Hacking an Aqara Door Sensor into a Dead Bolt Sensor

  • December 12, 2022

Here’s an exciting home automation project for you: Can a door sensor work as a way to tell if a door is dead bolted? Yes…but do you have any paperclips? I’m a big fan of home automation, especially since working from home, and I’ve been experimenting with the Aqara sensors. Their door, temp, water, and vibration sensors all work great for me, but what I really need is a way to check if the back door of my garage is locked.

Read More

Bret Taylor steps down as co-CEO of Salesforce

  • November 30, 2022

Bret Taylor, whose career in tech can only be described as prolific, has stepped down as co-CEO of Salesforce.

Salesforce said Wednesday that Bret Taylor will step down as co-CEO on Jan. 31, leaving Marc Benioff alone again at the top of the cloud software company he co-founded in 1999.

Benioff closely embraced Taylor, who joined the company in 2016, when he sold his productivity software startup Quip to Salesforce. … His departure is surprise considering how rapidly he climbed the ranks and gained the trust of Benioff and the board. Two months ago, Benioff and Taylor were speaking together on stage at the company’s Dreamforce conference in San Francisco. … The announcement also calls into question Benioff’s ability to work alongside someone with an equal title.

I Gotta Feeling that Benioff is already working on his next co-CEO: Will.i.am. Does that make any sense? Of course not! But that rarely stops any technology company getting involved with Will.i.am, so why start now?


Where are the Passkeys?

  • November 30, 2022

David Sparks, of MacSparky, is wondering where his passkeys are now that iOS 16 and macOS Ventura are out.

With Apple’s latest round of updates, we’ve got a new password feature that lets your computer manage passwords for you in the background. … I’m curious, however, as to when Passkey websites will start showing up. So far, I’ve seen none. For this to work, websites must adopt some new backend technologies, and everyone is now waiting for that to happen. Are website developers untrusting of the new technology? Do they want to see others figure it out first? Do they need the budget for these changes? I expect it is all of the above.

I don’t think developers as a whole are distrusting or in need of inspiration when it comes to implementing passkeys (aka WebAuthn), but there are good reasons why we didn’t see the market flooded with passkey announcements.

Here are my theories speaking as both a developer, and someone who is responsible for a product pipeline:

1. Security is hard and should be adopted slowly.

Every app has password authentication code, and rarely does anyone want to mess with it if it’s working and secure and that’s a good thing. Security should move slowly so it’s been vetted and is ready to go before it’s out there in the world protecting your banking account.

That’s not to say that PassKeys / WebAuthn is some new bleeding edge tech. It’s not. In fact how it works is very familiar to developers who use SSH keys, but the web or app implementations are new and it’s good that no one is rushing it.

2. Waiting on libraries and browser support.

It sucks to release a feature that isn’t supported everywhere. It’s huge that Apple has gone all in on this, but they aren’t the only player and there needs to be some catch up with other browsers, platforms, and apps for things like passkey synching.

Same with web and app libraries that developers use to implement technologies like this. Libraries are important as you can’t expect every small app or web site to write their own implementation. There are some WebAuthn libraries, actually there are a ton, but once the community rallies around one or more of them and polishes them to the point where implementation is easier you’ll see adoption rise.

3. It doesn’t replace legacy password code.

Let’s say you and your development team spend some time and implement a fantastic implementation of PassKeys for your app. Can you get rid of the old password code? No because of people with legacy accounts…or because some people don’t want to use PassKeys…or even more people have never heard of PassKeys. That means you need to have the old password code, and the new PassKey code, along with a new flow so that users can use either route, and probably some UI to explain PassKeys, oh and you’ll need a path to convert a password user to a PassKey user. Anything else? Probably!

The point is that PassKeys are additive for every app out there and that means even more work and more support than just adding PassKeys.

