This is 100% a response to "Stitch With Google" which has been doing amazing work in this space for a long time now, and is Google's answer to Lovable.
I'm now pasting all my Stitch output into Claude Design to see what happens.
edit: First impressions are great. It asked me a ton of really great questions about my design aspirations and direction, which were incredibly relevant and insightful. Waiting to see what it makes.
edit2: It did astonishingly well with the first design pass. Really outstanding. This is probably going to be my primary prototyping tool until the Next Best Thing(tm) drops in a few weeks.
Just to follow-up, the limits are awful. Even on the Max plan you're going to hit the weekly limit after about 10 mins of use. Then you have to wait another 6 days.
I tried stitch. Overall preplanned sections.
Issue is... You can't wellllll stitch! E. G. Take section1 migrate mix with section 2 etc. Good idea - but still a mess!
I too use Stitch, seems like not many have heard of it. Stitch also asks good questions, do you have any examples of both side by side with the same prompt or idea?
Really annoying but I can't figure out how to share a link from Claude Design? It seems to only allow you to share the design with other people on your account? It'll let me export all the HTML and assets, but that's a bit rough to have to download it all and upload it to a host somewhere just to send it to a client for review or something. On Stitch you can just grab a link to the design.
It's wild that it took AI to get half the companies on the planet to actually add reasonably priced APIs to their products so I don't have to puppeteer every damn thing with a flakey harness.
I love poor forgotten Antigravity. For one, you can use your Gemini account to churn Opus credits until they run out then switch to Gemini 3.1 to finish off.
8088 MPH demo is revolutionary. I have a plan to try and backport the developments from that demo, plus other optimizations learned in the last 40 years, back into the original 8088 Elite PC version. I had Gemini Pro write a PoC using 8088 assembler to create a CGA flat-poly renderer for the ships, which worked great. Next step is to use Claude to disassemble the original Elite binary so I can figure out where the rendering code lives and try to start patching it.
Google is putting a lot of research into small models. Most of my AI budget is now going to small models because I am doing lots of tiny tasks that the small models do great with. I would think a decent chunk of Goog's API revenue probably comes from their small models.
I'm running an 8 bit quant right now, mostly for speed as memory bandwidth is the limiting factor and 8 bit quants generally lose very little compared to the full res, but also to save RAM.
I'm still working on tweaking the settings; I'm hitting OOM fairly often right now, it turns out that the sliding window attention context is huge and llama.cpp wants to keep lots of context snapshots.
I had a whole bunch of trouble getting Gemma 4 working properly. Mostly because there aren't many people running it yet, so there aren't many docs on how to set it up correctly.
It is a fantastic model when it works, though! Good luck :)
There are two levels below having the source. One is having the binary of the firmware, which could be decompiled by the AI and understood. And then the worst-case is what I'm dealing with currently, which is where there is no access to the firmware binary and the firmware is stored on the PCB in such a way to prevent sticking a chip clip on it and forcibly extracting it, so you're totally blind. (Just as you would be with a completely remote attempt)
I have a fairly specialized bit of hardware here on my desk. It's a rackmount, pro audio DSP that runs embedded Linux. I want to poke at it (specifically, I want to know why it takes like 5 or 6 minutes to boot up since that is a problem for me).
The firmware is published and available, and it's just a tarball, but the juicy bits inside are encrypted. It has network connectivity for various things, including its own text-based control protocol over SSH. No shell access is exposed (or at least, not documented as being exposed).
So I pointed codex at that whole mess.
It seems to have deduced that the encryption was done with openssl, and is symmetric. It also seems to have deduced that it is running a version of sshd that is vulnerable to CVE-2024-6387, which allows remote code execution.
It has drawn up a plan to prove whether the vulnerability works. That's the next step.
If the vulnerability works, then it should be a hop, skip, and a jump to get in there, enable a path to a shell (it's almost certainly got busybox on there already), and find the key so that the firmware can be decrypted and analyzed offline.
---
If I weren't such a pussy, I'd have started that next step. But I really like this box, and right now it's a black box that I can't recover (I don't have a cleartext firmware image) if things go very wrong. It's not a particularly expensive machine on the used market, but things are tight right now.
And I'm not all that keen on learning how to extract flash memory in-situ in this instance, either.
That's awesome. I had two of these devices I'm trying to break into. One has the ROM chip exposed, but I think it is cooked. The device doesn't boot because I think the previous owner used the wrong PSU, but I was hoping I could at least extract the code. The newer updated version of the device has an SoC with embedded ROM and almost all the access points on the PCB removed. I'm loathe, like you, to tamper too badly with a working thing that I myself might release the magic smoke from.
It's also scary where this is going. LLMs are getting fantastic at breaking into things. I sometimes have to dance around the topic with them because they start to get suspicious I'm trying to hack something that doesn't belong to me, which is not the case.
I had some ebooks I bought last year which I managed to pull down the encrypted PDFs for from the web site where you could read them. Claude looked at the PDF and all the data I could find (user ID etc) and it came up with "147 different ideas for a decryption algorithm" which it went through in turn until it found a combination of using parts of the userID value and parts of other data concatenated together which produced the key. Something I would never have figured out. Then recently the company changed the algo for their newer books so Claude took another look and determined they were modifying the binary data of the PDFs to make them non-standard, so it patched them back first.
Wrong PSU? Sometimes, there's single-use reverse polarity protection on devices. It's a reverse-biased diode near the input which normally doesn't conduct at all, but which conducts very well when the input polarity is reversed and basically shorts the input. This burns a fuse and turns it off forever until someone tends to it. (Sometimes, that fuse is nothing more than a sacrificial PCB trace.)
And yeah, the bots do get spooked about some things. ChatGPT refused to help with my goal with this DSP; it quickly built a wall around the idea that I could move around some but couldn't bypass.
With codex, I took a different approach that began with having it explore an unnamed local (RFC 1918) IP address with nmap -- without any stated intent. It found the vulnerable sshd version on its own pretty quickly, and accepted that the only way to test it with this black box device is to actually test it.
I suppose I could have discovered that myself with nmap, netcat, and Google, but this was a lot easier. The ease scares me a bit, but this time it's helping me so I guess that's fine...right? (Right?)
Previous to codex, years ago now, I've used ChatGPT to assist with opening an encrypted zip file that contained the as-built documentation for the new, ~million dollar pile of hardware we had in the next room. I have no idea what corpo nonsense required that documentation to be encrypted, or why the manufacturer insisted on only giving me the key in the form of a stupid riddle.
My tolerance for games like that is very limited. Rather than call them up and tell them exactly what I thought about that game, the bot got it sorted with some cut-and-paste operations and automated grinding without much effort on my part. It didn't take long at all and I didn't end up calling anyone an asshole, so that worked well for me. :)
I have one of these Smiirl flip counters. It runs a version of OpenWrt without the web UI, but has a uhttpd to serve an api. I'm hoping Mythos can help me find an exploit to get into it and enable ssh since they have now disabled the simple api switch that would let you turn it on.
https://stitch.withgoogle.com/
I'm now pasting all my Stitch output into Claude Design to see what happens.
edit: First impressions are great. It asked me a ton of really great questions about my design aspirations and direction, which were incredibly relevant and insightful. Waiting to see what it makes.
edit2: It did astonishingly well with the first design pass. Really outstanding. This is probably going to be my primary prototyping tool until the Next Best Thing(tm) drops in a few weeks.
reply