a decompilation than humans are. More importantly, in the process of decompiling code, they rather automatically build a global model of how it works that can easily be expressed by high quality comments in the extracted code. All you have to do, basically, is ask for the comments. I'm going to reinforce that latter point because it may not be obvious how good LLMs are at this, and how much better they're going to get. When they decompile code and comment it for you, they're not just working from that one piece of code you have put in front of them - they'll have in their training set hundreds, possibly thousands of pieces of code similar to it and with comments. This will give them superhuman levels of insight not just into what it does at the microlevel, but what it means to the humans who wrote it, and what technical assumptions it's embodying. Compilation no longer guards your secrets. Or, to put it more precisely the expected time span in which you can still count on it to obscure them is measured in months. Possibly weeks. What does this mean? It means you're in an open-source world now. All it's going to take for anybody to bust your proprietary IP open is care enough to spend tokens on the analysis. You will maximize your chances of survival as a software business if you get out ahead of this rather than trying to fight it. This isn't exactly the way I expected open source to win. But, you know, I'll take it. Good enough.

> be me, buy a minipc sporting a shiny rgb stripe > can i turn it off? > found a windows binary blob that can control it, welp > download the zip and fire up pi > gpt-5.4: "reverse engineer LedControl_S3A_F3A.exe, i'd like to control the LEDs from Linux" (that's the full prompt) > 10 minutes of `objdump -d` later: "Yes — I dug into it." > i can now control my rgb stripe from linux > what.