Get the top HN stories in your inbox every day.
deadf00d
scim-knox-twox
Could you remove loader on your site? It's covering all page when disabled JS.
lobo_tuerto
Just right click on it, inspect and delete the element. Done.
jacobjuul
enable js?
scim-knox-twox
Why? All content is already loaded, but it's covered by loader.
Every site should be usable without CSS / JS. Nobody remember Progressive Enhancement nowadays?
josefx
On an untrusted site, where the content is readily available in the source view? No thanks, malware and other cryptominers are still a thing.
lucas_v
alex_young
Don’t people usually create profiles shortly before they decide to post something for the first time?
robbedpeter
Well it's definitely unusual to do it after.
undefined
motoxpro
That's not strange. They saw the article/someone told them it was here, they signed up to say thank you...
hunter2_
I assume the GP comment isn't trying to suggest it's strange, just that it could be an imposter. The chain of trust could be restored going forward though, like if TFA (or anything on that domain) mentions owning this HN account, or various other scenarios with correct order of operations.
WillPostForFood
a minute before this comment was posted
deadf00d
Yeah, this has not been posted by me, but shared by a reader.
71a54xd
The co-working space I used to go right out of college used to have Sonos speakers. Occasionally, there'd be times when I wanted to work where the couches were but didn't want to listen to blaring pop music or something that was too rhythmic later in the day, so I started looking for ways to interrupt the audio stream going to the sonos devices. It turns out after a bit of snooping with nmap and looking at some Sonos forums that two specific ports are used to maintain sync between Sonos speakers and stream data to them. Then I just wrote a python script that would blast these ports with TCP traffic on the wifi (which the sonos speakers were also connected to) and would use the script when I wanted peace and quiet without headphones. Turns out that networking class I took in college wasn't a waste afterall.
sgarman
1.) Could you not have just asked them to change the music? 2. Did that cause any other degradation to the network?
iypx
1. - Not OP, but I believe the moment you put some music/radio on speakers for other people to listen, legally, you become a broadcaster. You can't just play anything you want, you need a license :) I recall my last workplace mentioning they're paying a few thousands a year to stream just one radio station, same 20-30 songs 24/7...
makeworld
Interesting. I feel like the code could be simplified and be a lot more resistant to YouTube changes by just using yt-dlp, and selecting (or automatically extracting with ffmpeg) the audio-only AAC format YouTube serves. That would get rid of the YouTube request and MP4 parsing code.
X-Cubed
I'm not sure it would, as the article seems to say that Sonos requires an ADTS container for the AAC audio, which YouTube doesn't offer. So the app takes an MP4 container, filters its contents to find the AAC audio blocks, then repacks them in an ADTS container.
deadf00d
^ good reply
Guillaume86
I think ffmpeg adds ADTS by default when extracting AAC from MP4 but don't quote me on that.
Sesse__
Typically the other way around; ADTS is a way to get AAC within MPEG-TS through means of a wrapper. If you remux AAC from MPEG-TS (like e.g. a satellite feed) into MP4, it strips away the ADTS wrapper (and adds a single ASC header for the MP4 stream metadata) using the aac_adtstoasc filter.
I never really understood why you couldn't just put AAC directly into MPEG-TS without the ADTS wrapper, but MPEG-TS is pretty weird (and with super-high overhead) anyway.
ganlaw
Very interesting read. As a purely front end engineer, I am always fascinated by other peoples ability to reverse engineer everyday systems that I use and complain about. If I wanted to learn more about reverse engineering, do you have any recommended readings or talks?
shmatt
There is tons to reverse engineer on the frontend. When you think about it, we have so much source code we can read through, some of it can hide bad engineering that lets you access something you shouldn't be able to. Like setting the price of an item via hidden form parameter, or finding an endpoint that lists every single promo code
Next time you find a website with a GraphQL API, try running the introspection query[1]. If that doesn't work, try fuzzing[2]. I've found multi-billion dollar companies who've
* Left open their GraphQL playground completely
* Enable introspection
Once you start you can dig into the API, and figure if you found anything interesting
[1] https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql...
trever123
Some companies/APIs do this on purpose as one of the benefits of graphql is the self documenting nature. If you have a well secured schema this shouldn’t be a problem. If you are doing security through absurdity by having stuff in the schema you don’t want people to discover, you are going to have a bad time.
imwillofficial
“security through absurdity” Not sure if typo, but I’m stealing that regardless.
davewritescode
This one is pretty simple. All the communication with the sonos device happens in the clear and the protocols are actually pretty well documented.
