
Amazon, Apple, Google, and the Zigbee Alliance to develop connectivity standard - _quhg
https://www.apple.com/newsroom/2019/12/amazon-apple-google-and-the-zigbee-alliance-to-develop-connectivity-standard/
======
kbumsik
For someone who thinks Zigbee already is an open standard, well, it is NOT
really open though. A standard being publicity available does not always make
it open-source friendly.

Linux considers it a proprietary protocol [1] so Zigbee driver cannot be part
of Linux kernel. Although Zigbee spec allows non-commercial individuals to
freely use it, a commercial organization must be a member of the Zigbee
Alliance in order to use Zigbee, which violates the GPL standard. [2]

At least the article speaks out "an open-source approach", let's see if things
will get better.

[1]:
[https://www.kernel.org/doc/html/latest/networking/ieee802154...](https://www.kernel.org/doc/html/latest/networking/ieee802154.html)

[2]:
[https://archive.freaklabs.org/index.php/blog/zigbee/zigbee-l...](https://archive.freaklabs.org/index.php/blog/zigbee/zigbee-
linux-and-the-gpl.html)

~~~
Symmetry
There's also the bit where Zigbee devices have to share a secret key to talk
to each other, mostly to prevent competition from low cost devices
manufactured in China.

~~~
Spivak
Yeah! They want you to use the high cost devices manufactured in China.

~~~
ASalazarMX
Or mostly the same cheap devices manufactured in China but sold through your
friendly middlemen.

------
paulgerhardt
10 years in the trenches here.

Apple’s smart home protocol famously does not support multiple users. Amazon
is choosy on what features you can implement (turn on alarms but not turning
them off, locking doors but not unlocking them). Google loves using radio
hardware no one else supports. Zigbee has delightful legacy security
vulnerabilities and consortium drama.

I look forward to these groups putting aside their differences, coming
together, and creating a new standard that combines the best of all these
anti-patterns.

~~~
pkulak
> Amazon is choosy on what features you can implement

Allowing someone to holler into an open (or recently broken) window to open my
front door sounds terrifying.

~~~
singingboyo
I, on the other hand, am on the 17th floor. Anyone who can holler at a smart
device in my apartment has already compromised something important, and could
probably get in anyway.

Also, just require a passphrase? To go full star trek, "[Alexa/Google/Siri],
unlock the front door, authorisation singingboyo Alpha Pi Pi Zulu" sounds
workable.

~~~
joshstrange
IIRC Amazon does allow for this. I use Smartthing + Homebridge for operating
my lock (Prompts me on my phone to unlock the door when I get near the house
and locks the door when I close it) but I do have Alexa as well and I at least
looked into using it to lock/unlock. For the unlock I have to read off a pin,
it will lock without needing a pin.

~~~
ma2rten
We truly live in the future.

~~~
joshstrange
I’m not sure if you are joking/mocking but for me at least it’s super
convenient to tap a notification on my watch as I pull into my driveway and
way directly into my house (detached garage I don’t park in so I enter through
the front door). It’s also nice to know anytime I close the door it will lock
behind me. I quite enjoy living in the future.

------
aequitas
> The goal of the Connected Home over IP project is to simplify development
> for manufacturers...

> The industry working group will take an open-source approach for the
> development and implementation of a new, unified connectivity protocol and
> increase compatibility for consumers.

Curious if I as a hobbyist will benefit from this? Or if this will become a:
it works perfectly, but only if all your devices connect to our certification
servers kind of thing, like Chromecast is becoming.

~~~
teekert
I really hope they recognize the need that people want to keep their data on
their lan. Actually that would be required by the GDPR if they won't let me
sign anything. My derived data is my own people, it does not belong to who
ever collects it.

I.e. I just want a thermostat the is a big rotating button and speaks mqtt. It
does not exist. If you want it to look good you end up with a Nest thermostat.
Home Assistant needs to talk to the Nest online API, not to the device itself.
Really annoying and unnecessary. I wish I could just pay 50$ more and get a
Nest that does let me talk to it locally. Or whatever are they going to earn
with my data? I'd probably pay it straight up.

~~~
aequitas
If your device supports opentherm (which is not as open as you might think,
btw) you might want to look into OTGW [0]. It probably works with Nest to if
the Nest allows to run without internet at all.

[0] [http://otgw.tclcode.com/](http://otgw.tclcode.com/)

~~~
teekert
My central heater is a simple on/off model. Nest will work offline with it but
afaik you can't write target temperatures to it then.

~~~
aequitas
To bad, my old heater had opentherm, with the OTGW I could intercept the
packets between the heater and thermostat, change values (eg: date/time),
issue commands (set room temperature) and add missing functionality (outside
temperature for heating curve), it was ideal in every way. But I moved and my
current heater has a proprietary protocol over rs485 so its a no-go for the
OTGW.

~~~
teekert
In the EU there are no systems without opentherm by law luckily.

That does mean some systems are not available at all, so "luckily".

------
m-p-3
> The project is built around a shared belief that smart home devices should
> be secure, reliable, and seamless to use. By building upon Internet Protocol
> (IP), the project aims to enable communication across smart home devices,
> mobile apps, and cloud services and to define a specific set of IP-based
> networking technologies for device certification.

Yet I don't see any mention of making those being able to work completely
offline/standalone.

We rely too much on cloud services that ultimately get turned off after an
undetermined about of time.

There is no way I am buying home automation equipment I cannot control myself,
especially in a situation where the giants like Google could simply decide to
terminate my account because I said or did something they didn't like and take
down related systems with it.

~~~
joshstrange
I am personally really against my IoT devices being able to "speak" TCP/IP, I
want them to use dumb radios (Z-wave or if I must, Zigbee) that cannot talk to
the internet. I get the draw of Wifi/IP devices but I avoid them at all costs.
I don't want 10's or 100's of devices on my network that all are talking to
servers in China.

