this post was submitted on 20 Jan 2024
248 points (97.7% liked)

Selfhosted

39987 readers
779 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Dear Andre,

I'm Gianpiero Morbello, serving as the Head of IOT and Ecosystem at Haier Europe.

 It's a pleasure to hear from you. We just received your email, and coincidentally, I was in the process of sending you a mail with a similar suggestion.

I want to emphasize Haier Europe's enthusiasm for supporting initiatives in the open world. Please note that our IOT vision revolves around a three-pillar strategy:

    achieving 100% connectivity for our appliances,
    opening our IOT infrastructure (we are aligned with Matter and extensively integrating third-party connections through APIs, and looking for any other opportunity it might be interesting),
    and the third pillar involves enhancing consumer value through the integration of various appliances and services, as an example we are pretty active in the energy management opening our platform to solution which are coming from energy providers.

Our strategy's cornerstone is the IOT platform and the HON app, introduced on AWS in 2020 with a focus on Privacy and Security by Design principles. We're delighted that our HON connected appliances and solutions have been well-received so the number of connected active consumers is growing day after day, with high level of satisfaction proven by the high rates we receive in the App stores.

Prioritizing the efficiency of HON functions when making AWS calls has been crucial, particularly in light of the notable increase in active users mentioned above. This focus enables us to effectively control costs.

Recently, we've observed a substantial increase in AWS calls attributed to your plugin, prompting the communication you previously received as standard protocol for our company, but as mentioned earlier, we are committed to transparency and keenly interested in collaborating with you not only to optimize your plugin in alignment with our cost control objectives, but also to cooperate in better serving your community.

I propose scheduling a call involving our IOT Technology department to address the issue comprehensively and respond to any questions both parties may have.

Hope to hear back from you soon.

Best regards

Gianpiero Morbello
Head of Brand & IOT
Haier Europe

If only they would have reached out this way the first time instead of a cease and desist, their brand getting dragged through the mud could have been avoided.

top 50 comments
sorted by: hot top controversial new old
[–] Unchanged3656@infosec.pub 117 points 9 months ago (4 children)

Well, how about having a local API and have no calls at all to your cloud infrastructure? Probably too easy and you cannot lock people into your ecosystem.

[–] helenslunch@feddit.nl 57 points 9 months ago (6 children)

From any practical standpoint, this makes so much sense.

Sometimes my Tesla fails to unlock for some reason and I have to disable my VPN and then stand next to it like a God damn idiot for 10 seconds while it calls it's servers in fucking California to ask it to unlock my car.

[–] morph3ous@lemmy.world 3 points 9 months ago (1 children)

The issue you are experiencing likely has nothing to do with the VPN. Network connectivity is not needed to unlock the car. I have been in places with no cell phone signal and it still works.

I do sometimes experience the same issue you are. If I wake up my phone, then it works. So it may be working for you not because you disabled the VPN, but because you woke up your phone and it then sent out the bluetooth signal to let the car know you were nearby.

[–] helenslunch@feddit.nl 2 points 9 months ago* (last edited 9 months ago) (1 children)

When I have the VPN on I get nothing but a "Session Expired" notice for several months at a time.

[–] psivchaz@reddthat.com 3 points 9 months ago

It's a bit of both! Certain commands to the car can be done locally via Bluetooth OR via Tesla servers. The tricky bit is that status always comes from the server. If you are on a VPN that is blocked (like I use NordVPN and it is often blocked) then the app can't get status and as long as it can't get status it may not even try a local command. It's unclear to me under what circumstances it does local vs cloud commands, and it may have to do with a Bluetooth LE connection that you can't really control.

When you don't have service, or you're on VPN, it may be worthwhile to try disabling and reenabling Bluetooth. I have had success with this before. If you're using android, it seems like the widget also uses Bluetooth, so you could try adding the widget to your home screen and using that. You can also try setting the Tesla app to not be power controlled, so it never gets closed.

Either way, there's a definite engineering problem here that feels like it should be fixed by Tesla. But I can at least confirm that, even in situations with zero connectivity, you should be able to perform basic commands like unlock and open trunk without data service.

