The actual Internet of things is Tesla collecting 130 million miles of autopilot data to make autopilot safer. It's GE collecting data from the jet engines they produce to understand failures and do predictive maintenance. It's Netapp collecting error logs from fileservers in the field, so they know how to prioritize their bug database, which performance bottlenecks to fix, and what limitations actual customers encounter.
That's the real internet of things. Just ignore all the (hype for) idiotic connected home crap covered by the popular press. Yes vendors are producing these products but the only feature I want is a a global disable for any such thing I accidentally bring into my home.
> Just ignore all the idiotic connected home crap covered by the popular press.
Funny, that's what a black hat would say who compromises tens of thousands of homes because of a shitty consumer device. And a global disable, how's that going to work?
The "IoT" is a major crapshoot, because any idiot can hook up their garbage to the internet and (inadvertently) enable RCE (remote code execution) on it compromising the home network of the user even if it doesn't state that risk on the tin (as if you could prove that with current methods).
The world hasn't seen an incident big enough to care, but I bet one is coming (look for cutesy names like Heartbleed and Stagefright in the headlines) and it will be the usual game of hindsight that leads politicians to go public about it as it has been the case with any major invention (cigarettes, alcohol, cars) that found its way into the public's hands.
The golden age of black hats is before us still. I wish I could say I wouldn't be affected...
Unfortunately, none of those things promise what the IoT promises - insight and control into your own stuff. They're ways for companies to monitor what you're doing, in real-time, after they've sold a product to you. Windows 10 is as much a part of the IoT as any of those.
No idea why you're being downvoted. This is absolutely valid commentary. Most IoT home devices are atrocious from both a security and a privacy perspective. There are fairly regular posts on HN about the shit-awful security of these devices. Just yesterday there was the post about the guy with the bad Amazon review.
Also, there's another problem I see with this crap, and I can see right where it's going to end up... It won't be long before the FBI gets some judge to declare that our homes are no longer private because our thermostats are connected to the internet. I am already infuriated at the things law enforcement claims in court. I can sense a migraine on the horizon when it comes to a home connected to the internet.
I would love it, but it looks like it will take time.
As for security, we've been building PCs and such for decades and still are just beginning to get it right. Looks like one really needs a TPM chip as in Chromebook or iPhone. That may be too expensive for many devices, hell, it is apparently too expensive for most desktops, laptops etc.
As for sending data.
Seems like an IOT vendor would hope to sell the usage data. That does seem to have some value.
Raspberry Pi's SOC has had ARM TrustZone support right from the beginning (I'm pretty sure, definitely in recent models). I don't know if we can rely on crypto secure unique keys having been burned at some stage inside every Pi (Not sure if that'd be done by Broadcom or 'Pi?), but the "too expensive" argument seems unsound...
(I fully expect to read soon about some Chinese manufactured IoT device where every single one if millions manufactured has an identical MAC, GUID, and TrustZone private key...)
IIRC ARM TrustZone is not a TMP chip, just some software. And the other day we read that people managed to break it, possibly affecting many Android devices.
>>Then why would they be connected to the internet?
I like the idea of being able to remote control them. For example, it would be cool if I could securely tell my coffee machine to start making coffee when I leave work at 3pm on Friday so that it's ready by the time I get home.
How would you remote control it without going through someone else's server?
I understand that an HN reader could set up DynDNS, a DHCP reservation, and port forwarding (so you could connect directly to your home from the internet), but that would not seem to make for a viable consumer product.
I think the name itself is broken. Most applications just need to be a local network of things.
Having a million device thats that are difficult to audit, configure and sensitive to internet and service outages is a nightmare recipe.
Not sure how to solve this in an easy to fix way but it makes me miss the days of RFCs and standards. Seems like we need something higher level than z-wave, zigbee and 802.11.
I don't think I subscribe to the idea the that we need to instrument everything to collect data for eventual ML (especially if that data is going to be privately owned). I can see why that would be appealing especially if you are a large software company involved with ads.
If there really is a killer ML model for a particular IoT device then let me opt in/out and the data collecting can be anonymous, no login required. Being online should not be required for its function.
edit 2: realized I did not address the point on updates
Self updating devices I am more on the fence about. Ideally I would have some control over what is getting updated and when and the ability to revert things and schedule the updates.
It would also be great if these devices used ssl and signatures for updates. There are horror stories of them opening up tftp and using http in the clear.
If this is too hard for IoT makers get right maybe hubs are the way to go? Not sure but the fewer things phoning home via the internet on my network the better I guess.
Maybe the current feature set is enough; it is what the customer bought after all.
ML algos can be pretrained before shipment and the model baked into the device. Online training can be gamed just like search optimization games Google search; in fact it is a pretty big security hole.
Some internet/local network server on the network should provide software to do that. This software should be competed on separate from the network of thing devices individually (and should probably have open source interfaces and implementations; an industry consortium like the Khronos group - OpenGL, OpenCL, Vulkan, etc. - would be perfect). You could buy a pre-built box for it, it might get folded into the future all-in-1 router/modem (website) or console/TV box, you can have your laptop or old desktop do it, etc.
That way there is a single authoritative device to secure and control everything with, a single device to reset if it becomes compromised, etc. Updates can be in cryptographically signed bundles from their manufacturers. And any smart algorithms can be run through the server. Arbitrary code execution on devices would be strongly discouraged by industry practice.
Agreed though I suppose most players are thinking wow my vertical integrated app store style platform will be great here.
Maybe that will win but it if we really want something that lives up to the hype maybe we need something as game changing as http and the internet itself was in the day?
Stuff like http://mqtt.org/ and some of the open source projects like hass might help but it seems like we need something more. As the article says its not just security that is suffering but the over all UX sucks right now.
Every Wifi router needs to treat every device on the network as independently untrusted, except where explicitly told to do otherwise. Outbound connections aren't as big a problem as every random device having full access to a home network.
This is why I have two separate SSID's, one goes to my 'trusted' VLAN of home devices that have access to the rest of the network - the other goes to an 'untrusted' VLAN that has access to NOTHING except to pfSense for routing (and any access to the pfSense admin page is blocked from that interface since it's only bound to the other VLAN).
MY stuff (desktops, cell phones, laptops, game consoles) goes on the first, everything else goes on the second (guest devices, appliances that are less than trustworthy and have no reason to touch the rest of my network, etc).
Does your setup (easily) allow for things like untrusted IoT powerpoints/lights on the untrusted network to be controlled by their regular apps running on a phone hooked to the trusted network?
I haven't quite worked out a simple-but-correct solution for that at my place yet.
I have come up with a concept of "any device who's software I'm not actively updating and managing for security shouldn't be on the same network as my backup NAS". That includes not just IoT crap, but my original (cant upgrade past iOS5) iPad, my printer, my 3D printer's Windows machine, most of my Raspberry Pis, and friends and family's phones/tablets/laptops...
I do have access from my trusted network to the untrusted one, but not the other way around (ACL's on my switch prevent the untrusted VLAN from accessing anything but my pfSense router for internet access). Regardless of this, however, they are separate broadcast domains, so if I can't just punch in an IP address to access it I won't be able to use it (and this excludes a lot of proprietary "Smart" devices that rely on mDNS+DNS-SD or TCP/UDP broadcast for discovery without any option for direct IP connection).
If I ever bought into the "Connected" / "Smart" home (and I probably will, it would be really nice to open my garage from my phone and have lights automatically turn on, monitor the thermostat remotely, etc) I will probably invest in standards-compliant devices that use Zigbee or Z-Wave and setup OpenHAB - all of these proprietary "Smart" devices just seem dumb when you have to rely on external services like IFTTT to integrate them, really defeats the whole purpose and I don't like being locked into specific brands / ecosystems when semi-open standards exist.
> Does your setup (easily) allow for things like untrusted IoT powerpoints/lights on the untrusted network to be controlled by their regular apps running on a phone hooked to the trusted network?
Sure, if the control uses direct IP connections it's just a matter of adding some routes - if using broadcast UDP, not so much.
Similar. My open ‘guest’ SSID is layer-2 switched to the upstream modem only. (I suppose it's possible that the modem could be compromised and send frames back to the LAN, but I see no evidence of that.)
