Don't forget to patch your dishwashers, people!

[WelshBloke]

I can see the usefulness of a fridge network connected or a thermostat, but a dishwasher? Da fug? Next thing you know toasters and the shiter will be connected too! "Oh look, it counts the amount of fiber in my shit. I'm low, think I'll eat a few cereal bars. "

https://techcrunch.com/2009/04/01/j...results-to-cell-phones-via-personalized-urls/

 

[pcgeek11]

Considering they sell fridges with 1080p cameras on the inside that you can check on your phone now, it's not that far fetched.

Why would you need that? The world has gone insane. I guess I am too old to understand this IoT shit.

 

[Red Squirrel]

Immediately thought of tin hats after reading this

Kaido found probably the best picture for it, so I can add nothing to this conversation. I just wanted to make sure you know that he wasn't alone

Thing is the "tin hat" argument no longer really works, after all the Snowden revalations that came out and continue to come out. Before it was just a conspiracy, now it's reality. Just recently the CIA was found using Smart TVs to spy on people, for example. This IoT stuff just adds more avenues for that to continue.

If I want to automate something I rather design it myself sans backdoors.

Smartphones are a pretty massive trojan too and it's harder to get away from them but one can still make some semi smart decisions about usage. Avoid special apps like the FB app for example. Have it connect to wifi that is separate from your main network in case it tries to harvest data, heck, leave it at home sometimes. Throw off the tracking algorithms. One thing that would really be nice is an open source based smart phone that is not tied to any special account and where you have full control of the hardware though.

I have a Blackberry that has a custom version of Android, so it's something, but still not as good as something equivalant to a computer running Linux.

Then again Intel chips are backdoored so even computers are fully accessible by the government at the low level... can't really win. But it sure does not help if you add IoT shit to the mix.

 

[John Connor]

Thing is the "tin hat" argument no longer really works,

But, but, how do you prevent the NSA satellites from listening to your brainwaves and partnering with the AD Council to beam commercials on your TV that purposely get stuck in your head because they all know your brain wave patterns?

LOL!

 

[John Connor]

No Such Agency is just that. They don't work for the government. They have ulterior motives. I mean think about it. When was the last time the NSA actually prevented a terrorist attack? Given the fact they have Peta bytes of shit on every thing and anything, and knowing the golden rule: someone ALWAYS talks, I have not heard once in the media that the NSA helped to stop a possible terrorist attack. But yet, we have had them. San Bernardino for example. Even 9/11. Although, they call that an "Intelligence failure."

Now I know what the supporters of the NSA would say. "That's just it. They are silently acknowledged." Or some shit like that. As if they are so classified that their work does prevent terrorist attacks, you just don't know it. Must be nice to work at an agency where your work is for bullshit and nothing more. Personally, I'd rather be a field agent in the CIA. "The farm" is an awesome place.

Here's something really interesting. I remember seeing the movie Enemy Of The State staring Gene Hackman and Will Smith. This movie was a flipping prophecy as to what we face in this day and age. If you haven't seen it, it's HIGHLY recommended. Now here's something really bizarre that caught my most astute and observable eye. LOL! In the movie actor Jon Voight who played the character Thomas Brian Reynolds had a birthday in the movie of 9/11. This movie was released in 1998. I know that's nothing huge, but given the plot of the movie I thought it was just interesting.

 

[Pulsar]

My light bulbs are on my local wifi. They are multicolor-led. My garage door is on my wifi. My door locks are on my wifi.

But my dishwasher? Why? I can even see the case for a stove (to check if it's off) and microwave and toaster. Furnace. AC. But dishwasher? WTF?

 

[Red Squirrel]

Yeah seems odd to me. Really what would be neat is if these IoT stuff would just be hard wired ethernet and use standard protocols like SNMP, SSH and a web interface. It could report various operating parameters such as temperature, water flow, if any filters need to be cleaned etc... IoT could be a cool thing if it was done properly, but in most cases it's not.

 

[mikeymikec]

The main thing that I don't understand is why on earth manufacturers of IoT items don't employ people with experience of writing Internet-facing services to design the software; people who have a fair bit of experience in making sure that there aren't buffer overruns in obvious places, or vulnerabilities that were first discovered about 18 years ago IIRC.

 

[JackBurton]

The main thing that I don't understand is why on earth manufacturers of IoT items don't employ people with experience of writing Internet-facing services to design the software; people who have a fair bit of experience in making sure that there aren't buffer overruns in obvious places, or vulnerabilities that were first discovered about 18 years ago IIRC.

Because they're idiots. They don't have to reinvent the wheel, they just need to partner with big players that focus on these type of products and can secure them properly. That is the whole point of Apple's HomeKit. A secure platform that other companies can leverage for their own products.

 

[Genx87]

The main thing that I don't understand is why on earth manufacturers of IoT items don't employ people with experience of writing Internet-facing services to design the software; people who have a fair bit of experience in making sure that there aren't buffer overruns in obvious places, or vulnerabilities that were first discovered about 18 years ago IIRC.

