Hacker News new | comments | ask | show | jobs | submit login
Reports from Nest Secure customers who are unable to arm/disarm or lock/unlock (twitter.com)
152 points by RobAley 8 months ago | hide | past | web | favorite | 137 comments

This is what the future will bring more of - not some all powerful AI - just a bunch of crap that didn't need to be tethered to the cloud that suddenly stops working without much explanation, as the Deal With It dog laughs and dons his sunglasses.

Edit: typo

Soon you will be able to tell which coffee machine your coworkers own by observing which days they are grumpy after missing their coffee due to brand specific server outages.

Or was it that they just couldn't get their Ion to dispense the water they needed to brew?


Their Nest cams got hacked and they ended up on suspicious websites doing suspicious things, oh wait, someone covered that already.

Differential crypto-diagnostics

Just wait until you are at Taco Bell, and you can't wipe the Cool Ranch Doritos Taco shell dust off your fingers because the Dixie servers are down. Yes, this is real.


EDIT! fixed URL: https://imgur.com/f5evsOe

Driving the point home by posting a URL that returns 404?

Fixed in edit?

Thank you, I was copying from the Imgur app on my phone and it kept giving me bad URLs.

What the frack? It shows up on my phone. I'm on mobile but Will fix it when I'm back in front of my desktop. It's just a stupid 8 second clip of a napkin dispenser, but now I am determined to share it with all you fine folk.

Still 404s for me.

Still broken

Nope, still 404.

Works for me - link shows some form of electronic napkin dispenser.

Your link 404s.

Nest Products are not dependent on the cloud to function locally. The smoke detector, thermostat, locks, and security systems still function without an internet connect.

That being said, without the internet you do lose functions that obviously rely on the cloud like using your phone to adjust your thermostat, phone alerts that your house is burning down, unlocking your door from your phone, or disabling your alarm from your phone.

Do those features need a cloud connection if I am on my own wifi?


I'm split about if that's good or bad though. If they functioned without the cloud then the App would need to determine if it were on the local network or remote before attempting to initiate communication. There would probably also need to be an extra layer of host and client authentication.

The way the Thermostat and Smoke detector appear to work is by polling a remote service periodically for commands. This permits them to go into a sleep and preserve battery.

You could remove the cloud dependence by introducing a local hub that they could talk to instead which would permit the devices to remain unchanged but would introduce the added support complexity of a new device.

Alternatively you could have the devices remain awake listening for incoming client requests in addition to polling the cloud but that would be detrimental to their battery life.

The lease complex and most efficient way route is having the devices connect to the cloud.

It’s so silly, too. I played around with a Dropcam (I think that’s Nest now), and the fact that it uploads all the video data from my LAN over the internet to their server, only to immediately download it back to my same LAN for viewing is beyond ridiculous. It is a device that should work entirely unplugged from the internet, but here we are...

I get that the internet is used for controlling the device remotely, but those of us that don’t need that feature still have to pay the price of bandwidth waste and round trip latency. Mind bogglingly bad design.

> the fact that it uploads all the video data from my LAN over the internet to their server, only to immediately download it back to my same LAN for viewing is beyond ridiculous.

So you think the primary use case of a dropcam is for local live stream viewing? I would argue that's a boundary case at best.

I think there are pros and cons to both local and remote storage.

Streaming to the cloud is a much simpler solution. The device doesn't need local storage. The device doesn't need to run as a host to serve up streaming video to multiple clients. By removing storage and reducing processor needs and software complexity, you can make a much simpler and more reliable product.

By keeping storage remote, you're better preserving evidence from tampering or destruction.

The devices didn't stop working, just the remote control features. You could still walk over to your thermostat/lock and press it's buttons. I'm not sure if there is a remote control infrastructure that doesn't use "the cloud" that is feasible for consumer products.

If you get a smart lock, then you expect it to be reliable. What’s the point if you still need to carry your key around or sneak into your own home from time to time?

The two things are not mutually exclusive. Indeed, as Nest connections broke last night, Google collected, analyzed, and used more information than ever before in its quest to learn and know everything and keep it all organized.

True. Maybe AI destroys humanity via constant trolling.

That's apparently how humanity is going to destroy humanity.