[–] Bazoogle@lemmy.world 2 points 9 months ago (1 children)

I think it could definitely be possible to do locally, and I wouldn't want a car where I have to connect to servers to connect to it. But I am also not sure I want a car that can be opened with a command on the car itself. The code to access your CAR being stored locally on the car itself, with no server side validation, does seem kinda scary. It's one thing for someone to manage to get into your online login where you can change the password, it's another for someone to literally be able to steal your car because they found a vulnerability. It being stored locally would mean people would reverse engineer it, they could potentially install a virus on your car to be able to gain access. Honestly, as a tech guy, I don't trust computers enough to have it control my car.

[–] helenslunch@feddit.nl 3 points 9 months ago

It already unlocks locally over Bluetooth.

[–] 0x0@social.rocketsfall.net 1 points 9 months ago* (last edited 9 months ago) (2 children)

Can't you just put the key in? Do they even have physical keys?

[–] helenslunch@feddit.nl 2 points 9 months ago

They come with NFC keys but you can also put has a wireless key fob, if that's your preference.

[–] wintermute_oregon@lemm.ee 2 points 9 months ago (1 children)

The physical key is a smart card. The size of a credit card

[–] i_am_not_a_robot@discuss.tchncs.de 3 points 9 months ago (13 children)

If it's implemented correctly, a smart card or phone unlock does not need internet connectivity to work.

[–] AbidanYre@lemmy.world 4 points 9 months ago* (last edited 9 months ago)

The are a bunch of wrong ways to do that without needing the Internet too. Requiring a network connection for it is a special kind of stupid.

[–] dual_sport_dork@lemmy.world 3 points 9 months ago (2 children)

If it's implemented correctly, a physical metal key does not require electricity or a functioning computer to work, either...

load more comments (2 replies)
load more comments (11 replies)
load more comments (3 replies)
[–] Rentlar@lemmy.ca 8 points 9 months ago (1 children)

Someone tell Gianpiero! You could save up to 20% on Amazon fees in just 5 minutes. Commit to a Local API today!

[–] Unchanged3656@infosec.pub 4 points 9 months ago (1 children)

Probably more. Your app can use the local API then as well. And AWS is insanely expensive, especially if you forget to block log ingestion to Cloudwatch (ask me how I know).

load more comments (1 replies)
[–] Auli@lemmy.ca 6 points 9 months ago

Yep people should only purchase things that don't require the cloud. Local control is the best.

[–] jkrtn@lemmy.ml 4 points 9 months ago (1 children)

I'm glad the people with this device are getting traction on using it with their HA, but holy hell this is a complete non-starter for me and I cannot understand why they got it in the first place. There's no climate automation I would ever want that is worth a spying device connected to the internet and a spying app installed on my phone.

[–] ikidd@lemmy.world 3 points 9 months ago

Extend this to robot vacuums. I have no clue in hell why anyone would want their vacuum connecting to a cloud service that won't be there in 2 years.

[–] RegalPotoo@lemmy.world 36 points 9 months ago

From the previous issue it sounds like the developer has proper legal representation, but in his place I wouldn't even begin talking with Haier until they formally revoke the C&D, and provide enforceable assurances that they won't sue in the future.

Also I don't know what their margins are like, but even if this cost them an extra $1000 in AWS fees on top of what their official app would have cost them (I seriously doubt it would be that much unless their infrastructure is absolute bananas), then it would probably only be a single-digit number of sales that they would have needed to loose to come out worse off from this.

[–] capital@lemmy.world 33 points 9 months ago (1 children)

Just set a rate limit? This could have been a code change and a blog post.

load more comments (1 replies)
[–] possiblylinux127@lemmy.zip 29 points 9 months ago (1 children)

Honestly they should find away to make it work with HA instead of the companies servers.

[–] BearOfaTime@lemm.ee 6 points 9 months ago (1 children)

Yep.

Fuck Haier, espscially at this point.

Had they tried working with him furst, they'd have a little moral ground to stand on.

Now the lives are off. How many forks are there if his git repo now? It was a thousand yesterday.

[–] possiblylinux127@lemmy.zip 26 points 9 months ago (2 children)

I don't know about you but I want the companies to take self hosted and Foss solutions seriously. The fact that they are wanting to work with him is a major step in the right direction. It would be dumb to discourage companies from supporting foss.

