Post AjLMuh1NTLF1HCNG4W by lewiscowles1986@phpc.social
(DIR) More posts by lewiscowles1986@phpc.social
(DIR) Post #AjKmkevknHoHXweyR6 by foone@digipres.club
2024-06-26T23:02:52Z
0 likes, 0 repeats
if I had a lot more time I think I might write a book on my ideas about "adversarial automation".The idea that the point of computers is to help the humans do their job faster and easier, and sometimes the computer or the software on it is the enemy in that battle.
(DIR) Post #AjKmkiPzpImeMbpfUW by foone@digipres.club
2024-06-26T23:04:22Z
0 likes, 0 repeats
because I see a lot of people approaching automation from this attitude of "software/sites should have APIs so that users can write software to automate it!"and while that's not wrong, exactly, it's also not the attitude I think makes the most sense, you know?We do not ask for access. We don't need to get permission to be able to automate our tasks.
(DIR) Post #AjKmkjrgRqWcqlnIHo by foone@digipres.club
2024-06-26T23:05:11Z
0 likes, 0 repeats
There is always API 0: acting like a human/browser/user. The first API is "fuck you I'm doing it anyway". Any additional API the program provides is merely a helpful shortcut
(DIR) Post #AjKnSxOlUYdpZ7Lutc by foone@digipres.club
2024-06-26T23:06:31Z
0 likes, 0 repeats
You see the point of this a lot in API design, where a company is like "okay we made an API but we limited it a bunch because we are scared about cheaters/bots/scrapers/whatever", while the things they limit are things a user clicking links can do in 2 seconds.
(DIR) Post #AjKnSyAcccvFxXk8US by foone@digipres.club
2024-06-26T23:07:37Z
0 likes, 0 repeats
like, if your API doesn't provide me a follow_user() call, but the user can follow anyone by clicking one link?Your lack of a follow_user() call is not going to stop me. I'm just going to click the link, automatically. Having an API 1.0 doesn't mean API 0 goes away.
(DIR) Post #AjKnSz1nQvSOcScbNA by foone@digipres.club
2024-06-26T23:08:29Z
0 likes, 0 repeats
And I think this is an under-discussed part of automation because it's associated with spammers and such, but they're only one possible user of this. By making it better known it can get used for more legitimate uses
(DIR) Post #AjKnSzq8Plit8aAnpo by foone@digipres.club
2024-06-26T23:09:42Z
0 likes, 0 repeats
The basic philosophy of adversarial automation is that the software/website is the enemy.
(DIR) Post #AjKnT0gFI1PHkCYQ3k by foone@digipres.club
2024-06-26T23:10:47Z
0 likes, 0 repeats
You don't control it, so it can't be consider an ally in this automation.
(DIR) Post #AjKnT1c1pBcydPaZ7o by foone@digipres.club
2024-06-26T23:11:51Z
0 likes, 0 repeats
I'm talking less like "you're in a constant arms race with the people maintaining the official API as they try to stop your spamming" and more like "Your lab depends on this program from 1996 and there's no updates and no way to automate it"
(DIR) Post #AjKo9IRLeLR8zHkXrc by psilocervine@peoplemaking.games
2024-06-26T23:08:52Z
0 likes, 0 repeats
@foone there is, of course, issues with the fact that a lot of people on the other side of the equation know about API 0. I remember when twitter started making The Changes, they also got REALLY strict with automation detection to the point where it was dinging the average user because it seemed like they MIGHT be trying to bypass the lack of an API
(DIR) Post #AjKpF0II84ZQOrnaZk by foone@digipres.club
2024-06-26T23:12:45Z
0 likes, 0 repeats
and the answer is really that of course you can automate it. Stick it in a VM, OCR the screens, inject your own DLLs, puppet the keyboard and mouse!
