People who dismiss this effort so quickly should actually spend a little time to discover what is actually happening here. It is really disheartening to see so many negative comments about Mozilla without any substantial deeper comments about this specific project.
To me the big news here is not the gateway, it is the "Web Thing API" that you can read at https://iot.mozilla.org/wot/
This is a W3C draft about something that is badly missing currently: a common language that devices can speak.
"This document describes a common data model and API for the Web of Things. The Web Thing Description provides a vocabulary for describing physical devices connected to the World Wide Web in a machine readable format with a default JSON encoding. The Web Thing REST API and Web Thing WebSocket API allow a web client to access the properties of devices, request the execution of actions and subscribe to events representing a change in state. "
This is meaningful work that can impact you in a big way. Don't dismiss it too quickly.
Trying not to dismiss it, but IoT is, frankly, a total mess. Consider that:
- It's mostly done by companies that use hardware as a delivery platform for their cloud services, trying to vendor-lock you, in delusion that they'll be The Next Platform. This results in an extremely user-hostile ecosystems.
- Said companies develop IoT devices with little or no regard to security and protection of user data.
- The business strategy of tying everything into my butt means things are not interoperable by design. I don't see much incentive for IoT vendors to accept standard protocols that go against the core of their business.
- Now W3C wants to tie IoT into the web. The web is a total clusterfuck. JavaScript is not a language suited for this task, and its ecosystem is doubly not suited to working on this.
Maybe I'm just grumpy, old (by web standards; I'll be 30 this year) programmer who desperately tries to turn an unstoppable tide. One who believes IoT should stand for Intranet of Things. I can believe this is "work that can impact me in a big way". I'm not convinced this impact will be in any way positive.
> JavaScript is not a language suited for this task
I think the name of this technology may be leading to some confusion here. From a quick read-through of the API description (https://iot.mozilla.org/wot/), it doesn't seem to have anything to do with JavaScript except that there is a small amount of example code showing how to open a WebSocket. (But you can open a WebSocket from other languages, of course.)
This whole technology seems to center around using RESTful HTTP and WebSocket to discover and manipulate IoT devices. It doesn't seem to have anything to do with using a browser as the client. A more-accurate name might be "HTTP/WebSocket of Things", but that's a mouthful.
At any rate, the API document just describes using GET/PUT/POST and so on to do things like discover actions, read sensors, and actuate things.
If it doesn't have anything to do with browser as client then why would they choose a hobbled protocol like http or websockets? MQTT, AMQP are already standards for this and much better suited for nearly any task. They are more powerful, more efficient and simpler to use than http or websockets. And if you can't get past the firewall or proxy both of them will run over websockets anyway.
Isn't that the point of this? We've got AWS IoT, Artik, Xively, Google Cloud IoT.. I've looked at a few and they basically all do the same thing in a slightly different, incompatible way. If we get something that enough people agree is "the standard" then maybe you can define a single device schema and connect to any of those services interchangeably.
> I don't see much incentive for IoT vendors to accept standard protocols
But we see already this is not the case. Cloud providers give MySQL/ Postgres compatible storage, Docker deployments... Consider that customers are already faced with "do I want to tie my product to this cloud backend" when it could be "oh good Artik supports the ""IoT standard"" let's go." There's still tons of incentive to stick with one platform.
> Now W3C wants to tie IoT into the web. ... JavaScript is not a language suited for this task
Not sure what you mean about JavaScript, they use JSON to represent the schema, and WebSockets as the transport but presumably you could use a websocket library written in any language.
Personally I did hope to see MQTT bindings and/or weight thrown behind CoAP but maybe those will come along later.
I agree the Web is messed up today thanks to big tech doing whatever they feel to defend their empires. But they will overstep (enough examples from the past) and when they do it creates the right kind of pressure for alternatives. Don't have any delusions that the web standards you know today, just fell into place cause some old altruistic wise men sat together out of joblessness and came up with things that were good for the world. Things don't work like that. Good people don't come together to do jack until they are highly frustrated and under pressure.
I really agree that Mozilla/W3C can attempt to make a standard, but I highly doubt we'll see Google/Apple/MS devices support it.
It'd be nice if there was one standard, and you could buy devices that use your local server or phone home (but not both), but for all the reasons you stated, I don't see that happening. The average consumer just don't care enough.
When I first read the grandparent post, I thought it was a deliberate choice of words to denigrate "the cloud" but the fact that it's the accidental result of an overzealous browser extension in a thread talking about dysfunctional technologies makes this incredibly funny.
IoT is a total overkill, whether it's inter- or intranet of things. There are devices that are useful to connect to a local network, e.g. a printer/scanner, a security cam, but almost all other home devices are fine (actually better off) when they are dumb tools that work when you press the correct button.
The web is better of if we can somehow shake it off a bit, removing all the cruft we've accumulated and stopping making shit websites---and stop wars and cure hunger worldwide while at it, I know what I'm saying is pipe dreams. I'd be glad if Mozilla wouldn't implement this, and was a bit more opinionated in general. It sometimes stinks of yet another SV startup but in disguise of freedom fighters. I'm looking forward to nEXT browser, where at least I can presumably stop WebKit from doing silly things via some lisp here and there (I'll reach the good times where I run Emacs and nEXT on GuixSD, turtles all the way down!).
