How we hacked our office doorbell using Slack, MessageBird and Now
blog.mollie.comConsidering you don't actually check who the person is, wouldn't it be easier to just leave the door unlocked during business hours?
KISS and all that...
Looks like from the video that it's a multi-tenant building, seems like they created an easy way for anyone who wants to enter to do it without actually being authorized.
> don't actually check who the person is
they would just pipeline in the GCP TensoFlow based automatic friendly/hostile classification. We need cloud version of KISS...
The main advantage that this overengineered solution has over a doorstop is that no one will upvote an article on HN about a doorstop, and then your company loses out on the publicly.
Yeah, seems like an astroturfing attempt.
So wait a sec, do you open the door to anyone without checking who is it?
If that’s true, then on top of that, they’ve now broadcasted that fact to the world. And they’re a payment services company.
You guys are right about that. But first to be clear. This is NOT our HQ, but an office not working on our core- platform. People sitting in this office can look out of the window to see who's standing at the door before opening the door.
Also, please note, this was just a fun small project for us. Making an image with a camera and posting to Slack would be better. We had much fun making this without putting a lot effort in it, that was for now the point.
We are aware of all the security issues and are not using this in production at our main office.
Seriously, may as well stick a wedge in the door during business hours, there's no difference.
Not just business hours. Go there on thanksgiving and it will open.
Yeah, I feel like this needs to grab a screenshot from a security camera first, or perhaps ask the person why they are there and auto-transcribe the message to Slack with their request.
I think they would definitely also want to send ~5 seconds of the plain audio. Freely available speech to text probably wouldn't recognize local business names. But either way it's pretty inconvenient to ring a doorbell and wait ~30 seconds. You never realize how valuable a receptionist is until you don't have one.
That's the first thing I wondered. Seems like it defeats the purpose of the landlords system of verifying you actually want to open the door for the person there.
I suspect they'd be better off switching to a RFID / nfc swipe system
That's going to play well during a PCI-DSS audit.
I was hoping it would take a screenshot of the doorbell video (assumed it was a Nest or Ring) and send that in the Slack message. v2.0 maybe?
FTA:
> MessageBird sends a couple of extra parameters with each request, including a callID. When a new request comes in, we’ll make an API call to MessageBird, to verify whether this voice call actually happened and if it happened within the last 2 minutes. We also used the query parameters destination and source from the incoming webhook call and matched these against the data from MessageBird. This would make sure that only “real” doorbell calls would trigger Slack notifications.
This approach seems to be reinventing the wheel of validating MessageBird webhook calls. From their docs (https://developers.messagebird.com/docs/voice-calling#handle...):
> Each callback HTTP request is signed with a signature, a base64 encoded HMAC found in the X-MessageBird-Signature HTTP header. To ensure the callback is coming from the MessageBird platform, we strongly advise to validate its signature by calculating the HMAC of the callback and base64 encoding it. Using HMAC-SHA256, the HTTP body is the message and the token of the related webhook resource is the secret. Only handle the webhook if the computed value matches the signature in the HTTP header.
Opening doors to everyone, using 3 products to do so and depend on other people's code & services in the process... I think I will pass on you guys for my payments.
Did you hack it or just integrate to it?
To be fair, they had to both point and click.
It seems the definition of 'hacked' is getting looser and looser these days. Sounds like you just consumed services from a SaaS, thats 'hacking' today.
Related solution built on AWS SQS and a Pi - which takes a picture of the individual ringing the bell.
It's an email alert - but it'd obviously be trivial to connect up the slack API to pass the message + image to a channel.
We use a few Dash buttons and a macOS app (with Node.js backend) as our doorbell solution.
https://github.com/calltracking/doorbell
It's not the most beautiful thing, but it gets the job done of letting us know when someone is at any of our 3 doors.
I'm going to be 'that guy'....
> How we automated our office doorbell using 3 products already available.
Wrong usage of the word 'hacked' in the original title.
A more hacky way to do it, would have been getting a voice modem dongle that takes SIM cards, and writing software directly to detect/answer the incoming call, verify it's the doorbell, post to slack and wait for auth., then play a WAV back out through the dongle (like a voicemail greeting). Same result, less dependence on 3rd party services, learn a lot in the process.
It's all well and good using 3rd party services if they are available, but sometimes these articles are akin to me writing a post on 'how I found something on the internet using google'.
I just hacked my shoelaces.