Pinned toot

I actually missed the article being published in the ft:pedia, but now it's also on my blog with a more explanation about what fischertechnik is doing in the smart home space:

How would you do this pairing securely? Use bluetooth like netatmo or nest, or have the device create a WiFi AP, like Chromecasts.

In short, you don't need anything fancy to crack WiFi credentials, you just need them pairing their new smart device and an application to read these special packets to get the WiFi password of your neighbors.

EasyLink has this handy demo repo of their Android library: and they seem to be the people behind

EasyLink also has an evil twin, SmartLink, which sends two bytes per packet, stored in the target IP of the packet, another great way to leak your WiFi credentials.

Instead it will broadcast your SSID and WiFi password in a way that anyone who can see your WiFi can read. If they know that they should be listening. It essentially sends the bytes of data in the packet length. So per packet, a byte of data is sent. My implementation of this is at - this doesn't support the encryption stuff. I honestly didn't expect much better from Max Hauri, since the devices also use a HTTP (no S!) cloud API and md5 hashed passwords.

Reverse engineered the WiFi pairing of my "Max Hauri MaxSMART 2.0" smart plug yesterday evening. Turns out it uses this great protocol called EasyLink. EasyLink is used to tell a device that isn't in a WiFi the WiFi credentials by sending some UDP packets on the WiFi. Sounds pretty neat, and must be very secure. The thing is, it can be secure, it'd support encryption of the credentials with a key shared by the sender and receiver. However Max Hauri didn't opt to do that.

It may be April 1 in the US, but this one is serious. elementary OS + Flatpak: Preparing for the future. Get the details:

@fdroidorg I'm seeing some app descriptions in German (for example Wikipedia) in the official store client, even though my phone is set to English. The only thing set to German is my keyboard layout.

I actually missed the article being published in the ft:pedia, but now it's also on my blog with a more explanation about what fischertechnik is doing in the smart home space:

Huge milestone hit! Our social media management tool the "GitHub Projects Content Queue" - usually abbreviated to "Content Queue" has just gained support for Mastodon (and anything else you implement, but the system is now flexible enough):

Turns out lutris is a really solid way to manage your games on linux. Including windows games!

@lastfuture I've found - even though it's geared toward faces you can easily use it to censor anything.

A very solid option - if it is available - is to skip smart plugs and instead install in-wall switches that you can communicate with via Zigbee, Z-Wave or similar.

Just don't forget to uninstall the app and disallow external connections after setup. I've written to control these plugs from the Mozilla IoT gateway.

I haven't looked into their HTTP traffic enough yet, but if you get one of these maxSMART 2.0 plugs, make sure to disallow all WAN access to them after they're set up. It looks like you can customize the URL they phone home to, so it may be possible to set up a local server that consumes their data/controls them, but I haven't gotten that far yet. The important bit is, that you can control the switch and read the power and current via a simple local UDP API.

There are some international ones with Z-Wave or Zigbee as protocols, which would be great. However, there are also some Swiss made ones that have open APIs but somehow still depend on the cloud (looking at you, myStrom). Lastly, there's this really interesting form factor from Max Hauri. It meshes really well with how we lay out our plugs. Sadly it depends on unencrypted cloud services that send your password MD5 encoded for set up and likely for the timer functions and energy history, too.

Smart plugs suck in Switzerland. This is mostly a home-made problem due to us having our own plug system. International brands will either sell us the SchuKo version, or a plug adapted from that. These are often extremely bad solutions. Even though they may be very compact, they'll likely obscure two additional sockets for us. Alternatively they'll be in the "power brick" style, which means you can only use them in certain socket locations.

Is there a simple Android app to quickly redact info in a screenshot (or arbitrary image file)? I can't find anything purpose built that doesn't have ads or in app purchases for some reason.

We finally released the implementations for our container-based network simulator (meshsim) and CoAP+CBOR+Noise ultra-low-bandwidth Matrix transport experiment from #FOSDEM - see for all the details!

Show more - because anarchy is much more fun with friends. is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.