Rendered at 19:38:22 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
tzs 35 minutes ago [-]
OT: do many people who come to your door actually ring your doorbell? 95% of people who come to my door, which has a doorbell and does not have a knocker, knock.
Do people just prefer knocking nowadays? Have Ring type doorbells become so common that people don't realize that a simple pushbutton beside the door with no camera can be a doorbell?
bdavbdav 13 hours ago [-]
Is this not more targeted at “badly developed IOT” generally as opposed to “your doorbell”? Bad title.
voidUpdate 12 hours ago [-]
Can you actually access any of the doorbells on the internet with this? It reads to me like you need physical access to extract the signing keys etc over the debug port before you can actually impersonate the device
porshia 8 hours ago [-]
You can enumerate them against the API.
interludead 12 hours ago [-]
I think the distinction is: physical access helps bootstrap the research, but the resulting key/signing logic is not device-specific
user01815-2 13 hours ago [-]
Awesome, as it doesn't actually work from the street door right now, and I can't get the condo management company to fix it. Guess I just need to post a QR code outside?
philipallstar 11 hours ago [-]
Can ring this Temu doorbell.
SAI_Peregrinus 2 hours ago [-]
An attack that could remotely ring my old-fashioned hard-wired doorbell would be really cool to read about. It's the classic electromechanical style with an AC line transformer wired directly between the chime & the button.
maeln 11 hours ago [-]
If you want to do some fun hacking project, Temu and similar websites are a trove of insecure cheap IoT devices made with almost 0 security consideration. Security camera, car chargers, sport tracking devices, etc.
If you are a bad actor, that is also probably a very easy way to find new ways to enroll devices in your botnet.
vachina 9 hours ago [-]
I think they’re more secure by the virtue of being niche. Nobody will build an exploit chain to sniff for and target these devices.
maeln 7 hours ago [-]
By the virtue of being cheap garbage, they actually sell very well and can be found quite a lot in the wild. So they are not that niche.
porshia 8 hours ago [-]
So many of them are hosting some sort of server they /have/ to talk back to. Wouldn't be so bad if they just acted entirely self contained...
So the question is, what is the vendors benefit from running these servers.
10 hours ago [-]
porshia 8 hours ago [-]
Would be interesting to know if we can flash a new firmware onto this. Funnily enough I think I have one of these in my "shit to poke at" pile
sandeepkd 13 hours ago [-]
Anyone is probably a hyperbole here, regardless its accessible via internet, it is always in the category of relatively secure. Applies to pretty much every device connected to internet. Absolute security is a myth, it does not exists.
One can argue that a particular manufacturer is relatively more secure than other, however as long as the software is changing/evolving, eventually it will opens up the possibility/window to hack it
consp 13 hours ago [-]
While true in general, this devices approach to security is an open doorway with a curtain in it to prevent access with they key hanging next to it in case there accidentally is a door. The security footprint is so low it should be called out as non existent.
6510 15 hours ago [-]
You could take a picture from the real footage, remove the people from it and insert yourself into the front yard. Then when they open the door act confused that you cant see them.
edit: my doorbell resets if you hold it down for 10 seconds then it takes wifi credentials with a QR code and thinks you are it's new owner.
iso1631 10 hours ago [-]
add in a "ghost"
stackghost 16 hours ago [-]
I'd be shocked if the Ring doorbells were materially more secure.
I sit firmly in the "only smart device is my printer and I keep a loaded gun next to it in case it makes a weird noise" camp.
nickt 15 hours ago [-]
You should probably get a cheap IoT camera to keep an eye on that printer!
harry8 14 hours ago [-]
not "get", build it with an esp32 & Tasmota (or whatever).
Exactly. All my IoT stuff is on it's own wifi network and VLAN because I don't trust the initial or long term security of some of these manufacturers.
tehlike 16 hours ago [-]
I have a poe reolink camera doorbell that I am yet to install...
inventor7777 14 hours ago [-]
I've got the Reolink PoE doorbell and it works great!
gerdesj 12 hours ago [-]
Me too.