I bought a few cheap POE Chinese cameras that I use with Zoneminder but they
are all blocked from any internet access except talking to Zoneminder (local).

~~~
xoa
> _I don 't want 10's or 100's of devices on my network that all are talking
> to servers in China._

I definitely agree, although I'd expand that to "talking to any servers at all
anywhere for anything I don't explicitly grant permission for". However for
that very reason I prefer WiFi/IP devices, because it makes it very easy and
straight forward to apply all the powerful network management tools we have
for everything else. All devices can go on their own VLANs for example, with
careful management and logging of how they communicate. The real shame is that
there aren't better, more consumer friendly tools for managing that more
visually/automatically.

Custom radios aren't any inherent defense there, already there have been
demonstrations of getting right into Z-wave/Zigbee networks using customized
SDRs. They have a purpose from an ultra low energy and meshing point of view,
but you should be suspicious of what security practices for such things will
actually be. WiFi/IP at least has the benefit of tons of open attention and
development for security critical situations already.

~~~
joshstrange
You've made some very good points and better explained what I really want. I
also will admit that using existing tools to create VLANs to "quarantine" the
devices is an option. That said (and you touched on this) the average consumer
is not prepared to deal with any of that, maybe that will change but as of
today it's not easy or even possible with most consumer-grade hardware.

As for Z-wave/Zigbee, I could be missing a potential security hole but
personally I am less concerned with my Z*-devices being hacked and more
concerned with IP-devices being hacked and being able to talk to other IP-
based devices on my network.

For example, it would suck to have someone be able to hack my door or lights
but it wouldn't be the end of the world AND it requires physical
access/proximity. This is quite different from someone on the other side of
the globe being able to hack a device, hack other devices on my network (non-
IoT), and then do something malicious (ransomware, identity theft, etc).

~~~
xoa
> _That said (and you touched on this) the average consumer is not prepared to
> deal with any of that, maybe that will change but as of today it 's not easy
> or even possible with most consumer-grade hardware._

Right, at one point it looked like something like UniFi could show the way
there, but Ubiquiti unfortunately has turned into a development dumpster fire
and really lost its way, and I don't know of anyone else attempting something
similar. The principle remains though that it's another path forward, there
are already powerful tools for network control and management, and there are
accessible open standards there. Putting a better UX on that is worth
considering alongside other solutions is all.

> _As for Z-wave /Zigbee, I could be missing a potential security hole but
> personally I am less concerned with my Z-devices being hacked and more
> concerned with IP-devices being hacked and being able to talk to other IP-
> based devices on my network. For example, it would suck to have someone be
> able to hack my door or lights but it wouldn't be the end of the world AND
> it requires physical access/proximity._

A lot depends on where you live. A few years ago for example there were a
bunch of articles and demonstrations coming from research into and discovery
of vulnerabilities in the ZigBee protocol itself. Because the whole point of
it is meshing, if you're in an urban or even suburban environment with
sufficient density, then a neighbor being hacked could then hack their
neighbors etc in a chain reaction. And of course people had fun immediately
putting SDRs on drones and doing a fresh new take on good 'ol war dialing,
flying around owning anything they came across. Random example article:

[https://www.theverge.com/2016/11/3/13507126/iot-drone-
hack](https://www.theverge.com/2016/11/3/13507126/iot-drone-hack)

Picked verge vs NYT since I don't think they're paywalled? Lots more though a
quick DDG away covering the same thing at the time.

With meshing though, you do have to be somewhat careful about the concept of
"proximity" and so on if there are protocol layer problems, which is less of a
concern on WiFi for better and for worse. Your home might be locked down, but
are you sure your neighbor or neighbor's neighbor and so on and so forth down
the chain all have no entry point? I 100% grant it's more of a long term
scalability consideration right now for many people, but hey, we're talking
about a future protocol here!

Gonna be another exciting decade I guess :)

~~~
joshstrange
I haven't followed the AmpliFi line closely to know if it has easy VLAN
support but yeah... I really like the UniFi offerings but a fulling working
UniFi system (excluding the UDM) costs ~$800 from my last estimate. I'm saving
for it but that's cause I'm a weirdo who enjoys those kinds of things.

If you don't mind me asking what networking stack are you using?

Also thank you for the very well thought out and reasoned reply! I wasn't
fully aware of some of those attack vectors.

Lastly I think I've been so anti-wifi IoT because of the inherent security
issues with literally everything currently on the market. I see the wifi IoT
as a bubble about to pop unless routers gain security features for IoT or some
other major changes are made to how they work today.

~~~
xoa
Sorry for the slow reply, and I see you've got (and made) one other response.
As far as what stack I'm using, on my test lab it's a big mix of course, but
my main personal stack right now is UniFi dating back from quite a few years
ago. However, I really want to reemphasize my "dumpster fire" aside: I strong
_DON 'T_ recommend getting into UniFi right now if you're starting fresh, or
at least, if you do be really careful about it. It hasn't been that obvious
from the outside if you didn't know what to look for, but from an community
and heavy use perspective it's clear Ubiquiti has been having major internal
developer issues for a few years now at least. The CEO is apparently pretty
toxic, but whatever the reasons are the result has been a major stagnation of
the line, both for hardware and software, rapidly increasing technical debt,
and a lot of extremely confused moves that seem to amount to easy bikeshedding
because real engineers weren't available. I started to get into some of the
gory details but am just deleting that paragraph, it's not really relevant
here. But to take a specific example, that security gateway you were looking
at, which is necessary if you want to use UniFi for L3 features, basics like
DNS (which incidentally is also half-assed) etc, is a good 5 years old now.
They introduced the "UniFi Security Gateways" and then refreshed them...
never. The software for those is stagnant, and core software (like Strongswan
for VPN) are often horribly out of date. It chokes doing much of anything
interesting, would be obliterated in perf by a current RPi. The switches
aren't in quite so dire straights, but for the money they too now have the
smell of obsolescence. Ubiquiti has no decent L3 story for 2019/2020, no move
to competitive faster networking, and a lot of cruft built up because they
like to introduce new things but not just update and replace old ones.

Having said all that, their PtP/PtMP links are still nice. Their APs are solid
overall, and do have nice industrial design (though no word on WiFi 6, which
for a new install I'd consider fairly important). The interface has degraded
significantly over the last few versions, but it's still better and more
unified than any other I know of. I mean, I'm still running it myself after
all. But if you go that route know what you're getting into and look hard for
open box and used stuff that'll be cheap. And I'd honestly suggest not
bothering with the cloud key and just running the controller yourself, on an
RPi or similar if you want something dedicated but cheap or else spin up a VM
or container, or even just run native I guess if you've got a server you run
otherwise. The CK is also ancient.

In summary: I adored UniFi, and the potential was(is?) fantastic, and their
old vision was fantastic, and at one point they were a really solid venture
all around. And I know of nothing else with the same vision either. Yet even
so I'm expecting to have to dump it overall in the next few years, which
sucks. But long bitter experience has taught me that glorious turnarounds are
much more the exception than the rule :(.