If we're going down, we might as well have fun doing it no?

There's a Nest system in the house I rent in. It didn't work from phone/web, so I just walked over to the actual thermostat on the wall, and it worked just fine.

AFAIK from reading the Twitters last night, you could still punch the numbers into your home locks and get inside. So the things just took us back a few years in terms of smart phone access, but the core device still works.

Smart devices need dumb backups. It's perhaps fortunate for Nest customers that Nest knows that.

So far, the "smart" (read: network connected/controllable) devices I've owned have all had fallback options. I used to have a Nest at my old place but I left it when we sold (didn't feel like replacing it and couldn't find the old thermostat). If it somehow lost connectivity, it still functioned as a thermostat, albeit one with more potential for a software crash or firmware brick. Neither ever happened in the few years I had it.

With Hue bulbs, if you can't control them due to not having your phone handy or LAN issues, you can always just flip the lightswitch off and back on to get them back at "normal" brightness and color. Again, it's not something that I run into often but if someone else is visiting and doesn't care if the lights are dimmed blue or whatever for movie watching, they can still use the lights as normal lights.

Got a window AC in a small room that I can control via LAN but again, it still has a regular remote and buttons on the front if that fails or I want to disable it.

The only things I typically run across in the consumer space that don't work this way are IP security cameras that depend on remote servers in order to work. The ones that won't just send an h.264 or MJPG stream over the LAN are forever off my list for this reason (as well as a dislike of recurring bills). But I at least understand why many people don't want to set up a NAS or spare computer running software to receive the feeds over their LAN so I get why they exist. I just don't particularly like them. I'll stick to IP cams on a separate local network that I can access remotely via VPN into my home network. If nothing else, I don't have to depend on anyone else's service and I don't need to expose some backdoor-ridden device to the WAN.

Why would they depend on the internet to allow you to control a device at your home? NFC? Bluetooth? Wifi? Ignoring the obvious security problems of these devices being internet-connected, it's just a crap design from a usability standpoint. (where "usability" includes "can use it when the internet goes out")

My understanding from other posters, though, is that the devices did NOT require internet access to control them, e.g. you could walk over to the Nest thermostat to change the temp, or key in a Nest lock code to unlock it. So, for a few hours, seems like the devices just turned into "dumb" devices instead of "smart" ones. Doesn't seem as drastic a loss of functionality as is being presented here.

The comment you are responding to though is asking why some of the non-physical-yet-local protocols aren't leveraged but instead you have to go all the way back out to the internet and back to do something local. Why don't these products use LAN or other local, non-cloud options? That you can physically control it doesn't answer the question.

For starters you don't have to worry about AP isolation & inconsistent router configurations. It also drastically simplifies the user enrolment/validation process and makes the UX of that far more consistent. It also might mean it's a lot more difficult to take over a Nest remotely if it's pinned to only communicate with Nest servers. Finally, the C&C protocols can evolve in the current model more easily as it's all server-side; the mobile & web apps just need to communicate via simple REST APIs. This drastically simplifies the maintenance of these codebases & speeds up how quickly they can address any security vulnerabilities.

These choices Nest has made simplifies the SW stack, UX & provides for better security at the cost of mandating a physical fallback rather than a LAN fallback. You may see things differently but that doesn't mean these aren't valid engineering tradeoffs.

> These choices Nest has made simplifies the SW stack, UX & provides for better security at the cost of mandating a physical fallback rather than a LAN fallback. You may see things differently but that doesn't mean these aren't valid engineering tradeoffs.

Well it sounds like tradeoffs that make the engineer's life easier.

Maybe they should actually tackle the harder challenge of getting their supposedly smart devices to work in a heterogenous networking environment.

That would be a real innovation.

Easier engineering life = cheaper maintenance = lower product cost = more $$ for consumer. Similarly, easier engineering life = less time spent on maintenance = more time spent on customer features.

I'm also unclear why you are claiming the only gains are in maintenance. Security is a real end-user benefit & having devices not allow arbitrary incoming network connections is a security choice. Similarly, arbitrating everything through the web results in a simpler, more reliable, enrolment process & makes it easy to add customer features like family control more easily, securely & reliably. These are all customer-facing advantages.