(DIR) Post #AjKpF32nu6xqvhZlLs by foone@digipres.club
2024-06-26T23:14:31Z
0 likes, 0 repeats
my point is that every program, every website, DOES expose an API, you just need to know how to best use that API.That API being "the access they provide for humans"
(DIR) Post #AjKpF4D7ZEoMXzPW4W by foone@digipres.club
2024-06-26T23:15:07Z
0 likes, 0 repeats
For websites this is forms and links. For desktop applications this is buttons and windows and keyboards.
(DIR) Post #AjKpF5ltlQDxO8gnuy by foone@digipres.club
2024-06-26T23:16:17Z
0 likes, 0 repeats
And I think (in part because it's affiliated with Bad Actors like spammers), a lot of programmers don't consider all their options in these areas.
(DIR) Post #AjKpF7EILKX5uUyzom by foone@digipres.club
2024-06-26T23:18:00Z
0 likes, 0 repeats
And that's really a shame. Computers should be used to automate things. We spend way too much time dealing with shitty sites and shitty programs because we have no choice and think we can't automate them away.
(DIR) Post #AjKpF8LQCJpNMtKCZ6 by foone@digipres.club
2024-06-26T23:18:43Z
0 likes, 0 repeats
well, that's wrong. We can absolutely automate them, it just takes a little more work and some different strategies
(DIR) Post #AjKpF9g1FDtjV3yAJE by foone@digipres.club
2024-06-26T23:19:56Z
0 likes, 0 repeats
I think of this as a short term vs long term thinking sort of problem. Like, a lot of programmers are stuck in the "should" part of thinking about programs and sites.Yes, the program SHOULD be open source, so you can just fix the UI. Yes, the website SHOULD have an extensive API so you can easily automate it.
(DIR) Post #AjKpFB3o6GWJn86g1g by foone@digipres.club
2024-06-26T23:20:10Z
0 likes, 0 repeats
I agree with all that! but... it doesn't.
(DIR) Post #AjKpFCP76X9pxV5CsK by foone@digipres.club
2024-06-26T23:21:14Z
0 likes, 0 repeats
and if you want to automate it today, your only options are to be adversarial about it. It's the enemy, you pretend to be a human user and automate the interactions with the app/site. It's the only way.
(DIR) Post #AjKpFDjMAkwc4ZYt4C by foone@digipres.club
2024-06-26T23:22:30Z
0 likes, 0 repeats
by all means, try to switch to open source alternatives or get them to fix it or add an API. But at the end of the day that's asking "the enemy" to do something for you, and they are under no obligation to listen to you. (They may not even exist anymore, given that a lot of the times when I've used this sort of Adversarial Automation it's been focused on software from decades ago)
(DIR) Post #AjKpFFIqKIvMwvAk1A by foone@digipres.club
2024-06-26T23:23:21Z
0 likes, 0 repeats
It's also a thing that intersects with the way a lot of people online are thinking about computer-use as something they do as a personal hobby, you know? They can run any OS, any software they can legally (or even illegally) install, they can use any options they want
(DIR) Post #AjKpFGlastW5UNdDTE by foone@digipres.club
2024-06-26T23:25:49Z
0 likes, 0 repeats
But the fact is, often times people have jobs where they aren't self-employed and have to work for other people, and those other people can be like "you need to use FooBaz 2007 for this job". Would it be easier to automate if you were using OpenBaz? Certainly! But your boss can still tell you "no, we're not switching to OpenBaz, we need to use FooBaz 2007"
(DIR) Post #AjKpFICvWkyTxRQYiG by foone@digipres.club
2024-06-26T23:27:13Z
0 likes, 0 repeats
And now your options are basically just:1. Get a different job2. Use FooBaz 2007 manually3. Adversarially automate FooBaz 2007
(DIR) Post #AjKpFJqfQUMD2z1oIK by foone@digipres.club
2024-06-26T23:28:59Z
0 likes, 0 repeats
One example where this came up in my career was when I was working for an educational book creator/publisher. Apple had just added a bookreader tool for iphones/ipads/etc, and we had a lot of colleges asking if we could provide our textbooks in that format.
