[HN Gopher] The S in IoT is for Security
___________________________________________________________________
The S in IoT is for Security
Author : rauhl
Score : 468 points
Date : 2021-03-22 12:43 UTC (10 hours ago)
(HTM) web link (puri.sm)
(TXT) w3m dump (puri.sm)
| edf13 wrote:
| Isn't this just a vailed SEO/Content filled blog post/Ad for
| puri.sm?
| alpaca128 wrote:
| I don't see a veil on a blog post where the author's name and
| CEO position in the company is the first thing you see.
|
| Sure you can argue Purism won't exactly publish something that
| doesn't agree with their marketing, but at the same time I
| prefer seeing a blog post than some other product page on here.
| And they're not the only one, in fact right now the very top
| post on HN is a blog entry by Mozilla about a new feature in
| their product.
| KETpXDDzR wrote:
| My way to deal with IoT devices: A virtual "guest" WiFi w/ AP
| isolation using DD-WRT. Devices in there can access the Internet.
| That's it. They can't see other devices in my local networks.
| That makes me sleep better.
| soheil wrote:
| There doesn't have to be an S in it to be secured since the T is
| for Trustworthiness.
| hnedeotes wrote:
| and the three "asses" in that stand for simply super secure.
| soheil wrote:
| I'm one person shouldn't that be singular?
| z3ncyberpunk wrote:
| Poignant way show show how there is no security in IoT
| mixedmath wrote:
| I think I'm missing a few major points. I wonder if someone here
| might be able to clarify.
|
| 1. The real meat of this "pwning" was (it seems) a google search
| to identify the WEB API endpoint. Then it turns out that sending
| POST requests to this endpoint can turn the light on/off, change
| its temperature, and change its brightness.
|
| 2. In order to turn a light on/off using the "found" api, it is
| first necessary to connect to the lamp's network. So if I were
| doing this on my own linux machine, which cannot as far as I can
| tell connect to multiple wireless networks at the same time, my
| script to change the settings on the light would include
| disconnecting from my true wifi network, connecting to the lamp's
| network, sending the signal to the lamp, disconnecting from the
| lamp, and then reconnecting to my own network. Is that right? Is
| this what the bash scripts and apps mentioned in the post are
| doing?
|
| 3. If I lived in the apartment above the OP's (say), and I were
| malicious, I could even now _also_ access the lamps ' networks
| and, say, set their values to be whatever I wanted. And there is
| simply no way of stopping this (S in IoT, after all).
| Spivak wrote:
| Yeah this is so far from pwning that it's hilarious to be
| presented as such. This is literally authorized access. He
| built an integration for his smart bulbs the same way Google
| Home or HomeKit would access it but with some weird Wi-Fi
| paranoia that actually made him less secure.
|
| The security model of pretty much all smart lighting "if you
| can reach me on the network you're trusted" just like the
| security of light switches "if you can reach the switch you can
| flip it."
| spongechameleon wrote:
| I mean the alternative was installing the propietary app so I
| would say this is still a big win. But also yes, any wifi
| capable device in your home with no authorization is clearly
| a disaster waiting to happen.
| Spivak wrote:
| I don't disagree that it's a huge improvement over some
| proprietary app but I still don't think "using the light's
| API as designed" counts as pwning it.
|
| It's the same API that openHAB or Home Assistant would
| consume to control it.
| shp0ngle wrote:
| Yeah this article is mostly ranting disguised as something more
| adolph wrote:
| I thought it was mostly sales for "for PureOS and the Librem
| 5" on "my Librem 5 phone as well as Librem Mini desktop" to
| do something an alias to curl performs perfectly fine.
| sdlion wrote:
| One way to solve 3 and maybe 2 would be adding to the ecuation
| an ESP32/8266 and use it as an access point for the lamps. Then
| you might create any physical controls for the lamps or with
| some network magic add it to your infrastructure through a
| segmented network. I'm not sure if this can be done with an ESP
| alone (hence "network magic") or you could just use a second
| ESP connected to your private network and passthrough your
| commands via a serial port to the Lamp's ESP AP.
|
| ESP32's are fairly cheap, easy to use and can even be
| programmed through micropython.
| porbelm wrote:
| This is pretty much how I read it, but I thought maybe it's
| worse: I would bet that when you connect to the lamp's network
| _and set it up to connect to your network as you should_ the
| lamp 's internal WiFi ceases to broadcast, and you'd need the
| reset switch to enable setup again.
|
| What this guy seems to have found out is possibly (and how, I
| don't know--the article is horribly lacking in detail) that the
| lamp accepts API calls /when it is in hotspot mode for setup/
| as well as in HAZ_EXT_CONNECSHUN=1 mode
|
| So what I think is that /anyone/ close to the lamp can send the
| API calls and affect it. Because the lamp is in perpetual setup
| mode with its unsecured hotspot active...
|
| "A browser hitting that returned a page to connect the lamp to
| local WiFi. That is a no-go, so maybe there is a web API..." he
| said
|
| the dumbass
|
| e: Sorry, I misread your post on the lamp network part. I'll
| leave this here but now you know I spotted it. My apologies.
| gautamcgoel wrote:
| Took me a moment to get the joke, pretty clever title.
| drivinmecrazy wrote:
| Can you believe Generac standby generators need you to download
| an app and receive an activation code which no doubt you key into
| the generator before it will work. I nearly got caught out with
| this when we were looking to replace our cottage genny. We don't
| have internet access how stupid a concept is this. Thankfully I
| found out before completing the purchase so I bought a different
| brand but I'm with this guy all the way. I'm not connecting my
| lightbulbs, toaster or intelligent microflushing loo to anything
| internet just to use the product.
| beckingz wrote:
| Good overview of how to hack a specific internet connected lamp
| to avoid installing the manufacturer's app.
| 1cvmask wrote:
| This is a great article explaining the need for open standards
| and non-proprietary approaches to IoT just like we have in the
| digital world. Vendor lock-in is a real issue for security and
| non-dependancy as well.
| flyinghamster wrote:
| Another problem: Even when the device is working as it should,
| there needs to be a "lock" mode that says, "don't download new
| firmware." Nothing like having your smoothly-functioning lighting
| setup FUBARed by an unnecessary and buggy firmware update -
| especially if you're far away from home when it happens.
| astrea wrote:
| What about the inverse where it was shipped with buggy software
| or one with a massive security hole that now can't be patched
| because it is "locked"?
| grenoire wrote:
| What if we built simpler systems that are less prone to
| security issues, without the cpre assumption that we can
| 'just patch it up' whenever after it's shipped off?
| astrea wrote:
| What if we were born without the need to consume or
| generate matter? I think it's easy to generate idealistic
| scenarios, but not so easy to implement them in reality.
| There's a couple counter-pressures to your question. The
| first being that the average consumer has come to expect
| and demand a higher level of functionality out of even
| simple devices. The next is that there's no monetary
| incentive in creating the perfect system from the start,
| especially when you can just use premade things. Finally,
| hackers (whether they be nation-state actors or your
| neighbor's bored teenager) are CONSTANTLY on the prowl for
| vulnerabilities in all things connected to the internet.
| With that in mind, it's not quite as easy to develop the
| perfect, unhackable system.
| sebastien_b wrote:
| Pretty sure that title was coined by Steve Gibson on his Security
| Now! podcast[1] (at least that's where I've first/only heard it).
|
| [1]https://www.grc.com/sn/sn-586.htm
| monocasa wrote:
| I've heard/said it before that point.
| driverdan wrote:
| That style joke predates IoT. "The [letter] in [acronym that
| doesn't contain letter] stands for [punchline]"
| ullevaal wrote:
| > Pretty sure that title was coined by Steve Gibson on his
| Security Now! podcast
|
| In your source he explicitly says he does not know who the
| originator is.
|
| > I don't know who the originator was because I saw it coming
| from several different sources over the past week. But I just
| love this. I mean, I liked the acronym IDIOT, I-D-I-O-T, which
| of course stands for I Don't Internet of Things. But I think
| even better is this slogan: "The 'S' in IOT Is for Security."
| sebastien_b wrote:
| Good point - I missed that.
| lrvick wrote:
| This is why I just flash ESPHome firmware on all all the IoT
| stuff I buy to make them useful, trusted, and easily updated
| elements of my home.
|
| I even run tuya-convert to switch over my dozens of light bulbs.
|
| Anything that can't run open firmware I control doesn't get to
| live on my internal LAN.
| formercoder wrote:
| I'd encourage anyone who enjoys these projects to check out Home
| Assistant. It's an incredible open source project with support
| for countless devices.
| alpaca128 wrote:
| The U in Smart (devices) stands for user-friendly.
|
| We need an app to control a stupid lamp but at the same time are
| expected to buy a "smart home" system so that we don't have to
| pull the phone out of the pocket. Originally smartwatches were
| marketed for the same purpose, but I guess now there's also the
| severe risk of having both hands unavailable at the moment so we
| need to be able to delay the system update via voice command. Of
| course with tracking so they can "improve the user experience",
| and the occasional personalised ad.
|
| Meanwhile I'm wondering how people got convinced this is better
| than just pressing a physical button, but then I remember even
| $500+ appliances nowadays are built with such cheap buttons that
| after a few years I'm forced to learn where to smack the fist on
| the front cover so they work again for a few minutes.
| melomal wrote:
| > I'm wondering how people got convinced
|
| FOMO and PR. I have friends that have plenty of money and read
| the latest reviews/gadget magazines. They assume whatever is in
| the recommended area you should be buying it or your neighbours
| will have it first.
| outadoc wrote:
| If you want to, you can turn it into a Home Assistant plugin (or
| even add it to the core). It's a great project that aims to
| provide this kind of interface for all kinds of "smart" devices
| in a user-friendly way.
|
| https://github.com/home-assistant/
| hirundo wrote:
| I have found Home Assistant to be very user unfriendly and
| difficult to use. I have about $1000 in switches that are among
| the most popular Z-Wave devices on the market that I have not
| been able to get working, as well as other devices. I'm
| admittedly clueless with hardware, but I build software for a
| living. The few things that do work required hours of
| spelunking on forums into incomprehensible details of
| configuration. It's not a system I'd recommend to a typical
| consumer.
| BrandoElFollito wrote:
| HA is not the easiest system to get into, but once you are
| there is is fantastic.