You can put it on a separate VLAN with no internet access and watch it via your own app eg Home Assistant, Frigate, Zoneminder or whatever.
robertlagrant 11 hours ago [-]
I have a Reolink but haven't got to Home Assistant yet. I'm happy switching to that, but for less technical (though still digital savvy) spouses - how would you say the switch would be for them?
inventor7777 7 hours ago [-]
I'd say it depends on what you are trying to do. If it is simple device control and media playing and other stuff, then all you need is to update [dashboards](https://www.home-assistant.io/dashboards/) when you add/move devices and the users will find it pretty easy and straightforward. My parents are not extremely tech savvy but they find Home Assistant easy to use when I make the dashboards thoughtfully.
Making automations and scripts is getting easier every update, but it has a small learning curve as the logic can get complex and you sometimes need to know details like entity IDs or raw states. And there are some simple missing features that some people are very used to. Home Assistant is improving that sort of thing constantly, but sometimes the device APIs do not allow all functionality without the OEM apps.
For example, the two biggest camera-related things that are missing in my opinion is that the camera viewer does not allow zoom or two way talk. It uses the native browser media player, and on both a Samsung tablet and all iOS devices, this means that you cannot zoom and pan around the image. This is obviously not an issue if you embed a dashboard such as Frigate into the HA UI, which IIRC supports both two way talk and zoom. But YMMV.
robertlagrant 5 hours ago [-]
Thank you! I will have to give it a try.
random_savv 14 hours ago [-]
Your printer doesn't make weird noises?
teddyh 9 hours ago [-]
The original quote from 2019 is “an unexpected noise”:
All bets are off if you use unapproved third-party toner cartridges...
Bilal_io 14 hours ago [-]
Nothing unexpected or I am not used to
mrsvanwinkle 14 hours ago [-]
have you tried putting a loaded wep next to it?
taneq 11 hours ago [-]
Nope, just the usual things a printer mumbles to itself when it thinks it’s alone.
aidenn0 16 hours ago [-]
I would love if my printer was more dumb. It's cheaper to buy an AIO than a separate document (with duplex) and flatbed scanner.
stackghost 15 hours ago [-]
Nowadays smartphones do credible document scanning for most consumer use cases. iPhones had this built in before COVID at the latest.
But the printer comment was actually a reference to a meme about how different groups of people relate to technology.
Nobody on the Internet can ring my doorbell because it's a dumb button that connects to a dumb, literal bell.
aidenn0 15 hours ago [-]
> Nowadays smartphones do credible document scanning for most consumer use cases. iPhones had this built in before COVID at the latest.
Now do 40 pages, front-and-back, with your smartphone.
stackghost 15 hours ago [-]
That's not "most consumer use cases".
I have not once in my entire life had to scan 40 pages at once. I bet I've never done more than 15 at once.
For the once in a blue moon that I need to scan 40 double-sided pages I'd just go to my local print shop.
aidenn0 14 hours ago [-]
Okay I exaggerated, but 15 would be bad enough. I use the sheet-feed multiple times a year:
- Banking/Investment documents (I actually sent a fax to a bank last year because $REASONS)
- Foster-care related stuff
- Sending tax documents to my accountant
para_parolu 14 hours ago [-]
I got flashbacks from preparing immigration papers…
kakacik 10 hours ago [-]
You don't do much bureaucracy in your personal life (mortgages, moving around, children, or just keeping things as they are). I do similar things few times per year on average, and I don't do anything exceptional.
Plus living in a village, closest printing shop is maybe 10 minutes by drive. Scanner and good printer is a basic need in 2026.
stackghost 5 hours ago [-]
I moved 5 times between 2015 and 2021 (air force), during which time I bought and sold houses at each move, have two kids in school, and I've never had to scan documents.
They're all e-signature.
themafia 12 hours ago [-]
You might if it were drastically more convenient. I seem to have somehow acquired nearly 1 imperial pound of documentation for every year I've been alive. That's just estimating based upon the weight of my panda file box next to my desk.
There's a lot in there, rental contracts, policy documents, w2 forms, that I might actually benefit from having scanned and digitally available on my computer. I feel that being able to search through these documents would have saved me some amount of trouble over the years.
Hell, if it were easy enough, I might actually scan all those receipts I bring home and then throw away.
pests 15 hours ago [-]
I mean yes and no. If I knew your address, I could 100% ring your doorbell from the Internet.