(DIR) Post #AjKpFLQ9a2KxvKdfFI by foone@digipres.club
2024-06-26T23:30:46Z
0 likes, 0 repeats
well, at the time the only way you could make books for apple devices was to use the book creation program, which was basically a word processor. It was focused around the idea that you would create your books inside it. Well, we already had our books created.
(DIR) Post #AjKpFMbXBD2DauyGci by foone@digipres.club
2024-06-26T23:32:04Z
0 likes, 0 repeats
We didn't want to have someone retype them.We could import them as plain text (or DOC, I think?) and that'd get the actual text content of our books with some minor formatting, but we had very interactive and multimedia books. Tons of images, cross links, quizzes, and so on. Pretty much all things that the apple book format supported, but didn't support importing.
(DIR) Post #AjKpFON4bwej4eDkMS by foone@digipres.club
2024-06-26T23:32:54Z
0 likes, 0 repeats
So our options were basically:1. Hire a bunch of people to painstakingly re-create our books inside the Apple Books tool2. Adversarial Automation, baby!
(DIR) Post #AjKuCUVDrEPQzaT6Tg by foone@digipres.club
2024-06-26T23:34:54Z
0 likes, 0 repeats
We figured out how much could be imported, and what was left out. We figured out the limitations of the undocumented applescript interface. We figured out we could build complex HTML documents, copy them, and then have the keyboard automation press "cmd-V" and they'd be brought in without issues. We automated away the bad UI that was going to make it too expensive to publish on apple platforms.
(DIR) Post #AjKuCXpXU9RXJSzs3s by foone@digipres.club
2024-06-26T23:35:44Z
0 likes, 0 repeats
Should Apple have provided better docs and interfaces and APIs?Yes, of course! We asked for them.But at the end of they day, they may not. And we need to publish this stuff soon, not in several years when Apple decides it might be a good idea for the next revision
(DIR) Post #AjKuCZGW9KcLlQcvke by foone@digipres.club
2024-06-26T23:37:35Z
0 likes, 0 repeats
My overall point is something like:By all means, use APIs and official channels and built-in scripting support if you can.But remember those are only shortcuts to automation. You can always ignore them and off-road.
(DIR) Post #AjKuCaXDQjZJhVRmPw by foone@digipres.club
2024-06-26T23:40:29Z
0 likes, 0 repeats
My silliest example of this sort of thing:I was automatically taking screenshots of a DS game in an emulator. my program would load a savestate, jam some new data into the DS's RAM, hit a button, then screenshot it. But the emulator was showing a "SAVE STATE LOADED!" text overlay over the game's window, no matter what option I set.
(DIR) Post #AjKuCbiF3DyzLzc6F6 by foone@digipres.club
2024-06-26T23:41:54Z
0 likes, 0 repeats
I go on the dev's discord/IRC, talk to them about making it an option, they say they've considered it but it's low priority.I look into building the software myself, but it's very complicated on windows, with a lot of dependencies and such...
(DIR) Post #AjKuCd3C4oKvVGQLXU by foone@digipres.club
2024-06-26T23:42:32Z
0 likes, 1 repeats
I open the EXE in a hex editor. Find the string "SAVE STATE LOADED!", and change the first character to a NUL. Now the emulator is still showing the message, but since it's zero characters long, it's invisible. Problem solved.
(DIR) Post #AjKuCeJBOqijP8ud6G by foone@digipres.club
2024-06-26T23:48:59Z
0 likes, 0 repeats
my overall thesis is, I guess, that programmers need to remember they can say "fuck you" to software more often.
(DIR) Post #AjKuXoGNaE2sMNgusi by vurpo@mastodon.coffee
2024-06-26T23:38:21Z
0 likes, 0 repeats
@foone if a website provides extra API to do things in a different way from how the UI itself does it, that seems a bit sus to me really, as if they're trying to separate API users and other users (see telegram bot API)
(DIR) Post #AjKvEBeJ1d6N3K5cOW by bhearsum@fosstodon.org
2024-06-26T23:45:29Z
0 likes, 0 repeats
@foone True story: the original way that signing Windows binaries for Firefox was automated was an AutoIt script because (IIRC) signcode had no way to enter the passphrase than a modal pop up at the time.
