Seven Minute Server

Aug 25, 2019 - 5 minute read - Alexa python

Alexa Flash Briefing Example: Hacker Daily

How easy is it to create a basic Alexa Flash Briefing? Super, super easy. All you need to do is add the skill in their UI and provide it with a JSON or RSS file that contains what you want Alexa to say.

To illustrate how easy it is and help anyone else who’s looking to create one along, I’ve made the source code of my skill, Hacker Daily available on Github at https://github.com/jenh/Hacker_Daily. Hacker Daily is updated hourly and reads out the latest five software vulnerabilities reported in the CVE database.

If you’re not technical, no worries, you can create the Flash Briefing from Amazon’s dashboard, and all you need to do is provide them with some basic metadata and a link to the JSON or RSS file that contains what you want Alexa to read.

Creating the Skill

  1. Open the Alexa developer console and click Create Skill.

  2. Enter a Skill Name, then select Flash Briefing. Note that Skill Names don’t have to be unique, but it’s a good idea to make them so. Amazon does some “magic” to determine which skill a user is looking for if there are multiple matches, and it’s better not to have to rely on magic.

  3. In the Custom Error Message field, enter a message for Alexa to read if your skill has any errors, then click Save. Mine says, “I’m sorry, I’ve been pwned! Just kidding! Something’s up, though, so try me later.”

  4. After it’s saved, click Add New Feed.

  5. Enter the following:

    • Preamble: Introduction for Alexa to read when your briefing starts.

    • Name: Feed name. You can add multiple feeds for the same briefing. You’ll notice a lot of news briefings will have different news segments you can request — these are the feed names.

    • Content Update Frequency: Tells Amazon how often content can be expected to change. You can choose Hourly, Daily, or Weekly.

    • Content Type: If you’re serving mp3 files, this is Audio, if you want Alexa to read text, choose Text.

    • Content Genre: What type of content are you serving?

    • Feed: Link to the JSON or RSS file that contains your briefing feed — we’ll talk about this in a little bit.

    • Feed Icon: This is the icon that shows up on devices, download pages, marketing, etc. Use a 512x512 JPG or PNG

  6. Click Add.

  7. Open the Distribution tab, enter your marketing info, and save.

  8. Once you’ve completed all this and checked your feed (we haven’t gotten there yet!), you can submit for review from the Certification page.

Creating the Feed

In this example, we’ll be creating a text-based Flash briefing. The feed is a simple JSON or RSS file that contains the following items:

  • mainText: This is what Alexa will read out when invoked.
  • redirectionURL: This is a URL that will appear inside the app or visually-enabled Alexa devices that provides more information about the entry (for my Hacker Daily skill, I link to the CVE’s description on mitre.org).
  • uid: This is a unique identifier that describes the entry. This can be anything, but must be unique to your feed file, each entry should have its own unique ID.
  • titleText: This is the title of the entry.
  • updateDate: This is the date of the entry, used to sort the entries. Its format should be in YYYY-MM-DDTHH:MMZ format (for example, “2019-08-23T21:15Z”)

Your output will look like this (with a few more entries — Alexa can use up to five):

[
    {
        "mainText": "The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). This is CVE-2016-6154 published on August 23 2019", 
        "redirectionUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6154", 
        "uid": "CVE-2016-6154", 
        "titleText": "CVE-2016-6154", 
        "updateDate": "2019-08-23T22:15Z"
    }, 
    {
        "mainText": "An information exposure vulnerability in FortiOS 6.2.0 and below may allow an unauthenticated attacker to gain platform information such as version, models, via parsing a JavaScript file through admin webUI. This is CVE-2018-13367 published on August 23 2019", 
        "redirectionUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13367", 
        "uid": "CVE-2018-13367", 
        "titleText": "CVE-2018-13367", 
        "updateDate": "2019-08-23T21:15Z"
} 
]

You can see an example of a complete and valid JSON file that Alexa can use at https://github.com/jenh/Hacker_Daily/blob/master/cve.json.

Now, you could create the file by hand, or you could programatically create it. Hacker Daily is programmatically created using a script called cve-flash.py. In this script, I download the latest CVEs from NIST, load the data as JSON, parse through it, grab the last five CVEs (Alexa limits flash briefings to five items), and print them to a file. You can take a look at my script here. You may not need everything that’s in there (you may not have to process a zip, for example!), but feel free to crib parts of it for your own use.

After you’ve got your JSON file, you just need to copy it to a server (you can also host on S3 if you like, that gives you SSL and everything AWS wants) and update it periodically.

I update periodically using a cron job by running crontab -e and adding

*/60 * * * * python /path/to/my/flash-cve.py

to the file, making sure that the script is executable (chmod 755 flash-cve.py) and owned by the user who is going to run it (chown user:user flash-cve.py, where ‘user’ is the user you want to run the script).

Note that the flash script in my Hacker Daily example will write to /var/www/html, so you should make sure that the user running the script has access to the json file. I’ve refreshed my web site in the past and clobbered the permissions before, causing the update script to fail for a few hours! :)

Good luck and happy Daily Flash Briefing!

Hacker Daily is just one of my Alexa Skills! Check them out and if you’ve got Alexa skills, feel free to share them — I’d love to try them out!