I know this isn't what you mean, but, humans are buttons (or button pressers?)
martheen 15 hours ago [-]
To handle older cars that can't close the door by itself, Waymo (used to?) pay nearby DoorDash drivers to close it.
15 hours ago [-]
themafia 12 hours ago [-]
The Battlestar Galactica rule. I find comfort in it as well.
BLKNSLVR 15 hours ago [-]
Picturing the scene from Where The Buffalo Roam.
... but I think that was a fax machine.
kotaKat 10 hours ago [-]
Funny thing, that. They actually have Activation Lock (of sorts).
I regret it now but a few years back someone had moved into a home, dumped their Ring doorbell that came with the house, and we shoved it on our house. When we went to set it up Ring blocked the setup attempt because it was account bound.
... Apparently if you call Ring to release it (they can), frontline CS can see the entire log of when the doorbell was online, when it was last rung, and used that information to go "oh, it hasn't been rang in like eight months" to decide that I wasn't some criminal and that I can set up the doorbell myself.
EtienneDeLyon 16 hours ago [-]
I wonder how I would feel about that, if I was alone at home, and lonely.
Would it cheer me that people were reaching out and ringing my doorbell?
Or would it make me sad because I would be reminded that there was not a friend ringing at the door?
mrsvanwinkle 15 hours ago [-]
noticed how spam has that utility for many elderly (which further incentivizes the abuse)
b3lvedere 11 hours ago [-]
Or an even worse idea: What if ads started ringing your doorbell suddenly?
DonHopkins 13 hours ago [-]
I'd like my doorbell camera to have a cat detector and a meow detector so when my cats meow at the door, it rings the doorbell. My cats have gps collars and distinctive fur and meows, so it could double check so other cats can't spam me. That way each cat could have its own distinctive ring (like their distinctive meow, amplified).
GreenTim 11 hours ago [-]
Please, It's much safer to keep them indoors where they can't kill songbirds, crap on the neighbours kids lawn or get run over.
TazeTSchnitzel 10 hours ago [-]
Am I the only one who eventually got irritated by the LLM-like writing style? It's not quite the usual fare, but it became hard to ignore by the end.
sen 10 hours ago [-]
I find it completely unreadable and give up within a paragraph or 2 every single time.
I say that as someone who uses LLMs daily too, and isn't a hater of them. Nothing wrong with using an LLM to help come up with content wording or to proof-read your writing etc etc, but just copy-pasting LLM output directly into a blog is lazy and instantly signals that it's not worth my time to read it.
grokx 10 hours ago [-]
Yes, I stopped reading here:
> $12 on the front. Whole-network compromise on the back.
Too bad since the topic on its own seems very interesting.
holistio 9 hours ago [-]
English is not my native language but I consider myself a fairly advanced speaker - I hold a C2 level language certificate, lived in London, etc.
These are exactly the kinds of sentences that would have gotten us outstanding grades as students of the language.
I used to be proud of sentences like the latter in the above quote. I can't fathom how learning languages will change in the coming years.
AshamedCaptain 9 hours ago [-]
> These are exactly the kinds of sentences that would have gotten us outstanding grades as students of the language.
Not at all? They are not even full sentences...
I get that you might like the style, but there is no need for hyperbole.
holistio 1 hours ago [-]
I don't _like_ them. It's just perplexing that these are the kinds of phrases our teachers would have praised us for and now they're red flags.
They annoy me just as much.
Retr0id 9 hours ago [-]
Sentences with that structure might be praised but semantically it is nonsense.
Edit: except for prescriptivists who hate sentence fragments
interludead 12 hours ago [-]
The most depressing part is that none of this sounds exotic
NetMageSCW 15 hours ago [-]
That would be impressive as my doorbell is hardwired from a button to a transformer and bell in a closet.
nottorp 12 hours ago [-]
Mine is not only hardwired, but I mounted it kinda wrong and you need to press the dead center for it to ring :)
noufalibrahim 14 hours ago [-]
It's the only way doorbells (and almost all other appliances) should be.
simondotau 14 hours ago [-]
Airtasker. Boom.
interludead 12 hours ago [-]
Your doorbell has an excellent threat model
ErroneousBosh 12 hours ago [-]
Mine too. Not only that, the breaker for the transformer is switched off because the postman used to come right as my then-2-year-old was going for his nap. He's nearly 6 now and has not had an afternoon nap for a long time, and at some point I'll flip the breaker back on when I'm getting my jacket out of the hall cupboard.