(DIR) Post #AjKvUGYQYVncto0V9M by AnnaTLeigh@mastodon.social
2024-06-26T23:53:18Z
0 likes, 0 repeats
@foone Things got worse in the last decades wrt interoperability, automation and scraping.In the 2000s we had multi-protocol Trillian, if it was developed today, it would be flooded with cease and desists, account blocks and aggressive technical countermeasures.Even ex-"information wants to be free" leftists lose their minds about AI scraping.And remote attestation is looming on the horizon.
(DIR) Post #AjKwIY1bsGD3YwdJsu by Elucidating@mastodon.social
2024-06-27T00:01:33Z
0 likes, 0 repeats
@foone I read the thread and on this, have you ever heard the story of how plaid got started?The ahem ahem rumor is that they just did exactly as you said, API 0 and also managed to reverse a lot of bank mobile APIs. They implemented all this and then went to the banks and said, "You can either work with us or we'll go live with this impl and we won't work with your provisioning team." Some banks were forced to improve their non-internal APIs because of this implicit threat.
(DIR) Post #AjKwOVx8UWTisDNyHQ by bo_brinkman@mastodon.social
2024-06-27T00:02:08Z
0 likes, 0 repeats
@foone I have a raspi with a speaker in my garage that has recordings of my voice so I can give voice commands to a smart speaker when I'm out of the house. :)
(DIR) Post #AjKwWrUgHnVHzy3YqO by ianh@mastodon.social
2024-06-27T00:04:40Z
0 likes, 0 repeats
@foone great thread. i think it's worth mentioning the connection to accessibility tools and APIs as well. often people are put into the same position as a screen scraper when faced with software whose "API 0" is particularly restrictive (e.g. requires acting like an abled user in a particular way, like having to interact with things via moving a mouse and clicking, rather than like a human in general who may want to or have to interact with the software via different modalities)
(DIR) Post #AjKwWtfOCxG2jl58oS by ianh@mastodon.social
2024-06-27T00:06:19Z
0 likes, 0 repeats
@foone and you see this connection a lot in practice -- accessibility hooks are quite useful for adversarial automation, and adversarial automation techniques can be used to build accessibility tools too
(DIR) Post #AjKweBUMLP0O2ROiNE by foone@digipres.club
2024-06-27T00:06:39Z
0 likes, 0 repeats
@bo_brinkman nice!
(DIR) Post #AjKwrgkxP2c2mIbHwu by foone@digipres.club
2024-06-27T00:08:59Z
0 likes, 0 repeats
@ianh oh definitely. accessibility is so often a last minute concern (if they thought about it at all) that it only makes sense to go "screw you" and build your own accessibility functionality.
(DIR) Post #AjKyGSUffUHrjkMFUm by EkpyroticFrood@mastodon.social
2024-06-27T00:49:59Z
0 likes, 0 repeats
@foone You are basically describing my full time job. Just the automation is for internal systems, that are ancient and horrible. They do often complain that I’m sending them too much traffic, but that is because nearly all of the usage of their system is via my automation and the simple user interfaces I created for it.
(DIR) Post #AjKyOK0l5cJxkI7Fce by foone@digipres.club
2024-06-27T00:51:13Z
0 likes, 0 repeats
@EkpyroticFrood very cool! Are y'all hiring? :)
(DIR) Post #AjKye5KjQfoWr9yUtc by benetherington@spacey.space
2024-06-27T01:02:30Z
0 likes, 0 repeats
@foone I never thought of it this way, but now API 0 is going to be stuck in my head forever. I had a ticket for an in-house web app closed because the feature could be abused, and now I just click a bookmarklet that implements it. My life’s full of adversarial automations, and I love your description here.
