
The “Internet of Things” Needs a Fix - okket
http://www.scientificamerican.com/article/the-internet-of-things-needs-a-fix/
======
paulsutter
The actual Internet of things is Tesla collecting 130 million miles of
autopilot data to make autopilot safer. It's GE collecting data from the jet
engines they produce to understand failures and do predictive maintenance.
It's Netapp collecting error logs from fileservers in the field, so they know
how to prioritize their bug database, which performance bottlenecks to fix,
and what limitations actual customers encounter.

That's the real internet of things. Just ignore all the (hype for) idiotic
connected home crap covered by the popular press. Yes vendors are producing
these products but the only feature I want is a a global disable for any such
thing I accidentally bring into my home.

~~~
enraged_camel
I don't mind Internet-connected home devices, as long as they:

a) are actually secure

b) do not send any data to the vendor or any third-party services

~~~
carterehsmith
I would love it, but it looks like it will take time.

As for security, we've been building PCs and such for decades and still are
just beginning to get it right. Looks like one really needs a TPM chip as in
Chromebook or iPhone. That may be too expensive for many devices, hell, it is
apparently too expensive for most desktops, laptops etc.

As for sending data. Seems like an IOT vendor would hope to sell the usage
data. That does seem to have some value.

~~~
bigiain
Raspberry Pi's SOC has had ARM TrustZone support right from the beginning (I'm
pretty sure, definitely in recent models). I don't know if we can rely on
crypto secure unique keys having been burned at some stage inside every Pi
(Not sure if that'd be done by Broadcom or 'Pi?), but the "too expensive"
argument seems unsound...

(I fully expect to read soon about some Chinese manufactured IoT device where
every single one if millions manufactured has an identical MAC, GUID, and
TrustZone private key...)

[http://hackerboards.com/trustzone-tee-tech-ported-to-
raspber...](http://hackerboards.com/trustzone-tee-tech-ported-to-raspberry-
pi-3/)

~~~
carterehsmith
IIRC ARM TrustZone is not a TMP chip, just some software. And the other day we
read that people managed to break it, possibly affecting many Android devices.

------
robohamburger
I think the name itself is broken. Most applications just need to be a local
network of things.

Having a million device thats that are difficult to audit, configure and
sensitive to internet and service outages is a nightmare recipe.

Not sure how to solve this in an easy to fix way but it makes me miss the days
of RFCs and standards. Seems like we need something higher level than z-wave,
zigbee and 802.11.

~~~
CaptSpify
I've been saying for years: I _love_ the network of things. I _hate_ the
internet of things

~~~
singham
If it isn't connected to Internet how is it going to have new features. How is
it going to take advantage of machine learning?

~~~
robohamburger
Exactly :D

 _edit: adding actual explanation_

I don't think I subscribe to the idea the that we need to instrument
everything to collect data for eventual ML (especially if that data is going
to be privately owned). I can see why that would be appealing especially if
you are a large software company involved with ads.

If there really is a killer ML model for a particular IoT device then let me
opt in/out and the data collecting can be anonymous, no login required. Being
online should not be required for its function.

 _edit 2: realized I did not address the point on updates_

Self updating devices I am more on the fence about. Ideally I would have some
control over what is getting updated and when and the ability to revert things
and schedule the updates.

It would also be great if these devices used ssl and signatures for updates.
There are horror stories of them opening up tftp and using http in the clear.

If this is too hard for IoT makers get right maybe hubs are the way to go? Not
sure but the fewer things phoning home via the internet on my network the
better I guess.

------
patcheudor
It needs a massive fix, starting with WiFi.

"The drive, ability, and sheer will to change a WiFi password is inversely
proportional to the number of devices one manages on a WiFi network."

[http://thefutureisastephenkingnovel.com/assets/player/Keynot...](http://thefutureisastephenkingnovel.com/assets/player/KeynoteDHTMLPlayer.html#31)

~~~
JoshTriplett
Every Wifi router needs to treat every device on the network as independently
untrusted, except where explicitly told to do otherwise. Outbound connections
aren't as big a problem as every random device having full access to a home
network.

~~~
snuxoll
This is why I have two separate SSID's, one goes to my 'trusted' VLAN of home
devices that have access to the rest of the network - the other goes to an
'untrusted' VLAN that has access to NOTHING except to pfSense for routing (and
any access to the pfSense admin page is blocked from that interface since it's
only bound to the other VLAN).

 _MY_ stuff (desktops, cell phones, laptops, game consoles) goes on the first,
everything else goes on the second (guest devices, appliances that are less
than trustworthy and have no reason to touch the rest of my network, etc).

~~~
bigiain
I've been pondering this recently.

Does your setup (easily) allow for things like untrusted IoT
powerpoints/lights on the untrusted network to be controlled by their regular
apps running on a phone hooked to the trusted network?

I haven't quite worked out a simple-but-correct solution for that at my place
yet.

