
Mozilla debuts implementation of WebThings Gateway open-source router firmware - cpeterso
https://venturebeat.com/2019/07/25/mozilla-debuts-webthings-gateway-open-source-router-firmware-for-turris-omnia/
======
tialaramex
This the closest we have so far to an answer to the point raised in the IETF
105 Technical Plenary a few days ago.

Encrypting everything means that IoT devices represent an unknown threat -
your "smart" TV connects to Sourceforge and downloads... something every week.
What for? Your "smart" thermostat calls the IP of the vendor, maybe to get
firmware updates, but it also calls the Disney corporation - what for? You
can't snoop any of this because it's using encryption with pinned keys, so
MITM doesn't work. Obviously hardcore reverse engineering is possible, but
it's extremely expensive. So in practice it won't get done.

But, if we can popularize a safe option, we can just flag all the unsafe
approaches that are popular today. We can teach vendors that this is a bad
idea and they shouldn't do it, and (cross fingers) it might go away, like
X-ray shoe sizing.

~~~
degenerate
I was fascinated by your X-ray example. Here's a link for others:
[https://en.wikipedia.org/wiki/Shoe-
fitting_fluoroscope](https://en.wikipedia.org/wiki/Shoe-fitting_fluoroscope)

~~~
Shorn
Goddammit. The comments are why I browse HN on a daily basis, but sometimes
you folks are worse than Wikipedia. I _know_ I shouldn't click that link.

/me grumpily clicks link

------
m12k
What's HN's thoughts on IoT? To me it looks like yet another buzzword from the
"wouldn't it be neat?" crowd (the same people who previously gave us a lot of
hype about Semantic Web and P2P social networks) but as before none of the
applications are actually worth the hassle, this prevents critical mass from
ever being reached, and in reality it's mostly just a way for appliance
companies who are already overcharging me for non-repairable planned-
obsolescence-ridden products, to overcharge me a bit more. I'm glad someone
without a profit motive is taking a stab at it, but I still fail to see the
actual uses of it being worth the hassle.

~~~
SamuelAdams
It's a great idea, but companies are building products that no one wants.
Here's a few ideas of products / services / suites of items I would actually
buy for my home:

\- Machine to completely do my dishes. End to end. It puts them from the sink
to the dishwasher. Runs the dishwasher. Takes them out of the dishwasher and
puts them in the cabinet. I do not care if this takes 5 hours - it can run
overnight. I just don't want to think about it.

\- Lets the dog out. If I can do this manually, say when I'm on vacation or
something, cool. I saw a post about some dude who used facial recognition
software on his cat's door flap to see if the cat was bringing in a dead
rodent: it barred the cat from entering unless he dropped the rodent. That's a
good start. But I don't want to hire a dog sitter. Just have siri or Alexa or
whatever home assistant you have do it.

\- I want automated recycling. Basically I don't want to think about
organizing my garbage. Apparently there's a long list of items that can't be
recycled. I honestly can't remember them all, so forcing me to do this
manually is always going to result in error.

~~~
patentatt
Kind of an aside, but I hope such a virtual dog sitter never comes to fruition
for the sake of your dog. Dogs shouldn’t be alone for that long!

~~~
ivelostn
The dogs not alone. It has the robot. The robot could let you peer in remotely
and say hi. The robot could comfort your dog for you while you’re away. The
robot is there for your dog while you can’t be. The robot could 3D print dog
friendly toys for it and feed it too.

~~~
clairity
so it's the robot's dog then?

~~~
SturgeonsLaw
The robot owns the dog, the human owns the robot, and the human's job owns the
human. Just like nature intended.

------
Jonnax
My wish is to have the equivalent of Google home hub running locally.

Really my only use cases are:

* glancing at the screen to see the weather

* Asking it to turn on or off or change colour of Hue lights

* Timers for cooking

I've since unplugged my google box because I felt the sacrifice of privacy
with an always listening box wasn't worth it.

At the end of the day the functionality I use isn't that complex and even
basic voice recognition I'm sure doesn't require the internet.

So I hope that there will be or there is a platform I'm not aware of that runs
it locally.

Certainly Webthings is answering a good chunk of the question.

~~~
andrenatalbr
The Web of Things gateway contains an addon for offline voice control. Search
for it in the addons page. You just need to plug an usb microphone to it.

~~~
dmix
This sounds interesting but I’m curious if needs to be marketed differently or
use some better analogies, since it wasn’t super obvious what it did from the
homeless.

I presume it’s hard to explain how it fits into the stack when it does a lot
of generic IoT sounding stuff.