(DIR) Post #AjL21ZIKV38QIojyL2 by donkey@mastodon.nz
2024-06-27T01:57:33Z
0 likes, 0 repeats
@foone @samhenrigold
(DIR) Post #AjL8w9N29nW08DIvmy by unsaturated@discuss.systems
2024-06-27T03:15:04Z
0 likes, 0 repeats
@foone my god you buried the lede on this, and also: fuck yeah
(DIR) Post #AjLMuh1NTLF1HCNG4W by lewiscowles1986@phpc.social
2024-06-27T05:51:34Z
0 likes, 0 repeats
@foone check-out dxwnd; an amazing wrapper tool I've used for getting old games to work;Folks are doing the work, but it is incredibly rare and specialised compared to commodity engineering.Love that you are calling this out.
(DIR) Post #AjLN3k7pIijhVehpVg by Di4na@hachyderm.io
2024-06-27T05:52:41Z
0 likes, 0 repeats
@foone there is a reason i like "automate the boring things" book and recommend it widely And why AHK is such a massively installed piece of software
(DIR) Post #AjLRkIbnskJoRBH8Cm by viraptor@cyberplace.social
2024-06-27T06:45:55Z
0 likes, 0 repeats
@foone I'm running some medical software automation where the creators do not care much about either automation or easy workflows. Oh well. Change pricing on 100 items? Windows automation. Need to unassign a doctor from 1000 patients? Windows automation. Stupid vaccination workflow? Windows automation. Shoutout to https://github.com/FlaUI/FlaUI for making the job so much simpler.
(DIR) Post #AjLTacRxSS0azDBLv6 by jovialthunder@xoxo.zone
2024-06-27T07:03:49Z
0 likes, 0 repeats
@foone amazing, big "thank you for playing Wing Commander" hack energy (https://www.wcnews.com/news/update/16279)
(DIR) Post #AjLU1Zi1kwk2IwYHSa by Dan_Ramos@noauthority.social
2024-06-27T07:11:05Z
0 likes, 0 repeats
@foone Well, that's only because computers make very fast and accurate mistakes.
(DIR) Post #AjLnP5qELyKnkbJhbc by neopostmodern@tldr.nettime.org
2024-06-27T10:48:43Z
0 likes, 0 repeats
@foonePlease write it! I feel like counter/adversarial automation is conceptually so underdeveloped...
(DIR) Post #AjLqERgD7OGu9sFDOq by benjohn@todon.nl
2024-06-27T11:19:42Z
0 likes, 0 repeats
@foone I guess there is a case that unsupported legacy software is _easier_ to hack around, because it’s a dead sitting duck, instead of constantly moving chameleon.
(DIR) Post #AjLtMXwG21V3kUIx9M by cerhnn@mastodon.social
2024-06-27T11:53:50Z
0 likes, 0 repeats
@foone this
(DIR) Post #AjM2AkGLHixi5E99xQ by collette@mastodon.social
2024-06-27T13:30:31Z
0 likes, 0 repeats
@foone “I open the EXE in a hex editor.” oooo what magic is this??
(DIR) Post #AjM9gxFNFC25Id01y4 by dalias@hachyderm.io
2024-06-27T14:57:08Z
0 likes, 0 repeats
@foone See also: the Twitter scrapers that actually survived, NewPipe, etc.
(DIR) Post #AjMASVd3EMcdXkkZ9s by dalias@hachyderm.io
2024-06-27T14:58:39Z
0 likes, 0 repeats
@foone Unfortunately they like to constantly make breaking changes to the interfaces for humans too... 🤬
(DIR) Post #AjMAp8WVIq1UXjTeEq by dalias@hachyderm.io
2024-06-27T15:01:26Z
0 likes, 0 repeats
@foone Once upon a time, I did that to browsers with the CSS string for scrollbar style.
(DIR) Post #AjMKF61W7QCxuHR8am by gunstick@mastodon.opencloud.lu
2024-06-27T16:56:14Z
0 likes, 0 repeats
@foone I automate facebook. I check if new users have answered the group admittance qustions correctly, and only then I allow them into the facebook group.All done with firefox piloted with xdotool.Firefox could offer an API for group management, but they don't. And they will never do.
(DIR) Post #AjMM0tLOfBi6R85d7w by dziban@functional.cafe
2024-06-27T17:13:52Z
0 likes, 0 repeats
@foone I honestly wonder if I can spend more than 10 minutes using software and not say "fuck you". Software is infuriating
(DIR) Post #AjMN3gqpfUgeVsgxKC by elithebearded@fed.qaz.red
2024-06-27T17:26:01Z
0 likes, 0 repeats
@foone Your message is well received. I 100% agree with the "fuck you, doing it anyway" methods and have done some of the things you mention, like wrapping a shitty Java hardware controller with xdotool, editing binaries, replacing the dynamic linker to use different libc.My first job involved protocol normalizers for financial data, and included putting an API around things designed for a dedicated rs232 attached terminal.
(DIR) Post #AjMQgq7pQ9TYQt08JM by SteveClough@metalhead.club
2024-06-27T18:05:40Z
0 likes, 0 repeats
@foone Very much my PhD thesis. It was trying to understand the interaction between the human and computer elements of a system.Computers should be enabling the human process to be easier and more straightforward. A computer introduced in a system should ease the processing, nothing else.
(DIR) Post #AjMQtTJFYorBR3MoK0 by llewelly@sauropods.win
2024-06-27T18:09:45Z
0 likes, 0 repeats
@foone a brilliant reversal of the more common software design principle that the user is the enemy.
(DIR) Post #AjMbGXGI20XrtYcQ3E by etherdiver@ravenation.club
2024-06-27T20:01:50Z
0 likes, 0 repeats
@foone thanks for this informative thread. This answers a lot of questions I've had for a while but been unable to get concrete answers about. (When I've asked I've gotten a lot of, "Well, maybe, technically, BUT" type answers that sounded like a semi hard no but it sounds like the real answer was actually "Yes but I don't want to/am afraid to/don't know how to approach it" all along.)
(DIR) Post #AjMfc7YcgCNOMVk46y by usagi@moe.onl
2024-06-27T15:50:39.859Z
0 likes, 0 repeats
@collette@mastodon.social @foone@digipres.club A hex! :neocat_flop:
(DIR) Post #AjMfc8RvMac181cEJE by foone@digipres.club
2024-06-27T20:44:58Z
0 likes, 0 repeats
@usagi @collette yeah. Never use an api if you can just cast a spell on the software.Maybe that'll be the title if "adversial automation" doesn't work out.Computers for Witches.Or "How to use computers like a witch"
(DIR) Post #AjOJKJxU1c74w2Oh2u by antnisp@mastodon.social
2024-06-28T15:55:11Z
0 likes, 0 repeats
@foone Have you tried openQA? It has very similar ideas about software testing.
(DIR) Post #AjWXbl9f7EJApSyztw by aaronsdevera@nso.group
2024-07-02T15:12:30Z
0 likes, 0 repeats
@foone please do!
(DIR) Post #AjYKz3yMPL1mlPOjzM by ignaloidas@not.acu.lt
2024-07-03T12:02:37.124Z
1 likes, 0 repeats
@foone@digipres.club Youtube limits adding videos to a playlist to a 100 per day over their API because it's a "write operation" and those are all collectively limited for some reason no I'm not going to transfer my several thousand video playlist over several months because of that, you will get the "fuck your limits" treatment purely because you decided to put dumb limits on
(DIR) Post #AwCgANC3qeWFYdkQCm by n_dimension@infosec.exchange
2025-07-16T21:33:05Z
0 likes, 0 repeats
@foone Adversarial automation
(DIR) Post #AwCgGqNyE3JRphP5wO by n_dimension@infosec.exchange
2025-07-16T21:34:18Z
0 likes, 0 repeats
@foone Another good rant this morning.