Zigbee

how-i-upgraded-my-water-heater-and-discovered-how-bad-smart-home-security-can-be

How I upgraded my water heater and discovered how bad smart home security can be

esp32, Features, GitHub, home assistant, home automation, iot, journalism, rinnai, Smart Home, tankless water heater, Tech, Zigbee / /
The bottom half of a tankless water heater, with lots of pipes connected, in a tight space

Enlarge / This is essentially the kind of water heater the author has hooked up, minus the Wi-Fi module that led him down a rabbit hole. Also, not 140-degrees F—yikes.

Getty Images

The hot water took too long to come out of the tap. That is what I was trying to solve. I did not intend to discover that, for a while there, water heaters like mine may have been open to anybody. That, with some API tinkering and an email address, a bad actor could possibly set its temperature or make it run constantly. That’s just how it happened.

Let’s take a step back. My wife and I moved into a new home last year. It had a Rinnai tankless water heater tucked into a utility closet in the garage. The builder and home inspector didn’t say much about it, just to run a yearly cleaning cycle on it.

Because it doesn’t keep a big tank of water heated and ready to be delivered to any house tap, tankless water heaters save energy—up to 34 percent, according to the Department of Energy. But they’re also, by default, slower. Opening a tap triggers the exchanger, heats up the water (with natural gas, in my case), and the device has to push it through the line to where it’s needed.

That led to me routinely holding my hand under cold water in the sink or shower, waiting longer than felt right for reasonably warm water to appear. I understood the water-for-energy trade-off I was making. But the setup wasted time, in addition to potable water, however plentiful and relatively cheap it was. It just irked me.

Little did I know the solution was just around the corner.

Hot water hotspot

  • Attention!

    Kevin Purdy

  • Nothing’ll happen. Just touch it. It’s what you wanna do. It’s there for you to touch.

    Kevin Purdy

  • The Rinnai Central app. It does this “Control failed” bit quite often.

    Rinnai

I mean that literally. When I went into the utility closet to shut off the hose bibbs for winter, I noticed a plastic bag magnetically stuck to the back side of the water heater. “Attention! The Control-R Wi-Fi Module must be installed for recirculation to operate,” read the intense yellow warning label. The water heater would not “recirculate” without it, it noted.

The Rinnai Control-R module, out of bag.

Enlarge / The Rinnai Control-R module, out of bag.

Rinnai

Recirculation means that the heater would start pulling water and heating it on demand, rather than waiting for enough negative pressure from the pipes. To trigger this, Rinnai offered smartphone apps that could connect through its servers to the module.

I found the manual, unplugged the water heater, and opened it up. The tone of the language inside (“DO NOT TOUCH,” unless you are “a properly trained technician”) did not match that of the can-do manual (“get the most from your new module”). But, having read the manual and slotted little beige nubs before, I felt trained and technical. I installed the device, went through the typical “Connect your phone to this weirdly named hotspot” process, and—it worked.

I now had an app that could start recirculation. I could get my shower hot while still in bed, or get started on the dinner dishes from the couch. And yet pulling out my phone whenever I wanted hot water felt like trading one inconvenience for another.

How I upgraded my water heater and discovered how bad smart home security can be Read More »

home-assistant-has-a-new-foundation-and-a-goal-to-become-a-consumer-brand

Home Assistant has a new foundation and a goal to become a consumer brand

home assistant, home automation, local voice assistant, NVIDIA, nvidia jetson, Open Source, paulus Schoutsen, Smart Home, Tech, voice assistants, z-wave, Zigbee / /

An Open Home stuffed full of code —

Can a non-profit foundation get Home Assistant to the point of Home Depot boxes?

Open Home Foundation logo on a multicolor background

Open Home Foundation

Home Assistant, until recently, has been a wide-ranging and hard-to-define project.

The open smart home platform is an open source OS you can run anywhere that aims to connect all your devices together. But it’s also bespoke Raspberry Pi hardware, in Yellow and Green. It’s entirely free, but it also receives funding through a private cloud services company, Nabu Casa. It contains tiny board project ESPHome and other inter-connected bits. It has wide-ranging voice assistant ambitions, but it doesn’t want to be Alexa or Google Assistant. Home Assistant is a lot.

After an announcement this weekend, however, Home Assistant’s shape is a bit easier to draw out. All of the project’s ambitions now fall under the Open Home Foundation, a non-profit organization that now contains Home Assistant and more than 240 related bits. Its mission statement is refreshing, and refreshingly honest about the state of modern open source projects.

The three pillars of the Open Home Foundation.

The three pillars of the Open Home Foundation.

Open Home Foundation

“We’ve done this to create a bulwark against surveillance capitalism, the risk of buyout, and open-source projects becoming abandonware,” the Open Home Foundation states in a press release. “To an extent, this protection extends even against our future selves—so that smart home users can continue to benefit for years, if not decades. No matter what comes.” Along with keeping Home Assistant funded and secure from buy-outs or mission creep, the foundation intends to help fund and collaborate with external projects crucial to Home Assistant, like Z-Wave JS and Zigbee2MQTT.

My favorite video.

Home Assistant’s ambitions don’t stop with money and board seats, though. They aim to “be an active political advocate” in the smart home field, toward three primary principles:

  • Data privacy, which means devices with local-only options, and cloud services with explicit permissions
  • Choice in using devices with one another through open standards and local APIs
  • Sustainability by repurposing old devices and appliances beyond company-defined lifetimes

Notably, individuals cannot contribute modest-size donations to the Open Home Foundation. Instead, the foundation asks supporters to purchase a Nabu Casa subscription or contribute code or other help to its open source projects.