2 hours out of a year is still 3, almost 4, 9s of uptime. That's probably better than your home network/ISP.

I get it. You personally would prefer they traded off for supporting direct connection to your phone. However, that doesn't invalidate that there are legitimate engineering reasons someone might choose other tradeoffs.

I get your point, too, but will challenge the assumption that things need to be insecure in order to operate on an isolated LAN. It's a myth. TLS works just fine if you provision the peers with certificates. Not global TLS certs, just ones you generate for the LAN. There are other ways to do security if TLS is not what you're looking for. The problem is these options aren't easily accessible to developers so the path of least resistance is to use internet security.

I think you just answered your own question. The generation & management of these TLS certificates presents a giant challenge you're papering over. There's probably technical solutions to make it pretty seamless but now in addition to the cloud you have a completely alternate control path you have to maintain, secure & keep updating. Additionally, some of the solutions to managing an isolated LAN with a decent UX might entail a cloud component anyway (to manage the TLS certificates).

I could totally understand why the Nest team wouldn't view it as a compelling product requirement. You need the cloud anyway because people regularly control the thermostat outside their home (e.g. to pre-warm/pre-cool when they're heading home). It's all the same infrastructure that's leveraged to run products beyond the thermostat (doorbell, security) that also have a compelling remote use-case. The isolated LAN approach could still require a cloud component for managing access. The C&C UX could become quite confusing trying to support both isolated LAN & cloud. If the cloud part fails you're no worse off than if you had a non-smart thermometer/doorbell with a good UX.

Now you could obviously have remote abilities without the cloud but the UX story becomes even trickier because you need to figure out how to rendezvous & punch through a wide variety of firewall configurations. These are all things technical users could solve given the appropriate settings exposed (eg. dynamic DNS) but it's totally unnecessary for the less technically minded users Nest is targeting (or even technical-minded users who don't want to care about managing every single smart device on their network).

Wouldn't really be innovation, it would just be doing the bare minimum required.

The only reason these "smart" devices can exist is because the market hasn't matured and customers don't know any better.

I may be in the minority, but I won't buy remote control devices that require access to the internet. I am not trying to control my devices outside of my house unless I take the intranet iface and expose it myself.

A bit off topic, but I am hoping one day the always-on in-home server takes off for the average user so that my ability to expose my in-home server to the public internet is no longer a minority skill.

> Why don't these products use LAN or other local, non-cloud options?

For the equivalent effort to implement, most customer's revealed preferences are for new/better features rather than robust local intelligence.

This kind of event just doesn't happen very often.

> This kind of event just doesn't happen very often.

While it may not happen very often, I wonder how many customers (like me) they lose because the customers do not want their devices to even have internet access but still want local remote control (and are willing to sacrifice non-local remote control).

The answer is going to be "very few." Perhaps enough that a competitor has room to gain some share, but the average user, even for a product like Nest? Nah.

I'd imagine it's so you can check on them or adjust them from outside your home network. If you're leaving town for a week and forgot to switch off the air conditioning, you don't need to run back home when you're halfway to the airport.

I guess ideally they would utilize a more localized protocol when you're nearby and then fall back to control->remote server->device when you're not.

It'd be interesting to do a study of how many device outages can be fundamentally attributed to the 32-bit IP space. :-)

(In case it's not clear, many of the reasons devices use cloud rendezvous have to do with NATs and firewalls and the difficulty of doing direct node-to-node communication in today's very fragmented Internet. Not all - some are security and complexity.)

Sounds exactly like your TV's remote control no longer working.

Essentially yes, except my TV can't be controlled without the remote. It's more like your car's unlock button doesn't work, but you still have the key.

A big advantage of HomeKit is that it works locally and mandates security in the ecosystem.

Yeah as I’ve researched smart home stuff I’ve become more and more impressed with HomeKit. The HomeKit devices talk to iOS devices over the LAN and then an Apple TV acts as the “bridge” that lets you control your house over the internet. It sucks you have to buy an Apple TV to do it but I’m more comfortable having my thermostats, light switches, etc. all connect to the internet through a single (and reliably updated) device vs. relying on individual manufactures to secure their devices.

