
Mozilla announces an open gateway for the internet of things - cpeterso
https://techcrunch.com/2018/02/06/mozilla-announces-an-open-framework-for-the-internet-of-things/
======
wiremine
I'm a fulltime IoT software consultant, and I wish we'd see more of these
initiatives. A few thoughts:

1\. The problem isn't the transport layer, it's the application layer. The
transport layer is mostly solved via MQTT, COAP, Thread, etc. Sure, we can
improve there, but the real problem is the application layer. So I applaud
Mozilla's attempt to bring something into this space.

2\. Bootstrapping this will require a substantial number of hardware vendors
to sign on, both at the edge and at the hub layers. IMHO this is why Google
Weave [1] never took off in it's original incarnation. Bootstrapping this like
they did with web stuff isn't enough, because this isn't the web.

3\. Devices are only part of the problem: We need a software services layer,
too. Think time services, IFTTT-like orchestrators, media services, etc.

4\. JSON is a non-starter long-term: it sucks for small devices. They need a
binary format that is easy to parse.

5\. Request-Response isn't the right pattern for most use cases.

6\. The Property/Action/Event concept is a solid start.

7\. For the love of everything holy, add versioning!

[1]
[http://internetofthingsagenda.techtarget.com/feature/Google-...](http://internetofthingsagenda.techtarget.com/feature/Google-
takes-on-IoT-with-Brillo-and-Weave)

Edit: Grammar.

~~~
carapace
In re #4:

> 4\. JSON is a non-starter long-term: it sucks for small devices. They need a
> binary format that is easy to parse.

ASN.1?

[https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One](https://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One)

> ASN.1 is similar in purpose and use to protocol buffers and Apache Thrift,
> which are also interface description languages for cross-platform data
> serialization. Like those languages, it has a schema (in ASN.1, called a
> "module"), and a set of encodings, typically type-length-value encodings.
> However, ASN.1, defined in 1984, predates them by many years. It also
> includes a wider variety of basic data types, some of which are obsolete,
> and has more options for extensibility. A single ASN.1 message can include
> data from multiple modules defined in multiple standards, even standards
> defined years apart.

~~~
jnwatson
Asn.1 is great, and I see a lot of folks relearning the hard-earned lessons of
it. The only problem is that there are no good open source implementations.

~~~
carapace
ASN1SCC?

from [https://essr.esa.int/project/asn1scc-asn-1-space-
certifiable...](https://essr.esa.int/project/asn1scc-asn-1-space-certifiable-
compiler) :

> ASN1SCC is an ASN.1 compiler that was developed for ESA to cover all data
> modelling needs of space applications.

> The compiler is targeting safe systems and generate either Spark/Ada or C
> code. Runtime library is minimalistic and open-source. The tool handles
> custom binary encoding layouts, is fully customizable through a code
> templating engine, generates ICDs and automatic test cases.

[https://github.com/ttsiodras/asn1scc](https://github.com/ttsiodras/asn1scc)

> This repository contains the complete source code and tests of the ASN1SCC
> compiler ; an ASN.1 compiler that targets C and Ada, while placing specific
> emphasis on embedded systems: no black-box run-time library, portable code
> able to run under any OS (embedded or otherwise), no dynamic memory used
> anywhere, etc.

See also blog post about it:
[https://ttsiodras.github.io/asn1.html](https://ttsiodras.github.io/asn1.html)

------
st3fan
People who dismiss this effort so quickly should actually spend a little time
to discover what is actually happening here. It is really disheartening to see
so many negative comments about Mozilla without any substantial deeper
comments about this specific project.

To me the big news here is not the gateway, it is the "Web Thing API" that you
can read at [https://iot.mozilla.org/wot/](https://iot.mozilla.org/wot/)

This is a W3C draft about something that is badly missing currently: a common
language that devices can speak.

"This document describes a common data model and API for the Web of Things.
The Web Thing Description provides a vocabulary for describing physical
devices connected to the World Wide Web in a machine readable format with a
default JSON encoding. The Web Thing REST API and Web Thing WebSocket API
allow a web client to access the properties of devices, request the execution
of actions and subscribe to events representing a change in state. "

This is meaningful work that can impact you in a big way. Don't dismiss it too
quickly.

~~~
TeMPOraL
Trying not to dismiss it, but IoT is, frankly, a total mess. Consider that:

\- It's mostly done by companies that use hardware as a delivery platform for
their cloud services, trying to vendor-lock you, in delusion that they'll be
The Next Platform. This results in an extremely user-hostile ecosystems.

\- Said companies develop IoT devices with little or no regard to security and
protection of user data.

\- The business strategy of tying everything into my butt means things are not
interoperable _by design_. I don't see much incentive for IoT vendors to
accept standard protocols that go against the core of their business.

\- Now W3C wants to tie IoT into the web. The web is a total clusterfuck.
JavaScript is not a language suited for this task, and _its ecosystem_ is
doubly not suited to working on this.

Maybe I'm just grumpy, old (by web standards; I'll be 30 this year) programmer
who desperately tries to turn an unstoppable tide. One who believes IoT should
stand for _Intranet_ of Things. I can believe this is "work that can impact me
in a big way". I'm not convinced this impact will be in any way positive.

~~~
pavel_lishin
> _The business strategy of tying everything into my butt_

Do you, by chance, have a browser extension that automatically modifies
instances of "the cloud" into "my butt"?

~~~
TeMPOraL
Indeed I have; it's for display only, but it tends to modify contents of text
boxes too, so I miss it sometimes when I _edit_ comments.

------
ghusbands
I imagine it will get cancelled, like Persona and Firefox OS did. The
interesting, large side projects seem to go that way.

~~~
rhinoceraptor
Maybe someday Firefox will finish implementing HTML5...

~~~
cptskippy
You do know it's a living standard and they offer as much support as anyone?

------
mcguire
The actual announcement, linked in the article:
[https://blog.mozilla.org/blog/2018/02/06/announcing-
project-...](https://blog.mozilla.org/blog/2018/02/06/announcing-project-
things-open-framework-connecting-devices-web/)

------
eggpy
Can't this already be accomplished via XMPP? The protocol already exists, you
just need to register devices to services. I know people don't love xmpp, but
it seems like this is already an open source gateway that can manage IOT. Why
do we need to create a "new open standard"?

[0] [https://xmpp.org/uses/internet-of-
things.html](https://xmpp.org/uses/internet-of-things.html)

~~~
throwawayfinal
People don't love XMPP for a lot of reasons. Some of those reasons apply to
IoT. Some reasons, like having to maintain state, are IoT specific.

Besides that, bandwidth and code complexity is a very real concern. MQTT, a
lightweight message passing protocol, has become the de facto default.

~~~
fmntf
So true. We switched to MQTT (abandoning websockets and other protocols) to
save (a lot of) network bandwidth.

~~~
ramzyo
Do you mean you were using MQTT over websockets before, and you've since moved
to pure MQTT (still over TCP), without websockets in between? Are you sure
websockets were the cause of your network bandwidth issues?

~~~
fmntf
I'm on a different team, AFAIK we where using simple JSON payloads on
websocket connections. Dropping websockets and switching to MQTT saved a lot
of bandwidth. I can ask for precise numbers or details if you wish.

~~~
solarkraft
I'm interested.

------
anfilt
IOT is pointless for a lot things. For some even a hazard.

I laugh to myself when some business people think their IOT widget is the best
thing ever. Then I tell them why it's freaking insane or stupid. They look at
me like I am a luddite. Thankfully, that is minority of my interactions. Still
there are enough of them that it's far from a non-existent issue.

Just connecting something to the internet does not make it better or you just
want to monetize with software activated features. A lot IOT devices provides
no additional value. A lot of times it decreases the objects value. It makes
vulnerable to hacking, and has more possible points of failure, and potential
more overhead for the end user to maintain it.

I am not saying all internet connected devices are a bad idea. I just see a
lot business people basically taking the latest hype Koolaid and mixing it
with existing things. Then they think it's the greatest idea since sliced
bread, and that everything will be connected to the the internet. It's one
thing to throw many things at the wall to see what sticks for some people that
is one way of discovering what works. However, I hate how pervasive some of
the IOT hype is getting. I was talking with someone the other day that
literally thought that any device that could not connect to the internet was
useless for today's society...

Any ways I am sick of hearing about IOT. The fact Mozzila is even trying to
get in on this madness is disheartening.

~~~
JoeAltmaier
I just worked on a pool-pump-controller IoT device. Its connected value was,
you could manage it without visiting the pool pit. Your service guy could
check on it without driving out to your house. And you could get push
notifications when something goes wrong.

Some things, especially automation-control things, benefit greatly from being
IoT.

~~~
elago
In theory I agree, but in my experience the 'IoT' bits are less reliable than
the underlying physical component that's being monitored.

What's more likely? A brushless motor fails, or my wifi password changes when
I replace my router, I move my router and its out of range for the pool pump,
the pool pump pushes out a bad update, the pool pump company goes out of
business, some IoT specific electrical component fails before the actual pump
fails, or something of that nature.

------
cryptos
I wonder why they don't use HTTP2 Server Push instead of Web Sockets. And I
wonder why they don't want to use MQTT.

Can you think of any good reasons?

~~~
benfrancis
HTTP2 server push isn't really designed for the kind of two way communication
needed in IoT use cases, it's mainly designed for web servers pushing CSS
files down to a web browser before they're requested.

MQTT isn't a web protocol and the goal here is to give things URLs on the web.
But I'm aware of some Web of Things implementations using MQTT over WebSockets
to benefit from the QoS features.

------
cdevs
Restful? I thought it was dead and graphql was the new silver bullet for
everything? On a serious note though this is seriously needed and I actually
like the start of this API I would mind curling a device and seeing how easy
it is to write 2 lines of code to email me if it dies without really having to
read documentation and this is the real intent of the idea behind rest,
discoverable network apis self documenting because they use links and http
standards so I don't have to go look up some companies specific error codes.

------
walterbell
_> It’s important to note that all of this runs on your own gateway in your
house. Google or Amazon can’t see when you turn on the light using your
voice._

Is the RPi gateway capable of local speech recognition that can compete with
Siri, Alexa, Google? That seems unlikely, unless it has a dedicated processor
for that purpose.

~~~
ocdtrekkie
I would guess not, but Mozilla will probably wrap this in with
[https://voice.mozilla.org/](https://voice.mozilla.org/) <\- that project at
some point.

Personally, I'm not one for using Pis as computers, because I have always
running computers at home anyways. I'm quite confident my computer can handle
adequate voice recognition, though most companies today have avoided
developing solutions that run locally.

~~~
weberc2
It's pretty nice that an RPi only consumes .35W though. :)

EDIT: Fixed typo

~~~
caf
You're out by an order of magnitude. 35W over a 5V USB power connection would
be an insane 7 amps.

~~~
IncRnd
It was off by two orders of magnitude, not one.

------
OrangeTux
Here a tutorial from Mozilla about setting up the gateway.

[https://hacks.mozilla.org/2018/02/how-to-build-your-own-
priv...](https://hacks.mozilla.org/2018/02/how-to-build-your-own-private-
smart-home-with-a-raspberry-pi-and-mozillas-things-gateway/)

------
aeroaks
How does this compare to Home Assistant project ([https://github.com/home-
assistant/home-assistant](https://github.com/home-assistant/home-assistant))

------
ausjke
Google leads me to [https://webofthings.org/](https://webofthings.org/) , "web
of things", seems related to Mozilla's Gateway mentioned here, i.e. use
http/www/internet to connect all IoT devices.

The web of things started in 2007, somehow it does not gain any traction, is
this gateway using the same conception:
[https://iot.mozilla.org/wot/](https://iot.mozilla.org/wot/)

Both are referring web-of-things and nodejs/json etc

------
peterwwillis
Have any of Mozilla's projects outside of Firefox actually survived for any
length of time? Thunderbird? Is Bugzilla still around? I can't think of
anything else.

~~~
fenwick67
Mozilla's MDN is the only reliable place (outside of the w3c documents
themselves) to get web documentation

~~~
philipwhiuk
MDN is rapidly becoming Mozilla's core product to me.

------
fimdomeio
What I keep failing to see is how does IOT improves anyone's life. It can
simplify peoples lives but does it improve? Mozilla could have an important
role, which I think is more important than standards. Right now I only see
this fad as let's sell some gadgets that will get us free data about millions
of people so they can get inside the house at the sound of their favorite
tune.

~~~
shinratdr
I think "improve" is a very subjective and lofty standard to hold these things
to. I think "simplify" is correct, and most people would see simplification as
an improvement.

There is definitely something magical about leaving your house and having your
lights shut off and your door lock automatically, then coming home after a
long day and having your door unlock and lights come back on.

It's not such a drastic improvement or change, but it feels like attention to
detail. IMO, reducing the number of things I have to think about on a daily
basis to live my life is an improvement.

~~~
Sir_Substance
>There is definitely something magical about leaving your house and having
your lights shut off and your door lock automatically, then coming home after
a long day and having your door unlock and lights come back on.

I can see how it would feel that way if one didn't know too much. Google home
devices were caught with their microphones stuck open constantly uploading
within weeks of release.

What makes you think you won't get a doorlock that gets stuck in an open/close
loop and just oscillates, allowing a burglar to just stick their shoulder
against the door and wait for the bolt to retract? Are you going to remember
to check after every firmware update? Are you even going to know if a firmware
update is issued?

Will it still be magical if you get declared a legacy customer[1] and your
door is programmed to unlock and stay unlocked? Will you even follow IoT news
close enough to be confident that this hasn't happened to you?

Myself, I'd prefer a door lock that locks only when locked, and unlocks only
when the correct key is inserted into it. I've /certainly/ seen one too many
crazy software errors to believe in a stove that has the ability to turn
itself on and off.

[1] [https://www.theinquirer.net/inquirer/news/2453441/revolv-
use...](https://www.theinquirer.net/inquirer/news/2453441/revolv-users-revolt-
as-googles-nest-bricks-smart-home-hub)

~~~
jacquesm
Denial of service attack potential is nice as well: pay $x or we won't unlock
your door. As long $x is somewhat lower than what it would cost to replace the
lock or fix the damage to the door you might have a buyer.

~~~
kps
_Back in the kitchen he fished in his various pockets for a dime, and, with
it, started up the coffeepot. Sniffing the-to him-very unusual smell, he again
consulted his watch, saw that fifteen minutes had passed; he therefore
vigorously strode to the apt door, turned the knob and pulled on the release
bolt._

 _The door refused to open. It said, “Five cents, please.”_

 _He searched his pockets. No more coins; nothing. “I 'll pay you tomorrow,”
he told the door. Again he tried the knob. Again it remained locked tight.
“What I pay you,” he informed it, “is in the nature of a gratuity; I don't
have to pay you.”_

 _“I think otherwise,” the door said. “Look in the purchase contract you
signed when you bought this conapt.”_

 _In his desk drawer he found the contract; since signing it he had found it
necessary to refer to the document many times. Sure enough; payment to his
door for opening and shutting constituted a mandatory fee. Not a tip._

 _“You discover I 'm right,” the door said. It sounded smug._

 _From the drawer beside the sink Joe Chip got a stainless steel knife; with
it he began systematically to unscrew the bolt assembly of his apt 's money-
gulping door._

 _“I 'll sue you,” the door said as the first screw fell out._

— from _Ubik_ , Philip K Dick, 1969

(Dick failed to foresee the convenient ability to have everything
automatically debited from your Alexoori account. That, and the annual applobe
variation so you can't unscrew your door with a knife.)

