Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

The case for disconnecting "Smart" stuff from the internet

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
649
Slashdot recently carried a discussion thread regarding an interview that the Vizio CTO, Mr. Baxter, gave to a Verge reporter at the 2019 CES show. As you may recall, Vizio was fined $17 million dollars (or about $1 per user) for spying on viewing habits without sufficient disclosure or a means to opt-out. According to Mr. Baxter, Vizio is now a leader in consumer privacy, which likely has more to do with the fine they received than actually being champions of consumer privacy. Mr. Baxter is open to building non-spyware TVs, though he noted that they would require a higher profit margin up-front to make it worthwhile. Also, allegedly few users are opting out of getting spied on, which is why Vizio is giving users the option to opt-out rather than selling a separate non-spyware TV panel.

Transmittal of viewing habits (once a second) is allegedly one of the ways that Vizio keeps its end-user prices so low. It also allegedly pays for the upkeep of the Apps running on the TV. Equally interesting was the assertion by an alleged Smart TV SOC designer on slashdot that OEMs are looking at multiple avenues to collect the data as part of standards processes, up to and including out-of-band approaches to transmitting the collected data back to the OEM. Who knows if the assertion is true, I imagine these out-of-band approaches will likely be too expensive in the short term to be economical (i.e. $5 / TV for the hardware plus machine-to-machine data plan vs. the value of the income stream).

However, absent legislation (and I doubt it will happen due to the money involved), the above reinforces for me why so much in our homes may need to be curtailed from contacting the internet, locally-isolated if internet access is necessary, etc. Whether it's Sonos, the Smart TV, the Ring doorbell, or any other iOT/Smart/whatever devices, it's pretty mind-boggling how lax OEMs can be re: consumer privacy and how laser-focused they are at the same time attempting to monetize user data on a post-sale basis.

Trouble is, few consumers seem to care - people are only too happy to add Alexa to their homes, install Wifi-enabled light bulbs, etc. without any regard for what they're giving away in the process. As a result, there aren't (to my knowledge!) easy-to-use router / switch solutions out there that help isolate and sand-box iOT stuff. Folk who want to strike a balance between privacy and being able to use some iOT gear in the home are hence required to delve into somewhat arcane details of managed router / switch setup.

Coming back to FreeNAS, it's a great reason to use FreeNAS and separate audio-visual components (such as a HTPC running PLEX) to enjoy content at home - because you can control what each device in the chain can and cannot do. Bundling multiple levels of functionality into a single "Smart" device may be great from a clutter-reduction point of view but the potential privacy / functionality costs are too high to me.

Such bundles carry the risk of going out of date well before the entirety of the appliance is obsolete - once a critical component no longer meets a specification, you get to replace the entire appliance. Or, as in the case of Sonos, your equipment may receive a mandatory firmware "upgrade" that disables something perfectly functional. I'd rather replace components on a as-needed basis (i.e. my living room LCD TV is 10+ yo) than subsidize lower up-front costs with my data. Many thanks to FreeNAS for helping enable that.
 
Last edited:

Ericloewe

Not-very-passive-but-aggressive
Moderator
Joined
Feb 15, 2014
Messages
16,108
A couple of years ago, when we bought our LG 4K TV, I read through some of the agreements before connecting it to the internet. I didn't have to read far before giving up on that idea.
 

Arwen

FreeNAS Expert
Joined
May 17, 2014
Messages
1,142
When the Hi-Def optical disc wars raged, (HD-DVD verses Blu-ray), I wrote a comment in the Roku forums about some of the problems with Blu-ray. One user, (who could be considered an extreme fan-boy of Blu-ray), was livid on my comments and reasoning. Since then, some comments been proven time and time again. Blu-ray players are designed with obsolence in mind. None of the normal Blu-ray players, (not including Sony's PS3 game boxes), can play every Blu-ray disc today. However, an original DVD player can play all normal DVDs, (except perhaps burned media... due to LASER differences).

And of course, Blu-ray players want you to connect to the internet for "special" features. (You mean like spying, Sony rootkits and network back doors?)

Sorry, that came out a bit more angry than I usually write, but I'll let it stand.