4. It’s the end of the year.

PassKeys are cool, but do you know what’s cooler? That feature that your users are dying for that might make you more money. PassKeys aren’t going to the the focus because of all the other reasons above, but especially because right now the devs are crunching to the new feature that someone wants out “by the end of the year”.

Don’t worry, David. PassKeys and WebAuthn are coming, but it’s going to be slow and that’s a good thing for everyone.


The Hacking Humble Bundle

  • November 29, 2022

No Starch Press has once again worked with Humble Bundle to release a Hacking bundle which is a hell of a deal and raises money for a good cause.

We’ve teamed up with No Starch Press for our newest bundle! Get ebooks like Hacking APIs, Bug Bounty Bootcamp, and The Hardware Hacking Handbook. Plus, your purchase will support National Coalition Against Censorship!

On a side note, how does every one collect, search, and read ebooks? I’m a sucker for these bundles, but I haven’t found ebook software that really works for me to curate my ebook collection and read them across my devices.


We Have Link Posts Now

  • November 28, 2022

Going forward there will be a new post type on C33: The Link Post.

This change won’t make much of a difference to readers, but will allow me to post more frequently and comment on various items that aren’t worthy for a full post.

Link posts will show on the home page (but not in related or featured story lists) and their headlines will link out to the external referenced source. For example, this post links out to the excellent, but still on sabatical, Kottke.org’s link archive.

That is all. Expect more of these kinds of posts going forward!


Ventura + Keyboard Maestro + iCalBuddy = Confusion

  • November 17, 2022

Early this year I setup a bunch of calendar related automations with my Macs, Keyboard Maestro, and the iCalBuddy script and they’ve been very successful. I have a button on my Steam Deck that shows when my next meeting is, and I have serval automations triggered when I’m currently in a meeting such as turning on a red light outside of my home office door.

Read More

Virtual Influencers - From Cartoons to Deep Fakes

  • October 11, 2022

Studio71 Germany has recently launched not one but two virtual influencers and they’ve done a great job with the implementation and marketing around this project (disclosure: I am the global CTO of Studio71). I’ve been thinking about it a lot and on the one hand this idea of a “fake” or “virtual” influencers comes and goes over the years and every time it comes back we all like to pretend that it’s a crazy idea.

Read More

The Story of My Slightly Funny Coolio Joke

  • September 29, 2022

Coolio, the rapper who absolutely slayed the 90s, sadly died today at the age of 59. Coolio, the West Coast rapper whose gritty music and anthemic hits like “Gangsta’s Paradise” helped define hip-hop in the 1990s, died on Wednesday in Los Angeles. He was 59. His longtime manager, Jarez Posey, confirmed his death.

Read More

The Topsy Project for DEFCON 30

  • September 4, 2022

This year at DEFCON, the hacker convention, I joined the Hard Hat Brigade with Topsy, a hard hat that entertains while scanning the wifi environment. Here’s a video I made walking through the basics: I didn’t cover it specifically in the video, but you might be asking: “Um, why?” My answer is: “Why not?

Read More

Posting to Hugo from Drafts

  • May 20, 2022

I’ve recently been playing with the popular Drafts app (macOS, iOS, and iPadOS) and I think I get it. It’s not yet essential to me, but the actions are quite powerful and I can Drafts becoming essential after a little while. Earlier this year I setup an automation to post from Craft (my long term text app of choice) to C33Tech.

Read More

Hacking the STLToday Paywall v2022

  • April 19, 2022

Here we are again. STLToday, the website for my hometown newspaper the St. Louis Post Dispatch, has updated their paywall and, as is tradition, it’s time to take a look, see what they did, and offer suggestions so they can make it better. In short, let’s hack the STLToday paywall.

Read More

What Is the New Flipper Zero Hacking Device?

  • March 14, 2022

The Flipper Zero is a latest hacker tool to hit the market. It’s still early in it’s development bit it already sports a variety of functions that can allow for unauthorized access and malicious code execution. I have one, I love it already, and I spent the weekend playing around and hanging out on the Discord channel.

Read More