Our great sponsors
-
Home Assistant
:house_with_garden: Open source home automation that puts local control and privacy first.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
This delta makes me think that they've caught some code trying to do some pretty nasty things via the HTTP based API. I'd like to think that this would be easily caught by any of the eyes that routinely work on the core, but I don't think it'd be super difficult to skirt by all that just by manipulating a library that one of the things in core depends on.
For example I use haaska to connect Alexa to my HA instance without the need for a cloud bridge service like Nabu Casa. This is not a malicious add on, it just exposes HomeAssistant commands as a REST API that is easy for Alexa/AWS Lambda to interface with. But when I open my instance up to the internet anyone can find my HA instance and start sending bogus commands to that API to try and trick it into leaking data.
Related posts
- Z-wave 101: Previous tenant left a bunch of connected dimmer switches everywhere
- Significant refactor of Home Assistant LIFX integration
- quelles récompenses avez vous reçu pour le défi d'aujourd'hui
- Does anyone know of door sensors that work with Google home? I currently use Vivint but dislike their products. I've searched but haven't found anything solid! thanks!
- Precondition departure time question