~~~
joshstrange
Holy shit this an amazing reply and I couldn’t be happier you took the time. I
had read some about of the issues you you talked about but you highlighted
even more.

I might go down the secondhand/used route if I do decide to do it. Right now
I’ve got a single all-in-one router running LEDE and I like it but I’m not
able to reach more than 60% of my fiber internet so I’ve been looking to
upgrade. I decided that if I was going to throw a couple hundred at it I
figured I might as well go all in.

It’s always sad to see a company throw away such a promising future. I saw
their new AmpliFi “Alien” router and I’m half tempted to buy that and wait a
few more years for a better option to present itself. Or even the UDM but it
seems like a very odd offering to me... I guess I’ll keep looking, thank you
again for the advice.

------
utopian3
FYI: This is the project's official homepage:
[https://www.connectedhomeip.com](https://www.connectedhomeip.com)

~~~
ArmandGrillet
Trivia: I had never seen this Apple logo used before, looks like the name of
the company using a San Francisco font.

I wonder if it's official or just a workaround due to the fact that all the
other logos have names and not just an icon like the standard Apple logo.

~~~
sjwright
Apple doesn’t tend to hand out their logo for industry groups and open source
projects. That’s fine, it’s their support that matters. And it’s not like
their name lacks brand recognition!

Here’s another example; same idea, different font:

[https://aomedia.org/membership/members/](https://aomedia.org/membership/members/)

~~~
rgovostes
They have been a principal organizer and sponsor of the LLVM Developers
Meeting for years and even then they did not use their own logo.

------
oflannabhra
Per the official homepage:

> The goal of the first specification release will be Wi-Fi, up to and
> including 802.11ax (aka Wi-Fi 6), that is 802.11a/b/g/n/ac/ax; Thread over
> 802.15.4-2006 at 2.4 GHz; and IP implementations for Bluetooth Low Energy,
> versions 4.1, 4.2, and 5.0 for the network and physical wireless protocols.

> The Project intends to leverage development work and protocols from existing
> systems such as: Amazon’s Alexa Smart Home, Apple’s HomeKit, Google’s Weave,
> Zigbee Alliance’s Dotdot data models

Dotdot is basically ZCL over IP (in a way), but comes with a lot of legacy
from ZCL.

Thread was my hope for a unified smart home network layer, but it didn't
really get the adoption I'd hoped, and from a manufacturer's perspective, it
did not include any application-layer messaging.

It looks like the goal is to standardize the application layer messaging (of
which Dotdot was an attempt). Maybe call it Dotdot v2, but with better
backing.

------
giancarlostoro
I bought a home and the previous owner used Z-Wave for everything. The whole
thing worked irregardless of internet working or not. Whatever they invent if
it is useless without internet access its a step back from something that has
already worked.

All my home automation / smart home integrations will have to be Z Wave
compatible or I will not use it. If my internet goes out will all my things be
useless without it?

~~~
akvadrako
Zigbee works fine without internet. And Z-wave is proprietary - only one
company makes the controllers.

~~~
giancarlostoro
I didn't realize Z-Wave was proprietary. It is useful though, I can control
things around my house with a USB adapter and a Rasbperry Pi.

------
chriswwweb
LOL ... there has been a standard for years for smart home devices, it is
called KNX
([https://en.wikipedia.org/wiki/KNX_(standard)](https://en.wikipedia.org/wiki/KNX_\(standard\)))
... what is wrong with KNX? Hundreds of companies already support it, so why
not join them instead of re-inventing the wheel?

I think I know what im talking about, because my (smart) home automation is
based on KNX, I use Alexa voice commands or a KNX app on my mobile devices to
controll all my KNX compatible devices, a server gets the commands and allows
me to control the lights (on/off/dimming), to inquire an set the temperature
in each room, to control the inner blinds as well as the outer shutters
(open/close), to get data of water consumption, electricity consumption from
many devices like the cooking plate, the owen, the lights, the AC, ... to get
values from my weather station like wind speed, wind direction, sun intensity
and much more ... I also have fire detection sensors, movement sensors, air
pollution and water leak sensors which can trigger alarms... I can inquire on
my phone if I forgot to turn off the owen in the kitchen, if the main door is
being or has been left opened. Through Alexa I have also connected my Roomba
as well as my TV and all the media devices connected to it (using the Logitech
Harmony hub) but those two things are not KNX, everything else is.

Being able to control all this through Alexa is super fun. When I go to bed I
just need say "Alexa good night" and Alexa tells my KNX shutters to move down
to 100%, all my lights in any room to 0%. When I leave the house I say "Alexa,
good bye" and Alexa checks if my appliences are turned off, turns the lights
off and lowers the heating in all the rooms a bit. Also as im super lazy, if I
finish cooking and throw myself on the couch but forgot to turn of the kitchen
lights I just need to say "Alexa turn of the kitchen lights and turn on
netflix".

What is also nice is that I can program (control and combine) everything
myself. I currently use NodeRed
([https://nodered.org/](https://nodered.org/)). So I can program routines,
like "if the time is > this and the front door gets opened send me an email or
SMS", if the wind speed is above a certain threshold open the shutters to
avoid damage, ...

~~~
lioeters
I enjoyed the description of your home automation setup! I learned about the
wide range of sensors and devices that can be incorporated, and that
technically it's possible for the owner to programmatically control
everything. I can see you're riding the edge of the coming wave.

Looking at the differences between the KNX standard and the "Connected Home
over IP" project.. From the latter's home page [0]:

> By building upon Internet Protocol (IP), the project aims to enable
> communication across smart home devices, mobile apps, and cloud services and
> to define a specific set of IP-based networking technologies for device
> certification.

This seems like a higher level of abstraction than KNX (unless "smart home
devices" in the above description includes the kind of individual sensors you
mentioned) - and exclusively focused on using the Internet Protocol.

Reading the Wikipedia article on KNX, it does sound like it has all the
elements needed for home automation, including what this new standard aims to
achieve.

[0] [https://www.connectedhomeip.com/](https://www.connectedhomeip.com/)

\---

EDIT: Now reading about the ZigBee specs, I find there's a big overlap in
protocols/functionality. As a complete newcomer, it's hard to disentangle the
pros/cons of these standards.

[https://en.wikipedia.org/wiki/ZigBee](https://en.wikipedia.org/wiki/ZigBee)

~~~
chriswwweb
Yes I'm riding the automation wave, but only because after working for 20
years as a developer I was finally able to afford buying an apartment and
wanted to try to push automation to it's limits. I haven't done it all and
could go even further, which is why I like KNX, it's not closed or bound to a
single company so I can buy add even more stuff from a lot of providers (see
some example of companies in my other comment).

The alexa bridge is not perfect, sometimes it has hald a second of delay.
Twice a year the servers are down and it doesn't respond for few hours, but
besides that I'm very happy with it. B.t.w. I used this server from PRO KNX to
connect my Alexa(s) to the KNX server:
[https://proknx.com/en/news/2017/realknx-2-0-voice-control-
al...](https://proknx.com/en/news/2017/realknx-2-0-voice-control-alexa-
dashboard/) (it is also compatible with Google Home as well as Apple Homekit).

Thx for the clarifications about the differences. I don't know much about the
KNX standard. I fiddle around a lot with NodeRed (nodejs / javascript) and use
some Alexa routines but I never tried to implement the standard myself. As far
as I understand it, KNX is also using IP Networks, because all my devices have
IP addresses and my servers are open on different ports.

I hope the Google, Apple, ... alliance decided to do create a new standard for
good reasons, but I have doubts as I can't find someone that explains me what
is so bad about the existing standard. Why Apple, Google and the others don't
just join the KNX foundation and why this already open and royalty free KNX
standard can be built upon!?

------
lgleason
Zigbee is already an open standard, but some Zigbee devices don't work with
others. Yet, with Z-Wave they all tend to work and there isn't that much of a
price difference (between Zigbee and Z-Wave devices). The biggest problem with
Zigbee is that is uses 2.4 GHZ which doesn't travel long distances or through
walls very well. Z-Wave uses a lower frequency that does. (edited for clarity)

~~~
huseyinkeles
In a real situation this usually doesn't cause issues. Most of the zigbee
devices that you're gonna have (such as light bulbs) are also acting like a
zigbee router and it creates a mesh network.

You can even visualise the network if you're using zigbee2mqtt with
zigbee2mqtt/bridge/networkmap

~~~
lgleason
That is true provided that you have devices that correctly act as routers.
Sometimes it requires extra repeaters to make the network function correctly
as well. Then there is the interference issue from WIFI and Bluetooth devices.

------
rcarmo
Hmmm. Now what am I going to do with my laboriously (and lovingly) put
together zigbee2mqtt/HomeKit setup? :)

Seriously now, I see this as a good thing, if only because we're likely to get
an interoperability stamp of approval of some kind.

Right now, and were it not for my using an Open Source solution for my Zigbee
gateway, it would be impossible for me to hook up Hue, Xiaomi, IKEA and other
devices to Homekit without a bunch of different gateways (because some Zigbee
endpoints simply refuse to talk to anything other than their own peers).

I also hope that they manage to do this without going the Google way of having
everything open up ports on your router (some of the newer Nest-branded stuff
already knows how to talk to peers on a LAN, but the security model for
Google/Alexa integrations is fundamentally broken for me - WeMo support
excluded).

So far HomeKit can run _completely_ on-premises, with all devices interacting
on the LAN, which is great (except for remote connections through the Home app
to your Apple TV home hub, and Siri voice recognition to trigger scenes), and
that is why I decided to stick with it.

~~~
allover
> were it not for my using an Open Source solution [...], it would be
> impossible for me to hook up [...] and other devices to Homekit without a
> bunch of different gateways (because some Zigbee endpoints simply refuse to
> talk to anything other than their own peers).

And worse, in my "casual" case, because some sort of Philips/Apple agreement
outright prevents it :/

E.g. add a "Hue compatible", but non-Philips bulb to your Hue hub. It will
work in the Hue app and via Amazon Echo, but Homekit will refuse to see it.

A way to "trick" homekit to be able to use the bulb with it, is to create a
Hue scene, and sync it to homekit, but that is terrible for per-bulb control.
This stuff is apparently all Zigbee, but the usability situation is an
absolute mess.

(Widely reported, for many years, not a bug).

------
mortenjorck
HomeKit must _really_ be struggling for Apple to publicly join this
consortium. I don’t say this just as a snarky dig at Apple’s preference for
walled gardens, but because this announcement more or less Osbornes all the
HomeKit devices in the market right now.

Despite its walled-garden nature, I’m sad to see HomeKit go. It was the only
home automation standard I’d trust in my home, though hopefully Apple’s
participation in this new initiative means it will share HomeKit’s emphasis on
security, cloud independence, and privacy.

------
mattferderer
I hope security is at the top of their list.

I want a super secure hub that everything connects to. The hub is the only
thing that speaks to my router. The hub is super secure & doesn't let devices
send data back to their manufacturer. If I buy cheap devices off a flea market
like Amazon, I want to sleep safe & know that the hub is preventing that
device from messing with any other devices or accessing the internet. The hub
can send me notifications and I can send it requests. It would be cool if I
could choose to have the main hub database & software based in the cloud or on
my local network.

Not sure if this is already possible. If it is, I would love to hear more.

~~~
jes5199
Apple, Amazon, and Google are fundamentally opposed to a model that sells
devices that don’t phone home - their whole purpose is to capture value by
creating lock-in for surveillable hosted services

~~~
oflannabhra
This is not exactly the case for HomeKit. Apple didn't even add the ability to
control devices when you are off your home network until recently.

~~~
moduspol
Yep. And it's Apple that's pushing for a HomeKit router [1].

Reading between the lines of how Apple's been handling the "smart home"
business, they've been focusing on privacy and security relative to
competitors, but it's been holding them back.

I think the market has kind of shown that privacy (e.g. devices that aren't
streaming to / dependent on the cloud) and security have not been primary
concerns of the people who buy smart home devices, but solving those problems
better may be key to enlarging the "smart home" market to include normal
people.

[1] [https://www.computerworld.com/article/3446197/why-we-need-
ap...](https://www.computerworld.com/article/3446197/why-we-need-apples-
homekit-enabled-routers.html)

------
shadowgovt
If they actually pull it off, it'd be huge. The single greatest thing holding
back home automation is a lack of compatible standards (coupled with the fact
that when an automation company dies, its proprietary standards die with it).

I used Z-wave for my home, but I'm not doing it "on the up and up;" my hub is
homebrewed and using an unlicensed radio. It's a pain in the ass to maintain,
but since I can't trust any hub company to survive past five years, it seemed
the right call.

~~~
joshstrange
I've used SmartThings more or less since their original Kickstarter in 2013. I
gave my v1 hub to a friend who can still use it (I have a v2 and they have a
v3 out now).

I try to only buy Z-wave devices and fallback to zigbee if I have to. It's
been a very pleasant experience for me overall. I have 5 z-wave light
switches, a handful of zigbee bulbs, zigbee door/temp sensors, and 2 z-wave
locks. I plan on replacing all my light switches eventually (I've got like 5
left but all in low-traffic areas of my house).

------
mikro2nd
In other news, "Wolves, Lions, Tigers and Leopards develop Open Standard for
Sheep Housing."

~~~
shadowgovt
It is a group incentivized to make sure the sheep are happy, healthy, and
within easy reach. ;)

------
vunie
If I suspect that there is any chance my family's private information is going
to get leaked, then I will not touch it. Appliances should never have internet
access. Software updates, if required, should be delivered one-way through
open trusted auditable software (something like ofw).

Big tech have already tricked me into supporting them with their "open
platform" bait-and-switch before (android), that trick wont work on me twice.

------
ogre_codes
They talk about this being secure by default, but the standard will only
ensure the communications is secure. This won't fix the bigger issues with IoT
devices which is that many are built on crappy/ insecure software stacks. If
your wifi video camera gets hacked, it doesn't matter if it's using https to
communicate securely with your phone or cloud storage provider.

------
JediWing
As someone who is perfectly happy with Home Assistant and Z-Wave, I worry that
a bunch of mega corps getting together to create a standard will crowd out the
market, and prevent non-local, privacy-honoring options from continuing to be
manufactured.

If average consumers are told to simply "look for the CHIP logo", and the CHIP
standard includes facilities for must-phone-home messages akin to streaming
DRM, I'm afraid we'll just get pulled further into the corporate surveillance
dystopia.

~~~
ak217
I think people who expect Home Assistant to be useful to the general consumer
are delusional. Home Assistant is an amateur piece of software with severe UX
shortcomings and broken auto-update functionality (it phones home continuously
and often bricks itself after auto-updates).

I appreciate the enthusiasm in the home automation community, and I agree
there's a need for an offline solution, but Home Assistant is not it, and we'd
be better off scrapping that codebase and starting something better.

~~~
JediWing
You're focusing too much on the home assistant part, and not enough on the
local control part. There are solutions with hubs such as some parts of the
Wink hub that do work locally without internet. I'm sure there are
professional-grade installers who install various pieces of software that use
Z-Wave and/or Zigbee to setup a locally controlled home automation solution.

Needing connected to the internet (and all the latency associated with it) is
an anti-feature that most consumers aren't even aware of or think of, hence
why I hope solutions that have the feature aren't crowded out before the
market for home automation truly takes off

~~~
ak217
Sorry if I wasn't clear. I agree with you that local-only solutions are
needed. Home Assistant is sucking up too much of the air in the room. I don't
think it will ever be accessible or usable to the general population. If not
for Home Assistant, I think the community would have developed better local-
only solutions by now.

------
crtlaltdel
this is a good step. i worked in automation/controls (commercial, residential
and industrial) for almost a decade (2000-2009) and personally dealt with the
nightmare of interop. the number of times i had to glue disparate control
systems together with relay closures and switch inputs was insane. and yeah,
we had these issues with wireless. it was compounded by the company i worked
for supporting enocean, zwave and zigbee.

------
WanderPanda
I am curious if they will include cameras (security / door), because the
characteristics of the payload are quite orthogonal to the characteristics of
the payload of other smart home devices.

~~~
melq
>because the characteristics of the payload are quite orthogonal to the
characteristics of the payload of other smart home devices.

how so?

~~~
LeifCarrotson
A camera requires orders of magnitude more bandwidth and power than other
devices that might be connected over a low-power, low-cost radio network. It
needs to transmit that payload 24/7.

Currently, home automation typically uses a variety of custom protocols built
on IEEE 802.15.4 (not 802.11*). It's a simple protocol that can be implemented
by a cheap 8-bit microcontroller from 2 decades ago. Devices from one
manufacturer may or may not communicate with those from another, and the
network architecture is typically a hub with spokes - there's limited or no
support for multi-router, multi-access point, or mesh networked setups.

This style of network honestly works pretty well for motion sensors, lights,
outlets, temperature sensors, thermostats, etc. The master node might query a
device every few seconds for a couple bytes of status, or might only send a
short command when a user interacts with the device. Most smart home devices
send a few bytes of data four times a day when you push "light on" and "light
off" on the hub. This is great for operating for months or years on just a
couple AA batteries. A camera sends a few bytes per pixel times (simplifying)
720 pixels down times 1280 pixels across times 30 frames per second times
86400 seconds per day, and can only run for an hour or two on a larger
battery. That's almost 8 terabytes vs. 8 bytes.

But to use 802.15.4 networks, you need a hub, which is a barrier to entry -
instead of one $20 light, you need a $15 light and a $50 hub. You likely
already have an 802.11 router that could be the hub if the devices were smart
enough to talk to it. And (tinfoil hat on) I think these companies would
rather have their servers be the hub, rather than a device in your home they
can't monitor and profit off of.

~~~
stefan_
This is a very Hacker News answer, in that you wrote three dense paragraphs
that are all technically correct, yet also completely divorced from our
practical reality that has smart home cameras in it.

What is the obvious implementation out there? They just have _both_. They have
the cheap 8-bit microcontroller from 2 decades ago transmitting on the low-
bandwidth home automation network, and when it is decided that the camera
should stream, it wakes up the beefy Ambarella or Socionext SoC to send its
video feed over classic WiFi to the vendor cloud, and whoever wants to receive
it just gets a stream URL back.

~~~
outworlder
Yeah, there's no reason to saturate the control channel with high bandwidth
data.

------
vxNsr
Seems like the sorta thing which has tons of buy in from teams that don't
matter and the teams that actually need to be using this won't and it'll get
abandoned in a few years.

~~~
shadowgovt
Google (specifically, Nest) and Apple are both looking to displace other
solutions in the market.

"Teams that don't matter" today. This market is absolutely rife with
opportunity for someone to steal the whole thing with better UX and an interop
promise.

------
H1Supreme
Why not openthread? It's already there, it's open source, and from my somewhat
limited experience, works well.

~~~
supergeek133
Openthread uses the zigbee radio. Hence zigbee being involved.

On the surface this "appears" very similar.

EDIT: Yes I'm aware the software layer is different, I was inferring the
radios are the same.

~~~
oflannabhra
This is incorrect. Openthread uses nothing from Zigbee, but does use 802.15.4
radios, the same as Zigbee does.

~~~
supergeek133
OK, let me be more specific since that is what I was inferring.

Yes the software layer is different.

~~~
oflannabhra
right, but Zigbee just uses a generic 2.4GHz radio. There is nothing about the
radio that "involves Zigbee". Some silicon vendors sell 2.4GHz radios that can
run a BLE, Zigbee, or Thread networking stack.

------
czbond
Can anyone recommend a method* without Wifi? Isn't there a method for "smart
outlets", main scheduler, etc over electrical lines rather than bluetooth,
wifi, etc? Method* == standard, or product line. [yes i used pointer and
equality symbols oddly]

Edit: basically looking for a way to avoid more wireless transmitters in the
house. Or are all outlets "receive only"?

~~~
armagon
The previous generation of smart home devices was called X10, and it used
signals over power lines.

I gather it was:

\- slow

\- might have required you to make a connection in your circuit breaker

\- and was designed in the 1970s, when home electrical systems weren't very
noisy (apparently all the switching power adapters we have today make a ton of
noise and make it hard for the signal).

I don't see why something newer like this couldn't be done -- we have
powerline modems, right? Probably not as fast as wifi, but it does go where it
is needed and requires physical access to hack.

Some devices are using Zigbee (a different wireless system), but I understand
it was developed without security and isn't hard for third-parties to hack
into.

~~~
marcosdumay
> \- slow

Yep, that's inherent.

> \- might have required you to make a connection in your circuit breaker

That's one way to do it. Another way just requires a bypass and filter at your
circuit breaker what is much simpler and doesn't have to connect anywhere
else.

> \- and was designed in the 1970s, when home electrical systems weren't very
> noisy

This is where things got worse, and then they got better. Yes, electrical
lines are very noisy, but the 200Hz - 100kHz band is only getting cleaner.
Electric motors will interfere with it, so you may need a filter on your
blender (but even it is much better now), but this is the prime band for
electrical wiring.

Also, on chasd00 comment that it requires capacitors bypasses on transformers,
that's only true on the higher bands, and only on devices you want connected
to the network. So only the smart devices need to adapt.

------
zokier
How will this relate to 6lowpan, the already existing IP standard for IoT? Or
will CHoIP sit on higher level (like eg mqtt)?

~~~
oflannabhra
6lowpan only addresses running IPv6 over 802.15.4 PHYs. It defines how to
compress IPv6 headers to fit into 802.15.4 MTUs.

CHoIP will define application-layer messaging that runs over IP, regardless of
PHY.

So, you can run CHoIP over 6lowpan (this is essentially what CHoIP on Thread
would be).

~~~
zokier
6lowpan is also used for ipv6 over bluetooth le

[https://tools.ietf.org/html/rfc7668](https://tools.ietf.org/html/rfc7668)

------
qmmmur
As long as those companies are the ones designing the spec I'm totally
disengaging from smart home devices.

------
rgovostes
Strategically this works out best for Apple whose HomeKit seems to have the
fewest compatible products. Everything seems to integrate with Alexa, even a
microwave that can order popcorn. I wonder what Amazon and Google gain from
this, though.

------
mr__y
It would be nice if such standard supported Publisher-Subscriber style of
messaging. For example alarm could subscribe to events from motion sensors and
security cams (a camera in addition to providing a stream could push events
like motion detection) or heating controller could subscribe to temperature
change events. To make security of that realistic this would need some form of
ACL, probably centrally[0] controlled.

[0] central as in "home router" not as "somewhere in the cloud"

~~~
armagon
I expect that MQTT is that standard. ( [http://mqtt.org/](http://mqtt.org/) )

I have just been playing around with IoT devices and was just trying to set it
up.

~~~
mr__y
Thanks, it looks really interesting and seems to do what I just described. The
thing it lacks though is - in my opinion - RPC-style messages. For example an
alarm controller could subscribe to motion events, but when such an event
occur it should be able to turn on sound-device immediately or shut some
locks. The one-to-one communication as described here:
[https://github.com/mqtt/mqtt.github.io/wiki/one_to_one](https://github.com/mqtt/mqtt.github.io/wiki/one_to_one)
seems more like a hack than a proper solution.

------
ocdtrekkie
The reason I can say my smarthome is relatively secure is explicitly because
it doesn't use IP. It's good they're trying to standardize, but you're gonna
have a problem when you try to use a firewall to inspect what these devices
are up to and find that they're all making encrypted tunnels back to their
home bases and won't work without them.

~~~
slantyyz
I've been gradually retiring my wifi smart devices in favor of Z-wave because
I find them far more reliable and much easier to maintain and manage.

It's also a little annoying having a pile of wifi devices whose only purpose
is to manage an on-off state consume IP addresses on my network.

~~~
technofiend
I share your need to name all my devices in the controller view. Hopefully
zwave has better security support than typical IoT devices. I'd really prefer
to use certificates rather than WPA passwords because password rotation
requires a) I give vendors my passwords which they may not really secure in
any way, b) often requires I use a vendor tool to rotate said password.

It would be much preferable to have a standard way to store a certificate to
the device. Today when the inevitable happens and someone leaves customer WPA
passwords on an open S3 bucket, or they're exposed via cyber security break I
have to update every device. It would be so much nicer to just go update my
compromised device's certificate rather than the password for everything.
Frankly I'd prefer certificates to passwords anyway because sooner or later
I'm sure WEP2 itself will be broken.

------
IshKebab
Given how closed Apple is with HomeKit, and how Google removed the Nest API, I
don't have high hopes for whatever this is exactly.

~~~
elsonrodriguez
HomeKit isn't that closed. You can basically add anything to HomeKit yourself
as a hobbyist. The only restriction is on commercial sales of products.
There's dozens of HomeBridge plugins that act as a glue for non HomeKit
devices.

------
umeshunni
I hope whatever standard they come up with does not require a home WiFi
network to operate. Mobile internet is already faster than your average home
internet line and there is an increasing trend where people rely entirely on
their mobile phones for network connectivity.

~~~
jahlove
> there is an increasing trend where people rely entirely on their mobile
> phones for network connectivity

There is? Is it any meaningful percentage of households?

------
iameli
"Seattle and Cupertino, Mountain View and Davis, California" is a really weird
dateline.

------
alacombe
[https://en.wikipedia.org/wiki/ZigBee](https://en.wikipedia.org/wiki/ZigBee)

> Physical range 10 to 20 meters

Pretty crappy compared to other low-power protocols...

------
yegle
I buy zwave smart switches instead of WiFi ones because I know those devices
won't be able to snoop my LAN. Home automation over IP is a step backwards
IMO.

------
rsync
We are building a new house right now.

All subcontractors know the rules - no "smart" devices or "wifi enabled"
appliances or mechanicals. All lightswitches are plain-old hi-voltage only
switches. Thermostats are dumb, unprogrammable, with no memory or scheduling
or timing. The locks on the doors use physical keys.

The smartest thing we have are the sonos speakers and we pug those in with
ethernet.

Everyone will be pleasantly surprised when they interact with our house. This
is what luxury will come to look like as time goes on ...

~~~
amdavidson
Not having programmed schedules on thermostats seems ludicrous to me.

I don't have "smart" thermostats, they can only be programmed with the buttons
on the front of them and they cannot talk to one another, but how do you turn
down the heat when you leave for the day? or even set different temperatures
for daytime and nighttime? manually?

~~~
rsync
We're cheating a bit here because we live in California ... so we don't need
AC mechanicals (which is a big win for simplicity) and when we leave the house
we simply _turn off the heat_.

If we lived in Duluth we could _probably_ do the same thing for day-long
absences, provided the house was very properly insulated, but you are correct
- we would need a timer/schedule on the thermostats for any longer absences.

------
mavsman
Interesting that Mozilla is not on the list. They are one of the few companies
I'd genuinely trust with smart home data.

~~~
ianburrell
Especially since Mozilla has been working on WebThings which is home
automation protocol over HTTP.

There is a place for both WebThings and this new protocol. WebThings is too
heavy for low-power devices and mesh networks like Bluetooth and Thread. But
would be nice to have standard API for web services and gateways. The ideal
world would be this new protocol on the local network and WebThings across the
internet.

------
cek
Smart home is the poster child for "The good thing about standards is there
are so many to choose from."

Randall gets it [1].

[1] [https://xkcd.com/927/](https://xkcd.com/927/)

~~~
chasd00
i wish the harder i pressed the trackpad the more votes you would get. I
remember smart home standards being talked about and published around 1999.
Like another poster mentioned, X10 was a big thing around then even though it
came out in the 70s.

------
seibelj
I am planning on wiring my house with ZWave and OpenHAB. Anyone have any
experience doing this? Does it work well?

~~~
abstractbarista
I have 40+ ZWave+ devices and they work great with Home Assistant. From lights
to fans to all kinds of sensors, the mesh network seems to have good range and
latency (as long as your controller isn't really close to interference).

Definitely don't use older ZWave devices, only ZWave Plus certified ones. This
ensures the network is fully encrypted and allows for greater range and
throughput.

My next fun project is automating the watering of pots and the garden. Going
to combine a ZWave-controlled solenoid with drip irrigation and some Home
Assistant smart logic (daily rain, sun hours, humidity, temperature) to handle
it.

------
anewguy9000
this is funny because we installed a ring in the office for its Google home
integration. but now that it's owned by Amazon that no longer works :/

------
gumby
I hope they address security requirements beyond layer 2.

------
Brosper
it's not to late?

------
ccozan
In case no one noticed : [https://xkcd.com/927/](https://xkcd.com/927/)

------
dsalzman
Obligatory XKCD: [https://xkcd.com/927/](https://xkcd.com/927/)

~~~
basch
Considering Apple, Amazon, and Google are already members of the Zigbee
alliance, it makes you wonder why it had to be a new working group and not a
new group within Zigbee.

Its like saying Cowboys, 49ers, Patriots, and the NFL join together to create
a new football league.

~~~
blackearl
I'd assume the average person has no clue what Zigbee is. I know I'd never
heard of it

~~~
Semaphor
From what I’ve read, Zigbee is for the rest of the world what Z-Wave is for
the US, in terms of market share. Not sure how accurate that is, but from what
I’ve seen, there are a lot more Zigbee devices here in Germany than Z-Wave,
while most US sites talk about Z-Wave.

~~~
roel_v
What Zigbee devices can you buy apart from Hue lamps? ZWave has been dominant
for many years because there are hardly any Zigbee devices, be it in the US or
in the EU. FWIW I'm in the Netherlands and have all ZWave, and when you look
at e.g. the symcon.de forums, there are plenty of ZWave users in the EU (and
Germany specifically).

~~~
fyfy18
IKEA Tradfri devices are probably the biggest user of ZigBee.

~~~
whatusername
Xiaomi Aqara Amazon Echo Plus etc as a Zigbee hub Tradfri/HomeSmart from Ikea

I'm not sure I see much z-wave stuff (at least here in Australia)

------
linuxftw
Just because the 'standard' is open doesn't mean it will be free software.
See: HTML5.

------
yonatron
First we need an acronym for this alliance. I think GAZA will be appropriate.
Secondly, regarding your future standard: Cool, thanks guys. I'll hack that.

------
alexnewman
I will never use these devices. I think those that do are opening themselves
up to hackers, law enforcement and criminal abuse. This is clearly something
that should be Open Source/ Open Bonnet or closed to my home.

~~~
scottlocklin
You need to tell Marshall this. ;-)

It seems entirely possible to put voice recognition on local machines with
downloaded updates, but of course they're never going to do this.

~~~
alexnewman
I assure you chime and amazon and google have all been caught sending back the
audio

~~~
scottlocklin
I'd never use it myself excepting maybe video only for a burglar alarm, but
because Marshall worked on home automation protocols, he loves this stuff. I
always had nightmares the damn "smart light bulbs" in the 2nd street office
were listening in on our conversations.

~~~
alexnewman
Oh now i know what marshall you are talking about.Yea, that's just dumb

------
baybal2
In the past 10 years, I haven't seen even one Zigbee device sold in retail
besides IKEA remote.

Zigbee is pretty much a zombie standard now

~~~
_fzslm
Zigbee is used all the time in smart lights, plugs, doorbells, temperature
sensors and the such. It's a very popular standard.

~~~
m-p-3
I personally have seen more Z-Wave devices than Zigbee in the wild.

------
bsenftner
Ha. Them? Forget it. The "Open Standard" will require phoning home to the
manufacturer or it's "not certifiable". Trust these guys like your drug addict
former friend.

------
CiPHPerCoder
> Apple, Microsoft, Dell, Tesla and Google's parent company, Alphabet are
> named in the lawsuit

The comma misuse is legendary.

[https://www.amazon.com/Eats-Shoots-Leaves-Tolerance-
Punctuat...](https://www.amazon.com/Eats-Shoots-Leaves-Tolerance-
Punctuation/dp/1592402038)

Fixed: Apple, Microsoft, Dell, Tesla, and Google's parent company, Alphabet,
are named in the lawsuit

~~~
samatman
Wrong thread, you're looking for
[https://news.ycombinator.com/item?id=21824178](https://news.ycombinator.com/item?id=21824178)

~~~
CiPHPerCoder
O_O

I posted it in that thread. What the fuck?

------
BiteCode_dev
What we really need is a legislation for those devices, that force all
manufacturer to:

\- have a hardware switch for everything

\- have 2 microphones. One is always on, and only listens to the keyword, and
is not linked to the rest of the device. If it detects the keyword, it
triggers a hardware switch that activate the second microphone.

\- text recognition is done from a local unit, not a remote server. This local
unit analyse the voice then send proper commands to the rest of the device,
but never share the words, and cannot receive data from the rest of the
hardware except during signed updates.

\- all devices share a stanadrd color code for a mandatory indicator light
giving the state of it and a standard activation/confirmation sound

\- all devices must be able to be controlled from a provided remote with a
button instead of a keyword, which can be deactivated

\- all devices must have a BT kill switch, if a phone send a signal saying "I
don't want to be listened to", the device will no activate.

\- any data sent to server must be encrypted from the client with a key the
server doesn't have

And once it's done, do something similar for phones, e-health devices, etc.

We can't expect big companies to act decently, and technology is not going to
save us.

~~~
themagician
We don’t need that.

You’re right that technology isn’t going to save us though. You can just, you
know, not use Alexa. Normal light switches continue to work. Windows still
exist for checking the local weather and are probably more reliable than Alexa
is.

~~~
BiteCode_dev
I don't have any kind of smart speakers or camera at home.

The problem is that many other people I visit do.

It's the same issue with Google products in general: I don't have a gmail
address. My phone don't even have an email tied to it and I don't use the
official store. But because my contacts mostly do those things, google still
has a log of all my conversations, my face in pictures, my positions, etc.

But even then it's not just about me: people take bad decisions all the time,
companies as well. We don't let people own a radioactive materials, we have
laws for that. We don't allow companies to sell radioactive materials to the
public, we have laws for that.

~~~
RonanTheGrey
Yeah but <insert jingoistic hopeful statement about the future that completely
ignores how dystopian the technology these companies build is increasingly
becoming>!!!!1111eleventyomgz

"Just don't buy it hahahaha checkmate" completely ignores the fact that even
though I now choose not to do business with Google, I am still many times a
day forced to use their Captcha or visit sites that host their ads (which I
block, btw).

Saying "we don't need that you just need not to buy it" is exactly the same
situation. All we are asking for is a reasonable way to opt out - and actually
opt out. These technologies _are made viral by design_ to collect maximally
valuable data from their users, and the very _idea_ that someone might want to
opt out is totally ignored.

I personally don't own any of these devices and will never allow one in my
home. I feel sorry for my kids that they will grow up with all their friends
talking about them and not be able to share in it - and I will explain to them
why.