I am getting close to instituting an out-going firewall. For example, I routinely don't install a default router into some of my network equipment. Like my serial terminal server. It has no need for Internet access. Nor should my FreeNAS BMC / IPMI controller. But it may be time to start blocking everthing thing except whitelisted entries.
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
649
I don't remember the evolution of Blu-Ray though the Wikipedia entry certainly shows a great deal of development over the years.

Coming back to the question on hand, my next project is to reboot my Mikrotik managed switch in to SwitchOS and start going to town re: VLANs. To me, that looks like the most consumer-oriented solution to fixing the "what may connect to what" question, especially for iOT appliances. For some reason, my switch won't make the transition from router OS to switch OS at the moment. Something else for the To-Do list.

I completely agree with your approach in principle. The FreeNAS box only needs to connect to one IP address outside the local range (i.e. the upgrade server at FreeNAS). I leave the IPMI ethernet port disconnected because I find it pretty useless compared to working with the console. Etc.

But I like VLANs better than whitelists because I make a point of running a dedicated drop to every appliance here. AFAIK, it;'s practically impossible to spoof a VLAN unless the managed switch was compromised whereas its trivial to spoof a MAC or IP address. The only wrinkle is how to deal with Wireless stuff - so far I've segmented everything into just two sets of users (with different VLAN IDs). Ubiquiti allows even more granular VLAN'ing of the user base by giving you the opportunity to host multiple WiFi networks on the same AP, each with its own VLAN marker.
 
Last edited:

Arwen

FreeNAS Expert
Joined
May 17, 2014
Messages
1,142
When I had a full home lab, (with more than 50 IPs allocated, in at least 3 sub-nets), only 1 sub-net was allowed Internet access. At the time I did not use VLANs, just simple network overlay. So my PC had a primary IP for Internet access and a virtual IP for local access to the misc. network equipment that did not need Internet access, (like my remote A.C. switches, or my serial terminal servers used for remote console access).
 

freedombacon

Newbie
Joined
Jun 22, 2015
Messages
16
I'm not buying them. I expect things to work out of the box without being dependent on servers thousands of miles away. There's no reason a thermostat, door bell, or stereo needs internet. Although I'm in IT and might be interested in building a network and firewall that these things could connect to without violating my privacy, I'm disgusted that I would have to and would rather use the time for something else.
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
12,154
I'm not buying them. I expect things to work out of the box without being dependent on servers thousands of miles away. There's no reason a thermostat, door bell, or stereo needs internet. Although I'm in IT and might be interested in building a network and firewall that these things could connect to without violating my privacy, I'm disgusted that I would have to and would rather use the time for something else.
That's basically wrong-ish from a certain perspective.

As one of the many people who brought you the Internet, I can see that a central failure involved reliance on third party services for things such as e-mail, especially in the days of dial-up, and NAT as a way to share Internet access. These really caused some serious breakage in the end-to-end model of the Internet. Over time, HTTP and HTTPS became one of the few fairly reliable ways that manufacturers could use to establish connectivity on the Internet. Protocols such as UPnP were tragic disasters. With the advent of IoT, manufacturers were not really super-interested in creating complicated mechanisms for enabling smartphone apps to traverse random idiot firewalls directly, and it became simpler for them to rely on HTTPS to a centralized computer somewhere on the public Internet. The fact that this conveniently allows manufacturers to monetize the information that they can collect is basically a side effect of the poor deployment model we used for IPv4. I hope that we can eventually break it.
 