There is a big need for open API for internet of things. Currently, each company has proprietary protocol for talking to their gateways or service. Which means need to have separate app. Can integrate with IFTTT, Google Home, or Alexa, but those need integrations for each service.
Open API would allow the open source home automation systems like Home Assistant to have integrate with the services. Or make easier for Google Home and Alexa to control the open source systems. Or apps that control devices and gateways from different companies.
It takes more than two decades for browser implementers to recognize the need to follow specs as much as possible. The only way to replicate that without the two-decade mistake again would be a compelling toolsets available. Docker got people interested in containers, so Docker has the influence in driving the standard, although I am not really sure how many implementers will participate and willing to bend.
In general, the dominant one has to be willing to let go of its "pride" so others will "follow" to beat the dominant one. Otherwise everyone will be busy beating everyone and forget about consumers (which includes developers).
Make the standard open, make it work, build a high quality reference implementation and market the hell out of it.
As far as I can tell Mozilla is one of the only institutions with the resources and incentive to do all of this. I'm not altogether convinced they won't fuck it up though - the way they handled firefox OS was not encouraging. They might spend all of their time stroking their beards and deliberating over where to put the comma in their specs rather than getting their hands dirty with no-brand Chinese hardware manufacturers and figuring out all of the subtle problems that can arise building a network of devices and the not so obvious use cases.
If I were running mozilla I'd put the office for this venture in Shenzhen and make sure that the employees visit often and work closely with OEMs because if you keep these people away from actual manufacturers then the result is going to be pretty poor.
So, I just searched for "security" in that page you linked to and... not a single mention.
As I see it the problem with IoT isn't features, it's the absolutely abysmal security record. I mean, it's abysmal in home ADSL routers, what are expecting of companies just churning out one-off IoT things?
Maybe they should start out by mandating an update policy[1]? ... but then of course nobody would join, so what to do...?
[1] I'm not talking about a concrete schedule, just a documented human-readable policy of what their usual schedule would be (if any), and how severity levels work (for them), etc.
-------------------------------------
EDIT: HN won't let me post again "too soon", so here's my reply to "st3fan":
> Ok, what does this actually mandate and how many actual devices adhere to this standard? What is the motivation for any particular device manufacturer to adhere to this "standard"? (etc. I'm sure you can come up with your own questions.) Also, shouldn't this other standard at least be mentioned in the IoT standard and match the key word "security"? This whole IoT thing is an omnishambles.
You may be right, but you’ve said nothing to support your position.
Most of HN mistakenly assumes IoT == putting cameras and microphones on televisions with no security (eg, super stoopidity), when in fact IoT is a powerful way for businesses to monitor/diagnose/control remote devices (like jet engines, vending machines, stop lights,...)
But I don’t see what Mozilla has to do with that, nor why we need some kind of “gateway” or json spec when it’s just yet another internet device.
Yeah, that's when things work well. But soon someone finds a use-after-free in that code et voilà now he has full control[1] over the engine.
[1] OK, maybe not full control over the engine because that's not how it works, but it has full control over the embedded monitoring system, which is still pretty bad.
IoT means different devices connecting to internet and/or each other. A jet engine is part of a closed system, there is no need to use a standard protocol to communicate to it. You don't just pick one and plug into a multi-million-dollar plane. Vending machines need no special protocols to connect to other things, because why would they? And stop lights. These things may connect to some server or maybe each other, but no standard protocol is needed, if a traffic light isn't supposed to talk to a random device passing by (and it isn't supposed to).
Stop lights might want to have some 1-n beacon protocol available for automated cars, and vending machines likewise might want a way to expose what's currently in stock and allow sufficient verbs to pay by a phone app.
These don't necessarily need to be the same system, only one might need interactivity, but there's certainly a case to be made that both devices could reasonably want to communicate with passers-by.
The traffic lights communicating with vehicles automated or not is sinister. That would get attacked ASAP, DoS or otherwise, and crashes would happen. A vending machine provides a keyboard interface for making selections. You can integrate NFC to it and require the payment in between the selection and dispensing. Allowing automated connections to public devices is not a useful idea.
Right so, we agree, special protocols and json specs for "IoT" don't make any sense, since the last thing we need in our home is every product we buy transmitting on the internet.
A gateway to block all those devices, that could be useful.
> It is really disheartening to see so many negative comments about Mozilla without any substantial deeper comments about this specific project.
Mozilla has a) no track record of doing small embedded systems b) a very negative track record of failed projects, so it very much makes sense to be very skeptical.
To me the big news here is not the gateway, it is the "Web Thing API" that you can read at https://iot.mozilla.org/wot/
This is a W3C draft about something that is badly missing currently: a common language that devices can speak.
"This document describes a common data model and API for the Web of Things. The Web Thing Description provides a vocabulary for describing physical devices connected to the World Wide Web in a machine readable format with a default JSON encoding. The Web Thing REST API and Web Thing WebSocket API allow a web client to access the properties of devices, request the execution of actions and subscribe to events representing a change in state. "
This is meaningful work that can impact you in a big way. Don't dismiss it too quickly.