[–] Darkassassin07@lemmy.ca 4 points 9 months ago* (last edited 9 months ago) (2 children)

Are they supporting FOSS, or looking to buy out the project to make it a closed in-house solution and avoid the bad publicity they created this last week?

[–] NegativeInf@lemmy.world 3 points 9 months ago

If they buy it, it's FOSS bro. Fork it. But until that point, diplomatic approaches may be more effective.

[–] possiblylinux127@lemmy.zip 2 points 9 months ago

Well I think the worst thing that could happen is we just fork it and go on with our lives.

Why would they want a new in house solution? They already have one but home assistant probably is going to be easier for them.

[–] Auli@lemmy.ca 2 points 9 months ago

Not really self hosted. Uses their online service to pull it into Home Assistant.

[–] originalucifer@moist.catsweat.com 21 points 9 months ago (3 children)

Recently, we've observed a substantial increase in AWS calls attributed to your plugin, prompting the communication you previously received as standard protocol for our company, but as mentioned earlier, we are committed to transparency and keenly interested in collaborating with you not only to optimize your plugin in alignment with our cost control objectives,

i get it; their amazon account gets hit hard by some plugin data stream, they trace the source and kill it for monetary reasons. makes total sense. handled terrible, but still, i also completely understand getting some giant bill from amazon and freaking the fuck out.

[–] Deceptichum@kbin.social 31 points 9 months ago (1 children)

Sounds the solution is to allow users to not have to connect to the server in the first place and communicate across a local network.

Because they’ve probably killed more money from loss of sales through this stunt than they have from AWS fees.

[–] pearsaltchocolatebar@discuss.online 13 points 9 months ago (3 children)

I highly doubt it. Lemmy isn't representative of the general population, and the general population has no idea what Home Assistant is.

[–] Lifebandit666@feddit.uk 9 points 9 months ago (1 children)

The general population is very much influenced by the Home Assistant community since the Home Assistant Community is made up of people who are heavily into technology. My parents will run purchases in the tech world past me, as will many of my work colleagues and friends.

The general population are very interested in what we do, even if they do not do it themselves. I mentioned to a tech-phobic friend that I have sensors in my bath that notify me when my bath is run and he takes the piss out of me to my face then talks about how amazing such a thing is behind my back, I know because it happened yesterday. Who do you think he's gonna talk to when he buys his next expensive appliance?

Don't talk our influence down, we have an influence even if you can't see it.

[–] pearsaltchocolatebar@discuss.online 5 points 9 months ago (1 children)

You're showing your bias as someone who's knowledgeable about technology. It's not uncommon for people with an interest in something to assume that knowledge or interest is universal. It's not.

The average consumer has absolutely no idea how technology works, and they have no interest in knowing. They'll just buy off the shelf garbage because brand name and nothing else.

I mean, why does HP's printer division still exist if "everyone" knows they're a shitty company that will brick your printer if you use 3rd party cartridges? Why do people buy Tuya devices even though they're essentially Chinese government spying devices?

It's because "everyone" doesn't know. And they don't care.

[–] Bazoogle@lemmy.world 3 points 9 months ago (2 children)

When you said "I highly doubt it" in response to the first comment, what were you doubting? You comment does not seem to make sense in response to the comment. They said that the open source project has likely cost more money in lost subscription fee's than in AWS API calls, and you said you doubt it?

Then the person replying to you said "The general population is very much influenced by the Home Assistant community" not that everyone knows about it. But your comment talks strictly about how commonly known things in the tech world are not commonly known in the general population (which I think is pretty commonly known in the tech world as well).

This comment chain does not seem to be talking about the same things.

load more comments (2 replies)
[–] SaltySalamander@kbin.social 3 points 9 months ago (1 children)

This news wasn't limited to Lemmy, you know.

It doesn't really matter. The people who care are going to be a very small percentage of the population.

I mean, people still buy nestle products, and they're straight up evil.

No one is going to remember this in a week besides the people who weren't likely to buy their products to begin with.

[–] RvTV95XBeo@sh.itjust.works 1 points 9 months ago (1 children)

But you have to remember, that's true for lost sales but it's also true for API calls - only a small fraction of their user base is contributing to this high API usage

Right, but I highly doubt the back tracking is because of potential lost sales. It sounds more like the financial people got the legal people involved and they sent a C&D without asking the tech people for a solution. Now the tech guys are doing damage control for the idiots.

I've been that tech guy, and I know the general population either has no idea about this occurrence, or they forgot as soon as they scrolled past.

[–] shnizmuffin@lemmy.inbutts.lol 22 points 9 months ago (1 children)

"We don't know how to rate limit our API or set billing alarms in the AWS console."

load more comments (1 replies)
[–] scrubbles@poptalk.scrubbles.tech 3 points 9 months ago (3 children)

Yup exactly. They just need better responses than "get legal on the phone"

load more comments (3 replies)
[–] jabathekek@sopuli.xyz 7 points 9 months ago (1 children)

The spacing in the email screwed up the formatting:

Dear Andre,

I'm Gianpiero Morbello, serving as the Head of IOT and Ecosystem at Haier Europe.

It's a pleasure to hear from you. We just received your email, and coincidentally, I was in the process of sending you a mail with a similar suggestion.

I want to emphasize Haier Europe's enthusiasm for supporting initiatives in the open world. Please note that our IOT vision revolves around a three-pillar strategy:

  • achieving 100% connectivity for our appliances,
  • opening our IOT infrastructure (we are aligned with Matter and extensively integrating third-party connections through APIs, and looking for any other opportunity it might be interesting),
  • and the third pillar involves enhancing consumer value through the integration of various appliances and services, as an example we are pretty active in the energy management opening our platform to solution which are coming from energy providers.

Our strategy's cornerstone is the IOT platform and the HON app, introduced on AWS in 2020 with a focus on Privacy and Security by Design principles. We're delighted that our HON connected appliances and solutions have been well-received so the number of connected active consumers is growing day after day, with high level of satisfaction proven by the high rates we receive in the App stores.

Prioritizing the efficiency of HON functions when making AWS calls has been crucial, particularly in light of the notable increase in active users mentioned above. This focus enables us to effectively control costs.

Recently, we've observed a substantial increase in AWS calls attributed to your plugin, prompting the communication you previously received as standard protocol for our company, but as mentioned earlier, we are committed to transparency and keenly interested in collaborating with you not only to optimize your plugin in alignment with our cost control objectives, but also to cooperate in better serving your community.

I propose scheduling a call involving our IOT Technology department to address the issue comprehensively and respond to any questions both parties may have.

Hope to hear back from you soon.

Best regards

Gianpiero Morbello Head of Brand & IOT Haier Europe

[–] scrubbles@poptalk.scrubbles.tech 3 points 9 months ago

Thanks, on my phone and can't edit it well right now

[–] Rentlar@lemmy.ca 6 points 9 months ago* (last edited 9 months ago)

I'm glad the threat of being on a FOSS Hall of Shame is effective for some companies, and that they can't just frivolous lawsuit away a hobby developer without consequences to their bottom line, which would have set a bad precedent against small-time FOSS developers everywhere.

Now their status to me is moved from "Shitlist" to "Shitlist Pending", they've talked their talk so now it's time to see them walk their walk. Best would be to allow users to control their Haier products from their own servers rather than Haier's. That will reduce their cloud computing bills from 3rd party users but they can still offer "compelling value" in their walled garden ecosystem as a simple one-and-done setup. Win-win right?

[–] Decronym@lemmy.decronym.xyz 5 points 9 months ago* (last edited 9 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
Git Popular version control system, primarily for code
HA Home Assistant automation software
~ High Availability
IoT Internet of Things for device controllers
VPN Virtual Private Network

4 acronyms in this thread; the most compressed thread commented on today has 6 acronyms.

[Thread #443 for this sub, first seen 20th Jan 2024, 17:55] [FAQ] [Full list] [Contact] [Source code]

[–] sabreW4K3@lemmy.tf 3 points 9 months ago

Happy to see them backtrack. I didn't think the backlash would be large enough. Let's see if they follow through on the backtrack though

load more comments
view more: next ›