NASbox

FreeNAS Experienced
Joined
May 8, 2012
Messages
479
Slashdot recently carried a discussion thread regarding an interview that the Vizio CTO, Mr. Baxter, gave to a Verge reporter at the 2019 CES show. As you may recall, Vizio was fined $17 million dollars (or about $1 per user) for spying on viewing habits without sufficient disclosure or a means to opt-out.
Equally interesting was the assertion by an alleged Smart TV SOC designer on slashdot that OEMs are looking at multiple avenues to collect the data as part of standards processes, up to and including out-of-band approaches to transmitting the collected data back to the OEM. Who knows if the assertion is true, I imagine these out-of-band approaches will likely be too expensive in the short term to be economical (i.e. $5 / TV for the hardware plus machine-to-machine data plan vs. the value of the income stream).
...
However, absent legislation (and I doubt it will happen due to the money involved), the above reinforces for me why so much in our homes may need to be curtailed from contacting the internet, locally-isolated if internet access is necessary, etc.
...
Trouble is, few consumers seem to care - people are only too happy to add Alexa to their homes, install Wifi-enabled light bulbs, etc. without any regard for what they're giving away in the process. As a result, there aren't (to my knowledge!) easy-to-use router / switch solutions out there that help isolate and sand-box iOT stuff. Folk who want to strike a balance between privacy and being able to use some iOT gear in the home are hence required to delve into somewhat arcane details of managed router / switch setup.
I'm curious what you are referring to as "out of band"? Cell?

I've taken the approach that I don't trust any of this crap as far as I can throw it. Security isn't a priority with consumer grade stuff, it likely isn't going to be properly patched, and the manufacturers have no ethics and will do as much as they can get away with. I read it that Ring was sending stuff to China which would punch a hole in your firewall.
( https://www.forbes.com/sites/aarontilley/2017/03/22/this-smart-doorbell-was-accidentally-sending-data-to-china-until-people-started-freaking-out/#6c67e4ad5984 )

As a result our "smart tv" is a glorified monitor. I will no doubt upgrade to something better soon but at the moment I use a small media player to view content off FreeNAS or a workstation share.

In the current climate, my distrust of manufacturers extends to home routers as well, so I wouldn't trust anything other than pfSense (or some other well audited open source project).

pfSense can be fairly simple if you "keep it simple", or it can be very complicated if you want to do a lot with it. The KISS method of isolating IoT (Internet of Trash) devices is simply to have a second WiFi router on an isolated network.

If you want to get fancy, and have the skills for it, you can get a use E3000 router, flash Tomato firmware and set up an access point with 3 separate SSIDs and multiple VLANs. It works great for distribution inside the house and as a WiFi Access point.

I must say that having a pfSense box really makes life a whole lot easier. Whole house ad blocking, block most of Microsoft's BS (no unscheduled updates disabling your machine at a critical time... keep update blocked, and open the gate only when you are ready.), and with good block lists block a lot of potential cryptominers, ransomware c2 channels, and other malware. it's also great to be able to easily turn on packet capture and do a bit of auditing from time to time.

The sad reality today is that if you really need network skills and to set up a good network or stay away from the internet or get screwed.
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
12,154
I'm curious what you are referring to as "out of band"? Cell?
"Out of band" could trivially include cell, but can be more insidious:

Consider for example when an inbound OOB data path to the TV is broadcast TV signals. This might sound unlikely at first glance, but data such as closed captioning and schedule metadata have been getting injected for years now, and lots of work has been done on interactive TV.

Exfiltration has the potential to be even more trivial.

Have you set up a new iPhone lately? It will helpfully chat with any nearby iPhones to allow you to propagate the MobileMe account (forgetting what the modern term for that is, sorry) on those other phones to the unconfigured phone to allow "easy set up." I didn't bother to figure out how it was doing this. These things have NFC, Bluetooth, Wifi, cellular, and even just a speaker/mic, all of which are potential channels for information to be transferred.

So, hypothetically, now, not actually accusing anyone of anything, just picking on Samsung because they make popular TV's and phones.

What happens when you buy a lovely Samsung Smart TV panel and put it in a Faraday caged room, and then a friend with a Samsung Galaxy 999-Upside-Down phone comes over to watch a movie on your carefully isolated environment? Are you sure that the TV and phone don't use NFC, or Bluetooth, or ad-hoc Wifi, so that the TV says "hey I'm having a little trouble contacting Mothership Samsung, would you please proxy this data block and send it for me if you can," and then your friend leaves, and eventually gets somewhere that this can be made to happen? His phone even caches an acknowledge and next time he comes to watch a movie, the TV gets a confirmation that the data's been sent...

You should definitely read some of the linked articles that @Constantin quoted:

 

NASbox

FreeNAS Experienced
Joined
May 8, 2012
Messages
479
"Out of band" could trivially include cell, but can be more insidious:
Have you set up a new iPhone lately? It will helpfully chat with any nearby iPhones to allow you to propagate the MobileMe account (forgetting what the modern term for that is, sorry) on those other phones to the unconfigured phone to allow "easy set up." I didn't bother to figure out how it was doing this. These things have NFC, Bluetooth, Wifi, cellular, and even just a speaker/mic, all of which are potential channels for information to be transferred.

So, hypothetically, now, not actually accusing anyone of anything, just picking on Samsung because they make popular TV's and phones.

What happens when you buy a lovely Samsung Smart TV panel and put it in a Faraday caged room, and then a friend with a Samsung Galaxy 999-Upside-Down phone comes over to watch a movie on your carefully isolated environment? Are you sure that the TV and phone don't use NFC, or Bluetooth, or ad-hoc Wifi, so that the TV says "hey I'm having a little trouble contacting Mothership Samsung, would you please proxy this data block and send it for me if you can," and then your friend leaves, and eventually gets somewhere that this can be made to happen? His phone even caches an acknowledge and next time he comes to watch a movie, the TV gets a confirmation that the data's been sent...

You should definitely read some of the linked articles that @Constantin quoted:
I had a quick look at the articles, and from what I can see 5G is the biggest threat. If a cheap method of exfiltration becomes available, then we have a serious problem.

The scenario you have listed above could be used to set up a device, and maybe even exfiltrate a small amount of data, but large amounts of detailed viewing habits or frame buffer signatures isn't too likely. The sheeple may not care about being spied on, but having their precious iPhones clogged up and paying data charges for manufacturers to do this type of thing isn't going to go over very well.
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
649
All comes down the marginal benefit of out of band vs. cost.

However, I could see future TV panels being sold with built-in streaming capability from 5G to make them independent of traditional ISPs and wires. As far as the OEM is concerned, this is a win-win as they get to charge the customer for the feature AND they also get the benefit of being able to monetize their viewing habits, monitor settings, and so on. Short of opening the TV and disabling the 5G module, I doubt there will be a reliable way to ensure that the module is not sending content home.

Not sure how well the Comcasts of the world will react to this attempt at disintermediation but the claimed throughput capacities and short range of wireless 5G will have their ISPs hunting for applications to fill those pipes. Streaming content is both a potential killer app as well as a potential source of headaches, depending on location, customer requirements, and so on.
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
649
Had some fun late in the year setting up two pi-holes per Derek Seamans blog. In conjunction with my Edgerouter (which, thanks to Derek, also intercepts hard-coded DNS queries), they make a very capable, redundant, and reliable DNS-serving team that should be quite resistant to DNS poisoning and the like.

Thus far, the naughtiest culprit is my Sonos music system, which continues to try and send metrics home to the mothership hundreds of times a day, even though it allegedly has all metrics-gathering turned off. I manually blacklisted sonos.com and its many subdomains to no ill effect re: the radio stations and the like I do occasionally want to listen to. So, I feel like I have the best of all worlds - no metrics go to Sonos, I still get to steam radio shows / podcasts, and I still get to use my CR100 controller despite Sonos' best efforts to intentionally brick my property.

The only unhappy person in all this is queen bee who discovered that all of her google shopping links just got broken. Ditto ad-tracking, etc. The pi-holes are relentless!

Next up, turning a pi into a AirPrint server for my ancient Lexmark laser printer. That should keep it operational / relevant for years to come.

PS: I have no doubt that the more astute folk here could set something similar up in a jail. I just haven't found instructions yet that I can follow which allow a DNS server with secure DNS to be set up in a jail. Plus, having the pi's run the DNS makes DNS services independent of the server running, which seems like a good thing.
 
Last edited:

NASbox

FreeNAS Experienced
Joined
May 8, 2012
Messages
479
Had some fun late in the year setting up two pi-holes per Derek Seamans blog. In conjunction with my Edgerouter (which, thanks to Derek, also intercepts hard-coded DNS queries), they make a very capable, redundant, and reliable DNS-serving team that should be quite resistant to DNS poisoning and the like.
Have you considered pfSense--I wouldn't want to run my home network without it. As for DNS, it captures ALL conventional DNS and resolveds it locally. No "stuffing content" though port 53.

With DNS over https, blocking content is going to become very difficult. If I know the IP(range) that I want to block, that's easy too. I subscribe to lists of known bad actors, advertising/monitoring sites and the my own list of things I want to block. At last count there was about 1.5M items being filtered. Not foolproof but way better than your average user with a consumer grade router, and once it is set up pretty painless to maintain.

If I want to know what is going in/out, a quick click and I can start a PCap of whatever traffic I want, and then put it into wireshark for analysis.

Thus far, the naughtiest culprit is my Sonos music system, which continues to try and send metrics home to the mothership hundreds of times a day, even though it allegedly has all metrics-gathering turned off. I manually blacklisted sonos.com and its many subdomains to no ill effect re: the radio stations and the like I do occasionally want to listen to. So, I feel like I have the best of all worlds - no metrics go to Sonos, I still get to steam radio shows / podcasts, and I still get to use my CR100 controller despite Sonos' best efforts to intentionally brick my property.
"intentionally brick my property"?? What? It is about time we start to lobby for privacy protection laws. I don't like a lot of what the EU is doing, but they are on the right track. Get business scared that if they don't smarten up they are out of business.

The only unhappy person in all this is queen bee who discovered that all of her google shopping links just got broken. Ditto ad-tracking, etc. The pi-holes are relentless!
My wife moans about not being able to look at NFL.com-which is a veritable cesspool of trackers and adware crap, that contnues to suck data as long as the brower is open. If I were a "black hat", I'd be looking at ways to leverage that due to the large (many technologically uneducated) audience.

PS: I have no doubt that the more astute folk here could set something similar up in a jail. I just haven't found instructions yet that I can follow which allow a DNS server with secure DNS to be set up in a jail. Plus, having the pi's run the DNS makes DNS services independent of the server running, which seems like a good thing.
I'm sure a secure monitoryed DSN could be set up on pfSense, if it can't already, I'll bet it won't be too long. The audience for pfSense wants control of stuff and secure DNS creates some real security headaches. I'm looking for ways to containerize, to at least deal with the security--won't eliminate the brower footprinting, but at least there won't be much in the browser container to exfiltrate and the container can be frequently reset to eliminate available history/trackers.

We need to get AI into the game. It's being used against us already, time to use it to fight back. I used to laugh at 1984 back in the day--now it is actually beginning to look a bit like an optimistic scenario. My wife was considering a "fitbit", but with all the stuff that has come out, I told her montoring bracelets are for prisoners on house arest/early release programs". If the government made a law that everyone needs to have cameras and microphones installed in their house there would be a civil war.

If the consmer is stupid enough to reward this behaviour it will be repeated, and if we show a resistance to it (by not using anything we don't have a REAL NEED for), then a lot of things will change...
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
649
Hey there, yeah the use of pfSense has crossed my mind but I’m pretty happy with my current setup. We likely subscribe to the same lists, my pi holes have a 1.6mm site ban list. Par for the course.

As for Sonos, at least they were open about the bricking issue for those of us who read the tech news. Sonos claims that it contacted every CR100 owner before the 8.4+ firmware update to tell them how dangerous the battery in the CR100 is and that therefore it would be a really good idea to get rid of it. Some users then asked the company in the forums to clarify, i.e. is this a potential product recall issue, which Sonos denied. Sonos then trotted out the excuse that the older zone players couldn't handle the awesome new features that Sonos would bring to market if they still supported the CR100.

But mostly, the elimination of support for the CR100 seemed to be aimed at clearing the decks re: older hardware that had been developed by the first generation of engineering teams. That product was NAS-based and the market has been fully tapped out for a while streaming is still growing. So, those teams allegedly got let go and the CR100 sported a 2014 copyright notice even in its 2018 boot screen.

Similarly, Sonos never upgraded the SMB stack beyond SMB1 NTLM v1 (even though the SMB team at MS offered to help them!) and asked users who didn't want crummy network security to use other workarounds. As of firmware 8.6 they pull the data via HTTP, I guess.