Perhaps the functionality of from-anywhere control led them to make internet the only available connectivity. If you assume the service and connection will be always available, why put multiple receivers on the device? Seems the problem here was in the assumption.

Bad design. It should only depend on local net, and then raise an interface to outside world as needed.

Reduced complexity and higher reliability.

Instead of your apps having to detect if they're local or remote to the device and then implementing a different protocol based on locality, they instead just always call out to a cloud based location.

They don't have to devote resources to maintaining 2 APIs for every product and can instead focus on reliability and robustness of the one interface.

> it's just a crap design from a usability standpoint.

I would argue the opposite. By having to support both cloud and local communication, you're introducing complexity and the possibility that APIs could diverge in functionality and reliability.

While it would not be technologically difficult to design most products to not require 'cloud' connectivity to provide full functionality, it would cut the companies out of data collection and they don't want that. How else will Google decide that saving the planet by manipulating everyones Nest to lie about the temperature its actually set at by a degree or two is too irresistable to pass up? One degree for an hour over 100 million people... just imagine the scale of CO2 emissions reduced, power consumption reduced, etc. Honestly surprised it hasn't happened yet.

Could they create a way to host a service at your home for direct connect from the app so connectivity doesn’t rely on a cloud service? Sure. Most consumers don’t care though. I certainly don’t care. This is the first major Nest outage I can remember. It would take continued intermittent outages for me to re-evaluate my Nest devices at my homes.

Either a cloud app is going to go out, or my home internet is going to go out. I don’t expect 100% uptime because I’m realistic, and expecting non-cloud infra devices with no time commitment is a pipe dream.

I had the impression that this capability was a hard requirement for HomeKit support. Go Apple.

... or batteries run out. That's happened twice for me with when I'm only using a smart lock occasionally.

Not an issue with smart thermostats, their batteries are constantly charged through the wiring.

Plus, if your batteries run out, then you wouldn't be able to change the temperature anyway. You have far bigger problems than the device being online only.

>Could they create a way to host a service at your home for direct connect from the app so connectivity doesn’t rely on a cloud service?

I believe that's how Apple does it. The local host device is either an AppleTV, or an iPad.

How do you feel knowing that you are being watched?

Unphased. I only have thermostats and smoke detectors.

Great data for getting your insurance rates raised.

All it takes is for Snake Farm to pay to find out how many times your smoke detector goes off. Or even if it doesn't fully go off, how often it senses anything.

With your thermostat data, it's possible to build a profile of when you're home and away. Hmmm... he seems to work an overnight shift. Better jack up his premium!

If companies do start charging different amounts based on smart device data, it will most likely be discounts from an increased premium (which you wouldn't get without smart devices) rather than increases in fees due to usage behavior.

So in your case, better buy that smart device.

>If companies do start charging different amounts based on smart device data

Companies already do: https://www.progressive.com/auto/discounts/snapshot/

In this case, Progressive gives you a discount in exchange for monitoring you.

But I've seen articles where other insurance companies (often in the UK for some reason) raise rates for things as seemingly innocuous as posting the wrong thing, or being "friends" with the wrong people on social media.

This is a public policy issue, not a technical issue.

I guess you couldn't continuously support and update (terrorize?) people's smart stuff otherwise. It's not like open source, where you build it and are responsible when it breaks.

I think you can figure this out. Not about design, about determining demand/profit, data collection, and control.

But then how is Google going to collect and monetize your data - after you've already purchased its product?

i suspect it's because nest is a bit of a (niche) data play.

i don't necessarily care that much about that, but i do want such a product to work perfectly fine whether there's a connection to their servers or not.

I think it's the "most reliable" way to get them to work. When you have a centralized server, both devices know exactly how to connect to the centralized server and communicate through it.

Local connectivity seems to present all sort of silly issues that make the user experience a bit inconsistent. Heck, look at Chromecast, it works great about 90-95% of the time. That 5-10% of the time it doesn't work, it becomes a complete pain.

Please let me quote from Mostly Harmless by Douglas Adams:

The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair.

Title is a bit misleading, as the devices evidently didn’t stop working via physical controls.

That said, were they... really not monitoring their service?

Sometimes monitoring fails too.

Who monitors the monitors?

yeh but made you click :)

On behalf of everybody who had entirely too much fun during internet of shit talks at the ten or so last congresses:

If only somebody told us that would happen!

SmartDevices are inherently fragile due orders of magnitude more points of failure. Instead of "Smart" functionality being optional it (due commercial interest) becomes core control circuitry on which the functionality depends.

An example(hypothethical) SmartFishtank which dispenses food to fish with pre-programmed schedules and monitors/adjust water temperature. Its connected to internet and can be monitored remotely. Users can even upload new feeding schedules. What happens if its hacked? Fish can be boiled, starved or overfed because SmartFishTank has control over the whole device.

In another corner there is a electronic fish tank with mechanical feeder that is set to one of 3 feeding modes. The fish tank monitors temperature and acidity, but cannot adjust it and only send a audible alarm or a SMS message. However whatever happens to the electronic components, they cannot harm the fish inside because its purpose is to just receive data.

You'd think if you could trust anyone with uptime of the most important IOT stuff(locks, thermostat etc) , it would be Google. Yet here we are, smh!

I like automating or wiring up my home with connected devices, this outage is making me thing twice.

Why not do it yourself over the LAN? Seriously, I dont see any point in having home data get sent to some scummy third party.

I have a few of these "smart" devices in my home, and they are assigned to an IP block that has absolutely no internet access. They have to be controlled internally, and are not allowed to phone home.

One of my next projects will be an open-source Alexa-like that runs completely in the LAN (unless you specifically ask for things like the weather).

This already exists to some extent: https://mycroft.ai/

Nest hasn't been that impressive to me, but they're better than a lot of other home automation/security providers, including the one who completely mishandled a security disclosure I made a couple of months ago. The issue was remedied, but it was very unprofessional, and I didn't bother doing digging deep. I am certain there are many other simple security issues with that platform, just waiting for someone to decide that they want to play a game with $IMPORTANT_PERSON_X's home locks.

It's definitely wise to think twice before making your home's basic functionality, like allowing the owner to unlock doors, depend on systems that require an internet connection.

Will you share the bad company so I can avoid it?

While I'd like to, since I haven't gotten into the nitty-gritty, I don't want to name and shame based on presumptions, even if I have an isolated data point that supports them.

I would just say to be careful whose devices you use. Do your research and understand that you're implicating not just your privacy, but your physical security, when you put remotely-controllable locks, blinds, etc., in your home. That's a position of high trust, and most home automation providers (possibly including Nest, but they're by no means the worst) aren't worthy of it.

I get the feeling we have pointless products more often than not these days. All these advances, just to create a speaker that listens to you and helps you shop. And now this, there is going to be a whole lot more e-waste in the coming years because of manufacturer antics like this.

Yikes. I would definitely be re-thinking my home security if I normally use my locks remotely and I was suddenly unable to.

A house burglar could effectively use these tweets as push notifications telling them to go rob some smart™ homes in their local rich neighborhoods.

They just can't use the app to control it. The physical lock still works, so they just have to use the key.

For a night it turned into a regular lock.

I'm just imagining the case where someone has gotten very used to using the smart lock in a way where they lock it remotely. I guess that could be blamed on the user, but it's definitely not going to encourage them to buy any more Nest products.

Yeah one could imagine the house locking itself when a car drives away.

There isn't ifttt for Nest Secure yet, but it does integrate with Nest Cam and nest Thermostat.

My workplace was across the street from my house though so I had trouble with the GPS stuff on ifttt when I tried it a few years ago. Bah.

You weren't driving across the street, were you? b^)

I was considering getting some of these devices but things like this scare the fuck out of me. Let alone if Nest goes away you end up with some useless bricks. Any suggestions for self hosted smart locks?

Coming from an infosec background and having touched on physical security, just don't use a smart lock:

- Best case, even with a responsible implementation, you're introducing more variables than are necessary into a supposedly secure system. If one of your dependencies fucks up, your lock is exploitable.

- Worst case, you have a typical IoT device, where the "S" stands for "security."

- In _either_ case, you're likely still going to include a physical lock mechanism for keys as a backup -- so you're basically just increasing the attack surface (significantly, I should add) by doing this.