The only difference between an outbound and an inbound connection, and most particularly from an Internet of Shit untrusted, incompetently designed, compromised-on-sight device, is who commits the first SYN.
(Why does it always come back to the original SYN?)
Dan Kaminsky's demonstrated streaming video over DNS. There's NFS-over-SMTP. If there's a transport, you can tunnel over it.
Tools to limit specific internal hosts to specific external nodes might help. No need for any Internet of Shit device to talk randomly to anywhere on the Internet. But from past experience, vendor hosts are bad enough. Particularly if you can't tell from IP or hostname who owns it (datacenters, virtual hosting, AWS).
Here's one area where I think some government regulation is going to be called for. If nothing else, it should be mandated that one can "disconnect" and still have the device function to consumers expectations. That should apply to everything from watches to cars.
The way this ought to work is that you have a home server that talks to all your home devices, and can also be reached from the outside world with suitable security. A "cloud" service is unnecessary. Unfortunately, we're not going to get that, unless some carrier such as AT&T or Comcast pushes it.
To some degree both Apple and Google seem to be pushing towards that. In iOS 10 your phone/tablet talks directly to home devices, and if you have an Apple TV it allows secure tunneling (e.g., talking to your devices via the always-on Apple TV). Ditto Google is working on similar things, though the precise plans are a bit more uncertain.
An "actual" home server in the form of a computer in a closet is IMO incredibly unlikely. Piggy-backing this functionality into an existing always-on device seems much more likely for mass adoption.
The big issue is that IoT manufacturers will be fighting this tooth and nail. Nobody wants to be a commodity IoT manufacturer, and so all of them will try to push their own (shitty) cloud platforms as value-adds and avoid commoditization.
Similar to how Android OEMs keep crufting up a perfectly fine OS in a futile bid to prevent commoditization. It won't work, but they will try.
> An "actual" home server in the form of a computer in a closet is IMO incredibly unlikely.
You're right - my Mom's not gonna install a "home server" when she convinces Dad some WiFi controlled lightbulbs or powerpoints from the supermarket are a nice idea.
It seems "the industry's" current solution to this is via some 3rd party P2P network:
Back in the kitchen he fished in his various pockets for a dime,
and, with it, started up the coffeepot. Sniffing the-to him-very
unusual smell, he again consulted his watch, saw that fifteen
minutes had passed; he therefore vigorously strode to the apt
door, turned the knob and pulled on the release bolt.
The door refused to open. It said, "Five cents, please."
He searched his pockets. No more coins; nothing. "I'll pay you
tomorrow," he told the door. Again he tried the knob. Again it
remained locked tight. "What I pay you," he informed it, "is in
the nature of a gratuity; I don't have to pay you."
"I think otherwise," the door said. "Look in the purchase contract
you signed when you bought this conapt."
In his desk drawer he found the contract; since signing it he had
found it necessary to refer to the document many times. Sure
enough; payment to his door for opening and shutting constituted a
mandatory fee. Not a tip.
"You discover I'm right," the door said. It sounded smug.
From the drawer beside the sink Joe Chip got a stainless steel
knife; with it he began systematically to unscrew the bolt
assembly of his apt's money-gulping door.
"I'll sue you," the door said as the first screw fell out.
Although he did find recognition and prizes, in his lifetime P.K.Dick made SF fans - who mostly tended to staunch rationalism, or a good facsimile thereof - uneasy due to the slightly unhinged mysticism coming through. But he did hit a bell with resonance in the mainstream: after Stephen King he's probably the writer with most movie adaptations of his stories.
Internet of things needs a point. It's more about features for features sakes than anything else. Sure, a manufacture can add wifi for ~1$, but then what.
>Sure, a manufacture can add wifi for ~1$, but then what.
Analytics, surveillance and lock-in. Require the user to apply for an online account and charge them a monthly fee to do something online that used to be free, monitor their usage and make it difficult for them to use another brand's products without significant friction.
Great now what's the killer app? I have seen an internet connected blender, toaster, refrigerator, microwave, vaccume, coffee maker, oven, dishwasher, close washer and dryer. But not a single reason to buy any of them.
