
Reports from Nest Secure customers who are unable to arm/disarm or lock/unlock - RobAley
https://twitter.com/nestsupport/status/996955985343270913
======
dsnuh
This is what the future will bring more of - not some all powerful AI - just a
bunch of crap that didn't need to be tethered to the cloud that suddenly stops
working without much explanation, as the Deal With It dog laughs and dons his
sunglasses.

Edit: typo

~~~
skummetmaelk
Soon you will be able to tell which coffee machine your coworkers own by
observing which days they are grumpy after missing their coffee due to brand
specific server outages.

~~~
dsnuh
Or was it that they just couldn't get their Ion to dispense the water they
needed to brew?

[https://www.avclub.com/guy-reviews-his-offices-terrible-
new-...](https://www.avclub.com/guy-reviews-his-offices-terrible-new-smart-
water-cool-1820402910)

~~~
ratsimihah
Their Nest cams got hacked and they ended up on suspicious websites doing
suspicious things, oh wait, someone covered that already.

------
rjbwork
There's a Nest system in the house I rent in. It didn't work from phone/web,
so I just walked over to the actual thermostat on the wall, and it worked just
fine.

AFAIK from reading the Twitters last night, you could still punch the numbers
into your home locks and get inside. So the things just took us back a few
years in terms of smart phone access, but the core device still works.

~~~
Navarr
Smart devices need dumb backups. It's perhaps fortunate for Nest customers
that Nest knows that.

~~~
soylentcola
So far, the "smart" (read: network connected/controllable) devices I've owned
have all had fallback options. I used to have a Nest at my old place but I
left it when we sold (didn't feel like replacing it and couldn't find the old
thermostat). If it somehow lost connectivity, it still functioned as a
thermostat, albeit one with more potential for a software crash or firmware
brick. Neither ever happened in the few years I had it.

With Hue bulbs, if you can't control them due to not having your phone handy
or LAN issues, you can always just flip the lightswitch off and back on to get
them back at "normal" brightness and color. Again, it's not something that I
run into often but if someone else is visiting and doesn't care if the lights
are dimmed blue or whatever for movie watching, they can still use the lights
as normal lights.

Got a window AC in a small room that I can control via LAN but again, it still
has a regular remote and buttons on the front if that fails or I want to
disable it.

The only things I typically run across in the consumer space that don't work
this way are IP security cameras that depend on remote servers in order to
work. The ones that won't just send an h.264 or MJPG stream over the LAN are
forever off my list for this reason (as well as a dislike of recurring bills).
But I at least understand why many people don't want to set up a NAS or spare
computer running software to receive the feeds over their LAN so I get why
they exist. I just don't particularly like them. I'll stick to IP cams on a
separate local network that I can access remotely via VPN into my home
network. If nothing else, I don't have to depend on anyone else's service and
I don't need to expose some backdoor-ridden device to the WAN.

------
peterwwillis
Why would they depend on the internet to allow you to control a device at your
home? NFC? Bluetooth? Wifi? Ignoring the obvious security problems of these
devices being internet-connected, it's just a crap design from a usability
standpoint. (where "usability" includes "can use it when the internet goes
out")

~~~
toomuchtodo
Could they create a way to host a service at your home for direct connect from
the app so connectivity doesn’t rely on a cloud service? Sure. Most consumers
don’t care though. I certainly don’t care. This is the first major Nest outage
I can remember. It would take continued intermittent outages for me to re-
evaluate my Nest devices at my homes.

Either a cloud app is going to go out, or my home internet is going to go out.
I don’t expect 100% uptime because I’m realistic, and expecting non-cloud
infra devices with no time commitment is a pipe dream.

~~~
lstamour
... or batteries run out. That's happened twice for me with when I'm only
using a smart lock occasionally.

~~~
mynameisvlad
Not an issue with smart thermostats, their batteries are constantly charged
through the wiring.

Plus, if your batteries run out, then you wouldn't be able to change the
temperature anyway. You have far bigger problems than the device being online
only.

------
ttflee
Please let me quote from Mostly Harmless by Douglas Adams:

The major difference between a thing that might go wrong and a thing that
cannot possibly go wrong is that when a thing that cannot possibly go wrong
goes wrong it usually turns out to be impossible to get at or repair.

------
seandougall
Title is a bit misleading, as the devices evidently didn’t stop working via
physical controls.