I have come up with a concept of "any device who's software I'm not actively
updating and managing for security shouldn't be on the same network as my
backup NAS". That includes not just IoT crap, but my original (cant upgrade
past iOS5) iPad, my printer, my 3D printer's Windows machine, most of my
Raspberry Pis, and friends and family's phones/tablets/laptops...

~~~
snuxoll
I _do_ have access from my trusted network _to_ the untrusted one, but not the
other way around (ACL's on my switch prevent the untrusted VLAN from accessing
anything but my pfSense router for internet access). Regardless of this,
however, they are separate broadcast domains, so if I can't just punch in an
IP address to access it I won't be able to use it (and this excludes a lot of
proprietary "Smart" devices that rely on mDNS+DNS-SD or TCP/UDP broadcast for
discovery without any option for direct IP connection).

If I ever bought into the "Connected" / "Smart" home (and I probably will, it
would be really nice to open my garage from my phone and have lights
automatically turn on, monitor the thermostat remotely, etc) I will probably
invest in standards-compliant devices that use Zigbee or Z-Wave and setup
OpenHAB - all of these proprietary "Smart" devices just seem dumb when you
have to rely on external services like IFTTT to integrate them, really defeats
the whole purpose and I don't like being locked into specific brands /
ecosystems when semi-open standards exist.

------
intrasight
Here's one area where I think some government regulation is going to be called
for. If nothing else, it should be mandated that one can "disconnect" and
still have the device function to consumers expectations. That should apply to
everything from watches to cars.

~~~
swiley
That kind of registration sometimes works in the beginning but quickly becomes
a mountain of irrelevant requirements and paperwork.

------
Animats
The way this ought to work is that you have a home server that talks to all
your home devices, and can also be reached from the outside world with
suitable security. A "cloud" service is unnecessary. Unfortunately, we're not
going to get that, unless some carrier such as AT&T or Comcast pushes it.

~~~
potatolicious
To some degree both Apple and Google seem to be pushing towards that. In iOS
10 your phone/tablet talks directly to home devices, and if you have an Apple
TV it allows secure tunneling (e.g., talking to your devices via the always-on
Apple TV). Ditto Google is working on similar things, though the precise plans
are a bit more uncertain.

An "actual" home server in the form of a computer in a closet is IMO
incredibly unlikely. Piggy-backing this functionality into an existing always-
on device seems much more likely for mass adoption.

The big issue is that IoT manufacturers will be fighting this tooth and nail.
Nobody wants to be a commodity IoT manufacturer, and so all of them will try
to push their own (shitty) cloud platforms as value-adds and avoid
commoditization.

Similar to how Android OEMs keep crufting up a perfectly fine OS in a futile
bid to prevent commoditization. It won't work, but they will try.

~~~
bigiain
> An "actual" home server in the form of a computer in a closet is IMO
> incredibly unlikely.

You're right - my Mom's not gonna install a "home server" when she convinces
Dad some WiFi controlled lightbulbs or powerpoints from the supermarket are a
nice idea.

It seems "the industry's" current solution to this is via some 3rd party P2P
network:

[http://krebsonsecurity.com/2016/02/this-is-why-people-
fear-t...](http://krebsonsecurity.com/2016/02/this-is-why-people-fear-the-
internet-of-things/)

What could possibly go wrong?

------
JaymesKeller
Sadly, knowing most companies, it will be more likely an internet of crap,
with lock-ins and microtransactions up the wazoo.

~~~
kps

        Back in the kitchen he fished in his various pockets for a dime,
        and, with it, started up the coffeepot. Sniffing the-to him-very
        unusual smell, he again consulted his watch, saw that fifteen
        minutes had passed; he therefore vigorously strode to the apt
        door, turned the knob and pulled on the release bolt.
    
        The door refused to open. It said, "Five cents, please."
    
        He searched his pockets. No more coins; nothing. "I'll pay you
        tomorrow," he told the door. Again he tried the knob. Again it
        remained locked tight. "What I pay you," he informed it, "is in
        the nature of a gratuity; I don't have to pay you."
    
        "I think otherwise," the door said. "Look in the purchase contract
        you signed when you bought this conapt."
    
        In his desk drawer he found the contract; since signing it he had
        found it necessary to refer to the document many times. Sure
        enough; payment to his door for opening and shutting constituted a
        mandatory fee. Not a tip.
    
        "You discover I'm right," the door said. It sounded smug.
    
        From the drawer beside the sink Joe Chip got a stainless steel
        knife; with it he began systematically to unscrew the bolt
        assembly of his apt's money-gulping door.
    
        "I'll sue you," the door said as the first screw fell out.
    

— _Ubik_ , Philip K Dick, 1969

~~~
intrasight
PKD was, as usual, decades ahead of his time. I guess one can do that when
one's mind is invaded by an alien superbeing.

~~~
B1FF_PSUVM
Also a topic today:
[https://news.ycombinator.com/item?id=12023728](https://news.ycombinator.com/item?id=12023728)
("As a psychiatrist, I diagnose mental illness. Also, I help spot demonic
possession." ;-)

Although he did find recognition and prizes, in his lifetime P.K.Dick made SF
fans - who mostly tended to staunch rationalism, or a good facsimile thereof -
uneasy due to the slightly unhinged mysticism coming through. But he did hit a
bell with resonance in the mainstream: after Stephen King he's probably the
writer with most movie adaptations of his stories.

------
Retric
Internet of things needs a point. It's more about features for features sakes
than anything else. Sure, a manufacture can add wifi for ~1$, but then what.