AV, lights, thermostat, blinds, sure. But, that's 30 year old home automation stuff not 'the Internet of things'.
I'm amazed Betty Crocker or Kraft haven't partnered with GE or Sharp to make a smart microwave. Who doesn't want one-button cooking, isn't that one of the intended benefits of microwaves? Each brand could have their own app in the microwave app store.
Put in a bowl of Easy Mac and press the Easy Mac button in the microwave app, microwave perfectly cooks the brand name meal. This is possible because Kraft would have their test kitchens using the same app and microwave.
---
This is just like Roomba all over again. Sure, they made a vacuum robot, and stopped there. Where's the Roomba lawnmower, man? Where's the Roomba clothes-picker to put laundry on the floor into a basket? Where's the Roomba trash can that takes itself out? Does nobody dream?
Your going to run out of buttons fairly quickly unless the meal can talk to the microwave. And at that point it might as well just give cooking instructions.
Honestly, this would be a great use for QR codes, but there is probably a patent out there.
Or open up the search feature and search your microwave for "Hot Pockets". Or the microwave could have a camera viewing the inside somehow. Think of today's microwaves with a $50 tablet built in.
I think that anything that could be scheduled, except for people inherently having variance in their routines, could be fodder for the IoT. For example, the coffee maker idea would work if it were plumbed and drained and only needed cleaning like twice a year. But since my coffee machine already works at the push of a button there isn't much time to save.
The best IoT item I've purchased so far is a sprinkler controller. It does a good job of keeping the grass green, but not too green.
A killer app for consumers probably wouldn't exist for most things, unless you could integrate streaming or delivery services.
But I think the real killer app will help correlate consumer behavior, advertising and the supply chain. You could have a refrigerator that keeps track of everything you buy and where you bought it. Scaled up to tens of thousand or millions of consumers, you might have very useful data for stores to use to predict what to stock and how much, and how to target advertisements. I'm reminded of the story of Wal-Mart predicting one of their customer's pregnancies based on their purchasing habits, and sent coupons for related products.
I also think integration with social media is going to be a huge part of the IoT taking off but I'm not entirely sure how, yet, other than vague ideas about appliances having their own AI driven social media accounts and posting to your feed. That could both be useful, and an incredibly sinister way of getting consumers to empathize emotionally with a brand, even if only subconsciously.
You know all that stuff you bought and just use? That's all subscriptions now. So, enjoy your toast subscription! Just don't try bagels. That's a premium add on for an extra $2 a month.
Oh.. You meant for consumers. Yeah, I got nothing.
Just because there's a ton of shit doesn't mean there aren't things that are improved with connectivity.
Wi-Fi video doorbells are pretty great (or at least have the potential to be great). The Nest thermostat is good. Security cameras are obviously better if you can access them remotely.
I have WiFi scales that are awesome (I've wanted some for yeeears but they've only just become affordable).
I wish I had connected blinds and curtains, and smart lights would be good if integrated with the wall switches (damn renting).
I am curious about the connected termostat. What is the value above non-connected one? I only see trouble here:
- It can autoupdate. Awesome. In reality, update will have a bug (how do they achieve that with something so simple?) and you house will freeze. This happenned to a bunch of Nest users.
- Some dude from Elbonia will break into your Nest and shut off your heating and your house will freeze.
Everyone in my family adjusts the house's temperature by voice, via Alexa (Amazon Echo). Alexa controls the Nest via Nest's internet API. The physical thermostat is on the other side of the house, while Alexa can hear us from any room on the floor.
We also use the Nest Android app to change the temperature while already tucked in to bed for the night without having to get up, or to turn off the A/C if we've left home and forgot to, in order to save money.
Nest's connected features get used multiple times a day every single day in my house. It's virtually never adjusted by hand.
OK one thing I missed is: why are you adjusting temperature several times a day?
Why not just program night/morning/work hours/evening temperatures and let the thermostat change to the right one. Nothing to do, nothing to think about.
Neither of us works a 9-5 job. Next Monday at 3PM, there might be nobody home, or both of us home, or I'm home and want the A/C on, or I'm home but the weather's nice so I'm working in the sunroom and don't need the A/C. That evening, we may spend a few hours out with friends or family, and don't need the A/C blasting at home for no reason. Or we may be home and need it after all. At midnight, we may both be sleeping, and she'll want the temperature around 68. Or she might be working an overnight shift, and when I'm sleeping alone I prefer it warmer. There's nothing that can be programmed into the thermostat in advance. Remote control offers the best convenience and best economics.
Sounds like fairly bog standard home automation. You should really not want to mess with the thermostat much, but I can see it's a renters shortcut when your dealing with a single temperature zone which seems reasonable.
I can't tell if I am about to accuse you of failure of vision, but if I end up doing so, it isn't intended in an mean-spirited way.
I'm an engineer. I build things. If somebody needs a motor or a control system or a marijuana distiller or a laser printer postscript engine kanji-to-scanalizer, that's what I get hired to do.
Recently, I was hired by a residential-to-light-commercial construction engineering company. They get plots and plats and architectural designs and collect their own soil samples and have to generate slabs and framing plans. Pretty mundane, but a lot of their process is done by hand, and they wanted to automate it.
During the process, it becomes apparent that a big component is soil - on the foundation. 30 year insurance plans on how much the foundation gets distorted by ... well, in some areas, ... rainfall.
It turned out (this is a few years ago now, so now we have data) that moister causes expansion and contraction. That causes the foundation to flex and fail. It also turns out that, one can measure the flexing with sensors, report back to the data-munging mother ship, and tell the sprinker system to water more or water less and ... save foundation cracks.
Now, yes, I know that this is nothing more than adding WiFi for ~1$, as you say. But it's a pretty big business value that works all up and down the value chain for how 30 year costs and risks and layoffs get allocated for entire subdivisions. I guess I'm not disagreeing with you - I guess I'm saying that, I agree, but, that's still a lot of value.
As a casual gamer, I run into this quite a bit. Want to play online? Need a gigabyte update. Want to use Skype. . gotta merge your accounts. Makes me miss the days of the SNES and n64.
I've thought for a long time that internet connectivity was the worst thing to happen to console gaming. I liked consoles because games worked out of the box, without dicking around with accounts, services, etc.
If i want to deal with that, I'll just play on my PC
It also contributes to buggy games. If you know you can't update them, you make damn sure they work out of the box because refunds/recalls are expensive.
If you know you can just push an update whenever, you have a lot less motivation to get it right.
It was never intended to be internet of things literally.
There's now way to scale to that level where all tiny devices are connected.
It was ment to be the local network of things exactly like someone else pointed out here.
The things will be connected on the local nerwork behind the home router.
The IoT is a buzz word that was catchy and market pushed it farther cause it sells well.
For as long as these things and what surrounds them are secure (as secure and safe as my router is) and they respect my privacy policies I will vote up them big time and they will grow farther be sure of that at the same rate and speed as the other tech wave is/was.
consumer routers are usually anything but secure in the iot sense. This because while they block unsolicited inbound traffic, they will allow any outbound traffic. And if you have upnp enabled on it, and most come with it on by default, all bets are off.
Damn it, Samsung managed to produce and sell a voice controlled TV that sends everything the microphones pick up back to the mothership unencrypted.
IoT is a corporate pipe dream. Just about the only thing that could use a internet connection is my fridge, and then only after every damn thing in it has a NFC tag to go with their bar code.
Meaning that it could keep a constant watch on its content etc, and allow me to check what is there (and not starting to develop its own lifeforms) when i am out shopping groceries.
For all the rest i need to be physically present to load and unload them with something anyways, so unless they come laden with enough sensors that i can bring up a full diagnostics on a whim (and actually do more than order a whole new machine, thank you very much) I'll pass on IoT.
I honestly do not understand the IoT hate. Yes, there is a lot of insecure devices: mostly the not-cloud ones which needs an open port. But IMHO they provide a lot of value, especially if you are a developer. At least it does for me.
That's the real internet of things. Just ignore all the (hype for) idiotic connected home crap covered by the popular press. Yes vendors are producing these products but the only feature I want is a a global disable for any such thing I accidentally bring into my home.