Internet of Fail
The IoF strikes again!
Philips' Hue smart-home lighting has had an embarrassing outage with its API going offline for four hours on Thursday, preventing customers from accessing the system remotely. On the same day that the company launched its new service – where its lights will respond automatically to streaming music and games – the system died …
I use hue lightbulbs and frankly they have been pretty awesome
thankfully if your on the same LAN segment or have a remote you can control them without the magical intermawebs
to be honest with a architecture like this what could possibly go wrong
https://twitter.com/internetofshit/status/986540999047630849
so in truth they are useable without the internet connection and thats how all "IOT" things should work its the other end they screwed up...
It's a bit strange that the author couldn't think of one reason to control hue remotely?
How about you've been delayed getting home. You want the light on for your pet dog so they're not sitting in the dark for two hours? Or you've decided to stay at a "friend's" house overnight, but you want a light on for a couple of hours in the evening so it looks like your home is occupied? Or your parents called to say they're coming over, but they'll be at the house before you and you don't want them going into a dark house?
There's three reasonable use cases that took me about thirty seconds to come up with. I'm sure others have plenty more.
Okay, also many grown-up people like to toy around with technology, a few decades ago model trains were quite popular. But anyone toying around with "smart home" stuff somewhat reasonably would find ways to set up some (maybe even random) lighting scheme without having to connect to the Internet. That would perfectly cover the first two "use cases". And the third case (parents coming to your home before you arrive) implies that you believe your parents are not able to find and operate the light switch on the wall. Assuming that you were clever enough to install standard wall switches too (if only as a fallback option in case your smartphone's battery is depleted), this would raise some questions ...
yeah, in a funny way this is kind of a *good* news story: at least they didn't design it so stupidly that it sends all your local requests to the internet Just Cuz, thus leaking unnecessary information *and* ensuring local control would go down in a scenario like this.
Low bar, I know! But I suspect at least some IoS products wouldn't clear it...
It's partially good design in having local control (does Nest have that ? I''m not sure). But it's bad (read : venal, customer always comes last) to tie the remote service into a single point of failure.
Of course, most customers want it in a box and no thinking. I'm sure Philip's have done a reasonable job on that or they'd be on the remainder shelves already. And they're not : I tried to get one in the Maplin firesale but they all went before they'd dropped to retail price. So they're an attractive item, for whatever reason.
A reasonably professional IoT device though would have :
1. Default fully-local control (not set it up on the net then fallback to local. Full.)
2. A provisioned service from the manufacturer, secure, reasonably reliable, easy to use. 'Free', paid, whatever as long as it's clear upfront. Points off for 'free for the first year'.
3. The option to move the remote control from the manufacturers' service to another, whether your own or a 3rd party. Documented, secure, no opt-out cost. Possible even if the manufacturer's servers fall offline one day and never return.
I don't honestly know whether Phipps or Nest offer that (I wanted a bargain offer to find out!) but anything less than that is just junk or, worse, a scam that deserves the full scorn of the anti-IoT peanut gallery.
There have been a few people doing studies of IoT devices with an interest in security. They don't generally do a good job of also evaluating threat models, they're more interested in the publicity of 'I found a hole'. But it seems to me that such a review should also examine business models.
Update : just saw MartinB105's post. Philips appear to be pretty close to the above. ++
Perhaps a bit off topic, but why smart light bulbs instead of smart light fixtures that work with any old bulb? Not that either seems to me to have all that much utility.
Good idea mostly, except it's more work to take them with you when you move, and they're not readily installable by the average homeowner.
I'd trust my mother to install a light bulb without electrocuting herself, but less so to change a light fitting.
I'd trust my mother to install a light bulb without electrocuting herself, but less so to change a light fitting.
There's an easy mistake to make if you change a light fitting without knowing what you're doing. Explained in this examination of a failed light switch.
You can even do that with a gas or oil lamp. No need for pesky unreliable mains services.Get orff my lawn.
Everyone has their own choice of a tradeoff between convenience, complexity and risk. You make yours and I'll make mine. Fwiw, that means mechanical switches for me too at the moment too, but there are some cases where I'd be glad of a different method provided it met various criteria.
I'm getting bored with the anti-ioters. Nobody makes you use the things. Some of them (most of them ?) have flaws. So what ? Fix them, or ditch them, or push for something better and move on. But don't tell me what I should think. I can do that myself, thank you.
Installation issues. Few potential customers are willing to work on their own house electrical system, and paying an electrician to come and install it is expensive and inconvenient - that would greatly reduce the appeal of the product. Changing a light bulb is something that anyone can do, and feel comfortable in their ability to do.
Why smart bulbs? Even the cheapest Hue bulbs all support dimming. For that you need a dimmer switch, and bulbs that support dimming (LED dimmable lights are not that cheap). The next more expensive ones change the light temperature, and the expensive ones change their colour. Doing more than just on/off with smart fixtures would be difficult.
And fixtures would need to be connected to the cabling in your home which is work for an electrician, while Hue bulbs are just screwed in.
Although I do love my Hue bulbs, it would be great if I could upgrade all my non-hue rooms with a hue compatible switch ( with an optional trailing edge dimmer, why not ).
Hue uses Zigbee, so could it be tricked into supporting the switches as though they are bulbs?
Edit: it seems they are coming this year: https://huehomelighting.com/hue-compatible-light-switches-coming-this-year/
Grikath
Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time.
Plenty of homebuild solutions printed in the golden days of electronics mags...
And in 18th/19th century Britain, before a Tyrannical Government brought in Nanny State laws to stop the Right To Bear Spring-Guns there were other options...
"Usually to dissuade the local usual suspects from a quiet visit when they've a feeling you're away for an extended time."
So all the other clues about you being away will be there, but the lights are on, so they'll just jog on?
If the car hasn't moved, bins not put out or any of the many other things that indicate someone is on holiday, then your typical half brained scrote will perform some cunning ruse to ascertain whether you're home, such as ringing your doorbell.
Plus the fact that night time burglaries are very risky, since neighbors are ore likely to be home. Whereas rocking up in daytime with a moving van, wearing overalls (clipboard optional) means that even the cops will ignore you.
My security measures are mainly not having anything worth nicking versus the hassle of getting in, combined with being on good terms with the local pot growers, who are around at all hours, and tend to keep an eye out for suspicious activity :)
If you must have voice control, it really needs to be done in the device or at least within the LAN. Farming it off to the internet creates problems with both security and reliability. I presume I'm preaching to the converted here, but I wonder how long it will take for the wider world to realise this.
We can't really think of any good reasons why remote control of Hue lights would be useful.
It's really useful if you have a long overgrown pathway to your house, and you're coming home late. Turning on the outside lights so you can see the nefarious rascal about to jump you and make off with the remains of your kebab.
Why they never realize that they can make off with your very expensive Hue lights instead is beyond me.
There's already a solution to that, it's called a movement detector. Place it near your light looking down and the overgrowth will not keep it from detecting you and turning on the light.
Why people absolutely have to go with the least secure bit of shiny instead of using proven tech that is safe is beyond me.
There's already a solution to that, it's called a movement detector. Place it near your light looking down and the overgrowth will not keep it from detecting you and turning on the light.
Or, if you're dealing with a pathway of which only a part is in the detector's field: a conventional RF remote control on your keyring, or if you want to get fancy, fitted to the garden gate.