But I didn't do that yesterday, I don't think I'll do it today, and it's not looking good for tomorrow either.
fortran77 13 hours ago [-]
I could train a crow to fly over and peck it.
ta8903 13 hours ago [-]
Or just order some pizza to his address.
DonHopkins 13 hours ago [-]
TaskCrow.com
plufz 12 hours ago [-]
Don’t use those expensive escrow services, much cheaper to keep your own crows!
compounding_it 14 hours ago [-]
Electromagnetic triggers. Find the right frequency and resonate it.
b3lvedere 11 hours ago [-]
Since i like tech, once i was also interested in a smart doorbell or lock. My wife very much disliked the idea, because she thought it could prevent us to even enter our own house when the tech fails.
Then one day i watched my neighbour trying to get into his own house, because his smart lock and doorbell system failed horribly. This took several hours. It started raining. I learned a lot of new swear words from my neighbours wife which were directed to her husband.
Once again, my wife was totally right :)
ildon 13 hours ago [-]
This is a security concern as well. I'd argue even worse than the internet connected ones. Anyone at your front door (or where the button is) can easily know if you're at home, and take advantage if you're not. With the internet connected ones, you can always pretend.
Wilder7977 13 hours ago [-]
Anyone physically near your house can just see you leaving the house and know you are not at home, besides all the other signs.
There is no control against this, and it shouldn't be something you rely on to prevent break-ins or burglaries (if you were thinking of such threats).
hnlmorg 13 hours ago [-]
I don’t think anyone is fooled into thinking people are home when the home owner “answers the door” via their internet connected doorbell.
If anything, I’d say that’s a bigger give away than someone not answering a traditional door bell given people used to not hear them even when home, all the time (particularly in bigger houses).
mulderc 13 hours ago [-]
I would have thought this but was amazed at the number of times people would think I was home while talking to them via my doorbell. I have neighbor that told people I was rude to not come to the door and didn’t know I was talking to her from work.
hnlmorg 12 hours ago [-]
How long ago was that? Was this when smart doorbells were brand new tech?
I could understand peoples misconception back when such door bells weren’t known about so the default assumption people might have is that it was an intercom.
mulderc 12 hours ago [-]
The neighbor was 2022 or so but even more recent people have seemed a bit confused. I think having a car in the driveway makes people think we are home.
mrweasel 12 hours ago [-]
From my experience with package delivery I can tell you this is not how it works. Press the button, door doesn't open that instance, ergo no one is home.
My home office is in the other end of the house, it takes ~20-30 seconds for me to get to the door. That is more time than UPS grants you.
consp 13 hours ago [-]
There are way more indicators than just a doorbell. Closed curtains, car not in driveway, lights out ...
mulderc 13 hours ago [-]
Well my curtains and light open and close on a schedule so they won’t tell them much. Also who can afford to drive to work anymore?
darkwater 10 hours ago [-]
That didn't stop the thieves in Home Alone...
thaumasiotes 9 hours ago [-]
The thieves in Home Alone already knew that the family was gone.
darkwater 9 hours ago [-]
Exactly my point, they just verified that the Christmas lights were on a schedule one last time before breaking in the other houses.
Do people just prefer knocking nowadays? Have Ring type doorbells become so common that people don't realize that a simple pushbutton beside the door with no camera can be a doorbell?
If you are a bad actor, that is also probably a very easy way to find new ways to enroll devices in your botnet.
So the question is, what is the vendors benefit from running these servers.
One can argue that a particular manufacturer is relatively more secure than other, however as long as the software is changing/evolving, eventually it will opens up the possibility/window to hack it
edit: my doorbell resets if you hold it down for 10 seconds then it takes wifi credentials with a QR code and thinks you are it's new owner.
I sit firmly in the "only smart device is my printer and I keep a loaded gun next to it in case it makes a weird noise" camp.
https://www.aliexpress.com/item/1005010326236256.html
You can put it on a separate VLAN with no internet access and watch it via your own app eg Home Assistant, Frigate, Zoneminder or whatever.