|
| It is a state machine that I also use for some other
| software, not to mention that it has tons of integrations.
|
| I use Zigbee and it took me 10 minutes to have it
| successfully running (via MQTT autodiscovery, or via the ZHE
| module (which I tested byt keep with MQTT)).
|
| It certianly is not something would suggest to my parents,
| but someone who is technical (especially with software, and
| especially-especially with Python) it is not difficult.
|
| The main issue is how the docs are organized, it takes quite
| sometime to understand the way the whole thig works. After
| that it is downhill.
|
| Finally there is a strong move to the UI where many things
| become click-n-go.
| connorproctor wrote:
| How long ago did you try it?
|
| I had a similar experience with Home Assistant a couple years
| ago, but they've made a ton of progress on UX recently. I
| still wouldn't recommend for a typical consumer, but should
| be easy for someone building their own apps.
| outadoc wrote:
| Agreed! It was really terrible, it's much better now - at
| least you don't need to fiddle with YAML anymore for _most_
| things. There 's still a ways to go, but for the audience
| reading this, it should be accessible.
| hirundo wrote:
| Maybe two and half years. I'll give it another try, thanks.
| xyzzy21 wrote:
| As in the S is missing! :-)
| thitcanh wrote:
| thatsthejoke.jpg
| steve_gh wrote:
| IoT runs across a range of use cases and connections. There is a
| lot of emphasis on WiFi IoT applications, but this makes things
| hard in other places.
|
| I'm working on various IoT sensor products that require a
| cellular connection - NB-IoT is preferred for this use case due
| to the good penetration characteristics. But the problem is that
| UDP is recommended as the NB-IoT transport layer due to the
| problem with TCP ack timeouts due to NB-IoT latency. That means
| that you are practically reduced to MQTT-SN as a data protocol,
| which in turn means you lose TLS.
|
| There are partial solutions - we whitelist our MQTT data sources
| (i.e. only the Cellular provider's NB-IoT gateway), and we can
| verify and whitelist the IDs of all connected devices). But it is
| a partial and imperfect solution.
|
| Security is hard...
| ridaj wrote:
| Good point by the author, but iiuc neighbors can just walk up and
| control the lamp too if operating on the lamp's presumably open
| wifi?
|
| Missing from the home IoT security works is a decentralized auth
| infrastructure story. I don't fully subscribe to the notion that
| people do this because they want to monetize... That may be the
| case sometimes but here I tend to believe you get to this kind of
| solution if you want something that is usable by average
| consumers and has some form of auth.
| cute_boi wrote:
| and P in IOT is for privacy lol.
| blablabla123 wrote:
| Software needs to be updated though, certificates need to be
| checked and all that. That's only possible with Internet - unless
| you run your own CA, Package Mirror on the local network. That
| said, there is also a trade off between having a having ports
| open for REST vs. having a gateway (whether that's on the local
| network or on the Internet). Also it's probably a difference
| whether one plans to update the installed system every now and
| then or whether that should be fully automated...
| denysvitali wrote:
| This is true, but honestly I have almost never seen an IoT
| device getting updated for security reasons - instead they seem
| to update things OTA to just add more crap to it.
|
| In any case, a CA lasts ~20-30 years. Hopefully the IoT device
| will be dead by then
| KETpXDDzR wrote:
| One can't spell "idiot" without "i", "o", "t".
| wojciii wrote:
| Ok.. so he needs to scan for an unique AP first and then send the
| command to the device on this network. Is the phone capable being
| connected to multiple 2.4 networks or does controlling the light
| mean having to first scan and the connect to a network? This
| approach sounds slooow.
| mafro wrote:
| I imagine it's mentioned elsewhere in this commentary, but the
| key point I think this chap missed was not connecting to a wifi
| network under his control.
|
| "A browser hitting that returned a page to connect the lamp to
| local WiFi. That is a no-go ..."
|
| You can buy prosumer routers nowadays for $99 USD which enable
| one to setup different subnets and VLANS such that a device is
| accessible on the network but unable to access the internet.
|
| I'm not afraid of IoT like some other tinfoil types commenting
| here - just make sure they can't call home (I'm looking at you
| Samsung TV)
| danhor wrote:
| Many of these WiFi-LED lamps contain esp8266 devices, which have
| a lot of open source alternative firmware available, like
| esphome[0] or tasmota[1]. You can reflash them by opening them &
| connecting a cheap (1$) usb-to-tty adapter.
|
| If that isn't an option (for reasons like not wanting to
| permanently damage them or being afraid of electrical shocks) a
| lot of them come with tuya firmware, which you can (still) often
| exploit and convert with TUYA-CONVERT [2].
|
| I found the Tasmota Device Templates Repository[3] to be a really
| valuable resource, although I've been using zigbee devices for
| lightbulbs.
|
| [0]https://esphome.io/
|
| [1]https://github.com/arendst/Tasmota
|
| [2]https://github.com/ct-Open-Source/tuya-convert
|
| [3]https://templates.blakadder.com/index.html
| kissgyorgy wrote:
| Shameless plug: We are working on the solution! Our motto is
| actually "Put the S into IoT" :D by working with security
| researchers on an automated tool which can scan and find
| vulnerabilities in all kinds of IoT firmwares. Check it out:
| https://www.iot-inspector.com/
|
| Our old UI is "not very nice", but we already have a GraphQL API
| and pretty UI very soon.
|
| If you are a security researcher or IoT shop, you should contact
| us!
| _joel wrote:
| Is there a curated list of IoT devices from a security
| perspective? Like is the firmware flashable with open code, how
| chatty is the device/callhome, update frequency (if any) etc?
| schnable wrote:
| > A brief search returned the web API URL path that returns a
| JSON structure
|
| A brief search of what?
| johanbcn wrote:
| Yeah, I'm wondering the same, since he refused to use the app
| at all, so no sniffing packets either.
| durnygbur wrote:
| of lamp endpoints I presume!
| codazoda wrote:
| Yeah, I assumed he was vague here because hacking your own
| device, or writing about how to hack it, might be against the
| law in some jurisdictions.
| sigmonsays wrote:
| i took it as a google search, which made me laugh at how much I
| read before i got to the point. I enjoyed reading this post
| actually but there is very little meat to what actually
| happened.
| crescentfresh wrote:
| Agreed, talking about how he discovered this API is what I
| would have wanted to read. He said the only opened port was
| 8xxx and it was a dead-end, so what port was this API running
| on then? How did he discover it without sniffing packets from
| the app? various, etc
| bellyfullofbac wrote:
| And if the browser "404'd", that means there's actually a
| web server listening (different to connection refused/timed
| out error messages). So was it a 404 or something else but
| you don't understand HTTP so you just called it 404?
|
| From the writing my impression is this is a guy flexing his
| "I know tech" muscles. Calling it "pwn"? Talking about his
| Librem phone/desktop? Well done 1337 hacker! /s
| adolph wrote:
| Put signature and stated use case appears to match the
| Elgato Key Lights API.
|
| https://www.elgato.com/en/key-light
|
| https://www.npmjs.com/package/elgato-light-api
| djcooley wrote:
| Chipset developers like Silicon Labs* are developing very
| advanced but approachable security capabilities into their latest
| products (secure boot, secure debug, physical protection (DPA
| countermeasure, anti-tamper), key management, key storage, crypto
| engine, etc.)*.
|
| The tools are there now to address this, and this should go a
| long way toward actually securing the application, the data, the
| IP, and overall simplify lifecycle management.
|
| * - disclaimer, I am an employee * -
| https://www.silabs.com/security
| tpolzer wrote:
| The issue here isn't hardware capabilities, it's that vendors
| like to make their gadgets centrally connected for convenience
| and analytics and then on top often don't care about hygiene
| (e.g. no crypto at all).
| temac wrote:
| Would it only allow for the lamp to be "secure" in the sense
| that the owner would not be able to take back control anymore?
| If that's the case, that's a "solution" worse than the problem,
| that's even unethical as hell given this will short/medium term
| accelerate the ecological nightmare.
| ls65536 wrote:
| Unfortunately I've often found these capabilities end up being
| used against users as much as, if not vastly more than, they
| are used in their favour.
|
| For example, secure boot and anti-tamper measures are often
| used to lock out users from being able to examine or modify
| equipment and software for their own benefit. Sure, these
| measures can be argued as ways to "protect" the user from
| themselves (preventing inadvertent/unsupported changes of
| hardware causing malfunction, or preventing the installation of
| malware, and so on), but to rob the users of their agency to
| decide what's best for themselves in these circumstances is
| fundamentally disrespectful.
|
| Nonetheless, I hope your employer is in a position to be part
| of a movement to buck the trend here, but based on what I've
| seen in the industry over the years, I've learned to be very
| skeptical whenever I hear of such "security" capabilities being
| thrown around as universally beneficial for everyone.
| TheRealDunkirk wrote:
| I don't care how "secure" one can make an internet-connected
| lamp. I don't want or need a lamp to connect to the internet to
| change its operating conditions. The problem is that we, as a
| society, are being so suckered by cheap consumer devices that
| it's becoming difficult to even FIND NON-connected devices in
| some categories. Like the lamp in the article, I'm willing to
| bet that he looked for something with purely physical controls,
| and couldn't find one in a comparable price point. I honestly
| don't get it. I can't fathom what some company could possibly
| be doing with my usage data from some internet-connected LAMP,
| or why they would go about designing all the infrastructure to
| make it work. It would be orders of magnitude more easy to just
| put some buttons on the side of the unit. At this point, I
| guess someone out there thinks, "Oh, neat!" but this sort of
| situation is paving the way for it to be impossible to buy ANY
| consumer electronic device that doesn't phone home in the very
| near future.
| godot wrote:
| Just out of curiosity, if that web API request is made while
| connected to the lamp via its WiFi access point, I am guessing
| that means whenever they wanted to control the lamp using this
| custom app, they'd have to make their phone disconnect from the
| main WiFi, reconnect to lamp WiFi, do actions, then reconnect
| back to main WiFi (I suppose that could all be automated within
| the custom app) Wish the lamp would just put that control as a
| knob on the lamp..
| DarkCrusader2 wrote:
| One thing I haven't seen mention much with these "smart" devices
| is how inconvenient lack of physical buttons is. Instead of just
| reaching over and adjust the volume/brightness whatever, I now
| have to unlock the phone, find the app and do some gestures to
| achieve same results, all of which now requires some mental
| bandwidth for these banal tasks.
