The actual Internet of things is Tesla collecting 130 million miles of autopilot data to make autopilot safer. It's GE collecting data from the jet engines they produce to understand failures and do predictive maintenance. It's Netapp collecting error logs from fileservers in the field, so they know how to prioritize their bug database, which performance bottlenecks to fix, and what limitations actual customers encounter.
That's the real internet of things. Just ignore all the (hype for) idiotic connected home crap covered by the popular press. Yes vendors are producing these products but the only feature I want is a a global disable for any such thing I accidentally bring into my home.
> Just ignore all the idiotic connected home crap covered by the popular press.
Funny, that's what a black hat would say who compromises tens of thousands of homes because of a shitty consumer device. And a global disable, how's that going to work?
The "IoT" is a major crapshoot, because any idiot can hook up their garbage to the internet and (inadvertently) enable RCE (remote code execution) on it compromising the home network of the user even if it doesn't state that risk on the tin (as if you could prove that with current methods).
The world hasn't seen an incident big enough to care, but I bet one is coming (look for cutesy names like Heartbleed and Stagefright in the headlines) and it will be the usual game of hindsight that leads politicians to go public about it as it has been the case with any major invention (cigarettes, alcohol, cars) that found its way into the public's hands.
The golden age of black hats is before us still. I wish I could say I wouldn't be affected...
Unfortunately, none of those things promise what the IoT promises - insight and control into your own stuff. They're ways for companies to monitor what you're doing, in real-time, after they've sold a product to you. Windows 10 is as much a part of the IoT as any of those.
No idea why you're being downvoted. This is absolutely valid commentary. Most IoT home devices are atrocious from both a security and a privacy perspective. There are fairly regular posts on HN about the shit-awful security of these devices. Just yesterday there was the post about the guy with the bad Amazon review.
Also, there's another problem I see with this crap, and I can see right where it's going to end up... It won't be long before the FBI gets some judge to declare that our homes are no longer private because our thermostats are connected to the internet. I am already infuriated at the things law enforcement claims in court. I can sense a migraine on the horizon when it comes to a home connected to the internet.
I would love it, but it looks like it will take time.
As for security, we've been building PCs and such for decades and still are just beginning to get it right. Looks like one really needs a TPM chip as in Chromebook or iPhone. That may be too expensive for many devices, hell, it is apparently too expensive for most desktops, laptops etc.
As for sending data.
Seems like an IOT vendor would hope to sell the usage data. That does seem to have some value.
Raspberry Pi's SOC has had ARM TrustZone support right from the beginning (I'm pretty sure, definitely in recent models). I don't know if we can rely on crypto secure unique keys having been burned at some stage inside every Pi (Not sure if that'd be done by Broadcom or 'Pi?), but the "too expensive" argument seems unsound...
(I fully expect to read soon about some Chinese manufactured IoT device where every single one if millions manufactured has an identical MAC, GUID, and TrustZone private key...)
IIRC ARM TrustZone is not a TMP chip, just some software. And the other day we read that people managed to break it, possibly affecting many Android devices.
>>Then why would they be connected to the internet?
I like the idea of being able to remote control them. For example, it would be cool if I could securely tell my coffee machine to start making coffee when I leave work at 3pm on Friday so that it's ready by the time I get home.
How would you remote control it without going through someone else's server?
I understand that an HN reader could set up DynDNS, a DHCP reservation, and port forwarding (so you could connect directly to your home from the internet), but that would not seem to make for a viable consumer product.
That's the real internet of things. Just ignore all the (hype for) idiotic connected home crap covered by the popular press. Yes vendors are producing these products but the only feature I want is a a global disable for any such thing I accidentally bring into my home.