
COAP endpoints on IKEA Trådfri - jgrahamc
https://bitsex.net/software/2017/coap-endpoints-on-ikea-tradfri/
======
johnlbevan2
For those unfamiliar with CoAP, it's a REST based protocol for machine-to-
machine communication targeted at IoT (Internet of Things) scenarios
particularly in Home Automation.

NB: Unlike REST though, URLS begin COAP:// instead of HTTP:// or HTTPS://.

This site gives a good overview: [https://www.slideshare.net/jvermillard/co-
ap](https://www.slideshare.net/jvermillard/co-ap) Whilst this gives a lot more
info: [http://coap.technology/](http://coap.technology/)

~~~
mstade
Also, the RFC is quite a nice read:
[https://tools.ietf.org/html/rfc7252](https://tools.ietf.org/html/rfc7252)

I particularly like the introduction, which succinctly explains the value in
realizing a subset of REST common with HTTP, while not just blindly trying to
make a compressed version of HTTP. The end result is a protocol which is quite
easy to map to each other, not just in terms of implementation but also in
terms of mindset. Being familiar with HTTP means you won't feel completely
lost in trying to learn CoAP, which is pretty cool.

~~~
MrBuddyCasino
This is great. Thanks for the link! Its well written and shows great clarity
of thought. The practical considerations are always mentioned, and they
thought of everything, even ddos amplification attacks. A thing of beauty.

------
draugadrotten
There's open source work being done on these lights in the (totally awesome)
home assistant community
[https://www.reddit.com/r/homeassistant/comments/61zuao/ikea_...](https://www.reddit.com/r/homeassistant/comments/61zuao/ikea_tr%C3%A5dfri_lights_on_home_assistant_pi/)
and preliminary support is at [https://github.com/home-assistant/home-
assistant/pull/6263](https://github.com/home-assistant/home-
assistant/pull/6263) The lights use ZLL,
[https://www.letscontrolit.com/forum/viewtopic.php?f=10&t=219...](https://www.letscontrolit.com/forum/viewtopic.php?f=10&t=2197)

~~~
vishbar
If Tradfri bulbs use ZLL, is it theoretically possible to connect Tradfri
bulbs to an existing Hue network?

~~~
draugadrotten
Yes, some people have done it:
[https://www.youtube.com/watch?v=jcBp3wamIU0](https://www.youtube.com/watch?v=jcBp3wamIU0)

However Philips appear to be modifying Hue software to prevent it. Cloud lock-
in.
[https://developers.meethue.com/comment/2337#comment-2337](https://developers.meethue.com/comment/2337#comment-2337)

~~~
deanclatworthy
According to Phillips [1] it is IKEA not implementing the standard as they
expect it to be implemented. That said, it's hard to say who is right here.
Either way, consumers are losing out.

As a side note, IKEA's brightest bulb is 1000lm which is much brighter than
the brightest Hue bulb, and it's cheaper :) I can perhaps see why Phillips
would not go out their way to resolve this issue.

[1]
[https://developers.meethue.com/comment/2686#comment-2686](https://developers.meethue.com/comment/2686#comment-2686)

Edit: fixed typo of watts vs lumen :)

~~~
fnord123
"IKEA's brightest bulb is 1000W"

1000 Lumen. 1000 Watt bulbs exist for grow lights but IKEA doesn't make them
that thirsty.

------
pdpi
Second article in a short while that praises Ikea's implementation. In the
face of the security disaster that IoT devices usually represent, I'm somewhat
dumbfounded by the idea that it would be Ikea, of all companies, to break the
mould.

~~~
jmedwards
I think Apple's HomeKit deserves a mention here.

~~~
lawik
It does? I honestly haven't heard much about HomeKit from a security
perspective, so I guess it is either not used or working out well so far :)

Has it been generally well received security-wise then?

~~~
IshKebab
It's probably the most secure, but that's because they cheat and require a
secure element in all products with a pre-shared key.

Not a good solution in general.

~~~
lawik
You mean that HomeKit-compatible products all need to include some kind of
HomeKit-chip with a pre-shared key or something? I'm completely unfamiliar and
a quick search on homekit and pre-shared key didn't make me wiser :)

~~~
joezydeco
You don't even get to know what's inside HomeKit until you're an MFI-certified
developer with Apple. And yes, there's a chip involved (again, which you can't
even touch until you're an MFI licensee). The chip handles all the security
protocols involved.

[https://mfi.apple.com/MFiWeb/getFAQ.action](https://mfi.apple.com/MFiWeb/getFAQ.action)

~~~
lawik
That doesn't sound in line with my preferences but quite Apple. So maybe high
quality (hard to say?) but quite proprietary.

Makes me curious about how that homebridge node thing makes it work.

~~~
joezydeco
Well, it's pretty simple. If you want into Apple's ecosystem, you follow their
rules. They've hardware-locked many other external things (dongles, charging
cables, etc).

Cynics will say it's a money grab, proponents will say it greatly reduces or
eliminates the risk of buying something that will not work right. Apple sells
itself on the ability of their things working right out of the box.