Smart locks are currently high-risk appliances, and I'm fairly confident that most others with a security background will agree with me on that.

Agree entirely.

Look at the Brinks CompuSafe hack in 2015. Anything which increases the attack surface of a device reduces the security. In that case, a USB port.

And that wasn't even made by the lowest bidding startup.

But bad security that people will actually use is always going to be better than good security that they won't.

I know people that don't lock their doors because they don't want to deal with keys, or they forget to lock their doors all the time, or leave a key under a rock in front of their house.

For them, even a fairly insecure "smartlock" will be an improvement if it means they will actually use it.

You can’t fix idiots. We already know that.

It's that kind of thinking that makes bad security.

Time and time again it's been shown that if you design systems that are hard to correctly secure or make significant compromises in the name of "security", they end up being insecure because people just won't use them or will actively seek ways around them.

You can't just handwave away issues like usability and pretend that you've designed the "perfect" system or something.

If you design a good/secure keypad lock but it doesn't give people an easy way to let their family member in the house when they are away, they are just going to give out the code, leading to less security overall. If you design a secure keypad lock without a tumbler, the first time the batteries die and the user is locked out of their house they are going to replace it with something that won't lock them out.

Usability needs to be a core aspect of secure engineering. And oftentimes a "technically less secure" option is better, because it's actually usable by normal people in most cases.

A 5-point harness is safer than your average seatbelt, but we don't use them because forcing every car to have a 5-point harness would just end up with fewer people using them.

I think you are right but introducing a new paradigm (usually smart) over a standard operating model is a mistake.

These are all problems we have solved for years before without the technology so there are established ways of handling the situations. Adding complexity and a different way of doing things actually makes it harder and riskier.

Coordinating how to use a smart lock between two people is harder than it looks.

I've had a remotely operatable "smart Lock" for the last 5+ years, and at no point did it ever make things worse or harder.

On many occasions I was able to get a call from a family member to let them in, and there were many hundreds of times that I was able to lock or ensure the door was locked after I left the home.

I really feel layering is the ideal way to achieve this, as it means that any "smart" capability is easily disabled if found to be a problem, and we know that the underlying system is sound.

In my case I use a deadbolt that has a keypad, and they separately sell a zwave plugin for it that gives me local control, then I layer on an open source "gateway" that gives me control and notifications when away from the house.

If the gateway fails or is untrustworthy, I turn it off and the rest still works. If the zwave is found to be faulty, I pull it out and still have a functioning lock.

And until major vulnerabilities are found in any part of the "smart" add-ons, or until my lock starts unlocking on its own, it has greatly increased the security of our house, as well as increased my quality of life. No more getting out of bed at night to check that the door was locked, no more turning around to lock the door because I forgot when I left, and it was great when I was showing my last house as I could enable/disable the codes when I wanted, and get notifications when people came and left.

I'm not saying all new tech is good, just that this fear that "smart" (read "connected") is a bad thing inherently, and that the "traditional" ways of doing things, while perfectly fine for many, are not a panacea which can't be improved upon. The steam engine was great, the ICE was better, today's hybrid extremely-efficient engines are still better. Sure it's gotten more complex, but also significantly safer, easier, more resilient, and more powerful. In other words, complexity should be managed, not forbidden.

Physical locks are trivially exploitable. I don't really see this as increasing the attack surface greatly when physical locks are so weak.

What would you do if you rent an apartment to several people per week? Because even "don't copy" keys can be copied.

Most smart locks only replace the "back" part of the lock anyway, or augment the physical key slot to leave it as a backup, so, the point still stands that it only introduces new attack vectors. You'd still have the problem of someone being able to copy your "do not duplicate" key not to mention bumping/picking the lock, along with hacking the smart portion of the lock.

In the end, it's your decision, but the OP's comment stands fully: all the same attack vectors still exist, along with a bunch of new ones at the expense of convenience.

> You'd still have the problem of someone being able to copy your "do not duplicate" key

Only if you distribute the “do not duplicate” key, but the whole point is to not do that.

I the the idea was you wouldn’t have to give out the key to renters and could just give them passcode/phone access, so it actually would be removing an attack vector.

Use a keypad controlled, reprogrammable door lock. No internet required, codes easily rotated.