| Cthulhu_ wrote:
| I have a few 'smart' things in my house. One is my living room
| mood lights, but that's a combination of a simple RF plug relay
| switch on the one hand, and an ikea (also RF?) spot system, no
| internet required.
|
| The other thing is my thermostat, where it's mainly convenience
| to control it remotely via my phone. I'm not comfortable with
| it, it has a dongle directly in my router giving the company
| behind it access to it and its data. I mean the charts are
| convenient, but I think the whole thing could be made offline
| as well. Anyway, that one has a simple screen (LED light
| matrix?) and touch buttons so anyone can adjust the temperature
| until the next time block, making just the unit without the app
| as useful as the old dial thermostat it replaced.
|
| Final 'smart' thing I have is my wifi router, which I can
| manage via my phone; a big improvement over the old
| router/modem which had a very 2000's looking web interface.
| mason55 wrote:
| That's just bad smart home planning. Any smart home device
| should work on top of existing physical control. Don't buy
| smart bulbs that require you to use your phone or voice to
| control them. Instead, buy smart switches that work just like
| normal wall switches but also give you smart home/automation
| possibilities (and work perfectly fine for guests or if the
| whole smart home system is down).
|
| Don't buy some garage opener that requires internet access to
| control your garage, hook a smart relay into the existing
| garage opener.
|
| Make sure there's a physical remote for your TV or sound system
| in addition to phone control. You can buy third party remotes
| just for this purpose.
|
| Etc., etc., etc.
|
| Pretty much any smart home project can be done in a way that
| keeps all physical control in place. Yes, it costs a little
| more and requires a little more work, but it's the only
| reasonable solution.
| gpanders wrote:
| This is exactly right. If you set out with some requirements
| such as 1) everything must be able to still work without
| internet access and 2) it must be simple enough that my
| mom/grandma/whatever can still use it, then you can still
| benefit from the convenience of these devices without all the
| downsides.
|
| This is what I do. I insist that any "smart" whatever be
| strictly additive; that is, it must only _add_ functionality
| but not remove anything. I will never buy a product that
| can't be controlled physically or that requires Internet
| access. The net result is pretty great!
| mason55 wrote:
| Yup. With this approach the only thing that goes wrong is
| you start to rely on some of the automations and it's a bit
| annoying if one stops working for some reason.
| rootusrootus wrote:
| 100% agree, this is how I approach all of my home automation
| toys. Periodically I disconnect my HA server and then the
| Internet connection just to verify that the fallback position
| for my house that everything still works manually just like
| you expect.
| 8note wrote:
| This looks very dependent on whether you're renting or
| owning.
|
| If I'm renting a place, swapping out the light bulbs is
| feasible, swapping out the light switches is not
| mason55 wrote:
| Sure, lots of reasons you can't create the most very
| optimal experience. But even if you can't swap out the
| switches in your rental there are other options if you keep
| "physical first" in mind. There are even smart switches
| made to stick over a regular light switch so you can keep
| people from turning it off (and this deactivating the smart
| bulb) and still have a physical switch, but it's actually
| controlling a smart light.
|
| Starting with a hard requirement of physical control still
| leaves lots of things on the table.
| hunter2_ wrote:
| When your hands are occupied by cooking or some such, it's nice
| to bark orders at a voice assistant for timers, lighting
| adjustments, adding to the shopping list, etc.
| _Microft wrote:
| I think the parent commenter was not annoyed by the fact that
| they _could use an app_ but that they _have to_.
| mattwad wrote:
| He's got a point. My smart lights are the only reason I
| even own a Google Home assistant. The rest of the features
| are not very important to me.
| _peeley wrote:
| I don't really mind having less buttons to accidentally push on
| my phone or other devices that go in my pocket, but I can't
| stand this when it comes to car dashboard interfaces.
| Thankfully I still drive a car from before this trend but in
| newer cars where e.g. changing the radio station requires
| fiddling with a touch screen. With physical buttons or knobs I
| can do this almost unconsciously, but with a touch screen I
| have to take my eyes off the road to even see what I'm poking
| on the screen.
|
| With this kind of stuff, it always makes me wonder why it's
| there in the first place. Surely there's not much demand for
| touch screens in cars, and it must be more expensive to produce
| than analog buttons and knobs. Why has it become so ubiquitous?
| ktpsns wrote:
| I absolutely second this. "IoT" is a keyword to furnish up
| cheap hardware where the price of physical switches would have
| harmed the profit margin too much. This is not really ironic:
| Physical switches (with a price of probably 0,2 USD per
| component) are more expensive then SoC having Wifi implemented.
| Also it's cheaper to hire software-only developers to do as
| little hardware engineering as possible. It's all about cutting
| the price per unit down.
| soheil wrote:
| It probably costs more to add physical knobs/switches. They
| will end up taking more space/require more material to
| manufacture than the IoT device itself.
| cube2222 wrote:
| This problem will depend on the vendors you buy your products
| from.
|
| Having a few brands of smart home devices which are all
| compatible with homekit, I just swipe down on my lockscreen and
| have all of them as shortcuts in the single native interface or
| use my watch to operate them with voice.
|
| Android seems to have the Google Home app for this exact same
| reason, but I have no idea how well that works.
| mrb wrote:
| Usually the factory default WiFi network that IoT devices create
| during setup is open. No password required. It seems the author
| left the device in that state when he reverse-engineered the API.
| So anyone in the vicinity of the network can connect to his lamp
| and control it. I wouldn't call this "secure."
| DannyB2 wrote:
| The SH in SHIoT is for Security Hardened IoT.
| BrandoElFollito wrote:
| Well, hacking such devices gets immediately easier when you can
| google the API endpoint, and that endpoint is REST (or REST-
| like).
|
| I have a wifi radio (Ocean) and I tried several times to hack it
| so that I can programmatically start and configure it but failed
| every time because the whole system is completely closed and non
| standard.
|
| I would love to buy a radio that has an API (actually I would buy
| three right away)
| ShakataGaNai wrote:
| Ah yes. Elgato Key Lights.
|
| Let's be thankful that they are, in fact, using ESP32 for a
| central control chip and use a very simple REST protocol. It
| could be a lot worse, a lot more proprietary.
|
| These are simple devices, but expensive as far as lights go. You
| can very easily get dumb lights that have only physical controls.
| For a lot cheaper too.
| throw080700 wrote:
| The open KNX Standard seems to be the answer to IoT's woes. But
| nobody seems to have heard of it.
|
| https://en.wikipedia.org/wiki/KNX_(standard)
|
| This classic talk - Learn how to control every room at a luxury
| hotel remotely (2015) [has eng subtitles]:
|
| https://www.youtube.com/watch?v=RX-O4XuCW1Y
| markild wrote:
| Also Zigbee and Z-Wave.
| throw080700 wrote:
| Zigbee got problems with non-free licensing. Z-Wave seems
| open, is it completely open?
| pantalaimon wrote:
| Zigbee is IEEE 802.15.4, you can also run 6LoWPAN on top
| instead of the Zigbee stack.
| danhor wrote:
| Z-Wave is very closed, afaik only a few chips are available
| and need to be licensed. Compared to that Zigbee seems to
| be much more open.
| throw080700 wrote:
| Ok. The top thread of this HN post about Zigbee not being
| that open:
|
| https://news.ycombinator.com/item?id=21825822
| motohagiography wrote:
| The S in IoT should be for "Stop buying stupid disposable junk."
| I can't listen to anyone complain about climate change while they
| fill their homes with cheap consumer electronics from globalized
| supply chains that spy on them.
|
| I also can't imagine letting an internet connected anything in my
| home, and I keep all internet electronics in one room. Sure,
| other people can live in a surveillance zoo, but I prefer to keep
| mine limited.
|
| If it has a circuit, stow it.
| kgin wrote:
| Say what you will about Apple's Homekit but every Homekit
| device can be set up with local-only control.
| hackeraccount wrote:
| Check out Home Assistant and mqtt. If motivated you can
| actually go pretty far with just on-prem. If home automation
| floats your boat that is. I'm thinking maybe it's not just the
| surveillance part that you don't care for but that the whole
| thing does nothing for you. Which is cool.
| crazypython wrote:
| I can't imagine letting non-free software- the proprietor can
| modify it, but I can't, and under the control of someone else-
| hexing a piece of property I have bought. It's my property, yet
| it's cursed by the proprietor.
| simias wrote:
| I would be willing to compromise if at least there was a
| widely adopted set of standard protocols that I could use to
| interface these devices with my own favourite controller.
|
| Instead it's a mish-mash of bespoke proprietary smartphone
| apps that have terrible security and privacy practices.
| pwinnski wrote:
| The Venn diagram of IoT devices with reasonable default
| security and IoT devices that are not proprietary does not
| overlap at all.
|
| Apple makes IoT devices with reasonable default security, but
| they're also as proprietary as proprietary gets.
| jrm4 wrote:
| For better or worse -- "Buying stupid disposable junk" the
| absolute central driving force and core of this economy and
| perhaps our culture and society. I'm with you on the idea, but
| there's a LOT of work to do...
| pengaru wrote:
| > I also can't imagine letting an internet connected anything
| in my home, and I keep all internet electronics in one room.
| Sure, other people can live in a surveillance zoo, but I prefer
| to keep mine limited.
|
| Out of curiosity, how often is your smartphone resting on a
| surface within reach @home?
| motohagiography wrote:
| Alerts have been 95%+ off for years. Sometimes it's nearby,
| but it doesn't go to the 2nd floor where bedrooms are. I
| don't do social media or slack either.
|
| It's just a way of living where you don't give other people a
| free 24h real time option on your attention.
| pengaru wrote:
| Notifications/alerts have zero bearing on surveillance
| capabilities.
| motohagiography wrote:
| Keeping your phone on you or at your side to respond to
| notifications and alerts means you are generating
| surveillance data the whole time via the accelerometer,
| mic, camera lighting changes, reachable bluetooth
| devices, signal changes, wifi availability, and every
| other onboard sensor.
|
| Having alerts off means you relate to the device
| differently. Would be curious what you suppose I
| misunderstand about surveillance and security though.
| Dylan16807 wrote:
| > The S in IoT should be for "Stop buying stupid disposable
| junk."
