How about said hacker say turning your heater full blast during the middle of summer or turning your ac on in the middle of winter.
It hasn't happened yet. Nor will it. Because there are a billion ways people can cause trouble, but they generally pick the ways that return money, fame or infamy.
>Almost all multi-story houses that I'm familiar with have separate thermostats per floor Not my 3 story house.
> a thermostat downstairs isn't going to be even remotely accurate for the temperature upstairs Yes. I'm very aware of this.
When I have plenty of disposable cash, I will pay a person in overalls to make it wonderful, but until that time, I'll make do with my $100 nest and an android phone.
>So anyone who can access your Nest network can now determine your living habits and unlock doors on demand?
If someone wants to know my living habits, they can call me. It's easier.
It reminds me of the DoD guy who used to follow me to conferences to see what I was saying (I do crypto). He approached me (that's how I found he existed) at a conference in the US that followed a conference in China. He said he couldn't follow me to China because he'd lose his US security clearance so wanted to know what I had said there. I pointed out that all the presentations are online and he doesn't need to come to the conference to see what I'm presenting. I never saw him again.
Sometimes it's easier to ask. If you keep it a secret, it's just creepy government surveillance. If you ask, you can get out of a bunch of travel you don't wan to to take.
> this is just another new bit of hype, which stands at least a 50/50 chance of utterly failing,
Nope. It's a thermostat. It works. It's $100 one time and you stick it on your wall. It could physically fail in some way, but that's true of many things.
The 'smart home' is the dream of marketing fantasists that think they can sell many things to each homeowner. In fact they can sell 1, or maybe 2 things, once. Let's not confuse the reality (phone controlled thermostats) with the strawman (smart homes riddled with security flaws).
>I'm curious what the value of this is. How valuable is on-demand remote thermostat changing?
The value is in being able to set it from bed, rather than getting up, stumbling downstairs, fiddling with the knobs and stumbling back up the stairs to bed.
But I don't see the door lock being one of those things due to the more significant security issue.
Letting a repair people in remotely could be very convenient. That way you don't have to be at home to let them in.
I can do that with my current (non internet) code entry door lock. You set up a secondary code. Tell someone. Change it later. Maybe useful, but the thermostat phone control is useful every day.
I like that the mac PCs haven't changed much recently. My macbook still does pretty much what I expect it to. I can bring up a bash shell and SSH to somewhere useful. I can edit tunes and schematics. I can write python code on it. The web browser browses.
God forbid the day the iPhone fails and they put all the programmers back to futzing with macos.
>I neither trust, nor do I want this ecosystem of interconnected crap which puts my house on the internet so that I can access it via my fscking cell phone.
If a hacker wants to pwn my thermostat, that's probably the least of my problems. However being able to set the thermostat with my phone is excellent.
If there are other excellent internet connected gizmos for which control by smartphone is excellent, I'll be buying them. But I don't see the door lock being one of those things due to the more significant security issue.
>I can't imagine that any website would work on Chrome on OSX that wouldn't work on Chrome on ChromeOS.
In our case, the web software my daughter's school used would refuse to upload a file (homework) from a google drive, but would do fine off the local drive, which isn't an option on the chromebook.
After going around the issue a couple of times, I gave up, headed to the Apple store and things have been fine since.
I know other school software works with chrome fine, but this was not that software.
>We also know that the answer isn't in rolling your own security. Very few people or organizations are likely to be able to securely implement their own version of TLS.
TLS is the issue. It isn't simple. It isn't even secure in many compliant configurations. It invites implementation errors. A good spec of a secure protocol would make secure implementations easy. If you don't think about the implementability while you're writing a spec, you're doomed, like TLS is.
"Don't roll your own security" is advice aimed at people who don't know about security. Some of us have to implement and 'roll' the specs. The world looks different when your reputation is tied to your stuff not get broken before senility sets in. You can do it right, but you need all the elements in place including a well thought out spec.
I have bi-focals. (a) Looking through the glass at far away things. (b) Looking over the glass, with the glasses halfway down my nose, when I'm at a computer.
I find macbooks work better for my non technical family members.
I tried giving them Chromebooks once and there were all sorts of compatibility problems with printers, my daughter's school website and media sources. Windows PCs were a pain to manage and keep secure. Macbooks have better security properties and take less of my time.
What is a real job? How is it different to what I do, designing circuits and developing security specs in standards bodies? I understand other people have different jobs, E.G. milking cows or preparing tax forms or planning weddings but I don't know how to distinguish the real jobs from the not real jobs.
Different home, different place, different risk profile.
How about said hacker say turning your heater full blast during the middle of summer or turning your ac on in the middle of winter.
It hasn't happened yet. Nor will it. Because there are a billion ways people can cause trouble, but they generally pick the ways that return money, fame or infamy.
He should call me. The government knows my number.
You forgot about the part where they put your locks online. RTFS.
No I didn't. I specifically addressed it and suggested it wasn't a good idea.
"But I don't see the door lock being one of those things due to the more significant security issue."
>Almost all multi-story houses that I'm familiar with have separate thermostats per floor
Not my 3 story house.