Because Internet of Things is a marketing phrase pushed by marketing people. So the same marketing people think "lets put a website on our dishwasher" and then go about it in the least secure way. Can you imagine the glossed over eyes for these marketing people when somebody explains security? They just push by it and slap that sticker on their product. Months later that webserver becomes compromised.

 

[mikeymikec]

Because Internet of Things is a marketing phrase pushed by marketing people. So the same marketing people think "lets put a website on our dishwasher" and then go about it in the least secure way. Can you imagine the glossed over eyes for these marketing people when somebody explains security? They just push by it and slap that sticker on their product. Months later that webserver becomes compromised.

While I agree with the general sense of cynicism in your response, someone technical still had to be employed to implement a webserver. It may be the case that say a refrigerator company has never employed anyone in that capacity before so the idiot in charge of the project employs the dimmest school leaver who then learns on the job. However, I'd be willing to bet that say a refrigerator company still has an IT department, and someone there probably has experience in maintaining server software, and the company could have asked that person's opinion before employing a programmer for this job.

 

[nakedfrog]

While I agree with the general sense of cynicism in your response, someone technical still had to be employed to implement a webserver. It may be the case that say a refrigerator company has never employed anyone in that capacity before so the idiot in charge of the project employs the dimmest school leaver who then learns on the job. However, I'd be willing to bet that say a refrigerator company still has an IT department, and someone there probably has experience in maintaining server software, and the company could have asked that person's opinion before employing a programmer for this job.

They'd have to care first. Sometimes no matter how strenuously a programmer objects to releasing a product/update, high level management will push out the turd anyway. They'd rather have the feature on the checklist, regardless of how well it works or what the consequences are.

 

[mikeymikec]

They'd have to care first. Sometimes no matter how strenuously a programmer objects to releasing a product/update, high level management will push out the turd anyway. They'd rather have the feature on the checklist, regardless of how well it works or what the consequences are.

Yup, it happens.

 

[Genx87]

While I agree with the general sense of cynicism in your response, someone technical still had to be employed to implement a webserver. It may be the case that say a refrigerator company has never employed anyone in that capacity before so the idiot in charge of the project employs the dimmest school leaver who then learns on the job. However, I'd be willing to bet that say a refrigerator company still has an IT department, and someone there probably has experience in maintaining server software, and the company could have asked that person's opinion before employing a programmer for this job.

IT departments wouldn't consult on product marketing. The company may have a dev team that would write or build the thing. However they may have their hands tied by the other departments. Generally when things like this happen. It is somebody who doesn't know their ass from the hole in the ground pushing the newest fad without a clue of the ramifications. And most likely contracted it out. In this case I suspect that is the case. They have no apparently avenue to disclose known bugs. Meaning they don't have staff dedicated to supporting the product and the contract for who developed it was not renewed.

 

[Carson Dyle]

While I agree with the general sense of cynicism in your response, someone technical still had to be employed to implement a webserver. It may be the case that say a refrigerator company has never employed anyone in that capacity before so the idiot in charge of the project employs the dimmest school leaver who then learns on the job. However, I'd be willing to bet that say a refrigerator company still has an IT department, and someone there probably has experience in maintaining server software, and the company could have asked that person's opinion before employing a programmer for this job.

You can't be serious (but I think you are).

You're going to ask someone from corporate IT to review the programming of a product? That's like asking someone from the building maintenance department to give their opinion on the paint job.

SMH.

 

[BudAshes]

Now that I honestly think about it. I could use this. Every single day my wife asks me if the dishwasher is clean or dirty despite the flashing "clean" information display on the dishwasher. Her family does this too at their homes. My response is always the same "Either look at what the dishwasher says, or open it and look at the dishes; why should I get up to look for you when you are standing right in front of it". But, if she could instead go to a dishwasher's website to see if it is clean, I would be spared that repeated question.

I'd be asking for a divorce about the 3rd time this happened.

 

[mikeymikec]

You're going to ask someone from corporate IT to review the programming of a product?

You've entirely missed my point. My suggestion was at the very start of the process, before there is any code, and my post you quoted was pretty explicit on this point.

 

[Carson Dyle]

You've entirely missed my point. My suggestion was at the very start of the process, before there is any code, and my post you quoted was pretty explicit on this point.

The difference between an embedded HTTP server in an appliance and one used on public web sites is night and day. Someone tasked with maintaining a corporate web server likely knows nothing about implementing the latter.

 

[bob4432]

While I agree with the general sense of cynicism in your response, someone technical still had to be employed to implement a webserver. It may be the case that say a refrigerator company has never employed anyone in that capacity before so the idiot in charge of the project employs the dimmest school leaver who then learns on the job. However, I'd be willing to bet that say a refrigerator company still has an IT department, and someone there probably has experience in maintaining server software, and the company could have asked that person's opinion before employing a programmer for this job.

