Nest: Locked out, no Air Con, and can't use baby monitor

[janoc]

I've had a Nest Thermostat for almost 5 years now.  It has never required an internet connection to work as far as I'm aware.  I've also used it for months with no online connection in the past. So, unless they changed this functionality with one of the newer updates, it is not like it needs to be connected to perform the generic functions of all regular thermostats.

I honestly might just disconnect mine for good, being able to manually change the temperature only requires a small walk to the unit after all.

Edit: Just disconnected the upstairs one from the network.  Still fully functional (except the online stuff).

It was sensationalist/stupid reporting. The thermostats, doorbells, locks and what not were working, unlike the last years (?) outage where an outage has actually made them lock up. Only the remote control via phones/web didn't work this time.

Minor detail but saying that "My AC isn't working!!!" (aka I am about to die from heat!) makes for more clickbait and ad sales than saying "I am too lazy to lift my bum and change the thermostat setting by hand instead of using my phone".

That's not to defend Nest/Google, Nest stuff is quite well known for all sorts of high profile issues (and anyone putting their house online like this is insane, IMO), but this outage was blown way out of proportion.

[Rick Law]

One of the many reasons I hate the idea of cloud based home automation.  Zero reason for it to be cloud based.  It should have a local web interface and that's it.  You can use VPN for remote access.  Not only is it more secure but it's also not reliant on a 3rd party.  Will the google servers that power that stuff even still be running in 10-20 or 30 years from now?  Or will some update break it etc.

I just made my own thermostat since I could not find anything on the market that fit my requirements.  It's kinda a mess though I want to redesign that whole system so it's more modular.

Well, I am sure you know the answer already and being too polite to say it - It is cloud base because the manufacturer(s)/provider(s) want to collect and then productize your data.

The more worrisome issue here is the second article I quoted: that builders are making deals with these "smart home" providers and your apartment/condo/house is embedded with the junk at the get-go.  In the USA, most new houses areas are now in a development; a village, sort of.  Signing the lease, or a development's by-laws could be the vehicle to "by signing, you agreed to..."  For end-user purchases, I am quite sure that this would likely be (or already is) included in the automation product-booklet: "By activating the product, you agreed that..."

Companies like Facebook/Google/Amazon already have the power to influence the political processes.  As they get more and more powerful, they have the dollars to not just to influence but to control the political processes.  They can make deals to legally collect anything and market anything they collect, and likely they are happy to hand over the info to the government as well.  With that, comes more and more government control.

One can say, privacy is an ancient concept, it is long since gone - live with it and move on.  If one accepts that premise, what exactly is the difference between these two scenarios? (1) video of a lady walking in the room, and observed that she first turned on the TV, then the coffee, then check the fridge (ie: product prioritization) verses (2) video of a lady taking a shower.  Both are private moments, both are non-pornographic, and both would have buyers willing to pay money for it.  Before you say anything, bare in mind during the last administration here in the USA, it was the government's position that boys and girls in public schools should be able to use the bath room or changing room of their choice.  Schools not allowing that would be against non-discrimination laws/regulations and will be subjected to penalties.  So, bare naked body in view of the opposite sex is no big deal to some politicians.

Bottom line is, what is the true price for these conveniences?

May be some day, those "innovators" of these "wonderful" technologies would be cursed by future people as they eminence the good old days of freedom.

[grumpydoc]

I don't understand the idiotic obsession of running *everything* through "the cloud".

To a certain extent blame NAT - though I think it would have happened anyway.

Basically most home firewalls are set up to allow arbitrary connections out but require the user to modify the settings to premit inbound connections. If you add together that fact, plus most users are not tech savvy enough to change the router settings, plus most have been rendered paranoid about inbound stuff, plus there are too many variants of router hardware and firmware to reasonably include instructions - which would, in any case, have to be somehow future proof. Add in CGNAT and non-fixed IP addresses and it's pretty much the only way these things can offer access from off-site/mobile devices - which is what everyone has been brain washed into thinking that they need.

The side benefits of capturing registration details, the opportunities to slurp data and being fully in control of designed-in obsolescence are just cherries on the cake (and why it would have been done this way regardless of the technical limitations imposed by IPV4 and NAT).

Personally I try to avoid anything which "phones home" somewhere into the cloud.

[orion242]

technical limitations imposed by IPV4 and NAT

How would that change with IPv6?  Would be a total crap fest if everything was wide open on the internet.  There is still going to be a router/firewall between most devices and public internet in all but the most stupid setups.

[duak]

I remember hearing a story about a family that headed off for a 2 week vacation just before a cold snap.  When they came back, the heat was off and they couldn't get the Nest to restart.  I understand that it performed an update and then froze.  They weren't the only ones because they said the Nest helpline was backed up for days.

[JxR]

technical limitations imposed by IPV4 and NAT

How would that change with IPv6?  Would be a total crap fest if everything was wide open on the internet.  There is still going to be a router/firewall between most devices and public internet in all but the most stupid setups.

It won't change anything as far as inbound connections go.  I think they are just referring to the reason NAT is required for IPV4, there simply is not enough addresses available for everyone to have a static address.  Personally, I do have a static IPV4 address at home, but I still much rather have a service that dials up to a remote server than allow inbound connections to IOT devices.  I only have a single server I allow inbound connections on: through single port, on a separate subnet, on a separate VLAN, between two separate firewalls.

My IOT devices (very few), also get a similar treatment and are isolated from the rest of the network.

[DDunfield]

I don't understand the idiotic obsession of running *everything* through "the cloud".

To a certain extent blame NAT - though I think it would have happened anyway.

I'm well aware of the difficulty NAT causes for inbound connection, there's also the issue that most customer sites won't have DNS records and will be using non-static IP. In other words, it's hard to find them and if you do, they are likely to move somewhere else.

But these are no reason to run "everything" through the cloud. There is no technical reason not to run the "brains" of the system locally, and use a connection to an external server just for remote access.

There is in fact several very good technical reasons NOT to:

The system would keep working!
At one time I did a wind turbine controller supporting remote logging and control via a central server, and it did not require the customer to have anything special for an internet connection, nor did it require him to configure anything in his router. But ... guess what ... when the internet went down, it continued to operate. The turbine didn't shut down, not did it spin out of control. It continued to operate just fine. The local control panel still worked, the big red E-STOP button remained operational.

Better response time. Operations between device and local controller are essentially instant. When your switch has to inform a cloud based server that it should turn on your light... not so much!

Much less processing and storage is required on the server. This translates to being able to serve more users at less expense.

Much less internet traffic. Only remote access requests need be handled, again ability to serve more users at less expense.


There are however much more compelling business reasons to make it fully cloud based.

If you use the server only to provide remote access, then you can only track what the user does to his home remotely. If you put the brains of the system in the house, and only do communication for out-of-the-house events, then you can only track out-of-the-house events. But... require all of the sensors and switches feed into your server, and you can track *everything* that goes on in the house. The opportunity for data mining is exponentially greater, and it would seem more than makes up for the added cost of providing the services.

You might even be able to get away with charging him a few $/month for the "service" (although most people will balk at this long before they have any concern about their personal data being mined).

You have much more control over how well it works, can "retire" features in older units, make them operate slower and less reliably, or right-out disable them ... Planned obsolescence is part of every product model, but forced obsolescence works even better! (Not being cloud central doesn't protect you from this as "mandatory" updates can accomplish the same thing, but it's much less obvious if it happens slowly over time rather than right after an update goes out).

Dave

[tggzzz]

This kind of nonsense was memorably nailed by Douglas Adams 40 (gulp) years ago, back when digital watches were nifty things.

N.B. this is from the best source, the original radio programme, albeit with visuals that mask the picture in your head...

[orion242]

they are just referring to the reason NAT is required for IPV4, there simply is not enough addresses available for everyone to have a static address.

I get that.  I don't see the logic that NAT / IPv4 is the reason we have this cloud push BS.  Its people that are completely ignorant with tech that are the issue.  Lets assume IPv6 was everywhere.  Who the hell is going to just plop all their devices straight on the internet??  Guessing ISPs are going to supply home gateways with firewall that still prevents inbound connections by default.  Not doing so would almost certainly cause a meltdown of the internet with all these shit IoT devices with ancient security flaws, default creids, unpatched PC, etc getting owned constantly.

Its takes 5 functioning brain cells, a few hours of time spent learning, and < $20 a year to setup DDNS, buy a domain name and setup a VPN.  Secure remote access, done.  Most consumers just want to plug this junk in and have it work.  That's the problem and why all this crap is moving to cloud when there is little reason to do so.  Add in tracking and reoccurring fees these companies can collect, its a match made in heaven.

[Red Squirrel]

They actually want to get rid of NAT for ipv6 but I'm not a fan of that.  Even if you setup a firewall that can handle pulling multiple IPs from the ISP, you're now at the mercy of your ISP for local IP assignment.  Everything gets an external IP.  That means every time your ISP changes the IP range that is assigned to you (which can be often on residential connections) you need to completely renumber your network.  Yeah you can probably script/automate that but that's still a pain in the butt vs having local IP ranges that never change.

I think the best compromise is going to be NPT.  It will basically be a 1:1 NAT.    That way you keep control of your local IP numbering.

[orion242]

I think the best compromise is going to be NPT.  It will basically be a 1:1 NAT.    That way you keep control of your local IP numbering.

I assume the same.  Whatever the ISP supplies as the modem/gateway will have this basic feature set and block incoming traffic by default.

I have a hard time ever seeing ISP issuing unfiltered publicly accessible IPs to everything within a residence.  It would be a meltdown on their networks within days as the miscreants find all the additional junk that just put up the open for business sign.  Their support lines would get flooded with end users complaining their compromised junk isn't working, slow, etc.  Their peeing partners would be in uproar when this junk starts launching DDOS attacks and such.  Internet Armageddon...

[JxR]

they are just referring to the reason NAT is required for IPV4, there simply is not enough addresses available for everyone to have a static address.

I get that.  I don't see the logic that NAT / IPv4 is the reason we have this cloud push BS.  Its people that are completely ignorant with tech that are the issue.  Lets assume IPv6 was everywhere.  Who the hell is going to just plop all their devices straight on the internet??  Guessing ISPs are going to supply home gateways with firewall that still prevents inbound connections by default.  Not doing so would almost certainly cause a meltdown of the internet with all these shit IoT devices with ancient security flaws, default creids, unpatched PC, etc getting owned constantly.

Its takes 5 functioning brain cells, a few hours of time spent learning, and < $20 a year to setup DDNS, buy a domain name and setup a VPN.  Secure remote access, done.  Most consumers just want to plug this junk in and have it work.  That's the problem and why all this crap is moving to cloud when there is little reason to do so.  Add in tracking and reoccurring fees these companies can collect, its a match made in heaven.

The biggest reason the distributed model is so popular at the moment is simply cost.  Having the heavy computing done externally lowers the cost of the device to the end user.  This type of model is hardly new or unique and is how the majority of computing started out.  Have a giant mainframe do the majority of computing, with a bunch of dummy terminals that interfaced to it. It is possible in the future that this may change, to where the "mainframe" moves into our own houses and our lower powered devices run from that.  Time will tell.  Now, moving to a model where each small device essentially has the compute resources to do all its processing internally.  I don't see that happening anytime soon.

Another reason being that they are guaranteeing a level of service to the end user of the product.  The company is making sure the external services that they use to provide data to the IOT device is up and operations.  They are facilitating the external communication from other services that may be outside their own networks.  A centralized system also helps when it comes to maintenance and administration.  Obviously some companies do this much better than others.  Some of this will be data collection to assist in improving these services.  That collection does not necessarily imply that it is used for nefarious purposes, although it certainly can be used in such a way.

Regardless I find all this disdain for the average users being complete morons disturbing.  While of course only a few enlightened forum members knows whats up, and how easy proper security is.  Computing security is not easy, and is a topic of learning that you could devote your entire life to.  After 15 years of professional work in enterprise IT, I hardly know all there is to know on the topic.  People specialize because there is honestly too much to learn on any one topic. 

I'm all for people becoming as knowledgeable as possible, hell I'm back in school at the moment and trying to shift into a new career path because I'm bored with IT.  Just because I watch a bunch of Dave's videos hardly makes me now an expert in all things EE.  Likewise watching a bunch of videos on IT security won't make users experts on that topic either.  Neither are a waste of time though, and both are topics worthy of our time.

[orion242]

The biggest reason the distributed model is so popular at the moment is simply cost.  Having the heavy computing done externally lowers the cost of the device to the end user.

On something like a thermostat?!?  Its been done standalone for decades now.

I have 6x megapixel cameras at home all streaming back to a DVR.  The only thing the “cloud” part does is allow for remote access for people that can’t figure it out.  It wouldn’t even be possible to stream that amount of traffic over 90%+ of the residential connections.  Since I have my own remote access to home, their cloud provides nothing other than tracking and a backdoor into my network as I see it.

Turning on the lights needs compute power in the cloud??

Outside of speech recognition, I have a hard time thinking of too many cases that require outside help.  Even that I assume is nothing that couldn’t be done on a home PC.

Regardless I find all this disdain for the average users being complete morons disturbing.

I wouldn’t necessary say morons.  Clueless, can’t be bothered, don’t care in general, yep.

In the general public, what’s the percentage that have ever applied updates to any of their network connected junk?  Single digits I would guess.

People specialize because there is honestly too much to learn on any one topic.

True.  But just taking the basic measures eliminates a lot of headache.  Most these days most put their seat belts on when driving, yet how many keep things updated??

[NiHaoMike]

Have a giant mainframe do the majority of computing, with a bunch of dummy terminals that interfaced to it. It is possible in the future that this may change, to where the "mainframe" moves into our own houses and our lower powered devices run from that.

That's already being done and can be quite cheap with the advent of low cost computing platforms like Raspberry Pi. It's referred to as a "LAN of Things".

I recall reading that it's possible to use Tor to do remote access without opening ports. Not sure on the details but to my understanding, it would not put any extra load on the (scarce) exit nodes since both sides are inside the Tor network.

[JxR]

That's already being done and can be quite cheap with the advent of low cost computing platforms like Raspberry Pi. It's referred to as a "LAN of Things".

I recall reading that it's possible to use Tor to do remote access without opening ports. Not sure on the details but to my understanding, it would not put any extra load on the (scarce) exit nodes since both sides are inside the Tor network.

Yes, I didn't really mean to imply that it is something that is completely new, and cannot be done now.  Things like desktop or service virtualization has been around for a while now.  Citrix/Vmware View would be a couple of the enterprise level solutions.

I haven't used Tor for a while, so I cannot give you an detailed answer on that.  There are certainly services you could run on your computer, that would communicate to an external broker.  The broker in turn would facilitate external connections to your internal resource. This is pretty common for things like remote desktop type services.

[JxR]

....

I did update the post you responded to to include information I should have in the first place.  All I will say to you is if you have the knowledge to run everything internally that you need, awesome!  I also do much of my own stuff internally from my completely full 38U server rack.  Although, unless you just like doing it for the learning experience, or if you think everyone is out to get you...I pitty your electric bill if its as bad as mine.  Personally I'm looking to shut most of my stuff down eventually, its a huge waste of power and makes the room the equipment in basically unusable for anything else due to the heat generation.

[madires]

They actually want to get rid of NAT for ipv6 but I'm not a fan of that.  Even if you setup a firewall that can handle pulling multiple IPs from the ISP, you're now at the mercy of your ISP for local IP assignment.  Everything gets an external IP.  That means every time your ISP changes the IP range that is assigned to you (which can be often on residential connections) you need to completely renumber your network.  Yeah you can probably script/automate that but that's still a pain in the butt vs having local IP ranges that never change.

Of course you can have fixed IPv6 addresses in your LAN. There's the ULA prefix similar to RFC 1918. Changing public prefixes is performed by PD (prefix delegation) and SLAAC. Please read up on IPv6 basics!

[orion242]

I also do much of my own stuff internally from my completely full 48U server rack.  Although, unless you just like doing it for the learning experience, or if you think everyone is out to get you...I pitty your electric bill if its as bad as mine.  Personally I'm looking to shut most of my stuff down eventually, its a huge waste of power and makes the room the equipment in basically unusable for anything else due to the heat generation.

You must have a small data center at home.  I have a 8U rack with 8 port router, 2x 24 port 250W POE switches, pair of patch panels plus one always on PC that acts as a file server / DVR.  Just looking at the PC UPS, its using 2.5kwh / day.  Doubt the networking equipment uses more than that.  ~5kwh / day @ $0.28/kwh  = $1.40 / day in power and another $0.05 / day for domain name and DDNS to run everything I want internally.  Only external service required is DDNS.  That fails, worst case remote access becomes a minor headache.

[JxR]

I also do much of my own stuff internally from my completely full 48U server rack.  Although, unless you just like doing it for the learning experience, or if you think everyone is out to get you...I pitty your electric bill if its as bad as mine.  Personally I'm looking to shut most of my stuff down eventually, its a huge waste of power and makes the room the equipment in basically unusable for anything else due to the heat generation.

You must have a small data center at home.  I have a 8U rack with 8 port router, 2x 24 port 250W POE switches, pair of patch panels plus one always on PC that acts as a file server / DVR.  Just looking at the PC UPS, its using 2.5kwh / day.  Doubt the networking equipment uses more than that.  ~5kwh / day @ $0.28/kwh  = $1.40 / day in power and another $0.05 / day for domain name and DDNS to run everything I want internally.  Only external service required is DDNS.  That fails, worst case remote access becomes a minor headache.

Actually I mistyped by mistake, its a 38U.  I have a very old post on another forum if you want to see the details.  It is not exactly the same as I posted ~4 years ago, but honestly I just don't really feel like going into the details anymore.  I'm personally moving away from IT type stuff, and it doesn't hold the interest to me that it once did.  Anyways, here is the link:

Some of this stuff is over 10 years old...I also attached a snapshot so you know I'm not BSn you.
My stupid energy waster cabinet

[orion242]

Lol, the only thing your missing is the Vertiv CRAC to go with that.

My setup very spartan in comparison.  Monoprice wall mount 8U rack & patch panels, Ubiquity ER8,  ES-24-250Ws, leftover desktop + drobo and a pair of bog standard 1200w APC UPSs.

[JxR]

My setup very spartan in comparison.  Monoprice wall mount 8U rack & patch panels, Ubiquity ER8,  ES-24-250Ws, leftover desktop + drobo and a pair of bog standard 1200w APC UPSs.

Spartan is smart and the way to go.  The problem is honestly that I don't want to dump anymore money into this sort of stuff.  But to make it more "spartan" would require me updating the storage to something more compact.  HD are much higher density now then when I first built my SAN.  Although that unfortunately doesn't mean I can simply move 100TB of data without a serious monetary investment. 

I've had everything automated for years now, so it is honestly very rare that I have to do anything with the rack day to day.  It is also still pretty resistant to any single point of failure. Although honestly unsure why I ever felt that I needed such redundancy in the first place.  Because I knew how to build it, and I could I guess...

My areas of specialization in IT were: storage, disaster recovery, and virtualization.  Probably not hard to see that in my monstrosity that I built.

[orion242]

Although that unfortunately doesn't mean I can simply move 100TB of data without a serious monetary investment.

I feel your pain...albeit on a about 1/10th the scale.  4x the capacity of my storage a two years ago now.  Was on the drive a month plan for some time.