Mastodawn

17h ago

Looking to install two LED strips at home. Desired features:
- Controlled via WiFi or #Zigbee
- #HomeAssistant integration
- RGBW strips, individually addressable
- Either comes with a diffusor or is compatible with standard diffusors (is "not being compatible with that" even a thing?)
- Length: Two strips of ~2 Meters each, ideally with a shared controller and PSU to avoid duplicating functionality, but I'm willing to compromise here
- I'm willing to pay a certain premium not to have to worry about all the technical details (i.e., I would prefer a plug-and-play solution to a mix-and-match "buy a controller, PSU, and strips separately from AliExpress and pray that they interoperate properly").
- Would like to avoid having to buy a proprietary hub to use it (zigbee2mqtt-compatibility would be perfect).
- Will be installed in the bedroom, so it is important that the PSU does not emit any high-pitched noise.
- Should be available in EU / Germany.

Any recommendations from the #HomeAsssistant hivemind? Or should I just bite the bullet, get a #QuinLED and figure out all the technical details myself after all?

2d ago

I received a response, documented here: https://infosec.exchange/@hacksilon/114782534325988895

Max Maass :donor: (@hacksilon@infosec.exchange)

Update: I heard back from the people running the system. Apparently it isn’t a geoblock, but the specific IPs my requests were coming from were blocked because of abuse from that CDN (bunny.net). The error has been fixed. (Now I wonder if Fraenk hosts their stuff on Bunny.net, or if it’s the DNS resolver I am using 🤔) Anyway, in the future, access to the warnings should be possible. Also, they saw this toot and referenced it in their reply 😅. https://infosec.exchange/@hacksilon/114765561556000011

Infosec Exchange

2d ago

Anyway, in the future, access to the warnings should be possible.

Also, they saw this toot and referenced it in their reply 😅.
https://infosec.exchange/@hacksilon/114765561556000011

Max Maass :donor: (@hacksilon@infosec.exchange)

Attached: 1 image Today in #ITSecurity gone wrong: I am in Austria as a German. I just received a notification via cell broadcast about a fire in the area. The broadcast contains a URL - but this URL is only accessible from an Austrian IP address. My LTE roaming IP isn’t allowed. So… I guess I just suffocate because I have the wrong IP address, then? 😅

Infosec Exchange

@chihuamaranian if you want to check nfc functionality in general, try scanning an NFC-enabled credit card - they should show up on any modern phone.

Good luck with your tests!

@chihuamaranian many modern android phones do not recognize mifare classic chips. Could be the reason. If so, you may be looking at an old system that may be vulnerable to key cloning…

@chihuamaranian if you have two android phones and want to try relaying communication between the tag and the reader to inspect what is happening, have a look at https://github.com/nfcgate/nfcgate (disclosure: I am one of the original authors, but it is maintained by other people now).

In general, if you have any phone with NFC, there should be an app that tells you the basics about the fob. If it’s a mifare classic, it’s almost certainly cloneable. If it’s a DESFire v2, it’s gonna be a lot harder or impossible if they did their job right.

GitHub - nfcgate/nfcgate: An NFC research toolkit application for Android

An NFC research toolkit application for Android. Contribute to nfcgate/nfcgate development by creating an account on GitHub.

GitHub

@czauner it should come from a residential IP, not a hosted VPS or anything. Still, a false positive is always possible.

@czauner can’t really tell from the outside. Don’t have any other devices on other networks to play with. But using the hotel WiFi while tunneling DNS (but not HTTP) over my home network (via VPN) triggers the same behavior. So, probably DNS-based Geoblocking?