Stephan van Rooij

Software architect with a passion for home automation.

Betatalks, I was their guest

B

I was asked to be a guest in Betatalks the Podcast, and I like sharing knowledge on security and home automation, so I taught why not.

Betatalks podcast banner

Beware, spoilers ahead. First listen to the episode then read this post.

Betatalks the Podcast

Betatalks is a nice podcast where they talk all thinks Azure, .NET and open-source. Oscar and Rick, the hosts, are both very highly skilled in their field of work. I already subscribed to the podcast (because of their excellent marketing at various conferences), and here are some of my favorite episodes:

Episode topics

They asked me to join their podcast as a guest some time ago, I was busy moving so I moved it forward. Back to february 2023 (right before carnaval), I just had found something about my oven that got kind of viral. This was a great moment to join Oscar and Rick in their podcast.

Be careful, the following includes spoilers. Listen to the episode

Local control

I cannot stress enough how important it is for users of home automation appliances/devices that the manufacturer builds their devices with local control first. This means that their app will continue to work when their service will go down somewhere in the future.

There are many reasons why a cloud service goes down, here is a list of the most probable reasons:

  • Company goes bankrupt
  • Company no longer wants to support this specific device
  • Cloud service gets hacked

I’m not saying these manufacturers should not use cloud services, I’m just saying make sure the app works super fast while on the same local network, preferably with a well documented api, before building some additional cloud service. Connecting back to the device while the user is not at home can be challenging for not technical users, this is great reason to use some cloud service.

In the case of a doorbell or a light switch, no one wants to wait 40 seconds for the notification on their phone that their is someone at the door, like Rick. Or if you press a light switch, you don’t want to wait a long time before the light turns on.

Other tech/security podcasts

Betatalks is not the only podcast I’m subscribed to, here is a glance of my dog walking podcast list.

Darknet diaries EN is a must listen to for all those interested in security. It talks about carding, crypto heists, (physical) pentesting and other “darksides of the internet”.

Security brothers NL Podcast on Insider threat and Authentication (Fido2)

Connect with me

LinkedIn Profile Link Mastodon Follow on Twitter My MVP profile Check my blog

I disconnected our smart oven, and maybe you should as well

I

Arstechnica published an article yesterday, called “Appliance makers sad that 50% of customers won’t connect smart appliances”. Let me tell you, I’m glad people don’t connect their oven to the internet. We own two of these smart appliances from AEG and I disconnected them as soon as I discovered what they do.

Pinging aeg

Hacking Primary refresh tokens, oops created a virus

H

Windows has some cleaver ways to handle SSO in combination with Azure AD. They use this so called Primary Refresh Token. These highly sensitive key materials, are usually stored in the systems TPM (trusted platform module), a hardware device that can protect keys. And are “unlocked” when the user logs in.

A post, by Lee Christensen and the accompanying RequestAADRefreshToken source, inspired me to check out what he had found.

Externalize user accounts: OpenID Connect

E

Externalizing user accounts, what is he thinking? The previous post should give you a clear view what this means and why you should consider it. This post will go a into details of “delegating login” to a separate application.

Like what you're seeing? Consider Sharing on Twitter or Sponsoring me