> a thermostat downstairs isn't going to be even remotely accurate for the temperature upstairs
Yes. I'm very aware of this.
When I have plenty of disposable cash, I will pay a person in overalls to make it wonderful, but until that time, I'll make do with my $100 nest and an android phone.
I'll stop typing now. I should be writing system verilog, not slashdot posts.
>So anyone who can access your Nest network can now determine your living habits and unlock doors on demand?
If someone wants to know my living habits, they can call me. It's easier.
It reminds me of the DoD guy who used to follow me to conferences to see what I was saying (I do crypto). He approached me (that's how I found he existed) at a conference in the US that followed a conference in China. He said he couldn't follow me to China because he'd lose his US security clearance so wanted to know what I had said there. I pointed out that all the presentations are online and he doesn't need to come to the conference to see what I'm presenting. I never saw him again.
Sometimes it's easier to ask. If you keep it a secret, it's just creepy government surveillance. If you ask, you can get out of a bunch of travel you don't wan to to take.
> this is just another new bit of hype, which stands at least a 50/50 chance of utterly failing,
Nope. It's a thermostat. It works. It's $100 one time and you stick it on your wall.
It could physically fail in some way, but that's true of many things.
The 'smart home' is the dream of marketing fantasists that think they can sell many things to each homeowner. In fact they can sell 1, or maybe 2 things, once. Let's not confuse the reality (phone controlled thermostats) with the strawman (smart homes riddled with security flaws).
>I'm curious what the value of this is. How valuable is on-demand remote thermostat changing?
The value is in being able to set it from bed, rather than getting up, stumbling downstairs, fiddling with the knobs and stumbling back up the stairs to bed.
I can do that with my current (non internet) code entry door lock.
That works except when one forgets to set the temporary code.
I keep it in my phone.
But I don't see the door lock being one of those things due to the more significant security issue.
Letting a repair people in remotely could be very convenient. That way you don't have to be at home to let them in.
I can do that with my current (non internet) code entry door lock. You set up a secondary code. Tell someone. Change it later. Maybe useful, but the thermostat phone control is useful every day.
I like that the mac PCs haven't changed much recently. My macbook still does pretty much what I expect it to. I can bring up a bash shell and SSH to somewhere useful. I can edit tunes and schematics. I can write python code on it. The web browser browses.
God forbid the day the iPhone fails and they put all the programmers back to futzing with macos.
>I neither trust, nor do I want this ecosystem of interconnected crap which puts my house on the internet so that I can access it via my fscking cell phone.
If a hacker wants to pwn my thermostat, that's probably the least of my problems.
However being able to set the thermostat with my phone is excellent.
If there are other excellent internet connected gizmos for which control by smartphone is excellent, I'll be buying them. But I don't see the door lock being one of those things due to the more significant security issue.
It's well hidden on the Chromebook we used.
The issue is not so much that it can't work, than how much effort I have to go through to make it work for other people, Smooth sailing it was not.
I wrote one for my wife's store. It's called pospos, for similar reasons.
>I can't imagine that any website would work on Chrome on OSX that wouldn't work on Chrome on ChromeOS.
In our case, the web software my daughter's school used would refuse to upload a file (homework) from a google drive, but would do fine off the local drive, which isn't an option on the chromebook.
After going around the issue a couple of times, I gave up, headed to the Apple store and things have been fine since.
I know other school software works with chrome fine, but this was not that software.
Often they are used to bypass the decidedly not net-neutral treatment of Netflix by your ISP.
There is not a decent point of sale app for phones or tablets. There are really bad ones, but no good one.
No it wouldn't. Your speed limit may have less to do with it than the colour of your car or skin.
>We also know that the answer isn't in rolling your own security. Very few people or organizations are likely to be able to securely implement their own version of TLS.
TLS is the issue. It isn't simple. It isn't even secure in many compliant configurations. It invites implementation errors.
A good spec of a secure protocol would make secure implementations easy. If you don't think about the implementability while you're writing a spec, you're doomed, like TLS is.
"Don't roll your own security" is advice aimed at people who don't know about security. Some of us have to implement and 'roll' the specs. The world looks different when your reputation is tied to your stuff not get broken before senility sets in. You can do it right, but you need all the elements in place including a well thought out spec.
I have bi-focals. (a) Looking through the glass at far away things. (b) Looking over the glass, with the glasses halfway down my nose, when I'm at a computer.
YHCMV - You home circumstances may vary.
My daughter has reached the teenage "never leave the bedroom" age, so I get more quiet time at home than when she was younger.
I find macbooks work better for my non technical family members.
I tried giving them Chromebooks once and there were all sorts of compatibility problems with printers, my daughter's school website and media sources. Windows PCs were a pain to manage and keep secure. Macbooks have better security properties and take less of my time.
>My father is considering a Chromebook,
You have found out why a Chromebook doesn't work for him.
Buy him a real computer you cheapskate.
What is a real job? How is it different to what I do, designing circuits and developing security specs in standards bodies? I understand other people have different jobs, E.G. milking cows or preparing tax forms or planning weddings but I don't know how to distinguish the real jobs from the not real jobs.