That said, were they... really not monitoring their service?

~~~
Jemmeh
Sometimes monitoring fails too.

~~~
dark_ph0enix
Who monitors the monitors?

------
yk
On behalf of everybody who had entirely too much fun during internet of shit
talks at the ten or so last congresses:

If only somebody told us that would happen!

------
FrozenVoid
SmartDevices are inherently fragile due orders of magnitude more points of
failure. Instead of "Smart" functionality being optional it (due commercial
interest) becomes core control circuitry on which the functionality depends.

An example(hypothethical) SmartFishtank which dispenses food to fish with pre-
programmed schedules and monitors/adjust water temperature. Its connected to
internet and can be monitored remotely. Users can even upload new feeding
schedules. What happens if its hacked? Fish can be boiled, starved or overfed
because SmartFishTank has control over the whole device.

In another corner there is a electronic fish tank with mechanical feeder that
is set to one of 3 feeding modes. The fish tank monitors temperature and
acidity, but cannot adjust it and only send a audible alarm or a SMS message.
However whatever happens to the electronic components, they cannot harm the
fish inside because its purpose is to just receive data.

------
vthallam
You'd think if you could trust anyone with uptime of the most important IOT
stuff(locks, thermostat etc) , it would be Google. Yet here we are, smh!

I like automating or wiring up my home with connected devices, this outage is
making me thing twice.

~~~
orthecreedence
Why not do it yourself over the LAN? Seriously, I dont see any point in having
home data get sent to some scummy third party.

I have a few of these "smart" devices in my home, and they are assigned to an
IP block that has absolutely no internet access. They have to be controlled
internally, and are not allowed to phone home.

One of my next projects will be an open-source Alexa-like that runs completely
in the LAN (unless you specifically ask for things like the weather).

~~~
jxcl
This already exists to some extent: [https://mycroft.ai/](https://mycroft.ai/)

------
goombastic
I get the feeling we have pointless products more often than not these days.
All these advances, just to create a speaker that listens to you and helps you
shop. And now this, there is going to be a whole lot more e-waste in the
coming years because of manufacturer antics like this.

------
willsinclair
Yikes. I would definitely be re-thinking my home security if I normally use my
locks remotely and I was suddenly unable to.

A house burglar could effectively use these tweets as push notifications
telling them to go rob some smart™ homes in their local rich neighborhoods.

~~~
Jemmeh
They just can't use the app to control it. The physical lock still works, so
they just have to use the key.

For a night it turned into a regular lock.

~~~
willsinclair
I'm just imagining the case where someone has gotten very used to using the
smart lock in a way where they lock it remotely. I guess that could be blamed
on the user, but it's definitely not going to encourage them to buy any more
Nest products.

~~~
jessaustin
Yeah one could imagine the house locking itself when a car drives away.

~~~
Jemmeh
There isn't ifttt for Nest Secure yet, but it does integrate with Nest Cam and
nest Thermostat.

My workplace was across the street from my house though so I had trouble with
the GPS stuff on ifttt when I tried it a few years ago. Bah.

~~~
jessaustin
You weren't driving across the street, were you? b^)

------
Uberphallus
I was considering getting some of these devices but things like this scare the
fuck out of me. Let alone if Nest goes away you end up with some useless
bricks. Any suggestions for self hosted smart locks?

~~~
verandaguy_alt
Coming from an infosec background and having touched on physical security,
just don't use a smart lock:

\- Best case, even with a responsible implementation, you're introducing more
variables than are necessary into a supposedly secure system. If one of your
dependencies fucks up, your lock is exploitable.

\- Worst case, you have a typical IoT device, where the "S" stands for
"security."

\- In _either_ case, you're likely still going to include a physical lock
mechanism for keys as a backup -- so you're basically just increasing the
attack surface (significantly, I should add) by doing this.

Smart locks are currently high-risk appliances, and I'm fairly confident that
most others with a security background will agree with me on that.

~~~
Uberphallus
What would you do if you rent an apartment to several people per week? Because
even "don't copy" keys can be copied.

~~~
mynameisvlad
Most smart locks only replace the "back" part of the lock anyway, or augment
the physical key slot to leave it as a backup, so, the point still stands that
it only introduces new attack vectors. You'd still have the problem of someone
being able to copy your "do not duplicate" key not to mention bumping/picking
the lock, along with hacking the smart portion of the lock.