|
| The joke is that there is no S, which means you're saying we
| _shouldn 't_ stop buying.
| fortran77 wrote:
| > I can't listen to anyone complain about climate change while
| they fill their homes with cheap consumer electronics from
| globalized supply chains that spy on them.
|
| Your hearing must be better than mine! I didn't hear Todd
| Weaver, the author of this blogpost, complain about climate
| change.
| viraptor wrote:
| There's a lot of IoT stuff which doesn't reach out to the
| internet. You can also reflash some commercial solutions with
| open firmware. Also, there's quite a few local only solutions
| using ZigBee / zwave that you can manage from Home Assistant.
| prower wrote:
| Or you could just flip the switch with your actual thumbs.
|
| There's a discussion to be had to on placing every basic
| action on our daily lives on a finicky smartphone.
| wccrawford wrote:
| There are lights in our home that are simply hard to get
| to, especially in certain cirumstances. I could probably
| rig up a physical switch with some extension cords
| (potentially dangerous) or rewire the house (expensive and
| messy) or I could use a wifi bulb or switch.
|
| And once that was the case, it just made sense to have
| others for convenience, too. For instance, we can turn off
| almost every regularly-used light at the same time now when
| we go to bed. The remaining ones are lights we only turn on
| for a short time anyhow, so they don't get left on.
| tehlike wrote:
| Automation is what you are missing.
|
| I love that my light turns on in the hallway when sun sets.
| Or the lock locks/unlocks as I leave or approach the house.
| Or that I can see my camera over vpn.
| tails4e wrote:
| I agree, but what I dont like is how to function a device
| needs Internet connectivity. Our smart vaccum cannot work
| with its app unless its connected to thr Internet. The
| nice thing is we can see its progress on mobile data,
| etc, but its a little ott for a 3rd party server to be
| involved. I'd prefer it to be local only.
| _carbyau_ wrote:
| I don't know of an off-the-shelf one you could buy.
|
| For the tinkerers, https://dontvacuum.me/ and
| dustcloud/dustbuilder as search terms.
|
| I have a roborock(Xiaomi sub-corporate brand) firmware
| flashed to no longer need internet, hosts "the database"
| on itself which is great for latency/responsiveness,
| provides web page functionality so you can use it from
| your phone, computer etc.
|
| I quite like it.
| prower wrote:
| I totally understand it for security, as ironic as it is
| (given the topic). For everything else though, I feel
| like there's a "honeymoon" effect in place, where the
| theoretical and immediate convenience overshadow the
| implications.
|
| To make a silly comparison, it's like buying digital
| videogames on a console instead of their physical
| versions, knowing you're trading immediate convenicence
| while giving away control, ownership and future
| availability.
|
| I would have much less problems processing IoT if the "I"
| was scrapped and optional by default.
|
| I guess I have an hard time understanding people relying
| on the internet at all.
| mason55 wrote:
| In addition to what the other reply said about going
| local-only using Zwave/Zigbee, the other key is that home
| automation should be "in addition to" not "instead of."
|
| Want to control your lights remotely or automate them?
| Use an in-wall smart switch. They still work as physical
| switches even if all your automation/smart home stuff is
| down. Guests don't need to know anything about the smart
| home, they can just operate them like regular switches.
| You get smarts "in addition to" the normal light
| operation that everyone in the world understands.
|
| Smart garage? Hook into a regular, tried and true garage
| opener using some kind of remotely controllable relay.
| The button on the wall still works, the opener in your
| car still works, but you can have smarts in addition to
| all that.
|
| Replacing regular bulbs with smart bulbs and then
| requiring a phone or internet connected voice device
| "instead of" a normal wall switch is insanity.
| tehlike wrote:
| Correct. Most people like myself go with no cloud
| versions of smart home gear. And use vpn to have a lot
| more control.
|
| A camera that works only locally (dafang hacks + wyze),
| home assistant, zigbee/zwave for example.
| jabroni_salad wrote:
| That's definitely a popular stance in the community of
| people who care enough to join the home automation and
| general electronics community, but if 'most people' is a
| factor, Amazon's best sellers are all "works with alexa"
| and "no hub required", and all of those products will
| surely die when their cloud tenancy is turned off.
| titzer wrote:
| Other people feel differently.
|
| I personally hate living in a haunted world which is
| filled with devices watching me, ready to pounce and fill
| me with delight at their fulfilling my every desire. It's
| absolute exhausting and downright terrifying when you
| think through the hell some motivated hacker (or hater)
| could subject you to.
|
| Is it unthinkable that all this stuff will turn on you
| one day? What if you become infamous for crossing the
| wrong person and a viral video sends the firehouse of
| political hatred from one group or another your way?
| "Swatting" is a thing. Just wait until people start
| hacking your house. They could burn it down while you are
| away by just turning on your oven maybe!
|
| Me? I'd like my bricks, locks, doors, lights, and life to
| stay dumb.
| TheCapn wrote:
| I like not having to get up and walk across my house to
| reset the internet because my ISPs modem is garbage and
| locks up under heavy load.
|
| I like being able to schedule my plant's grow lights to
| get the appropriate amount of light regardless of season
| and being able to keep that schedule even when i'm not
| home
|
| I like knowing that I left my garage door wide open as I
| drove away because I forgot to look back over my shoulder
| to see that the button in my car didn't get picked up.
|
| I like being able to unlock the door for my neighbor to
| let my dogs out if I end up stranded at work longer than
| I had intended to when I left that morning.
|
| I like that my garage camera turns on and takes shots of
| whoever is entering though the door when its opened.
|
| I like that my system texts me if a door/window is opened
| after 10pm (if its me? no biggy. If its an intruder? BIG
| HELP)
|
| I like that these devices are on a segregated VLAN with
| firewalling protecting my personal computers/NAS
|
| ---
|
| There's a lot of negativity to be said about smart
| devices, but you can't focus solely on the negativity
| while ignoring the advantages.
|
| There's also a level of risk and comfort each individual
| should be willing to set for themselves. I don't 100%
| trust my garage automation, that's why I have monitored
| security on my house. I'm not willing to automate devices
| that can harm my house (oven as your example) but I _am_
| willing to monitor their power state (is the oven on?)
|
| This isn't all or nothing in the end.
| whydoyoucare wrote:
| Your dual-edged sword is a valid argument, but one can
| only set the level of risk and comfort iff he/she is
| aware of the risks in the first place. Look at how busy
| the Best Buy "Geek Squad" is setting up TVs' and helping
| new owners with use of their smart remote! :-)
| barneygale wrote:
| I'd go further: smart devices are largely a status
| symbol. You're advertising to your guests that your
| concerns are those of convenience and luxury, to the
| point where you won't even use a light switch. That alone
| is pretty gross before you add in the implicit support
| for the megacorps.
| tehlike wrote:
| That's a little too cynical.
|
| I use smart home stuff, because: 1. I use it as security
| device (i have tons of zigbee sensors for motion, and
| contact). 2. I forget about simple things, all the time.
| I forget to lock my door, i forget to get my keys etc.
| All of this is taken care for me in case i forget. I
| haven't hooked up my garage door yet, but my kid (1 yo)
| likes to find the remote and press it mindlessly, and i
| really don't want to leave it open. 3. I like the
| convenience in general.
|
| If you come to my house, it's definitely not something
| you'd say a "status symbol". It's only expensive because
| it's in bay area, otherwise it's a mediocre house.
|
| I have been a programmer for as long as i remember, and
| these things excite me, that's another aspect.
| yusefnapora wrote:
| "Ghastly," continued Marvin, "it all is. Absolutely
| ghastly. Just don't even talk about it. Look at this
| door," he said, stepping through it. The irony circuits
| cut into his voice modulator as he mimicked the style of
| the sales brochure. "All the doors in this spaceship have
| a cheerful and sunny disposition. It is their pleasure to
| open for you, and their satisfaction to close again with
| the knowledge of a job well done." - Douglas Adams, The
| Hitchhiker's Guide to the Galaxy
|
| People just can't get enough of Alexa and her Genuine
| People Personality!
| kps wrote:
| The door refused to open. It said, "Five cents, please."
|
| He searched his pockets. No more coins; nothing. "I'll
| pay you tomorrow," he told the door. Again he tried the
| knob. Again it remained locked tight. "What I pay you,"
| he informed it, "is in the nature of a gratuity; I don't
| have to pay you."
|
| "I think otherwise," the door said. "Look in the purchase
| contract you signed when you bought this conapt."
|
| In his desk drawer he found the contract; since signing
| it he had found it necessary to refer to the document
| many times. Sure enough; payment to his door for opening
| and shutting constituted a mandatory fee. Not a tip.
|
| "You discover I'm right," the door said. It sounded smug.
|
| -- _Ubik_ , Philip K Dick, 1969
| wl wrote:
| There's value in automation across different devices. Just
| a silly example: I've got a CO2 monitor in my office. If
| the level goes above a certain threshold, it triggers a fan
| and changes the color of an LED light strip to alert me.
| filleokus wrote:
| Slightly OT: But what sensor are you using? I've been on
| the lookout for one for years but always decided they've
| been too expensive. But now working from home I think
| it's time to finally get one.
| wl wrote:
| I'm using the Kaiterra Laser Egg+ CO2.
| jxcl wrote:
| I was looking at this sensor available from Adafruit (and
| others): https://www.adafruit.com/product/4867
|
| Seems like a reasonable price for a true CO2 sensor.
| smolder wrote:
| Automation is great. What's nice is the thing you
| described can also be implemented extremely cheaply
| without any fancy logic or network connectivity, and then
| it's just a Thing, not an IoT thing.
| monsieurbanana wrote:
| ... Are you really using iot for a co2 sensor of all
| things? It's one thing if your smart toaster fails to
| start when your car enters the garage, it's another when
| a device to save your life decides to do an npm update at
| the wrong time and you go to sleep. For good.
| wbradmoore wrote:
| are you thinking of CO?
| adrianN wrote:
| CO2 is pretty safe because your body has a built in
| sensor.
| Filligree wrote:
| This is probably to keep CO2 below 500/600 ppm, not a
| safety device.
| wl wrote:
| Sitting in an increasingly concentrated puddle of my own
| CO2 when I close the door of my small home office is not
| a life safety issue. It just seems to affect my cognitive
| performance at some point. If there were CO2 tanks or
| combustion in play, I'd be using a proper industrial CO2
| alarm.