~~~
krapp
>Sure, a manufacture can add wifi for ~1$, but then what.

Analytics, surveillance and lock-in. Require the user to apply for an online
account and charge them a monthly fee to do something online that used to be
free, monitor their usage and make it difficult for them to use another
brand's products without significant friction.

~~~
Retric
Great now what's the killer app? I have seen an internet connected blender,
toaster, refrigerator, microwave, vaccume, coffee maker, oven, dishwasher,
close washer and dryer. But not a single reason to buy any of them.

AV, lights, thermostat, blinds, sure. But, that's 30 year old home automation
stuff not 'the Internet of things'.

~~~
krapp
A killer app for consumers probably wouldn't exist for most things, unless you
could integrate streaming or delivery services.

But I think the real killer app will help correlate consumer behavior,
advertising and the supply chain. You could have a refrigerator that keeps
track of everything you buy and where you bought it. Scaled up to tens of
thousand or millions of consumers, you might have very useful data for stores
to use to predict what to stock and how much, and how to target
advertisements. I'm reminded of the story of Wal-Mart predicting one of their
customer's pregnancies based on their purchasing habits, and sent coupons for
related products.

I also think integration with social media is going to be a _huge_ part of the
IoT taking off but I'm not entirely sure how, yet, other than vague ideas
about appliances having their own AI driven social media accounts and posting
to your feed. That could both be useful, and an incredibly sinister way of
getting consumers to empathize emotionally with a brand, even if only
subconsciously.

~~~
SpacemanSpiff
wow, with all due respect, to me this vision of the future sounds horrifying.
My refrigerator on Facebook? No thank you.

~~~
krapp
To you, it sounds horrifying. To your children, or grandchildren, though, It
will be completely normal.

~~~
thaumasiotes
Things can be completely normal and still horrifying. No matter what section
of the status quo you bring up, there will be someone who despises it.

------
B1FF_PSUVM
It will be vastly amusing when turning on a lamp or a microwave will require
authorization from a machine in Kansas (or Kazakhstan, whatever).

~~~
turnip1979
As a casual gamer, I run into this quite a bit. Want to play online? Need a
gigabyte update. Want to use Skype. . gotta merge your accounts. Makes me miss
the days of the SNES and n64.

~~~
CaptSpify
I've thought for a long time that internet connectivity was the worst thing to
happen to console gaming. I liked consoles because games worked out of the
box, without dicking around with accounts, services, etc.

If i want to deal with that, I'll just play on my PC

~~~
ams6110
It also contributes to buggy games. If you know you can't update them, you
make damn sure they work out of the box because refunds/recalls are expensive.

If you know you can just push an update whenever, you have a lot less
motivation to get it right.

~~~
Arkaad
Sure, but I think we can say that today's games are much more complex that
what they used to be.

~~~
CaptSpify
We could, but that's a pretty shitty excuse. Just because something is complex
doesn't mean the concept of testing doesn't work anymore.

------
unusximmortalis
It was never intended to be internet of things literally. There's now way to
scale to that level where all tiny devices are connected. It was ment to be
the local network of things exactly like someone else pointed out here. The
things will be connected on the local nerwork behind the home router. The IoT
is a buzz word that was catchy and market pushed it farther cause it sells
well. For as long as these things and what surrounds them are secure (as
secure and safe as my router is) and they respect my privacy policies I will
vote up them big time and they will grow farther be sure of that at the same
rate and speed as the other tech wave is/was.

~~~
digi_owl
consumer routers are usually anything but secure in the iot sense. This
because while they block unsolicited inbound traffic, they will allow any
outbound traffic. And if you have upnp enabled on it, and most come with it on
by default, all bets are off.

Damn it, Samsung managed to produce and sell a voice controlled TV that sends
everything the microphones pick up back to the mothership unencrypted.

------
digi_owl
IoT is a corporate pipe dream. Just about the only thing that could use a
internet connection is my fridge, and then only after every damn thing in it
has a NFC tag to go with their bar code.

Meaning that it could keep a constant watch on its content etc, and allow me
to check what is there (and not starting to develop its own lifeforms) when i
am out shopping groceries.

For all the rest i need to be physically present to load and unload them with
something anyways, so unless they come laden with enough sensors that i can
bring up a full diagnostics on a whim (and actually do more than order a whole
new machine, thank you very much) I'll pass on IoT.

------
fcanela
I honestly do not understand the IoT hate. Yes, there is a lot of insecure
devices: mostly the not-cloud ones which needs an open port. But IMHO they
provide a lot of value, especially if you are a developer. At least it does
for me.

------
Pica_soO
Im very sorry Sir, your house has a virus. We have to put it down.

