Elk health, UPB/SA health, State of DIY HA - rambling questions

Linwood said:
So if I understand -- I must allow all these things to make ANY use of the hub itself.  I have a particular problem with the idea of it reading all my contacts and being able to (but does it?) send them to Samsung.
 
I should be able to trade these sorts of things for specific features only if I want them.  But I can't -- I give them up before I can even configure the device.
 
Or am I missing something?  It says I do not need to pay a monthly fee, but I do not appear to be able to avoid using their app.
Only permissions are location as described above and the ability to add photos, which it uses if you add a picture for each room.
 
No, I do not believe you need to use a phone application at all EXCEPT for the first step of scanning a bar code to pair it. Otherwise you can use the web IDE to do everything. You can delete the app and never use it again.
 
Just make sure you never stay at a Marriott, Starwood, Westin, St. Regis, or shop at a Target, Macy's, Sears, Best Buy, Chedders, Kmart, Arby's, etc.  They leak more info than that. Only use cash I guess.
 
Linwood said:
I don't know that Apple is quite so forthcoming about what is applications are allowed to do, but only my wife has an iPhone, not me.
Go to Settings, Privacy. There are Location Services, Contacts, Reminders, Photos, Bluetooth, