I say it somewhat jokingly. Most of the challenges were AI, but there was a specific security track that wasn't about AI (but AI bug bounty hunter won. Not too mad, just annoyed at miscommunication about which countries the sponsor was actually in).
> If anything, this is pretty much the opposite of what a hackathon is supposed to be: A place where you meet people you might not even know, come up with an idea on the spot and develop an MVP + pitch it on a tight (time) budget. Taking an idea you've already been working on for months and using it for a hackathon submission feels... odd
The thing I've been working on is a much larger encompassing system where this would just be a small component. No code reused because no code was written for this yet. My task now is to take the shit code written during the hackathon and make it actually usable.
> The first is probably true, but to really judge the impact of it (Did AI generated ideas actually win?) we'd have to see the results
Yes, the winner also won the Lovable and Claude tracks. Lovable track was specifically about vibe-coding.
It does fall back to the GPS receiver if no internet and no cache but I suppose it's just more power efficient and not on anyone's minds that people would MITM for this purpose.
I still can't believe that certain IOS APIs are locked to paid developer accounts only (PacketTunnel, Shortcuts, etc.) such that you can't even sideload your own app onto your own phone with these features. It's not very well documented that it's paid either. Spent forever a couple months ago figuring out why my code wasn't working before giving up and opening my wallet.
Currently in China (as a visitor). Wireguard literally just works (to a VPS). Mullvad works as a commercial provider, just slower. Xray-core (vless, Trojan) if you're paranoid. I have my own proxy over syncthing relays https://github.com/acheong08/syndicate which I use to proxy to my home in the UK (residential IP) without exposing any ports.
I get rate limited to around 10mbps in Chongqing. Was slightly higher in Beijing.
I do have that as well. I've noticed that sometimes all network connections out of the country gets blocked. With syncthing, there are relays within China that can be used which may be in less restrictive provinces.
Kind of a best case, worst case scenario thing such that I can switch between as necessary. WireGuard best case, Xray-core fallback, syncthing worst case
I built a bad clone of Charles Proxy over the summer as part of another project (iOS VPN -> mitm with custom root certificate -> logging). It's surprisingly simple. It basically goes App -> Packet tunnel -> SOCKS -> a child process (I used https://github.com/AdguardTeam/gomitmproxy) to handle the sniffing and reencryption.
I wonder if AI is good enough to vibe code my horrible hacks into a full clone of Charles Proxy these days.
Annoying fact: Apple requires you to have a paid developer account to access the Packet Tunnel APIs. You can't even test it in XCode simulator because of how networking works in there. It's insane that I can't even develop for my own phone without paying an extra fee to Apple. The error message when you sideload without a paid account doesn't make it obvious at all and it took me a good day or two before realizing .
> It's insane that I can't even develop for my own phone without paying an extra fee to Apple.
A Linux phone can’t come fast enough. Yes there is at least one, on ancient hardware. IMO a viable Linux phone requires hardware at most one generation old.
That Linux phone is called Android. It runs plenty fine enough even without GApps (or with shims like microg), and the sheer amount of engineering needed to make baseline linux even usable as a phone system is over a dozen years away.
Android with binder is a strictly superior architecture that anything else that has come for strict isolation. As a bonus, it's battle tested, and latest Android phones just... run linux. You can have a shell and GTK if you so desire.
While this is mostly a KVM setup, there's nothing specific about Android that prevents a linux userspace from running in there. Each app is almost one already. Most of its core components have been integrated into linux's main repository (like binder), and AOSP isn't that far off from a regular Linux. Sure, zygote, user & power management are not exactly a standard install, but they're not that crazy either
Okay, so suppose I want a linux and not an android phone, so I get an android phone, disable login password etc, and delete everything except "Linux Terminal" and put my linux there.
What sort of tradeoffs would I see? Performance? Battery life? Security (secure enclave access?)
Aside from a misplaced obstination to have _Linux_ as the base for your phone with all the awful power management, high energy use, bad governors, terrible process isolation and fleeing security holes everywhere in a phone that most of the times contains access to your entire life, what does Linux give you that Android doesn't? Both are FOSS.
While vibe coding will get you something that potentially works, I've noticed LLMs are really bad at cleanly abstracting across multiple layers in this area. They usually will insist on parsing and serializing every field at every layer.
If you have the protocols/interfaces well defined up front it is very fast at building extensions, analytics or visualizations though.
> I've noticed LLMs are really bad at cleanly abstracting across multiple layers
Which makes sense, as most developers are too (it’s a particular non-trivial skill and rarely modeled wrll), so LLMs are more likely to be trained on muddled multiple layers.
mitmproxy/mitmweb offer a WireGuard server implementation to do pretty much this. You can grab any existing WireGuard VPN, scan a QR code to import the VPN config, and start monitoring (after installing the MITM certificate, of course).
The packet tunnel story is crazy. I'm glad Android allows you to just use network APIs without question as a developer.
That's what I usually use. The packet tunnel method is used if you want everything to be fully local. My plan was to make an app that can locally spoof your location on iOS without a third party able to MITM.
Apple Pay still does send a lot of telemetry about your payments though. https://duti.dev/randoms/wip-location-services/
reply