| viraptor wrote:
| There are some good use cases for connected devices. Some
| are just gimmicks, but there's no point in being smug and
| discounting all of them.
| GuB-42 wrote:
| You probably mean home automation. IoT is connected to the
| internet by definition.
|
| Home automation is a mess, IoT or not. There are standards
| like KNX, but the problem is the same as it was 30 years ago
| when the idea of home automation arose: manufacturers want
| captive markets and can't agree on a single standard. As a
| result, I can't buy any A/C unit, rolling shutter, light
| fixture and thermostat and just connect them to my home
| network, the selection of "smart" appliances is actually very
| limited.
|
| I mean, home installation is thought out on the scale of
| decades, because renovation is a pain. People want something
| simple and reliable, that is the reason why some taps,
| switches, sockets, etc... are 10 times more expensive than
| others while looking the same and people still buy them. It
| is the complete opposite from what Silicon Valley is pushing.
| Qwertious wrote:
| >but the problem is the same as it was 30 years ago when
| the idea of home automation arose: manufacturers want
| captive markets and can't agree on a single standard.
|
| I think the "solution" to this is some sort of open
| hardware system, where instead of someone manufacturing and
| selling for a profit, the design includes a standard set of
| parts you order, and then there's a very simple assembly,
| Ikea-style.
| chrisBob wrote:
| I think the I in IoT is really for Internet, so I am not sure
| if it counts if it is local only.
| NegativeLatency wrote:
| Intranet?
| Mordisquitos wrote:
| Surely it would be Intranet _S_ of Things.
| tehlike wrote:
| Vpn
| unethical_ban wrote:
| Literally yes, but come on. "connected home" and IoT are so
| close in use case, and _because_ most connected home things
| are Internet-only, let's not pick at terminology too much.
|
| I would love to have a connected home that did not require
| _any_ external connectivity or web accounts. Why did I need
| to login with my Google account and enable location
| services to set up a Chromecast Audio?
| 8note wrote:
| I imagine it enables Google to enforce location based
| licensing for where you can listen to certain songs at a
| given price point.
|
| Listening to a song in the forest is free, listening to
| it in a bustling street costs 10C/ per play because
| you're performing it to people walking by
| baxtr wrote:
| I use an old Philips TV from 10 yrs ago. It works fine, has
| HDMI and all that. No WiFi and other shit of course.
|
| I am totally worried about the day it will break down.
| devoutsalsa wrote:
| The thing that drives me bonkers about "smart" TVs is how
| slow they can be. Cheap processor + lots of software to
| compute = sluggish user experience. It's not not only is it
| spying on me, it's letting me know that it cares more about
| making me wait to spy on me before adjusting the frikkin'
| volume.
| gambiting wrote:
| Like most other things, it's the good old "you get what you
| pay for". I got the LG CX OLED few months ago and that
| thing is lightning fast. Starts up nearly instantly, apps
| switch without any delay....I have no problems with it
| being "smart". Compared to my old Sony Bravia which
| literally took a minute to even start up, urgh.
| 8note wrote:
| Now you have to pay more for features that used to come
| standard, in addition to making tv ownership ad
| supported.
|
| Nobody had a lighting fast or slow RF remote, the volume
| just went up and down when you clicked the button (after
| getting it pointed in the right direction)
| xvector wrote:
| Really? That's strange, because I don't remember my old
| TV supporting AirPlay. I also don't remember ever seeing
| ads on my LG.
| cute_boi wrote:
| "Smart" is just a marketing buzzwords. These days due to
| this smart tv thing I can't find any decent dumb TV.
|
| Their is nothing smart in "Smart TV" they all should be
| labeled "Scam TV".
| meowster wrote:
| Sceptre makes dumb 4K TVs up to 75".
| sickofparadox wrote:
| https://www.sceptre.com/ makes dumb, consumer TVs. As far as
| I can tell they are basically the only brand doing it.
| AdmiralAsshat wrote:
| Are they _good_ , though? I, too, want a "dumb" TV, but I
| still want high color accuracy, refresh rate, viewing
| angles, etc. I don't necessarily want a Hotel/Office
| Waiting Room TV.
|
| Also, taking a look at the site, and not a single 4K UHD TV
| is in stock at the moment. Yikes!
| ed312 wrote:
| Can't vouch for the TVs, but I owned one of their 1080P
| monitors in the last 2000s/early 2010s. Upper-middle
| quality, very basic OSD, great customer service. Used the
| monitor for ~7 years before upgrading to a 4k, sold it
| still working with original cables & box.
| meowster wrote:
| Walmart has better stock of Sceptre TVs last time I
| checked. Unfortunately they only make dumb 4K TVs up to
| 75"
|
| (I was looking for 85", so I just unplugged the WiFi
| module in the TV I bought before I turned it on the first
| time.)
| hackeraccount wrote:
| This. All I want out of a T.V. is a dumb monitor. If I want
| "smart" I'll just plug something in - that's why a TV has
| HDMI ports. Instead you get something you can't replace,
| can't fix and can't get rid of.
| dmarlow wrote:
| Same here. I have a plasma LG that I absolutely love. It has
| an amazing picture, but it's heavier than wet sand.
|
| My friend recently got a new TV and I was appalled at the
| controls, picture (soap opera effect), "smart features" (how
| it instantly goes into this app like experience that you
| can't ever get out of). So many things bother me about modern
| TVs. If my TV ever dies, I don't know what I'll do.
| loloquwowndueo wrote:
| Replace with a projector :) you don't watch OTA channels,
| do you? So any other media source should be hookable to a
| projector. Sure you need a dark room to watch stuff, but
| that's a plus as it'll induce you to watch less tv ;)
|
| Also - the soap opera thing can be turned off in decent
| newer TVs and as discussed in other HN threads you can just
| deny the TV an internet connection so it behaves dumbly.
| You might still need to contend with clunky UI but really -
| just select your video source and start watching, so the
| pain is minimal.
| throwaway889900 wrote:
| I got myself a nice chunky laser projector with more than
| enough lumen output to overpower the sun. In fact I loved
| it so much I got a second one for basically the same
| price. Sure it's not 4K, but I get the screen size.
| dmarlow wrote:
| I wouldn't be surprised that by the time I buy a
| projector, they're all "smart".
| Filligree wrote:
| I replaced mine with a computer monitor. It's a bit more
| expensive, but that's the price of not being spied on.
| hatch_q wrote:
| Soon all 'smart' TVs will just come with 5G connection.
| Will make it much harder (if even possible) to deny them
| internet connection.
| fixIt83 wrote:
| I bought a guitar, TV went unused, sold it, less gadget
| worry. Bought more guitars!
|
| I've dramatically slashed my personal gadget footprint.
| Phone, watch cause I like the exercise data, a Linux box I
| barely touch, old iPad for movies and video chat.
|
| I pickup the guitar rather than sit at the TV or computer.
| Learning an instrument connects both sides of the brain like
| no other skills based activity.
|
| No ads, acoustic road trips easy enough, no worry about
| charging, smart speakers would hear some bad covers of Wonder
| Wall.
|
| It's a life changing experience.
|
| So when the TV breaks, maybe consider replacing it with $500
| digital piano to get weighted keys and decent built in sound
| instead of paying for an ad distribution device.
| w0mbat wrote:
| What were you saying? I was busy upgrading the firmware on
| my guitar amp.
| 6510 wrote:
| Is anyone doing a smart guitar with ads already?
| adolph wrote:
| Kinda, its an app that trains people to tune guitars in
| different scenarios. The ads are mostly for pro versions
| of itself, its sibling apps and a far field mike array
| for adjusting tuning based on the room. The killer
| feature is artificial intelligence that learns how the
| person perceives sound and adjusts the tuning from
| "technically correct" to "perceptually correct." It is
| gamified with a blockchain verified leaderboard.
| xmprt wrote:
| I'm not sure if you're joking. This seems like a
| reasonable feature to have but then you threw in
| blockchain and now I'm not sure anymore.
| adolph wrote:
| Cheating devalues games. Ambiguity heightens absurdity.
| Maybe I should have added that the IP has rock solid
| patents, is open source* and the startup is still in
| stealth while raising a series G.
|
| * some restrictions apply, please agree to the terms of
| service to allow super cookies and review that the
| license SKU matching your service region to a stacked
| arbitration regime established in the People's Democratic
| Republic of Korea and Delaware
| driverdan wrote:
| Most TVs work fine without an internet connection. I recently
| got a new Samsung TV. It really wanted an internet connection
| but works just fine without it.
| Robotbeat wrote:
| Doubt that electronic gizmos have much to do with climate
| change unless you're running kilowatts for Dogecoin mining or
| whatever.
|
| It's heating and cooling, transport, and food. Maybe cement as
| well. If you buy a new conventional car, I have more to
| question you on climate change over.
| MikeKusold wrote:
| Electronics require lots of metals that are sourced through
| mining. Mining is an essential but dirty business that often
| leaves pools of toxic heavy metal water behind. These pools
| are damned up, but inevitably leak out into the surrounding
| environment.
|
| It's important that everyone Reduce, Reuse, Recycle properly
| in order to reduce our impact to the environment.
| Robotbeat wrote:
| You know what requires a lot more metals? Cars and houses
| and apartments and railroads and highways. When we're
| trying to reduce our impact on the environment, we've got
| to not waste time on the small fry while ignoring the
| elephants. Problems should be attacked proportional to
| their impact. Don't think that using metal straws but
| driving a new gasoline powered SUV is making an
| improvement.
| stonesweep wrote:
| > You know what requires a lot more metals?
|
| I believe the argument is about the _refining_ process
| and the chemical waste it creates, which is substantially
| higher when trying to extract 99.99% pure copper, zinc,
| gold, silver and other industrial elements which are
| converted into electronics. I 'm a hobbyist fan of silver
| and know just the basics - refining for 99.99% pure
| silver looks like making crack to my eyes. :) Breaking
| Bad level chemicals.
|
| I'm to understand the act of creating and "washing"
| circuit boards also uses a large amount of caustic
| chemicals, as does the attempted recycling/recovery (to
| basically eat away the coatings to expose the reclaimable
| metals). Refining for purity has a high environmental
| cost to get it from ore -> 99.99% and to reuse/recycle
| it, I speculate much higher than iron ore (train tracks,
| etc.) require/use.