Getting good at using wireshark is a good place to start.
This project is pretty dead but I remember using it a few years ago https://github.com/stephen/airsonos
_0ffh
I have something much, much worse: I've got a rabbit hole! Here's two mirrors of a quite old website that is heavy on reverse engineering lore. While technological details may be outdated, many of the teachings certainly still apply.
http://www.darkridge.com/~jpr5/mirror/fravia.org/index.html http://woodmann.com/fravia/
Edit: Sorry that the page is somewhat labyrinthine.
Infernal
On that first link is a date, it displays for me
"February 3 19122"
Took a look to see what's up with that (I'm not familiar with javascript) but it looks like he was using a function that returned the number of years since 1900, with the "19" hardcoded. So for 1995-1999 it would've worked fine, but since 2000 it has been 19100, 19101, etc.
arjvik
"19" + years_since_twentieth_century
instead of
1900 + years_since_twentieth_century
alasdair_
RIP +Fravia
Finding his site in 1995 or so taught me an enormous number of things that I don't think I would have learned any other way.
_0ffh
Yes, I genuinely felt a bit sentimental and melancholic just clicking through a few of these pages once again.
F
zekrioca
I wish I’ve found these website when I started using internet :/
IceDane
There is really not any way to give anyone a guide to doing what this guy does because it's not applying any special techniques to do anything. This isn't a binary reversing guide using a specific way to decode an encrypted executable, or whatever. This is quite literally just a guy who uses what he knows to figure out what is going on, and then learn more as is needed.
It will help not to put yourself into a box beforehand, like calling yourself a "purely frontend engineer." This is the kind of useless label for yourself that only serves to make you yourself think that you should stay in some arbitrary, badly specified corner of CS knowledge.
Literally just read about things, then use that knowledge to deconstruct other things. That's all that's going on.
korijn
Start by reverse engineering things in your comfort zone. You must already use a couple of libraries in your front end work. Hone your reverse engineering skills by trying to implement the same thing yourself. It's mostly about the ability to figure out how something works by observing and testing its behavior.
ilyazub
Man, there're so many opportunities to reverse engineer the front-end. One example is the web scraping of a SPA without using a browser. Let's say [reverse-engineering Google Maps pagination][1][2].
People on /r/webscraping are constantly asking about web scraping of JS-rendered websites. As a front-end engineer, you have the experience of front-end debugging and using the browser dev tools. People who come to web scraping from the back-end world don't have this experience and are willing to learn.
[1]: https://medium.com/serpapi/how-we-reverse-engineered-google-... [2]: Disclaimer: I'm the author of this blog post
throwawayrev3
Start here. Start with the second one - 'From n00b to l33t: An Introduction to Reverse Engineering'.
"This workshop is a 1-2 hour introduction to what reverse engineering is. It assumes no knowledge of assembly and is done on paper worksheets rather than a computer setup for accessibility and to make the most efficient use of time."
It's by Maddie Stone, who's a Security Researcher at Google Project Zero.
She also has Android app reverse engineering
https://www.ragingrock.com//pages/tutorials.html
Later, check out this book:
Reversing: Secrets of Reverse Engineering by Eldad Eilam
https://www.amazon.com/Reversing-Secrets-Engineering-Eldad-E...
fragmede
https://microcorruption.com/'s a good place to start.
denysvitali
Shameless plug: I did something similar 6 years ago and created sonos-web. Sadly I stopped working on the project, but it was indeed cool to play Youtube videos on your Sonos device (among other things).
https://github.com/denysvitali/sonos-web/
https://github.com/denysvitali/sonos-web/blob/master/plugins...