If you're comfortable using a totally (physical) keyless solution, try a hotel-style mag strip-based access card, or an NFC alternative like a ProxCard.

AFAIK, most code-based locks include a physical lock cylinder as a backup.

Haven't those been found time and time again to be trivially exploitable?

That varies from brand to brand, but generally, yes. Given that it's happened to devices whose manufacturers have a long history of being part of large enterprise security mechanisms, flaws are still being found and actively exploited.

While this isn't an indicator of the quality of newer brands specifically, I believe it's reflective of the state of the industry as a whole -- in that digital physical security as a whole is still immature and shouldn't be trusted to keep bad guys (determined adversaries) at bad.

I feel that "digital physical security" might be limited, but it's still better or the same in most cases as regular old "physical security".

A lock that can be bumped isn't very secure. A lock that can be bumped or it's code discovered via some kind of power-monitoring attack isn't any less secure. But one without a keyway that can be attacked via power-monitoring is more secure in my opinion.

Everything is tradeoffs, and physical security is no different. Don't let perfect be the enemy of good here. If you are in the security industry, you should know that "bad" security that people will use is better than "good" security that people won't.

If a "smart lock" means I forget to lock my door less, I can monitor and record those who go into my house, and I can get alerts if the door is opened via any method, I'd call that a win even if there were pretty significant vulnerabilities that allowed an attacker physically present to get in.

If you're going to run an amateur hotel, then try to do what the hotels do.

Go with zwave.

There are some gotchas (make sure you get a zwave-plus lock that incudes the AES security stuff), and you need a dedicated "hub" to communicate with it, but they are rock solid in my experience

It shouldn't scare you that much. Without the Nest servers, all you lose is the remote control/monitoring features, your devices don't become useless bricks.

The Nest thermostat would still be an attractive, interactive thermostat with a color screen and tons of features. Without an internet connection, the $250 thermostat doesn't turn into a brick, it turns into a $150 non-connected thermostat.

The Nest Protect smoke detector still alerts you to fires or carbon monoxide, with voice warnings, and a lighted path at night. Without an internet connection, the $120 detector doesn't turn into a brick, it turns into a $40 non-connected talking smoke/CO alarm.

The Nest smart deadbolt still lets you lock and unlock your door with either a key or a PIN code. Without an internet connection, the $280 smart deadbolt doesn't turn into a brick, it turns into a $100 keypad deadbolt.

People lose their internet connections for all kinds of reasons, and the majority of smart home devices you can buy continue to be premium devices in that state, better than the basic thermostat/detector/lock/light/etc they likely replaced.

I went Z-Wave with home assistant. Not the easiest in terms of setup, but everything is run locally (I started on an rPi but am now transitioning to a Intel NUC.)

I did the same, and I couldn't be happier with it.

Home assistant is open source, written in Python, has a web based UI, and integrates with everything under the sun and is VERY welcoming to new components from outside people.

I've contributed 2 so far, and I hope to have another that adds in daily electricity monitoring from my local power company ready soon.

Hass is quite possibly the best run open source project I've ever been involved in.


I don't really see the appeal of smart locks. It doesn't add any convenience, since you could always just lock the door on your way out.

That being said, I think regular passcode locks without internet connectivity do add a convenience since you don't have to carry a key.

I rent an apartment on Airbnb, and handing out keys to every single guest is way worse from a security standpoint.

I prefer to create users, authorize, delete them than rekeying the lock every once in a while.

However they're pretty much all terrible, security wise. And how do you tell who knows the passcode at any point in time?

May be a larger Google problem, I just wanted to stuff a German link [0] into Google translate to post it here, and Google translate gives me a

403 Your client does not have permission to get URL / from this server. (Client IP address: 84.131.XXX.XXX)

(That is a standard German Telekom IP, usually Google only acts up when I do anything funny.)

[0] https://news.ycombinator.com/item?id=17091962

(I got google to translate, still no luck with translate.google.de )

On the one hand, expecting your remote-controlled lock to work all the time (as in 100% uptime) is unfeasible, since it is impossible to achieve 100% uptime. Almost everyone buying a smart lock probably expected it to have 100% uptime though, and I'm sure they didn't read the small print w.r.t. uptime SLAs.