However, many folk like the CR100 (and to a lesser extent the CR200) controllers because they are simple to use, waterproof, rugged, and offer excellent battery life. At $350 a pop they were not cheap and you can imagine how happy people were being told that their functional hardware was going to be bricked by a coming software update. Here is how Sonos' firmware works:
  • If a new firmware is available, the controllers, apps, etc. will nag you to update.
  • The iOS and like Apps are continually updated and zone players with older firmwares are blocked from being used. The $3 SonoPhone is the best alternative to the Sonos App because it supports older and newer hardware.
  • Anyone with access to your sonos' can trigger the update. But, the the controller screen offers no warning that said warning will brick the controller permanently.
  • You can only update to the latest firmware - no other firmware choices are allowed.
  • When you set up a Sonos for the first time, add components, recover it from a deep reset, etc. a connection to the mothership is required, followed by updating to the latest firmware.
In other words, you may physically own a Sonos device but you never control it, as the company has illustrated so nicely. To deal with Sonos, I first built DNS blackholes into my router for update.sonos.com and like domains. Then I added blocks to prevent outside connections to my Sonos equipment. Finally I added the pi hole blacklists. Sooner or later, my Sonos' will die but then I'll switch to Bluesound. At least they allow me to download, backup, and install firmwares of my choice.
 
Last edited:

G8One2

FreeNAS Experienced
Joined
Jan 2, 2017
Messages
152
Curious question..... would running your wifi devices, on a differnt subnet, through a VPN eliminate some of the privacy concerns with IoT devices?
 

HoneyBadger

Mushroom! Mushroom!
Joined
Feb 6, 2014
Messages
2,194
Curious question..... would running your wifi devices, on a differnt subnet, through a VPN eliminate some of the privacy concerns with IoT devices?
In the sense that the devices wouldn't be able to be used as pivot points in an attack on your network, or be unable to gather data/metadata from other network attached devices in your home, yes.

Won't do a thing to stop them from exporting the info they gather to their respective motherships though.
 

NASbox

FreeNAS Experienced
Joined
May 8, 2012
Messages
479
Hey there, yeah the use of pfSense has crossed my mind but I’m pretty happy with my current setup. We likely subscribe to the same lists, my pi holes have a 1.6mm site ban list. Par for the course.
Hey if it ai't broke no need to fix it... For someone who hasn't bought the hardware a small pfSense box wouldn't cost much more, but can do a whole lot more... but sounds like you have a good solution for now.

In other words, you may physically own a Sonos device but you never control it, as the company has illustrated so nicely. To deal with Sonos, I first built DNS blackholes into my router for update.sonos.com and like domains. Then I added blocks to prevent outside connections to my Sonos equipment. Finally I added the pi hole blacklists. Sooner or later, my Sonos' will die but then I'll switch to Bluesound. At least they allow me to download, backup, and install firmwares of my choice.
<Rant>There is a disturbing trent towards this planned obsolence, exploitive electronic crap. Cell phones with sealed batteries and no SDCard slots are my pet peve. Gee... what works better for the consumer a $25 battery or a $1000 phone????

I wouldn't mind buying a high end phone, but $1,000++ for a phone that is going to be crap in 2 years because of the sealed battery and that I can't control because I don't have root acdess doesn't cut it for me. It drove me crazy the amount of time I had to spend in research and slogging though forums, but I kept my 5 year old Galaxy S5 (lucky it was supported by Lineage OS 16). Not only does the phone run better than when it was new 5 years ago, but I can make useful backups without putting everything in Google cloud, roll back crappy software updates and restrict prying apps that are wasting my resoruces to spy on me.... and it has security patches up to December 2019 which is more recent than most of the new phones in the stores!

Now they are putting computers in refidgerators!? Really... A properly made "dumb" refridgerator should last at least 20 years... the computer will likely only get 2-3 years of support and then either be useless or worse.

