Looks like from the video that it's a multi-tenant building, seems like they created an easy way for anyone who wants to enter to do it without actually being authorized.
The main advantage that this overengineered solution has over a doorstop is that no one will upvote an article on HN about a doorstop, and then your company loses out on the publicly.
You guys are right about that. But first to be clear. This is NOT our HQ, but an office not working on our core- platform. People sitting in this office can look out of the window to see who's standing at the door before opening the door.
Also, please note, this was just a fun small project for us. Making an image with a camera and posting to Slack would be better. We had much fun making this without putting a lot effort in it, that was for now the point.
We are aware of all the security issues and are not using this in production at our main office.
Yeah, I feel like this needs to grab a screenshot from a security camera first, or perhaps ask the person why they are there and auto-transcribe the message to Slack with their request.
I think they would definitely also want to send ~5 seconds of the plain audio. Freely available speech to text probably wouldn't recognize local business names. But either way it's pretty inconvenient to ring a doorbell and wait ~30 seconds. You never realize how valuable a receptionist is until you don't have one.
That's the first thing I wondered. Seems like it defeats the purpose of the landlords system of verifying you actually want to open the door for the person there.
I suspect they'd be better off switching to a RFID / nfc swipe system
> MessageBird sends a couple of extra parameters with each request, including a callID. When a new request comes in, we’ll make an API call to MessageBird, to verify whether this voice call actually happened and if it happened within the last 2 minutes. We also used the query parameters destination and source from the incoming webhook call and matched these against the data from MessageBird. This would make sure that only “real” doorbell calls would trigger Slack notifications.
> Each callback HTTP request is signed with a signature, a base64 encoded HMAC found in the X-MessageBird-Signature HTTP header. To ensure the callback is coming from the MessageBird platform, we strongly advise to validate its signature by calculating the HMAC of the callback and base64 encoding it. Using HMAC-SHA256, the HTTP body is the message and the token of the related webhook resource is the secret. Only handle the webhook if the computed value matches the signature in the HTTP header.
Opening doors to everyone, using 3 products to do so and depend on other people's code & services in the process... I think I will pass on you guys for my payments.
It seems the definition of 'hacked' is getting looser and looser these days. Sounds like you just consumed services from a SaaS, thats 'hacking' today.
> How we automated our office doorbell using 3 products already available.
Wrong usage of the word 'hacked' in the original title.
A more hacky way to do it, would have been getting a voice modem dongle that takes SIM cards, and writing software directly to detect/answer the incoming call, verify it's the doorbell, post to slack and wait for auth., then play a WAV back out through the dongle (like a voicemail greeting). Same result, less dependence on 3rd party services, learn a lot in the process.
It's all well and good using 3rd party services if they are available, but sometimes these articles are akin to me writing a post on 'how I found something on the internet using google'.
KISS and all that...