| Robotbeat wrote:
| Interesting claim, but to justify a few milligrams of
| metals is worse than literally tons of metal and cement
| is going to require a quantitative argument.
|
| 99.99%, even if you're right, only gets us to 10kg
| equivalent if you start with 1 gram.
|
| (And keep in mind that these processes to make bulk
| materials themselves use alloying agents and specialty
| materials in cutting heads, etc, to fabricate them.)
| stonesweep wrote:
| It requires tonnes of ore processed to produce ounces of
| gold (I read roughly 13 tonnes on average, but it's
| highly dependent on the quality of the deposit and
| refinement difficulty), there are metrics and studies:
| https://www.businessinsider.com/tons-of-rock-for-an-
| ounce-of...
|
| Edit as I'm curious myself, this study shows it's about
| 150 tonnes of ore input for one ton of copper output
| (with other minerals reclaimed during the process):
| https://www.princeton.edu/~ota/disk2/1988/8808/880811.PDF
| Robotbeat wrote:
| Keep in mind your conventional car's catalytic converter
| contains grams of platinum group metals, worth about
| $1000 or so now ($3000 for older, larger catalytic
| converters). Due in large part to the spike in rhodium
| prices.
| stonesweep wrote:
| Platinum is extracted as a by-product of nickel and
| copper mining (as are other elements) as it's primary
| source, unlike gold and copper which are mined for their
| element directly. Not arguing your point (45% of platinum
| is used in auto) only that how we get Pt and Pd is
| already in progress to get at the other elements like Cu,
| Au and Ag.
| Robotbeat wrote:
| But IS it a mere byproduct? If it adds significant
| revenue, it's no longer a mere byproduct but now part of
| the business proposition of the mine. About $30 billion
| of nickel is mined per year. About $8 billion in platinum
| mined per year. 30 tons of rhodium are mined per year,
| which at current >$900/gram prices, means the revenue
| from rhodium is actually HIGHER than platinum and on par
| with nickel.
|
| So you could as well argue that nickel is a byproduct of
| rhodium (and platinum group metal) production.
| stonesweep wrote:
| The USA mints alone use roughly 4,400 tonnes of nickel to
| produce coins every year (one specific industry with one
| type of output in one country). Around 133 tonnes of
| platinum and 1,800 tonnes of gold are mined per year in
| total for all use globally.
| coldpie wrote:
| We are now at the point where everything matters.
| Industry is responsible for about 21% of GHG emissions
| globally (more than transportation!)[1]. Reducing that by
| using simpler technologies is a good thing to look into.
|
| Do you really need to replace your perfectly functional
| doorbell with a big pile of electronics? Probably not.
| Would not driving to work every day make a bigger
| contribution? Yes. Would not doing either be best? Yes.
|
| [1] https://www.epa.gov/ghgemissions/global-greenhouse-
| gas-emiss...
| Robotbeat wrote:
| Using an incandescent light bulb is not "better" than an
| LED bulb, even though the latter is a "pile of
| electronics" while an incandescent bulb is just a little
| tungsten wire. So I really don't think this is a good
| rule to follow. Simpler technologies are often far less
| efficient and often have a far larger ecological impact.
|
| LED bulbs are comically more efficient than incandescent
| bulbs (by a factor of 5-10), which in turn are comically
| more efficient (by 10-50 times) than like a candle or oil
| lamp. "Simple" is actually a terrible heuristic for "low
| ecological impact."
| coldpie wrote:
| Are you really making the claim that a simple doorbell
| switch has higher environmental impact than a Ring
| doorbell?
| Robotbeat wrote:
| It actually might. If the Ring doorbell allows you to
| avoid opening your door just once or twice a week, the
| energy savings could exceed the environmental footprint.
|
| A Ring doorbell has a 22Wh battery that lasts about a
| month or two per charge.
|
| Having the door open for 10 seconds on a cold winter day
| can easily waste that much energy. About 10kW of heat
| loss for 10 seconds is 100kJ, higher than that 22Wh.
| Likewise, the embodied energy of that 22Wh battery is
| about 22MJ, and might dominate the embodied energy of the
| Ring camera. So if it saves you from opening the door
| 200-300 times in its lifetime, that might be enough to
| pay for its own embodied emissions.
|
| Plus not having to drive home to pick up a package, etc,
| etc.
|
| Plus think of other smart devices like smart thermostats
| that might be part of the whole Ring system. Or perhaps
| if the Ring device prevents destruction of part of your
| home from theft.
|
| I don't even own a Ring doorbell, but I can see how it
| could actually help. Also, traditional doorbells aren't
| that efficient. Especially if they have a little light.
|
| Ring could also replace a window to see who is there,
| which is a big source of heat leakage.
| harpastum wrote:
| The argument is that the "simpleness" of the doorbell
| isn't a good heuristic for the amount of impact.
|
| According to wikipedia [1], the transformer on a standard
| doorbell can use 2-3 watts of power at all times. That's
| 1400-2100 watt hours per month -- about _one hundred_
| times as much as a ring doorbell uses (Less than 20 Wh
| per month).
|
| The cost and impact of the Ring includes more
| manufacturing, and I wouldn't be surprised if the Ring
| ended up having a larger environmental cost, but it's not
| as clear cut as your incredulity makes it seem.
|
| [1] https://en.wikipedia.org/wiki/Doorbell
| gaius_baltar wrote:
| > According to wikipedia [1], the transformer on a
| standard doorbell can use 2-3 watts of power at all
| times. That's 1400-2100 watt hours per month -- about one
| hundred times as much as a ring doorbell uses (Less than
| 20 Wh per month).
|
| Interesting thing to know because here in Brazil we don't
| route PELV (Protected Extra-low Voltage) to the doorbell.
| The external switch just carries the full voltage from
| the mains (127 Vac or 220 Vac, according to the state).
| Maybe it's not the safest design after all.
|
| However this constant power usage can be safely removed
| by using a non-rechargeable 12V battery that would power
| a relay that will trigger the mains-powered bell when the
| (purely mechanical) external switch is pressed. This
| removes the constant power usage and such battery should
| last for years with a typical usage scenario (less than
| one second per push or so).
| eldaisfish wrote:
| >We are now at the point where everything matters
|
| You are missing the point and mischaracterising the
| problem. Resources are finite. Human attention spans are
| limited. Emissions from ships in international waters are
| an absolutely huge problem and addressing that will make
| a huge impact on future climate.
|
| Funny how no one mentions that but we are all focused on
| paper straws and smart doorbells.
| acka wrote:
| It is all related, so everything taken together does
| indeed matter. When we as consumers insist more on buying
| locally produced, durable, interchangeable, replaceable,
| repairable (!) components to build things we're actually
| likely to use for a long time, we can stem the flow of
| cargo ships and ditto planes shipping "stupid disposable
| junk" halfway across the world, thereby limiting all the
| pollution and waste of (fossil fueled) energy that goes
| with it.
|
| While we're at it, we should demand to put an end to the
| senseless hoarding of patents and IP, in particular those
| that hamper interoperability between components, and for
| information on interfaces to be made public, so no more
| proprietary connectors, protocols, APIs, no more
| artificial restrictions on consumables such as printer
| ink, etcetera.
| midasuni wrote:
| Local odeon stopped using plastic straws in their drinks.
| Paper ones were awful. Bought some metal straws also
| awful. Ended up taking 2x500ml bottles instead - far more
| plastic than was used before.
|
| Yeay?
| sixstringtheory wrote:
| Stop using straws... completely unnecessary.
|
| Use a reusable water bottle. One can be had for the price
| of those 2x500ml bottles.
| midasuni wrote:
| I don't want water.
|
| Charge me for the plastic for the 6 straws a year I use,
| which is far far less than the plastic others "waste".
|
| Put a price in the pollution and let the market sort it
| out
| madpata wrote:
| I'd just say that both contribute and stop this whataboutism.
| matkoniecz wrote:
| gizmos in total probably have some noticeable impact and
| unlike heating or food are mostly useless/not needed/harmful.
| Robotbeat wrote:
| It's amazing how after 2020 work from home and school from
| home orders, people still insist "gizmos" are mostly
| useless.
| dkersten wrote:
| Using them maybe not, but producing them and then shipping
| them across the globe? Also, as with all things, its not like
| one iPhone in isolation is a problem, but millions, year
| after year, that does add up.
|
| Maybe that's still not much compared to other industries, but
| in the context of the conversation here, its still something
| that an individual who might complain about climate change
| does have a little control over. I mean, if I complain, but
| then don't change MY behaviour, even if that change wouldn't
| by itself change anything, why should I expect companies to
| change theirs?
| ryandrake wrote:
| I remember when the primary threat you considered when setting
| up your firewall was hackers trying to infiltrate your network.
| Increasingly I find myself using my firewall to sandbox devices
| already on my LAN and preventing them from phoning home to
| exfiltrate.
| walton_simons wrote:
| My thoughts exactly. And even this seems to be getting
| harder. I keep reading about "smart" TVs which barely
| function if they're not allowed to phone home, and IOT
| devices which query their own hardcoded DNS servers, ignoring
| whatever your DHCP server has told them to do.
|
| I think it's only a matter of time before we start seeing
| more and more of these things with built in cellular modems
| which can't be disabled. Makes me want to start stockpiling
| older technology in order to prepare for a time when every
| single available lightbulb, washing machine, TV, or vacuum
| cleaner has to be online all the time and controlled by some
| privacy destroying app.
|
| I'm only half joking when I say that I can imagine a future
| where something purely mechanical is considered the height of
| luxury. Look at this! A door lock with a metal key which
| doesn't log and transmit the comings and goings of your
| family and friends. Incredible! If only we could afford such
| a thing, but there are only a few artisans left in the world
| who can make them...
| wiremine wrote:
| > Stop buying stupid disposable junk.
|
| I get the frustration, but this is a narrow perspective.
| _Consumer_ IoT is still waiting for some good use cases. But
| IoT touches a lot more industries than that: medical, earth
| science, manufacturing, heavy industrial, logistics, energy...
| they are all being improved with useful IoT solutions. And we
| need solid security in all these areas, not just the home.
|
| I'd also note that privacy and security, while related, are
| separate issues. Most IoT solutions don't factor in either
| concern well.
| bsder wrote:
| > And we need solid security in all these areas, not just the
| home.
|
| Who is _we_ who need solid security?