You are going to get the lowest bid for a job like this and therefore the lowest quality of code that does 75% of what is needed, regardless of how bad it is programmed. Script kiddies (literally kids) in china that have no real idea of what they are copy/pasting into their Arduino IDE, but if they can get it to do 75% of what their boss wants they are golden and get a new name tag that says 'programmer of the month'. IoT is just the same - why would anybody want to rely on a door lock or garage door opener that is connected to the internet? None of this stuff is hardened, or hell not even hardened, but properly programmed and updated as vulnerabilities become known.

 

[Unico]

Your dishwasher on the Internet is a first step towards developing an app to replace the dishwasher’s control panel. Why go to the expense of all those buttons and a display when your cell phone can perform the same function.

Besides if you want to upgrade to a more expensive dishwasher with extra features and cycles it would be just a case of paying for an upgrade to the app running on your cell phone. Lower manufacturing costs and extra revenue stream from the customers.

 

[Pulsar]

Your dishwasher on the Internet is a first step towards developing an app to replace the dishwasher’s control panel. Why go to the expense of all those buttons and a display when your cell phone can perform the same function.

Besides if you want to upgrade to a more expensive dishwasher with extra features and cycles it would be just a case of paying for an upgrade to the app running on your cell phone. Lower manufacturing costs and extra revenue stream from the customers.

Nope. Manufacturers will not add additional hardware to a dishwasher in the hopes of someone upgrading in the future. That goes directly against profit models.

 

[Exterous]

The main thing that I don't understand is why on earth manufacturers of IoT items don't employ people with experience of writing Internet-facing services to design the software; people who have a fair bit of experience in making sure that there aren't buffer overruns in obvious places, or vulnerabilities that were first discovered about 18 years ago IIRC.

They probably had someone with 'Technical experience' in some other area like electrical engineering tasked with doing it because electrical engineering and IT both deal with stuff with electrons and green boards that have all kinds of cool bumps and solder lines. That person either A) Is overworked and just rushes through it B) The company just eliminated 5 other electrical engineers so this guy needs to get it out to prove his worth C) wants to be the star employee who figured it out on his own or D) Tried to talk to IT about it but they are either 1) Jerks 2) Overworked and don't have time to do their own job let alone product development or 3) Its outside their contract because the CEO outsourced everything to a company in the Sahara desert that barely speaks English

 

[nakedfrog]

Your dishwasher on the Internet is a first step towards developing an app to replace the dishwasher’s control panel. Why go to the expense of all those buttons and a display when your cell phone can perform the same function.

Besides if you want to upgrade to a more expensive dishwasher with extra features and cycles it would be just a case of paying for an upgrade to the app running on your cell phone. Lower manufacturing costs and extra revenue stream from the customers.

Be better off just using Bluetooth if that was the goal.

 

[mikeymikec]

They probably had someone with 'Technical experience' in some other area like electrical engineering tasked with doing it because electrical engineering and IT both deal with stuff with electrons and green boards that have all kinds of cool bumps and solder lines. That person either A) Is overworked and just rushes through it B) The company just eliminated 5 other electrical engineers so this guy needs to get it out to prove his worth C) wants to be the star employee who figured it out on his own or D) Tried to talk to IT about it but they are either 1) Jerks 2) Overworked and don't have time to do their own job let alone product development or 3) Its outside their contract because the CEO outsourced everything to a company in the Sahara desert that barely speaks English

This has been the impression I've previously had about when new tech enters an existing market (like cars with Bluetooth admin interfaces): It might have been a skilled person who did the work, but little relevant experience of IT security.

 

[repoman0]

Lol @ this IoT stuff. We live in an age where the government is doing everything it can to spy on and control our every move. And then here we are facilitating that by putting this crap in our houses. What pisses me off about this movement is that it will eventually be hard NOT to buy that crap because everything will be "smart". Just look at TVs. Good luck trying to find a non smart TV. Though I was reading and apparently they only use your wifi? So if you don't configure it then I don't think the spying stuff works. I always had the impression it just used something else like 3G or satellites or something. Seems something to spy on you would not depend on connectivity that you have to actually setup.

Of course it's just wifi ... and people set it up because they can then easily stream from Netflix, Amazon, Hulu etc.

I made the mistake of allowing my new-ish Samsung TV to connect to my wifi for streaming capability and forgot to turn off automatic firmware updates. Well, since buying it, they pushed an update that simultaneously broke the ability of the TV to route audio from its built in apps through my receiver and speakers, and started showing stupid ads in the "home" screen where you choose an app or select inputs.

Yep, after I bought it, they actually pushed an update that shows ads that you can't opt out of in any way, save disconnecting the TV. And at the same time broke a feature I use.

Needless to say, I thought about selling the TV on craigslist and buying a replacement from a Samsung competitor ... but settled for disconnecting it, buying a Roku and never purchasing from Samsung again.