On the other hand, it's probably no more inconvenient than locking yourself out, something that happens every now and again for anyone. Except you don't have yourself to blame, but Nest.

Your thermostat should does not need an internet connection to measure temperature and turn on the furnace. Indeed, an oldschool thermostat with a mercury switch can do that. No mater how awesome your "smart" product is, it needs to not fail it's primary function unless its physically broken.

I'm also looking at Alexa and the stupid plug someone got me for a gift. Sure, I use it "Alex turn on the lamp" but I know that the system is totally unnecessarily dependent on the internet and two distinct companies for that to work. I would never have purchased such nonsense for myself.

People in tech have strange ideas about what it means for something to work acceptably.

The thermostats still worked and you could walk over and manually turn it up/down. You just couldn’t use your phone to do it, which is not too big of an issue.

Absolutely agree with everything except

> On the other hand, it's probably no more inconvenient than locking yourself out...

It looks like local control (i.e., with physical access) wasn't affected, so the only convenience lost was remote access. Not great when you've bought the product specifically for that feature of course, but still much better than locking yourself out.

I can imagine a few people couldn't get into their AirBnBs or whatever until the host schlepped across town, probably ruining their day.

But yes, that's the risk of relying on a system as unreliable as the internet for such a task.

I haven't locked myself out of my house since I was about 12, and the dumb lock on my house has had 100% uptime for the 10 years since we've moved in. So I don't totally get the appeal of a "smart" lock.

Give access to cleaners? Renting? Airbnb?

I have had trouble with Nest devices staying on an IP address after the lease expires, messing up the network once that address gets used by someone else. I had to reserve IPs for each one in the end. More than once, I have had a Nest smoke alarm go off for absolutely no reason, in an empty house. It's always nice to get an alert on your phone at work telling you your house is on fire. I don't think their QA department is the best.

Does anybody know if this has anything to do with GKE? Last night right before I noticed the Nest app was unresponsive, I noticed my entire Kubernetes cluster was randomly brought down. At first I thought it was for some kind of maintenance, but thought it was strange that it wasnt brought down gracefully. I still have no idea what happened.

As of a little over a week ago my nests (camera, thermostat) were connecting to AWS systems, not Google Cloud. Am traveling so can't tell if this has changed since then.

Ok, I guess I just assumed since Nest is a Google company... but I can check that. Thanks for the tip!

When I had a landline, I literally never picked it up and had no dial tone. When I had an ADT security system, I never had a single failure with it.

Meanwhile I have never regularly used a web service that didn’t have at least one outage.

Our Nestcam has been flickering on and off since about 3:30pm PDT yesterday. I assumed it was something with the wifi, but it looks like it's just upstream server issues. I guess that's a relief?

Smarthome devices that can't function at some level without a cloud service are trash. Do yourself a favor and skip wifi cameras all together, use an IP camera and a NVR.

IP camera's are a pain to "open to the world" - hence why "cloud cameras" have been so popular. I suspect there are now modern, IP cameras that aren't cloud reliant but the avg user doesn't care.

It's kind of a combination of things — IP cameras definitely don't have the greatest software... and combined with shitty entry-level routers port-forwarding is definitely frustrating to the average person... then you get into dynamic IPs from ISPs, etc...

It's just annoying that there's no middle ground between "hold my hand with a cloud service" and "I want to spend a little effort to not be 100% reliant on external services"

Google could decide to fold Nest service entirely (luckily there aren't signs of that) and at this point you'd have thousands of thousands of devices in a landfill. It's so irresponsible. Historically you could have a CCTV setup running for 10-20 years without huge issues.

>I suspect there are now modern, IP cameras that aren't cloud reliant

It's surprisingly limited and still a bit expensive. Foscam/Hikvision have been getting better, but it still feels a few years behind when it comes to firmware... and the notification and advanced "human detection" are obviously better with a cloud service.

People unable to unlock their doors? I hope they give a detailed postmortem.

Unable to unlock doors from the app or other automation - the keypad still worked.

Still, this is the problem with all cloud based home automation platforms.

Or access their cameras. If it's not something dumb like DNS down, it's gonna be a popcorn-level postmortem.

You are the beta-tester.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact