Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Sunday December 23 2018, @12:02AM   Printer-friendly
from the [...] dept.

Submitted via IRC for SoyCow1984

Update, Dec 21, 2:47pm: In response to customers' frustration, Logitech issued another statement today with instructions on how to enable private local API controls.

Many users of Logitech's Harmony Hub smart home hub and remote were recently met with a nasty surprise. The device's latest firmware update, version 4.15.206, reportedly cuts off local access for Harmony Hubs. As a result, many users who created home automation and smart home systems using third-party APIs haven't been able to control many, and in some cases, all of their connected IoT devices.

Logitech began pushing out firmware update 4.15.206 last week, its release notes stating that it addresses security and bug fixes. Users immediately flocked to Logitech's community forms to complain once they realized the systems they built up to control their smart home devices essentially became unresponsive. Users with Homeseer and Home Assistant APIs have reported parts of their systems broken, preventing them from controlling things like smart TVs, sound systems, and more using the Harmony Hub and its remote.

Last night, Logitech responded with an official statement on its forums, saying in part that the firmware update addresses "security vulnerabilities" and that those "undocumented" APIs that some have been using for home automation were never officially supported in the first place.

Source: Logitech disables local access on Harmony Hubs, breaks automation systems [Update]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by Rosco P. Coltrane on Sunday December 23 2018, @12:06AM (19 children)

    by Rosco P. Coltrane (4757) on Sunday December 23 2018, @12:06AM (#777702)

    ...where *your* device that *you* own is not controlled by you, and you're at the mercy of the manufacturer's whims du jour.

    This is only the beginning.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 5, Informative) by fyngyrz on Sunday December 23 2018, @01:47AM (15 children)

    by fyngyrz (6567) on Sunday December 23 2018, @01:47AM (#777711) Journal

    A decent answer is MyCroft [mycroft.ai].

    You can set the whole thing up yourself. You'll have all the code, you can even make the TTS and STT local to your own website within your own LAN so that there are no external servers involved, no WAN activity at all unless you specifically and knowingly opt for something that does that, like scraping weather data from extern servers or something.

    The code even runs on a Raspberry Pi. If you don't want to deal with your own Pi setup or build it on your own computer's Python3 infrastructure, MyCroft [mycroft.ai] has a prebuilt hardware package they'll be happy to sell you.

    --
    I hate being bipolar... it's awesome!

    • (Score: 4, Informative) by coolgopher on Sunday December 23 2018, @02:09AM (12 children)

      by coolgopher (1157) on Sunday December 23 2018, @02:09AM (#777718)

      Really? The website gives the impression one needs to have a "Mycroft Home" account to which everything gets linked.

      • (Score: 2) by fyngyrz on Sunday December 23 2018, @02:38AM (4 children)

        by fyngyrz (6567) on Sunday December 23 2018, @02:38AM (#777724) Journal

        The website gives the impression one needs to have a "Mycroft Home" account to which everything gets linked.

        I'm pretty sure you don't have to set it up that way unless you want to. For one thing, even if it was (or is... I've been following them for a while but haven't bothered to build one) 100% baked in, you have all the source code, and you could un-bake it right back out. If you look at the setup page for that [mycroft.ai], you'll see that the account is used by some third party skills to connect to other servers and to set up some preferences such as English vs. metric. You could just hard code the latter, and skip any (or all) of the third party stuff you don't trust.

        But for anyone who is looking for a canned, pre-setup experience, yes — they're using a central server to do STT and link you to 3rd party skills. I think what it boils down to is they're just trying to make it easy. The fundamental difference here is that you can set this up locally. That's not the case with Google, Amazon, etc.

        But: If I'm wrong about this — and I could be — such that they have proprietary stuff you can't change, I would be pleased if someone would point me to evidence of that, and I will stop making suggestions anyone use the thing. And think a few very dark thoughts.

        --
        All generalizations are false.

        • (Score: 2) by fyngyrz on Sunday December 23 2018, @03:00AM (3 children)

          by fyngyrz (6567) on Sunday December 23 2018, @03:00AM (#777730) Journal

          I've posted a question [mycroft.ai] on their forums to see if I can get a straightforward answer on this from the MyCroft [mycroft.ai] people themselves. Will report back if I do.

          --
            Government: Designed to provide you with "service" and...
          ...the Media: Designed to provide you with Vaseline.

      • (Score: 5, Informative) by fyngyrz on Sunday December 23 2018, @12:33PM (6 children)

        by fyngyrz (6567) on Sunday December 23 2018, @12:33PM (#777802) Journal

        The website gives the impression one needs to have a "Mycroft Home" account to which everything gets linked.

        You are correct, and I was wrong in my assumption. They talked so much about available source code and "openness" ever since the beginning of the project that I managed to draw entirely the wrong conclusion.

        They do require an account, and the code for that end of the system is not open or available.

        They say they're interested [mycroft.ai] in creating what they call a "personal server", but from what I have been able to learn this evening, it's just an unrealized idea.

        Oh well. My bad; I apologize for the misleading post, and thank you kindly for your catch of my error.

        --
        If cats could text back, they probably wouldn't.

        • (Score: 4, Informative) by fyngyrz on Sunday December 23 2018, @10:34PM (2 children)

          by fyngyrz (6567) on Sunday December 23 2018, @10:34PM (#777930) Journal

          More MyCroft info, verified with the official MyCroft project folks within the last day or so:

          • STT issues:
            1. You can use a local STT engine, removing the WAN-based STT interaction
            2. You can interact with a CLI instead of STT, also removing the WAN-based STT interaction
          • Skills issues
            1. You can self-triage the "skills" in order to remove WAN-based interactions
            2. They have expressed an interest in flagging WAN/non-WAN skills so as to ease this kind of usage

          The account requirement remains at this point in time.

          --
          Democracy: Where any two idiots outvote a genius.

          • (Score: 3, Interesting) by DeVilla on Sunday December 23 2018, @10:53PM

            by DeVilla (5354) on Sunday December 23 2018, @10:53PM (#777940)

            I hope they'll make or more than all-or-nothing. I'd like the default to be don't go to the internet for stuff without asking or being told. (If I ask it to "google" something, then yes, go to google.com. If I ask what's on the calendar for today and I set up a local calendar, don't be broadcasting info about it to anyone.)

            That's the same problem with android security last I checked. I can't give an application permission to take photos without giving it permission to look at all my photos. I can't grant it storage space without giving it full access to the sd card.

          • (Score: 4, Interesting) by fyngyrz on Sunday December 23 2018, @11:38PM

            by fyngyrz (6567) on Sunday December 23 2018, @11:38PM (#777947) Journal

            I was also directed to this project [github.com] which is the beginning of a personal server.

            --
            Exercise? I thought you said extra fries

        • (Score: 2) by coolgopher on Sunday December 23 2018, @11:55PM

          by coolgopher (1157) on Sunday December 23 2018, @11:55PM (#777953)

          And thank you for the very informative follow-ups!

        • (Score: 0) by Anonymous Coward on Monday December 24 2018, @02:40AM (1 child)

          by Anonymous Coward on Monday December 24 2018, @02:40AM (#777998)

          I ordered the kit version. Planning to install a momentary switch on the mic so it doesn't hear anything unless someone is holding the switch down. This adds a minor inconvenience; can't use it by yelling across the room, with greasy/soapy hands, etc. But it's still like the computer panels on the old Star Trek show, where they walk over to it, press a touch screen icon and ask the computer a question.

          I suppose the retail versions could probably be hacked the same way, but I haven't taken one apart to see if the mic is wired or soldered directly to the board. Anyone know?

          • (Score: 2) by fyngyrz on Monday December 24 2018, @12:38PM

            by fyngyrz (6567) on Monday December 24 2018, @12:38PM (#778082) Journal

            I would appreciate any reports you might have about your experience with it.

            --
            Yes sir, two copies of "Math For Dummies" at $16.95.
            That'll be $50.00

    • (Score: 2) by takyon on Sunday December 23 2018, @04:29AM (1 child)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Sunday December 23 2018, @04:29AM (#777740) Journal

      If computers get thousands of times faster [soylentnews.org] along with integrated tensor or neuromorphic processing units, what will Mycroft look like then?

      👌😗📢💨 BOT SLAVES 🤖🤖🤖💥

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 2) by fyngyrz on Sunday December 23 2018, @07:26AM

        by fyngyrz (6567) on Sunday December 23 2018, @07:26AM (#777771) Journal

        If computers get thousands of times faster along with integrated tensor or neuromorphic processing units, what will Mycroft look like then?

        Hopefully like a hot French maid.

        --
        Polygamy: The plural of spouse is spice.

  • (Score: 3, Insightful) by bart9h on Sunday December 23 2018, @03:32PM (1 child)

    by bart9h (767) on Sunday December 23 2018, @03:32PM (#777834)

    The problem here is not the IoT, but closed source proprietary software.

    Stallman was right.

    • (Score: 0) by Anonymous Coward on Sunday December 23 2018, @05:53PM

      by Anonymous Coward on Sunday December 23 2018, @05:53PM (#777871)

      exactly. the people who buy this closed source shit are funding the digital slave trade and are now surprised that they get treated like slaves. sad.

  • (Score: 2) by edIII on Monday December 24 2018, @02:08AM

    by edIII (791) on Monday December 24 2018, @02:08AM (#777990)

    I might be the only one that has a different take on this. Reading into this, a lot doesn't make sense.

    The harmony hub is a remote that controls other devices. It's an infrared device, and I'm guessing the hub itself was connected to a network, and you could then send commands to the hub to make it do work, information to the remote for display time notifications, and/or both.

    Homeseer lists the Logitech Harmony Hub as a compatible device with their automation platform. Yet, they announced compatibility using unsupported and undocumented API capabilities. Umm, that sounds like a real dick move on the part of Homeseer and any company offering a paid product that uses undocumented and unsupported APIs. Fuck, YouTube made some changes years ago that really fucked things up in their API, but they were supporting the damn thing and encourage development. Sounds like Logitech never once offered documented support of their API.

    Additionally, from the looks of it, API access is still possible, it just requires a websocket connection. Considering that Logitech said this was neccessary for security as well, I'm inclined to believe them that using their old API is just not a good idea.

    Proprietary vs Open Source doesn't seem to apply here. If I was working on an alpha version of an API for some platform that the maintainers were not officially supporting, and the whole damn thing could be deprecated at a moment's notice, the same thing would happen to whatever product I was supporting. I would've been crazy for trying to make money off undocumented and unsupported tech. That would be something in a disclaimer to the customer too.

    I think Homeseer deserves quite a bit of blame for misleading people with Logitech compatibility that was tenuous from the start.

    --
    Technically, lunchtime is at any moment. It's just a wave function.