~~~
dmix
s/homeless/homepage

------
hokkos
It seems to handle a use case I was looking for.

I have a cheap xiaomi aqara hub that is homekit compatible, and I want to
exports its data. Sadly usually the use case is to connect a non homekit iot
to a homekit server from an apple device with homebridge. Here their HomeKit
adapter use a lib called hap-controller-node that seems to be a homekit
server. I will have to try this.

[https://github.com/mozilla-iot/homekit-
adapter/blob/master/p...](https://github.com/mozilla-iot/homekit-
adapter/blob/master/package.json)

[https://github.com/mrstegeman/hap-controller-
node](https://github.com/mrstegeman/hap-controller-node)

~~~
knd775
What do you mean by export its data?

~~~
hokkos
Get the temperature, humidity, pressure, open/close state of the sensors,
live.

~~~
knd775
Ah, here you go then.

[https://www.home-assistant.io/components/xiaomi_aqara/](https://www.home-
assistant.io/components/xiaomi_aqara/)

[https://github.com/home-assistant/home-
assistant/tree/dev/ho...](https://github.com/home-assistant/home-
assistant/tree/dev/homeassistant/components/xiaomi_aqara)

------
sirtoffski
It's kind of sketchy to upload your floor plan...or is it just me??

[https://iot.mozilla.org/docs/gateway-user-
guide.html](https://iot.mozilla.org/docs/gateway-user-guide.html)

~~~
xiaomai
It's uploaded to your device (router / raspberry pi / etc.), it doesn't go to
mozilla or other 3rd parties.

~~~
sirtoffski
Thanks! Totally did not pay enough attention.

------
sudoaza
HTTP for IOT is super heavy, on one side it may be simpler for developer to
hop in, but performance wise this shouldn't be used for anything large scale
or where power/bandwidth constrains are an issue.

Something like ble/lora/zigbee for device-gateway comunication and mqtt or
similar for gateway-collector is the best for me.

~~~
hardwaresofton
The great thing about HTTP outside of just being well known and available
everywhere for developers is that you can use it to negotiate switches to
other completely different protocols, or change content types, as necessary.
This doesn't do much to help truly resource constrained environments but
honestly as power and performance get cheaper, I think most consumer usecases
can spare the cycles.

The machine the gateway is running on can also be extended to use your
solution of choice, for example ZWave with an ESP8266[0][1].

You can also bring your ble/lora/zigbee device-gateway solution with you and
have _that_ thing talk to the WebThings Gateway as well, acting as a proxy if
necessary.

IMO it doesn't get much better than this -- the ship to have one true
communication standard (tm) has already sailed if it was ever even possible,
so we're going to have to paper over them if we want devices to interoperate
-- whatever does the papering is _probably_ going to be more powerful than the
devices themselves, and HTTP has proven to be a pretty easy to grasp and
flexible enough interface over them.

All that said, in the lighter-than-http pile of technologies there's also
CoAP[2] which I learned about recently that is pretty cool.

[0]: [https://github.com/mozilla-iot/zwave-
adapter](https://github.com/mozilla-iot/zwave-adapter)

[1]: [https://www.instructables.com/id/Mozilla-IoT-Gateway-With-
ES...](https://www.instructables.com/id/Mozilla-IoT-Gateway-With-ESP8266-and-
Z-Wave)

[2]: [http://coap.technology](http://coap.technology)

~~~
Spearchucker
And we all know some clown will hook up a nuclear launch system to it so the
good General can connect via his home WiFi. And the doctor a hospital life
support system to "stay informed" at his cabin...

For sure I applaud this and will play with it. And hope my cynicism is
misplaced.

------
gioscarab
I suggest you to take a look at PJON:
[https://github.com/gioblu/PJON](https://github.com/gioblu/PJON)

------
Chris2048
I'm trying to kit my own apartment out with IoT stuff, my biggest concern
isn't voice functionality, or compatibility with social media.

It's security. A NodeMCU device can connect to WiFi via build-in password, but
I'd prefer per-device certificate credentials in order to control what a
device can do. This would mean enterprise WiFi and radius, Maybe VLANs. Making
this easier is the main thing for me.

~~~
zaarn
I would recommend to setup a separate Wifi for IoT devices. This has an
additional advantage; you can put it on a different spectrum, meaning your
normal Wifi will be more free to handle other traffic and keeps the spectrum
cleaner.