Screenshots on the README are not available anymore, but I managed to find these:
http://stadt-bremerhaven.de/wp-content/uploads/2016/08/sonos...
https://stadt-bremerhaven.de/sonos-web-open-source-loesung-f...
NoPicklez
An important reason why you can't play Youtube videos through Sonos is because the music providers are linked into the app. This means that it doesn't rely on the device to play the music. It also means that when I open up the app I can play music from my housemates Apple music account, as well as my Spotify account. But I agree, they did remove the ability push music from some apps directly to the Sonos app on Android & PC.
For me I play Youtube videos by Chromecasting them to the TV, which is connected to my Sonos playbar and the rest of the ecosystem.
deadf00d
Yep, the Sonos bar is the exception. But most of the products from sonos doesn't even have a audio input ! That's the why of this project. You can only control a Sonos beam from their crappy app and what's drove me crazy.
GrifMD
The lack of audio input's is driving me bonkers. I have a record player and Sonos Beam. To use it, I have to plug in a mic adapter into my MacBook and connected that to the record player, then use Loopback Audio to redirect the input audio as Airplay audio to my Sonos Beam. Truly how "analog" audio was supposed to be listened to.
I've tried getting a Raspberry Pi and following some guides to turn it into an internet radio broadcaster that I can then pipe into Sonos, but the audio quality was always atrocious and the case that came with my Pi kit has a fan that is super loud.
I could get a Sonos Port for 700 AUD and do it the official way... but my record player is only like 300 AUD so it doesn't seem worth it. Here's hoping I can find a cheap used one.
Sonos needs to add an analog audio in port on more of their devices.
NoPicklez
I just don't think Sonos speakers are built for that type of use case, they are first and foremost a wireless speaker and always have been. They were never designed to allow for devices to plug directly into the speakers, as it wouldn't then be controllable across the array of other Sonos devices, which is the point.
I agree that it wouldn't take much to do so and it would increase its accessibility, but I just don't think they have an appetite to do that.
The Sonos port device which they have had to allow you to physically connect devices has always been atrociously expensive. To think that I could buy two of their rear Sonos speakers and still have money left over be cheaper than the port is just silly.
NoPicklez
Agreed, my only gripe is that the app has never been snappy fast.
kclay
I assume this is what the SonosTube[1] app does. It's pretty nice
[1] https://play.google.com/store/apps/details?id=frontier.sonos...
chinathrow
For those on Linux, Noson works great to control SONOS.
monkaiju
Just found this today, works very well and lets me play any audio from my linux system through sonos
pontifier
I recently built the Murfie music service app for SONOS.
You can go to a web page served by any SONOS device and tell it a url to treat as a music service. Code up a SOAP service there and you'll be able to do anything that any other music service does.
I'd never done anything with SOAP before, so there was a bit of a learning curve, but once I got over that hurdle most of the other coding was fairly easy. Their developer portal explains basically all of the things you can do.
Getting the service approved was the hardest part.
CyanDeparture
Great article. Thanks very much for it. There's a typo in the heading "Or how to play YouTube videos on you SONOS, easy and for free." I think might want "your SONOS" instead. :)
polishdude20
Would the conversion of the MP4 be able to be done using ffmpeg?
mattmar96
Yes, even as a stream. The author mentions that a streaming conversion of mp4 to mp3 would be very difficult/impossible. I actually built that exact system for a simple youtube->mp3 downloader. FFMpeg can perform a streaming mp4->mp3 conversion. See here: https://github.com/matttt/youtubesampler/blob/master/main.js...
amaccuish
One day I'll wireshark the weird streaming protocol they use instead of just upgrading to SMB2/3. I'm pretty sure it's HTTP.
Get the top HN stories in your inbox every day.
But wait... That's my article ! Thank you guys for reading and sharing. I get so much great returns and kind messages. I'll keep you updated for the app !