|
| I haven't met them. They don't sign a check for security.
| They don't do anything other than put "Security" on a
| PowerPoint slide and forget about it.
|
| We make our shipping IoT stuff secure because it's a point of
| pride and point of competence. But we built the whole
| architecture around that idea, and it _definitely_ slowed us
| down at the start.
|
| Until people start cutting checks for _actually secure_ IoT,
| it 's going to remain a giant field of cow dung.
| paranoidrobot wrote:
| > Who is we who need solid security?
|
| Anyone with a modern medical device is the 'we'.
|
| My grandmother got a new pacemaker installed a while back.
| She now has a device sitting beside her bed with a 4G modem
| in it, that talks to her pacemaker at night and sends the
| data back to some service, which in turn her Doctors can
| access.
|
| This is apparently the normal thing to do.
|
| What level of security is there in either of those devices?
|
| How do you ensure that there isn't open ports? Does it get
| security updates pushed to it? (I wouldn't be money on
| that)
|
| How does one ensure that this can't send malicious commands
| to the pacemaker?
|
| This isn't just an issue with pacemakers, either - plenty
| of other medical devices are coming with various wireless
| chips in them.
| HeyLaughingBoy wrote:
| They really do exist. Believe it or not, just last week I
| had an actual meeting with an actual paying client who took
| IoT security seriously because "we've got some hydraulics
| on this machine that can cause real damage if someone hacks
| into it."
|
| Unfortunately, I think this is going to be the perspective
| for a long time: if the customer sees real liability (read:
| a lawsuit for physical damage) as a possibility, that's
| probably going to be the only motivating factor to take
| security seriously.
|
| Whatever. One step at a time!
| rglullis wrote:
| One of my "please steal my idea" projects is to get any of
| these Youtube personalities that are famous for commentary on
| consumer tech (such as Linus from LTT, MKBHD, mrwhosetheboss)
| and convince them to create a company that would mix together
| something like drop.com with a "design studio" focused on
| coming up with high-quality kits for consumer gadgets, with the
| twist that every kit is open source and freely available.
|
| Every month or so, they would make a video about the ongoing
| projects and show what kind of features are already available.
| Partner with manufacturer companies that can provide pre-
| assembled systems. For those that don't care about the DIY
| part, offer a subscription-based option where they can get
| early review units, prioritize their change requests,
| _troubleshoot_ support, personalization options, discounts for
| bulk buys, etc.
|
| The revenue from these subscriptions should be more than enough
| to fund the team of open source developers/designers _and_ to
| make up for the "lost" revenue of a video made that is
| sponsored by any of the big tech companies. The most
| interesting though would be to see if this could lead to a
| change in consumer demand: could an influencer changed the
| public's perception of what is really "hot"? Would we start
| seeing things like "/r/mechanicalkeyboards" for all sorts of
| products like TV panels, wireless speakers, home automation
| light systems, F/OSS-based smartphones?
| mkoubaa wrote:
| I had a similar idea where devices are all just a bunch of
| input and output devices that declar themselves via zeroconf
| on wifi/5G. And you can have a portal on your PC where you
| choose which software to use one which device and control it
| all from there.
| adriancr wrote:
| It's difficult to even find non-internet-vendor-locked in
| sensors/controls/lights... (sensors/controls ideally running on
| batteries with sane local network API)
|
| So far I've been lucky with cheap zigbee devices but these seem
| to be getting phased out in favor of locked in items...
|
| and before people suggest - no, I don't have the willingness to
| build/maintain my own devices with raspberry pis or ESP etc
| dec0dedab0de wrote:
| FYI Phillips hue is not vendor locked, and does not require
| the internet. They're not cheap though.
| iaml wrote:
| Phillips hue does require the internet for setup.
| babas wrote:
| You can join Phillips hue units to your own zigbee
| network without Internet or even the Phillips hue app.
|
| Zigbee2mqtt and a cheap zigbee dongle is all you need
| really. You could add home assistant for a better
| interface but there is no need to involve Phillips or the
| Internet. One of the huge advantages of zigbee imo.
| noxToken wrote:
| I hate that this dominates the conversation. I tried some
| stuff with a pi once. It was a nightmare. I fidgeted around
| with the installation, and after some slight hiccups, I
| finally get to install the package for my security system.
|
| Errors. A screen full of errors barfed everywhere. I look at
| the repository for some basic debugging, and without some
| serious dedicated time, I can't fix the issue.
|
| This is why people don't want to fiddle with a Pi for these
| things. Time is dedicated to get the system up, but you're
| not given any kind of guarantee that it will work out of the
| box.
| bigiain wrote:
| This is also the reason why some of us enjoy futzing with
| Raspberry Pis (And a Arduinos and ESPs et al.)
|
| But yeah, I understand your pain, and recognise that it's
| not a hobby everybody wants...
| xmprt wrote:
| I feel like anytime a hobbyist says a Pi is the solution to
| your IoT or cloud problem, it's because they enjoy fiddling
| with the errors and getting it work. When it does, I'm sure
| it's rewarding, but a lot of people have other hobbies that
| they'd rather spend time on.
|
| It's like telling someone who complains about video game
| DLC to go skiing. Yes, you might enjoy skiing, but skiing
| isn't a drop in replacement for the person complaining.
| SavantIdiot wrote:
| I just bought a Laird BLE temp sensor (BT510) and have
| complete control over it. I can scan-response it with a
| Raspberry Pi and get the temperature and display it on a
| small LCD screen. The pi is also my home automation gateway
| and it sends this (and other data) to my cloud so I can read
| it from my personal website (which is password protected).
|
| The BT510 It has crazy range and has only dropped 10mV
| battery in 14 days.
|
| It CAN be done, because sensor makers have no interest in
| reporting home: costs are too high!
|
| We need more open source projects to enable people to
| automate their homes with a list of suppliers who provide
| "dumb" edge node sensors.
| Cu3PO42 wrote:
| Ikea sells Zigbee bulbs and control devices as well as a
| Zigbee bridge. Seeing how they joined the Zigbee alliance's
| boards of directors I don't think they're going away. In my
| experience they work fine and are reasonably priced.
|
| They support HomeKit and while their own API technically
| isn't open, it's documented and has libraries to interact
| with it programmatically.
| connor4312 wrote:
| +1. I run entirely Zigbee devices in my home. They don't
| have internet access and talk to the Home Assistant[1]
| instance running on my home server.
|
| The downside of Zigbee is that, as a user, there isn't a
| strong ecosystem of DIY IoT solutions like there is with,
| for example, the wifi-connected ESP8266/ESP32 chips. And,
| of course, it requires a hub and some degree of knowledge
| to set up.
|
| At the moment I'm evaluating launching a small IoT
| startup/side-business in an underserved market. As much as
| I love Zigbee, these devices will probably end up being
| wifi. I'm not an expert in the hardware side of things, and
| the ability to pay <$1 for an ESP chip that does everything
| I need off the shelf is great, and I don't want to create a
| hub or require users to buy a (often $80+) hub just for my
| set of (<=$5) devices.
|
| Although it'll be wifi-based, I plan to make these
| guarantees:
|
| - The cloud service (supported by a small yearly
| subscription) will stay online for at least 1 year after
| the last device is sold.
|
| - When the service is shut down, its software and hardware
| will be released under an open source license.
|
| - The subscription fee will never be increased faster than
| inflation rate.
|
| - 3rd party analytics software won't be used and data will
| never be shared with 3rd parties (outside from Stripe
| during checkout). In all cases a minimum amount of data
| will be collected.
|
| Maybe this'll make my product slightly less likely to
| appear on the @internetofshit Twitter account[2].
|
| 1. https://www.home-assistant.io/
|
| 2. https://twitter.com/internetofshit
| anaerobicover wrote:
| > They don't have internet access
|
| Do you mean they don't as a matter of manufacturing, or
| that you have blocked them yourself? (I ask because I am
| also interested in getting some lights, but would also
| like them to be local-network-only.)
| Cu3PO42 wrote:
| Zigbee devices don't have internet access because they're
| not on the network. Zigbee is a seperate wireless
| protocol. Lights and switches implement a pairing step
| which allows them to interact. If you would like to
| control such devices from your PC, you'll need a device
| with a Zigbee transceiver to talk to these devices.
|
| Typically, manufacturers sell you a "bridge" or
| "gateway", which is a networked device including such a
| transceiver. You could isolate this single device from
| accessing the internet or you could just not rely on any
| closed option. You can buy a USB Zigbee transceiver for
| 30 EUR and use it with your PC or a Raspberry Pi.
| StavrosK wrote:
| I think Zigbee is what IoT _should_ be. It doesn 't
| access the internet, it doesn't clutter the frequency
| band like my 30 WiFi IoT devices, it doesn't need to be
| in range (since other Zigbee devices can relay the
| messages)... I'm going to buy some Zigbee devices from
| IKEA just so I can play around with them.
|
| It's a really nice standard, I hope it takes off.
| Semaphor wrote:
| > The downside of Zigbee is that, as a user, there isn't
| a strong ecosystem of DIY IoT solutions like there is
| with, for example, the wifi-connected ESP8266/ESP32
| chips.
|
| Luckily, as you probably know, you can connect all those
| different protocols together with homeassistant. So you
| can use pre-built solutions for some devices and DIY for
| others and still easily connect them.
| Cu3PO42 wrote:
| I really don't know anything about the availability of
| Zigbee chips for DIY projects, but I would just like to
| say that I paid just 20 EUR for Ikea's gateway [0].
|
| But if you do go Wi-Fi, why use a cloud service at all?
| Is there a specific reason not to go with mDNS/DNS-SD and
| handle everything on the local network?
|
| [0] https://www.ikea.com/de/de/p/tradfri-gateway-
| weiss-40337806/
| Macha wrote:
| How hard have you looked for the lights? Or are you
| specifically looking for the whole "customisable rgb lighting
| with ecosystem with apps etc."
| myself248 wrote:
| I have a few friends running Shelly devices locally with
| HomeAssistant and other agents. They can also do the cloud
| thing (and are unfortunately named that), but the local-first
| functions work. I don't know more, but the hass forums are a
| good start.