In the end, it's your decision, but the OP's comment stands fully: all the
same attack vectors still exist, along with a bunch of new ones at the expense
of convenience.

~~~
dragonwriter
> You'd still have the problem of someone being able to copy your "do not
> duplicate" key

Only if you distribute the “do not duplicate” key, but the whole point is to
not do that.

------
yk
May be a larger Google problem, I just wanted to stuff a German link [0] into
Google translate to post it here, and Google translate gives me a

403 Your client does not have permission to get URL / from this server.
(Client IP address: 84.131.XXX.XXX)

(That is a standard German Telekom IP, usually Google only acts up when I do
anything funny.)

[0]
[https://news.ycombinator.com/item?id=17091962](https://news.ycombinator.com/item?id=17091962)

(I got google to translate, still no luck with translate.google.de )

------
fredley
On the one hand, expecting your remote-controlled lock to work _all_ the time
(as in 100% uptime) is unfeasible, since it is impossible to achieve 100%
uptime. Almost everyone buying a smart lock probably expected it to have 100%
uptime though, and I'm sure they didn't read the small print w.r.t. uptime
SLAs.

On the other hand, it's probably no more inconvenient than locking yourself
out, something that happens every now and again for anyone. Except you don't
have yourself to blame, but Nest.

~~~
Erik816
I haven't locked myself out of my house since I was about 12, and the dumb
lock on my house has had 100% uptime for the 10 years since we've moved in. So
I don't totally get the appeal of a "smart" lock.

~~~
erkkie
Give access to cleaners? Renting? Airbnb?

------
w0mbat
I have had trouble with Nest devices staying on an IP address after the lease
expires, messing up the network once that address gets used by someone else. I
had to reserve IPs for each one in the end. More than once, I have had a Nest
smoke alarm go off for absolutely no reason, in an empty house. It's always
nice to get an alert on your phone at work telling you your house is on fire.
I don't think their QA department is the best.

------
ianwalter
Does anybody know if this has anything to do with GKE? Last night right before
I noticed the Nest app was unresponsive, I noticed my entire Kubernetes
cluster was randomly brought down. At first I thought it was for some kind of
maintenance, but thought it was strange that it wasnt brought down gracefully.
I still have no idea what happened.

~~~
epc
As of a little over a week ago my nests (camera, thermostat) were connecting
to AWS systems, not Google Cloud. Am traveling so can't tell if this has
changed since then.

~~~
ianwalter
Ok, I guess I just assumed since Nest is a Google company... but I can check
that. Thanks for the tip!

------
ggg9990
When I had a landline, I literally never picked it up and had no dial tone.
When I had an ADT security system, I never had a single failure with it.

Meanwhile I have never regularly used a web service that didn’t have at least
one outage.

------
cookiecaper
Our Nestcam has been flickering on and off since about 3:30pm PDT yesterday. I
assumed it was something with the wifi, but it looks like it's just upstream
server issues. I guess that's a relief?

------
saudioger
Smarthome devices that can't function at some level without a cloud service
are trash. Do yourself a favor and skip wifi cameras all together, use an IP
camera and a NVR.

~~~
josefresco
IP camera's are a pain to "open to the world" \- hence why "cloud cameras"
have been so popular. I suspect there are now modern, IP cameras that aren't
cloud reliant but the avg user doesn't care.

~~~
saudioger
It's kind of a combination of things — IP cameras definitely don't have the
greatest software... and combined with shitty entry-level routers port-
forwarding is definitely frustrating to the average person... then you get
into dynamic IPs from ISPs, etc...

It's just annoying that there's no middle ground between "hold my hand with a
cloud service" and "I want to spend a little effort to not be 100% reliant on
external services"

Google could decide to fold Nest service entirely (luckily there aren't signs
of that) and at this point you'd have thousands of thousands of devices in a
landfill. It's so irresponsible. Historically you could have a CCTV setup
running for 10-20 years without huge issues.

>I suspect there are now modern, IP cameras that aren't cloud reliant

It's surprisingly limited and still a bit expensive. Foscam/Hikvision have
been getting better, but it still feels a few years behind when it comes to
firmware... and the notification and advanced "human detection" are obviously
better with a cloud service.

------
Lord_Zero
People unable to unlock their doors? I hope they give a detailed postmortem.

~~~
jclardy
Unable to unlock doors from the app or other automation - the keypad still
worked.

Still, this is the problem with all cloud based home automation platforms.

------
eanzenberg
You are the beta-tester.