------
dredmorbius
What does this offer over stock Turris or OpenWRT builds?

~~~
syn0byte
Absolutely nothing, It's worse with fewer features. Mozilla itself says as
much. This is for playing around with stuff, not general usage.

------
irq
I'm a happy HomeKit user with Apple's native solutions. WebThings Gateway
claims HomeKit support. What does that mean? Does it replace my native Homekit
gateway? Or can it do other stuff? I read the site and couldn't tell.

~~~
icebraining
Seems like it does replace your native gateway; you have to unpair the devices
from iOS and pair them directly to the WebThings.

[https://github.com/mozilla-iot/homekit-adapter](https://github.com/mozilla-
iot/homekit-adapter)

[https://discourse.mozilla.org/t/a-homekit-gee-i-
wish/37065/6](https://discourse.mozilla.org/t/a-homekit-gee-i-wish/37065/6)

------
Havoc
Been looking into IOT/home auto lately so this is of interest to me.

I hope they hurry up though. Consumer router gear is god damn awful. e.g. the
2.4ghz on my Asus router is dead (common) so I'm using a raspberry to create a
hotspot.

------
sandGorgon
Any reason Mozilla is not picking up and supporting one of the DD-WRT/OpenWRT
projects ?

They are hugely popular, have a huge userbase and are well supported by a lot
of hardware (most TP-Link, Linksys, etc).

~~~
kgiori
The WebThings Gateway does support OpenWrt if the router is beefy enough
(decent app processor, RAM, and flash). Most cheap routers wouldn't work. If
you are a savvy OpenWrt user see:
[https://github.com/openwrt/packages/tree/master/lang/node-
mo...](https://github.com/openwrt/packages/tree/master/lang/node-mozilla-iot-
gateway)

The Turris OS that runs on Omnia is a customized OpenWrt build that lets a
user plug a USB memory stick (with the Mozilla WebThings Gateway image, and
only that image on it) into the Omnia, hold down the reset button until the
4th front panel LED lights, let go, and wait until it installs and the
"WebThings Gateway XXYY" SSID appears. Then connect to it and proceed with the
setup process. Suggest other hardware to potentially support on Mozilla's
Discourse "iot" channel. Or the mozilla-iot/gateway repo on github.

------
dang
Related, from April:
[https://news.ycombinator.com/item?id=19695595](https://news.ycombinator.com/item?id=19695595)

------
polskibus
Is that compatible with smart home platforms like hass.io?

~~~
jore
from what I understood, it is either home assistant, or this WebThings
Gateway, it is not possible to use both at the same time

~~~
knd775
It's definitely possible to use both at the same time. But, there's no reason
to.

------
sjwright
The article seems to lack a TLDR so here's one. It is a "software distribution
for smart home gateways which allows users to directly monitor and control
their smart home over the web, without a middleman."

Devices supported:

    
    
      - Raspberry Pi
      - Turris Omnia
    

Protocols supported:

    
    
      - HomeKit
      - ZigBee
      - Thread
      - MQTT
      - Weave
      - AMQP
    

Framework languages supported:

    
    
      - JS (Node.js)
      - Python
      - Rust
      - Java
      - C++ (for Arduino)
    

Home page:

[https://iot.mozilla.org/gateway/](https://iot.mozilla.org/gateway/)

~~~
rohan1024
> without a middleman

Are you saying that I should be able to connect to my home directly over the
Internet? How does it bypass NAT.

~~~
derefr
You configure your router to not use NAT for IPv6, and get your ISP to provide
you more than a /128, is how. This is why industry is adopting it and consumer
devices aren’t.

(IPv6 space is big enough that there’s no reason that residential ISPs
shouldn’t be assigning everyone larger prefix ranges by default, but that
doesn’t mean they will. They probably think they can up-sell it. Thread is a
great, simple protocol for the hypothetical world where the residential ISPs
give up on this practice. It’s not so great for the world we’re in, unless
you’re already using some separate VPN overlay network.)

~~~
amaccuish
The problem for me in the UK is that most ISPs are dynamically allocating
prefixes using DHCP-PD. So I've not got static address I can put in my
firewall for the equivalent of ipv4 port forwarding.

------
Proven
They’re constantly coming up with new ways to make money with aggregated data
mining. Mostly it’s about crating services by copying established OSS
functionality but still - good job!

~~~
zaarn
Okay, so what part of this open source and locally hosted application will do
the datamining?

------
rb666
I wonder why this project exists when Home Assistant is already near perfect,
let's put the effort in there!

------
samirm
We at Droplit are building something similar for any of you interested in this
area.

[https://docs.droplit.io/](https://docs.droplit.io/)
[https://www.npmjs.com/package/@droplit/sdk](https://www.npmjs.com/package/@droplit/sdk)