I'd love to get some smart home stuff, but hell will freeze over before I sign voluntarily to have my home controlled through the cloud... hacking/security risk, privacy invasion, and a choice of an expensive subscription or very short term support. </Rant>
 

jgreco

Resident Grinch
Moderator
Joined
May 29, 2011
Messages
12,154
Now they are putting computers in refidgerators!? Really... A properly made "dumb" refridgerator should last at least 20 years... the computer will likely only get 2-3 years of support and then either be useless or worse.
That's kind of like what happened with most of the early generations of Smart TV's too. And we just had this conversation about a NAS vendor (Plextor?) within the last week. Funny we also discussed LSI 6Gbps HBA firmware, which is a somewhat similar thing. Most device manufacturers are looking to sell their product today, and have priced it to compete with other vendors. The problem is that in the old days, if you sold a toaster, most of your liability towards the customer was the potential of a recall, but once the toaster was sold, it would work for many years, and the manufacturer needed to do nothing for that to happen. At the same time, the manufacturer couldn't profit from each slice of bread toasted.

A different paradigm is really needed for ongoing support and bugfixes of IoT devices.

Paying up front doesn't seem to work too well. Back in 2010 I bought a nice pair of Samsung UN46C7000's, mostly because they supported 3D, but despite costing ~$2500 MSRP, Samsung only released firmware for a year, and app updates for about two or three years. At that point, Plex was a thing and the guy who was developing the Plex-for-Samsung app had huge problems getting his app through their approval process. The panels still work great but are "dumb" panels now.

The reason Syno and QNAP can afford to keep coming out with updates for their devices appears to be primarily because they continue to crank out new hardware on what is effectively the same software platform.

Makers of devices such as NAT gateways (what most people incorrectly call a "router") are a perfect example of the bad end of the IoT world. Despite their PRIMARY FUNCTION being to manage an Internet connection, these devices are created with the dodgiest of hardware manifests. Include the smallest amount of RAM, the weakest CPU, just enough flash for a contemporary software load, and the crappiest network and wifi chipsets. Sell a bunch of them at a bargain price, and meanwhile the development team has all moved on to other projects and no one remains to release software updates.

I'd love to get some smart home stuff, but hell will freeze over before I sign voluntarily to have my home controlled through the cloud... hacking/security risk, privacy invasion, and a choice of an expensive subscription or very short term support. </Rant>
Well, in the end, the money has to come from somewhere. This is an economic reality. Subscriptions probably shouldn't be expensive and companies probably shouldn't be trying to monetize the things that they've already sold. If you sell 10,000 TV's of a given model and you sell a $20 yearly support subscription, that's $200K for a single product, and you should be able to fund part time support. Of course, customers don't have that mentality, which is bad.

But vendors seem to be trying to monetize the information that they can gather. I wonder at what point someone is going to CFAA them. I mean, it's nice that they try to cloak themselves in EULA's, but if I give you my old already-activated TV, you aren't a party to that agreement, and there is effectively a malicious actor doing unauthorized things on your device.
 

Constantin

Vampire Pig
Joined
May 19, 2017
Messages
649
There are reasons to put MCUs into fridges. For example, one of the most effective active ways to improve fridge efficiency is to fit a variable-speed compressor. If you want, I can go into the details, but there are instances in many appliance types where MCUs make a difference re: efficiency. Note however, that a MCU driving a IGBT system to modulate refrigerant flow to optimize cooling efficiency is not a full-fledged computer. It's an MCU that uses a few thermal inputs to optimize system efficiency.

MCU's can also be used to detect and react to test conditions (brilliant VW trick to detect test stands: no steering wheel input) That said, MCUs can have a very positive impact in dishwashers, clothes washers, HVAC, many white goods, etc. The case for 'connected' appliances is a narrower one. Consider the added electrical load re: always being connected vs. the marginal benefit of always being connected. Does my microwave really need Alexa integration?

To me, the fundamental issue re: connected smart appliances still revolves around consumer benefit. Few US residential customers have variable electrical rates, peak demand charges, etc. the way that commercial / industrial ones typically do. Until there is a $$$ reason, I don't see a tangible reason for consumers to jump wholesale into DR and like programs that would benefit from connected appliances (esp. HVAC, electric water heaters, and to a lesser extent, electric clothes dryers and dishwashers).

That 2009 ARRA funding rolling out hundreds of millions of smart meters is transforming utilities - they have far more data today than they used to and it likely is forcing a massive rethink re: what a utility is (electric or gas). I hope they're taking good care of that data since it's pretty revealing...
 
Last edited:
Top