pymyq
liftmaster_myq
pymyq | liftmaster_myq | |
---|---|---|
3 | 1 | |
112 | 65 | |
- | - | |
0.0 | 0.0 | |
7 months ago | over 2 years ago | |
Python | API Blueprint | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pymyq
-
Home Assistant blocked from integrating with Garage Door opener API
Maybe my security background is shining through here. I guess we used to have "slashdotting" but that doesn't generalize well :)
I did do some napkin math to quantify how much that bad traffic may have been: HA estimates between 6857-25576 intallations of the MyQ integration. Let's say 16k clients. HA makes it really easy to detect and "add" the integration (which counts as an installation even if it's not configured), so, that's definitely not all clients hitting the API. Let's say it's 50%, so 8k actually using it. Most users just notice myQ is broken. Let's say some fraction retry, which would look the same as an extra user from a volume perspective. Call it an even 10k users (including repeat users).
The most recent change is after they broke everything past the OAuth dance. Let's say the OAuth request is 1kB. The retry code retries up to 5 times with exponential backoff. Let's say 5 requests over 10 min.
(5 requests / 10 minutes) * 1 request/user * 10k users = 5k requests/minute, or 83 per second, amounting to 83kB/s inbound.
There's no reason to assume those requests would synchronize, but I'm sure there's something (let's say every single myQ user updated at the same time).
If what they're saying is true, sounds like actually malicious botnet wielders can ransom the living daylights out of them. Given 1Tbs DDoS attacks they'd only need 6E-7 of the full bore ion cannon! ;-)
[1]: https://github.com/arraylabs/pymyq/blob/master/pymyq/request...
- Customizing and unsupported features via the API
- Myq Is Down Again What Should We All Replace It
liftmaster_myq
What are some alternatives?
ratgdo
myq - Go package and CLI tool for the Chamberlain / LiftMaster MyQ API
Ubiquiti
rat-ratgdo - Open source schematics for ratgdo PCB
esphome-ratgdo - ratgdo for ESPHome
secplus - A software implementation of the Security+ system used by garage door openers
OpenGarage-Firmware - OpenGarage: open-source WiFi-enabled garage door opener
elkm1 - Elk M1 Security and Automation Controller System, in Rust
tuya-local - Local support for Tuya devices in Home Assistant
home-assistant.io - :blue_book: Home Assistant User documentation