| yummypaint wrote:
| Lack of maintenance is a good reason to use a
| microcontroller. I can understand not wanting to deal with
| the complexity of a pi and the associated software updates,
| but if you just need to read a sensor or toggle a relay and
| send a few packets you can write arduino code that is
| effectively set and forget. Most importantly you can be
| certain its behavior wont unexpectedly change because of some
| remote update. It's easier now than it ever has been to get
| started, things have improved alot in just the last 5 years
| or so.
| mkup wrote:
| Yeah, the new microcontroller boards that have Arduino Uno
| MCU (ATmega328P) and cheap Wi-Fi (ESP8266) bundled on a
| single board and connected together via UART are really
| great. I recently got a couple of these from AliExpress for
| $12 including shipping (for experimenting with sensors),
| and I noticed that they are really well supported by the
| Arduino IDE and the open source community in general.
| wiremine wrote:
| I'd encourage you to check out the ESP-32. It's not that
| much more money and supports more features (BLE, actual
| hardware encryption, etc.)
| pradn wrote:
| Electronic lights seem like a small convenience for a high
| price, not to mention how they require even more use of
| smartphones and such.
| thebean11 wrote:
| Disagree, as a renter smart bulbs are by far the easiest
| way to get dimmable lights in my apartment. Being able to
| dim the lights in the evenings while I watch TV is amazing.
| mixmastamyk wrote:
| We simply switch to string lights and "bedtime bulb" in
| the evenings, no dimming or internet needed.
|
| (Although, I did install a dimmer into the dining room
| wall switch, but it's worth it I think if you'll be there
| at least a year.)
| tekromancr wrote:
| I would totally be down for that, but I don't have access
| to the breaker box, and I don't feel like trying to
| install anything into anything that has hot wires.
| thebean11 wrote:
| No internet needed for my setup either, local network
| only.
| AdmiralGinge wrote:
| They don't need to be internet-connected though, there's
| many "smart" LED bulbs that run off a traditional remote
| control.
| thebean11 wrote:
| I don't want to add a remote control to my life, the
| "smart" bulbs are better because I can control them with
| my phone, watch, and any other devices I might get in the
| future.
|
| Not to mention, I have ~10 of these bulbs. Can't imagine
| how a remote control would deal with that. They also
| aren't connected to the internet, they are controlled by
| a hub that only has local network access.
| pimeys wrote:
| We have automation to turn off all lights in the apartment
| when nobody's home, which saves a lot of energy due to us
| forgetting to turn of lights quite often otherwise. Also
| adds nice things like turning on lights on movement in the
| bathroom and kitchen, where you don't need to have lights
| on all the time, turning on lights 45 minutes before sunset
| if somebody's home and turning on lights in the hallway
| when coming home if it's dark already.
|
| I find all of this extremely convenient and ZigBee is a
| great platform to do things like this.
| tifadg1 wrote:
| I don't know if I'm just that jaded, but it feels like
| it's more trouble that just using a light switch and
| getting in the habit of not leaving lights on.
| emj wrote:
| Depends on how many lights you have, and how often you
| need to do it. I've installed extra wires from all light
| buttons so one master switch per room, not as flexible
| but same cost over 10 years. It saves me a ton grief
| every night turning off all the lamps in the apartment,
| some partners never learn that light switches can turn
| something off. The monetary savings are not enough to
| break even in 20 years, the time saved is priceless. ;-)
| samatman wrote:
| I get a lot of subjective value out of being able to
| adjust colour temperature, brightness, and hue.
|
| For instance, the last hour or two of the day, I have
| lights in the bedroom and kitchen either dim red or off.
|
| Being able to do the routine of "try to go to sleep,
| fail, tell my watch to turn the lights red, get a glass
| of water or a snack, turn lights off" is really nice.
| Even dim white light would be like splashing cold water
| on my face.
|
| There are other ways to solve for this, approximately, I
| guess. This is simple and works, though.
| Diti wrote:
| There is enough choice of MQTT-compatible devices, running
| Tasmota or other (for example Shelly devices). No vendor
| lock, open protocol, no single point of failure (well,
| usually people only setup one MQTT broker, but it is possible
| to publish-subscribe to several brokers at once).
| yabudemada wrote:
| I think this is common across all technological phases: wild
| west implementations preceeds standardization.
| soheil wrote:
| I don't understand why hate like this gets so many upvotes. IoT
| devices are in their infancy, it's not fair to constantly
| berate their inadequacies instead of focusing on the
| technological marvel that they are, what they can achieve and
| how they can be made more whole. The resistance to change on HN
| is real.
| simias wrote:
| Home automation is really not particularly novel. Quoting
| Wikipedia:
|
| >In 1975, the first general purpose home automation network
| technology, X10, was developed. It is a communication
| protocol for electronic devices. It primarily uses electric
| power transmission wiring for signalling and control, where
| the signals involve brief radio frequency bursts of digital
| data, and remains the most widely available.[4] By 1978, X10
| products included a 16 channel command console, a lamp
| module, and an appliance module. Soon after came the wall
| switch module and the first X10 timer.
|
| Of course electronics have progressed immensely in 45 years,
| so we can now do a lot more with a lot less.
|
| I still feel like very little has change in practice though.
| I find myself actively avoiding "smart" equipment, both
| because it's overpriced and a bit of a pain to use in my
| experience. They all have their own software stack, their own
| apps (which are often cloud-based instead of running locally,
| adding all sorts of privacy issues) etc...
|
| On top of that you never know when the company is going to go
| under or stop supporting your device, leaving you with a not-
| so-smart device in the best case, or a useless plastic brick
| in the worst.
| pjmlp wrote:
| Not only IoT devices aren't on their infancy, the device
| makers keep using C to program them, and don't provide any
| kind of updates on top of that.
| f1refly wrote:
| Can't wait for my javascript powered IoT kettle that has a
| cpu more powerful than my laptop and includes 4gb of ram to
| load half of npm into memory! The future looks ever so much
| brighter!
| pjmlp wrote:
| I did not mention JavaScript, whose only worthy place is
| the browser.
| mtgx wrote:
| Good luck buying a TV that isn't a "smart" (aka a really slow,
| hackable, and generally quite dumb) TV.
| mkoubaa wrote:
| I'm with you but I made an exception for a baby monitor
| ChuckMcM wrote:
| I get the sentiment. That said, consider that "iOT" is
| sometimes simply re-implementing something that used a
| different moniker before. A printer that connects to Wifi to
| print is "iOT" but the link is just replacing the bulky copper
| printer cable (or the USB cable). Security cameras on WiFi
| replace installing labor intensive (expensive) hard wires
| between cameras and base station. It goes on and on. Basically
| re-implementing the same things that have sold before but with
| "improved" logistics that lower cost, add capabilities, or
| both.
| clajiness wrote:
| You do know that you can prevent IOT devices from reaching the
| internet, right? Our Wemo gear, cameras, etc, get blocked by my
| firewall. Problem solved while still benefiting from their
| convenience.
| milankragujevic wrote:
| I hope you do know that most consumers don't even have their
| own router, let alone anything that can isolate devices or
| block certain traffic.
| extrememacaroni wrote:
| What an amazing solution, so simple and accessible to the
| average consumer. What's the next revelation, that you can
| prevent the IOT devices from reaching the internet by reverse
| engineering and rewriting their software?
| greyw wrote:
| An even easier and more accesible solution to move your
| boot with a high enough acceleration towards the IoT device
| thereby totally disabling the internet functionality!
| Doesn't even need any technical skill.
| JKCalhoun wrote:
| I know you're being humorous but....
|
| If only there were a big sign on every such device saying
| "We are spying on you!".
|
| Otherwise how is the average consumer to know which ones
| to apply boot to?
|
| (Also, the boot needs mass and velocity, acceleration is
| orthogonal :-))
| laurent92 wrote:
| This is where Sigfox has a lot of added value: It is like a
| simcard, but you only pay per million packages instead of per
| SIM, and you save the trouble of customers trying to disable
| your hardware. If you build electronic components and the TV
| integrator doesn't want to bother providing ethernet to the
| power unit, at least the power unit can self-report its
| location to the grid.
| TamHagmas wrote:
| Interesting point. I have also been thinking about how
| LPWANs could, in theory, be used to exfiltrate data from
| consumer devices without anyone noticing. I mean, it would
| be trivial to hide a tiny Sigfox / LoRa transmitter in
| kitchen appliances, washing machines, televisions, cars or
| whatever and claim that you need information like location
| and how the devices are used for "market research".
|
| It feels like it should be illegal, but I'm not sure if it
| is or if there are loopholes. Do you, by chance, know of
| any actual consumer products with covert Sigfox / LoRa
| transmitters?
| laurent92 wrote:
| No I don't, I've just be loosely afraid of TVs with sim
| cards, and since I discovered Sigfox I know that will
| happen someday. Same as the MH370 (I think) which went
| dark at transponder level but the engines continued to
| return the technical data for 4hrs.
| ville wrote:
| Amazon has built a LoRa transmitter (Amazon Sidewalk) in
| their Echo and Ring devices since 2017, it seems.
|
| They're not hiding it though. It's marketed as something
| you might want to keep enabled and "help your neighbors"
| by sharing its location.
|
| - "if your Echo device loses its wifi connection,
| Sidewalk can simplify reconnecting to your router"
|
| - "customer support can still troubleshoot problems even
| if your devices lose their wifi connection"
|
| - you "support community extended coverage benefits such
| as locating pets"
| coldtea wrote:
| > _The S in IoT should be for "Stop buying stupid disposable
| junk." I can't listen to anyone complain about climate change
| while they fill their homes with cheap consumer electronics
| from globalized supply chains that spy on them._
|
| ...but you can order your IoT to "set a mood" from your phone
| or speaker and have 5-6 lights in your house change color and
| some Barry White to start playing like some cheesy 70s
| playboy's penthhouse.
|
| Who wants to go back to physically walking to close a light?
| Walking? We've got expensive tredmills we've bought for that
| purpose!
| wolfi1 wrote:
| somehow ironic that he uses flatpak for his "secure" app,
| considering an article about flatpack security hit the HN
| frontpage a few days ago
| [deleted]
| rolph wrote:
| >>The S in IoT is for Security<<
|
| I cant help noticing, the s in IoT comes last, after all other
| things and is lower case, and not even important enough to appear
| in the acronym /s
| warmfuzzykitten wrote:
| Um. There is no S in IoT. I think that's the joke.
___________________________________________________________________
(page generated 2021-03-22 23:00 UTC)