~~~
Chaebixi
> proponents will say it greatly reduces or eliminates the risk of buying
> something that will not work right.

IIRC, it's been shown that a massive percentage of the Apple chargers for sale
on Amazon are difficult to spot counterfeits. Some of those use dangerous
electronic designs.

~~~
joezydeco
Yeah, unfortunately Apple can't stop everyone from making bad 5VDC bricks with
USB sockets. Perhaps the "approved" cables have some kind of overvoltage
protection in them, but otherwise that's always been a weak point.

------
mabbo
For reference, Tradfri is an IoT lighting kit:

[http://m.ikea.com/us/en/catalog/products/art/90353361/](http://m.ikea.com/us/en/catalog/products/art/90353361/)

~~~
lawik
I got the impression from an earlier article that it is completely without
Internet though. So more LAN of Things?

~~~
awalton
That's the real problem with most of the "Internet of Things" products - they
really shouldn't have skipped the "Network of Things" step. So many of the
problems with these products could have been reasonably and properly shaken
down and out... but instead all of the companies decided to unnecessarily
bridge their products with the cloud and hastily rush to the market.

~~~
TorKlingberg
The problem is that with mobile and all the NAT firewalls in use today, going
to a cloud service and back is easiest way to connect any two devices.

~~~
cr0sh
Security aspects aside, that's fine - what isn't is the inability to run that
external server yourself.

Imagine if instead of using "proprietary cloud xyz" for a particular IoT
product, you could spin up a cloud server or container up somewhere and
install it yourself - and as long as you pay for the server, you have access.

Let the consumer decide based on their "expertise" level what option they want
to use - but the option should be there, and included in some form with the
product itself (maybe on an sd card or something), so that they could at least
transition to that should the company go out of business. Ideally, the system
would be open source as well, so it could be expanded.

------
arielweisberg
I bought some of these this weekend. The big perk? You don't need to use them
as IoT devices at all. Hold one button to pair with a remote and you are done.

Unlike say the very expensive power mattress base (bad Ergotron) I bought
which has sleep tracking that will only work if I reveal all my health data on
my phone to their app. This includes data not collected by the mattress. It
also requires you give your wifi password. They explicitly tell you they are
going to sync it all to their cloud.

They basically demand the keys to the kingdom when all they should need is
some basic bluetooth syncing to my phone. Obviously I did not move forward
with the sleep tracking functionality.

------
bgentry
There seems to be conflicting info on whether the lights themselves support
ZigBee Light Link (ZLL) or only ZigBee HA. Has anybody tested this?

Also I'm curious if they're still ZigBee 2 or if they're ZigBee 3.0, which
essentially merges those standards together.

------
avocade
IOT, how long until the Homebridge plugin is posted?
[https://github.com/nfarina/homebridge](https://github.com/nfarina/homebridge)

~~~
avocade
[https://github.com/stenehall/homebridge-
ikea](https://github.com/stenehall/homebridge-ikea)

------
_pmf_
COAP is so much nicer than MQTT. MQTT is consultant-driven over-engineering
and under delivery par excellence.

~~~
floatboth
I use CoAP in my small DIY projects (ESP8266 mostly for now)… but sometimes I
wish I used MQTT, because with the broker model you can put your device in
deep sleep and only wake up occasionally, saving power. On the other hand the
REST server model lets me adjust polling frequency on the client side, without
storing any config in the device…

~~~
maguirre
Is there anything about CoAP prevents a deep sleep? I use CoAP for work your
comment left me confused

~~~
floatboth
Well… the device being a server instead of a client :D

I mean you could make it a client, sure, but I think that kinda defeats the
point.

------
rnhmjoj
I had no idea .well-known was a standard (RFC 5785). Strange choice of name
for a site metadata location.

~~~
chriswarbo
It's to prevent a proliferation of things like /favicon.ico, /robots.txt, etc.
each of which may actually be dynamically generated (e.g. think of subdomains
like someguy.tumblr.com ), and therefore requires separate handling in
firewalls, routing, etc. Basically many of the same problems you might
encounter with librarys whose API is a bunch of globals; or a shell script
which takes in options from hardcoded file paths rather than commandline flags
or env vars.

The ".well-known" path makes this easier to manage going forward, since you
can single it out for special handling _once_ , and implement the contents
however you like (statically, dynamically, whatever).

~~~
mstade
Not to mention that there's also an IANA registry for these URLs, so things
can be a little less ad-hoc: [https://www.iana.org/assignments/well-known-
uris/well-known-...](https://www.iana.org/assignments/well-known-uris/well-
known-uris.xml)

------
avocade
Good to see. Investing time in any IKEA infrastructure is probably a high-
factor value return.

