Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Troy Hunt Profile picture
@troyhunt
Jun 6, 2021 10 tweets 4 min read Read on X
Scrolly
For my next IoT mission: I want to use Local Tuya to control lights without cloud. I don't want to solder stuff or pull lights out of the ceiling, you can no longer pull keys from the Tuya IoT portal (see descripting of vid) and I don't have a rooted Android. What's left?
All of this is just different levels of pain. BlueStacks and the Smart Life APK? My Tuya creds don't work. So screw it, just setup a dedicate Pi and use Tuya Convert to flash firmware. Nope, that won't work either: Image
I'm trying to find a "happy path" here, one that's not only happy for me, but one I can encourage others to follow. So far, that path remains having a cloud dependency and using the Tuya integration in @home_assistant. That's the least terrible of all the terrible options.
Because I don’t know when to give up, I went back to BlueStacks to work out what went wrong. There are **2** Tuya apps, one is TuyaSmart which I’ve paired dozens of lights through. The other is Smart Life which is the one used in the demos where the keys are pulled from it. Image
Totally different accounts used on both, so do I unpair every single light from TuyaSmart and manually repair them all to Smart Life? Let's check this all works first so I pair a test light to Smart Life and successfully extract the keys per this vid Image
The Local Tuya integration finds it on the network by device ID, I fill in the local key, submit and... Image
FFS. Ok, so let's check the log for some meaningful messaging about what went wrong... Image
Still swearing. Change of approach - grab the TuyaSmart APK, log in to that within BlueStacks then it has all my existing devices in it. Now all I need to do is pull out the preferences file with the keys... apkmirror.com/apk/tuya-inc/t… Image
But no, there's a reason you're meant to pull down an **old** Smart Life APK from years ago because it seems like the newer software doesn't store the keys in the clear. And even then, the keys aren't working in the Local Tuya integration anyway!
Don't get me wrong, I've loved toying with IoT, but this shit is just insanely hacky and a lot of people are trying to beat the technology into submission to do stuff it simply wasn't designed to do creating constant problems. I'm about ready to go back to candles at this rate 🕯

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Troy Hunt

Troy Hunt Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @troyhunt

Troy Hunt Profile picture
Mar 13
Working with @Cloudflare pages is so cool, check out this workflow:
We have an open source repo for @haveibeenpwned's ux-rebuild which is here: github.com/HaveIBeenPwned/
Our front end oompa loompa just submitted a PR in the "privacy-page" branch: github.com/HaveIBeenPwned…
Read 7 tweets
Troy Hunt Profile picture
Jan 2
The Pornhub story regarding age verification shows just how hard privacy-preserving identifying verification is. Even when everyone agrees on the sentiment (nobody is saying kids should have access to porn), there’s no consensus on the execution. 404media.co/pornhub-is-now…Image
Image
It took me a few seconds to VPN into Texas and capture these screens. It takes someone in Texas a few seconds to VPN into California and *not* see these screens! It costs a few bucks a month for a good VPN with loads of exit nodes around the world, placing you where you want.
I suspect that factored into Pornhub’s decision - the knowledge that they can satisfy a state law whilst not posing any real barrier to paying customers. If someone is willing to pay for porn, surely they’re willing to pay a lot less for a VPN to access it?
Read 7 tweets
Troy Hunt Profile picture
Oct 25, 2024
Was confused whilst doing my live stream just now why there was a sudden spike in DB usage on @haveibeenpwned. Turns out it was related to *dropping* this constraint:
ALTER TABLE [dbo].[Domain] ADD CONSTRAINT [CHK_DomainName_Pattern] CHECK (([dbo].[IsDomainValid]([DomainName])=(1)))
We'd decided a constraint that calls a function on every insert of a new domain was unnecessary; all it did was validate that the string adhered to the correct pattern, but because we controlled the upstream code, we could do that before it even hit the DB.
Read 5 tweets
Troy Hunt Profile picture
Oct 9, 2024
Hi folks, yes, I'm aware of this. I've been in communication with the Internet Archive over the last few days re the data breach, didn't know the site was defaced until people started flagging it with me just now. More soon.
Looks like someone compromised a polyfill JS file on a subdomain to inject the alert, but that doesn't explain the root site being down
Looks like a combination of things with the site being DDoS'd as well:
Read 9 tweets
Troy Hunt Profile picture
Oct 8, 2024
This was a very uncomfortable breach to process for reasons that should be obvious from @josephfcox's article. Let me add some more "colour" based on what I found:
Ostensibly, the service enables you to create an AI "companion" (which, based on the data, is almost always a "girlfriend"), by describing how you'd like them to appear and behave: Image
Buying a membership upgrades capabilities: Image
Read 21 tweets
Troy Hunt Profile picture
Sep 25, 2024
Another cool little @Cloudflare thing that snuck out recently is this very simple security.txt creator: Image
It's a simple form-based configuration that takes the basics of a security.txt file in the following interface: Image
Because @cloudflare sits in the middle of the traffic, they can then intercept requests to the appropriate path and serve up the file. Here's one I just created: troyhuntsucks.com/.well-known/se…
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(