------
agit
Seems like OGC SensorThings API, but there are sections that are related to
events and actions. As far as I know, the creator of OGC SensorThings API
going to publish a second standard about the events also. Check it out
:[https://github.com/opengeospatial/sensorthings](https://github.com/opengeospatial/sensorthings)

------
feistypharit
Unfortunately, it doesn't say how it'll be secured. With everything in your
house, using normal https is still a problem.

~~~
ohazi
> using normal https is still a problem

Care to elaborate?

~~~
fmntf
I'm not sure what the original commenter meant; however TLS is useful only
when talking with your own server. What about other connections? NTP, DNS etc
are all unencrypted (read: unsigned). Google "DNS client CVE" for instance. Or
what about SSH? It may not be accessible from the Internet, but still
exploitable from an infected host in the LAN. Someone has to keep all that
software updated. In those conditions, I would never connect a RaspberryPI or
similar to my door / gate / car / ...

~~~
komali2
How is SSH exploited from an infected host within the LAN?

~~~
fmntf
If you connected an IoT device in the same network of an infected PC, the
infected PC can talk to the IoT device directly if you do not block traffic
somehow (eg. a firewall). Are there open ports with buggy services? Probably
not today, what about in ten years?

------
DyslexicAtheist
rather unrelated I have just seen this article on _Smart-Home Privacy_ , by
Gizmodo¹ which at the bottom reads:

 _" This story was produced with support from the Mozilla Foundation as part
of its mission to educate individuals about their security and privacy on the
internet."_

Considering the timing of both the announcement & Gizmodo piece, suddenly the
line "story was produced with support from the mozilla foundation" sounds just
like another ad. I wish Gizmodo / Mozilla would be clear of what Mozilla
contributed. Especially because Mozilla positions itself by accepting
donations.

¹ [https://gizmodo.com/the-house-that-spied-on-
me-1822429852?re...](https://gizmodo.com/the-house-that-spied-on-
me-1822429852?rev=1518027891546)

------
ausjke
So mozilla wants to part of the new "Web of Things".

[https://iot.mozilla.org/gateway/](https://iot.mozilla.org/gateway/)

[https://iot.mozilla.org/wot/](https://iot.mozilla.org/wot/)

------
ginko
I'd like JS to be as far away from my embedded devices as possible.

------
IgorPartola
In engineer speak, what will this let me do?

~~~
st3fan
The gateway is a proof of concept for the "Web Thing API"
[https://iot.mozilla.org/wot/](https://iot.mozilla.org/wot/) that will let you
chat with all the things in your home. It is an open alternative to the closed
HomeKit and Android Home ecosystems.

~~~
IgorPartola
Ok so for a typical IoT device I have the software on the device that talks to
some server/service on the Internet, and an app on my phone to control the
device. This replaces the server/service? What about the app? Does that mean I
can create my own devices and an Amazon Echo or Siri will eventually be able
to talk to it?

------
unboxed_type
Whats the business model behind that kind of activity?

------
mankash666
But IoT IS based on industry standards. Rest/Json are NOT the preferred way,
it's MQTT/AMQP. Interfacing with a company owned API like Siri/Google is
always going to be dictated by the said company. I don't see anything here
that Mozilla CAN influence

~~~
ianburrell
MQTT is messaging protocol. Is there standardized messages for controlling
devices?

Also, there can be different protocols for talking to devices and for talking
between computers, gateways, and services. Most home automation devices don't
speak Internet protocols and need a gateway as bridge and implement more
complicated controls. Devices need to worry about low power, bandwidth, and
limited processing power. Might be good idea for security if devices aren't
available on Internet routed protocols.

------
tylermadson
what does this mean?