From a few lines of Python to a foundation

Home Assistant founder Paulus Schoutsen wanted better control of his Philips Hue smart lights just before 2014 or so and wrote a Python script to do so. Thousands of volunteer contributions later, Home Assistant was becoming a real thing. Schoutsen and other volunteers inevitably started to feel overwhelmed by the “free time” coding and urgent bug fixes. So Schoutsen, Ben Bangert, and Pascal Vizeli founded Nabu Casa, a for-profit firm intended to stabilize funding and paid work on Home Assistant.

Through that stability, Home Assistant could direct full-time work to various projects, take ownership of things like ESPHome, and officially contribute to open standards like Zigbee, Z-Wave, and Matter. But Home Assistant was “floating in a kind of undefined space between a for-profit entity and an open-source repository on GitHub,” according to the foundation. The Open Home Foundation creates the formal home for everything that needs it and makes Nabu Casa a “special, rules-bound inaugural partner” to better delineate the business and non-profit sides.

Home Assistant as a Home Depot box?

In an interview with The Verge’s Jennifer Pattison Tuohy, and in a State of the Open Home stream over the weekend, Schoutsen also suggested that the Foundation gives Home Assistant a more stable footing by which to compete against the bigger names in smart homes, like Amazon, Google, Apple, and Samsung. The Home Assistant Green starter hardware will sell on Amazon this year, along with HA-badged extension dongles. A dedicated voice control hardware device that enables a local voice assistant is coming before year’s end. Home Assistant is partnering with Nvidia and its Jetson edge AI platform to help make local assistants better, faster, and more easily integrated into a locally controlled smart home.

That also means Home Assistant is growing as a brand, not just a product. Home Assistant’s “Works With” program is picking up new partners and has broad ambitions. “We want to be a consumer brand,” Schoutsen told Tuohy. “You should be able to walk into a Home Depot and be like, ‘I care about my privacy; this is the smart home hub I need.’”

Where does this leave existing Home Assistant enthusiasts, who are probably familiar with the feeling of a tech brand pivoting away from them? It’s hard to imagine Home Assistant dropping its advanced automation tools and YAML-editing offerings entirely. But Schoutsen suggested he could imagine a split between regular and “advanced” users down the line. But Home Assistant’s open nature, and now its foundation, should ensure that people will always be able to remix, reconfigure, or re-release the version of smart home choice they prefer.

Home Assistant has a new foundation and a goal to become a consumer brand Read More »

matter,-set-to-fix-smart-home-standards-in-2023,-stumbled-in-the-real-market

Matter, set to fix smart home standards in 2023, stumbled in the real market

2023, aqara, matter, nanoleaf, phillips hue, Smart Home, smart home standards, smarthome, Tech, Thread, Zigbee / /

A matter for the future —

Gadget makers, unsurprisingly, are hesitant to compete purely on device quality.

Illustration of Matter protocol simplifying a home network

Enlarge / The Matter standard’s illustration of how the standard should align a home and all its smart devices.

CSA

Matter, as a smart home standard, would make everything about owning a smart home better. Devices could be set up with any phone, for either remote or local control, put onto any major platform (like Alexa, Google, or HomeKit) or combinations of them, and avoid being orphaned if their device maker goes out of business. Less fragmentation, more security, fewer junked devices: win, win, win.

Matter, as it exists in late 2023, more than a year after its 1.0 specification was published and just under a year after the first devices came online, is more like the xkcd scenario that lots of people might have expected. It’s another home automation standard at the moment, and one that isn’t particularly better than the others, at least how it works today. I wish it was not so.

Setting up a Matter device isn’t easy, nor is making it work across home systems. Lots of devices with Matter support still require you to download their maker’s specific app to get full functionality. Even if you were an early adopting, Matter-T-shirt-wearing enthusiast, you’re still buying devices that don’t work quite as well, and still generally require a major tech company’s gear to act as your bridge or router.

CSA's illustration of how smart homes worked before Matter, which is unfortunately a lot like how they still work, after.

CSA’s illustration of how smart homes worked before Matter, which is unfortunately a lot like how they still work, after.

CSA

Lights that Matter, but do less

Jennifer Pattison Tuohy at The Verge has done more Matter writing, and testing, than just about anybody out there who doesn’t work for the Connectivity Standards Alliance that oversees the spec. As she puts it:

I’ve been testing Matter devices all year, and it has been the most frustrating year of my decade-plus experience with smart home devices. Twelve months in, I do not have one Matter-based device working reliably in my home. To make matters worse (yeah, I know), the one system that’s always been rock solid, my Philips Hue smart lights, is basically unusable in any of my smart home platforms since I moved it to Matter.

When the Matter upgrade for Hue lights rolled out in September, I didn’t move to switch my bulbs over. For one thing, it wouldn’t result in a net loss of limited-purpose hardware (i.e. hubs). If you wanted to move your Hue bulbs over to Matter and control them through Google’s Home app, you’d need a Google Home Hub or Home Mini to act as a Matter bridge device. The same goes for Alexa (Echo devices), Samsung SmartThings (a Hub), or Apple Home (an Apple TV or HomePod/mini). You also lose some Hue-specific function, like gradient lighting and scenes (like holiday green/red schemes). And, as Tuohy has noted, it’s likely not a more reliable network than the proprietary Zigbee setup that Hue ran on before.

The smart home and automation market is like that pretty much everywhere. Aqara offers a Matter-compliant light strip, the T1, but it requires a hub, and using Matter means you can’t use Apple’s light-sensing adaptive brightness, because Matter doesn’t support that yet. The same goes for Nanoleaf’s Matter-friendly bulbs and strips, which are Matter and Thread capable but require Nanoleaf’s own app to provide Nanoleaf’s version of adaptive lighting.

Apple Developer

Matter, set to fix smart home standards in 2023, stumbled in the real market Read More »