Making automations and scripts is getting easier every update, but it has a small learning curve as the logic can get complex and you sometimes need to know details like entity IDs or raw states. And there are some simple missing features that some people are very used to. Home Assistant is improving that sort of thing constantly, but sometimes the device APIs do not allow all functionality without the OEM apps.
For example, the two biggest camera-related things that are missing in my opinion is that the camera viewer does not allow zoom or two way talk. It uses the native browser media player, and on both a Samsung tablet and all iOS devices, this means that you cannot zoom and pan around the image. This is obviously not an issue if you embed a dashboard such as Frigate into the HA UI, which IIRC supports both two way talk and zoom. But YMMV.
• <https://imgur.com/6wbgy2L>
• <https://old.reddit.com/r/ProgrammerHumor/comments/aloi5v/pro...>
But the printer comment was actually a reference to a meme about how different groups of people relate to technology.
Nobody on the Internet can ring my doorbell because it's a dumb button that connects to a dumb, literal bell.
Now do 40 pages, front-and-back, with your smartphone.
I have not once in my entire life had to scan 40 pages at once. I bet I've never done more than 15 at once.
For the once in a blue moon that I need to scan 40 double-sided pages I'd just go to my local print shop.
- Banking/Investment documents (I actually sent a fax to a bank last year because $REASONS)
- Foster-care related stuff
- Sending tax documents to my accountant
Plus living in a village, closest printing shop is maybe 10 minutes by drive. Scanner and good printer is a basic need in 2026.
They're all e-signature.
There's a lot in there, rental contracts, policy documents, w2 forms, that I might actually benefit from having scanned and digitally available on my computer. I feel that being able to search through these documents would have saved me some amount of trouble over the years.
Hell, if it were easy enough, I might actually scan all those receipts I bring home and then throw away.
CTRL+T, doordash.com, McDonalds, "ring doorbell please", pay, done.
I know this isn't what you mean, but, humans are buttons (or button pressers?)
... but I think that was a fax machine.
I regret it now but a few years back someone had moved into a home, dumped their Ring doorbell that came with the house, and we shoved it on our house. When we went to set it up Ring blocked the setup attempt because it was account bound.
... Apparently if you call Ring to release it (they can), frontline CS can see the entire log of when the doorbell was online, when it was last rung, and used that information to go "oh, it hasn't been rang in like eight months" to decide that I wasn't some criminal and that I can set up the doorbell myself.
Would it cheer me that people were reaching out and ringing my doorbell?
Or would it make me sad because I would be reminded that there was not a friend ringing at the door?
I say that as someone who uses LLMs daily too, and isn't a hater of them. Nothing wrong with using an LLM to help come up with content wording or to proof-read your writing etc etc, but just copy-pasting LLM output directly into a blog is lazy and instantly signals that it's not worth my time to read it.
> $12 on the front. Whole-network compromise on the back.
Too bad since the topic on its own seems very interesting.
These are exactly the kinds of sentences that would have gotten us outstanding grades as students of the language.
I used to be proud of sentences like the latter in the above quote. I can't fathom how learning languages will change in the coming years.
Not at all? They are not even full sentences...
I get that you might like the style, but there is no need for hyperbole.
They annoy me just as much.
Edit: except for prescriptivists who hate sentence fragments
But I didn't do that yesterday, I don't think I'll do it today, and it's not looking good for tomorrow either.
Then one day i watched my neighbour trying to get into his own house, because his smart lock and doorbell system failed horribly. This took several hours. It started raining. I learned a lot of new swear words from my neighbours wife which were directed to her husband.
Once again, my wife was totally right :)
There is no control against this, and it shouldn't be something you rely on to prevent break-ins or burglaries (if you were thinking of such threats).
If anything, I’d say that’s a bigger give away than someone not answering a traditional door bell given people used to not hear them even when home, all the time (particularly in bigger houses).
I could understand peoples misconception back when such door bells weren’t known about so the default assumption people might have is that it was an intercom.
My home office is in the other end of the house, it takes ~20-30 seconds for me to get to the door. That is more time than UPS grants you.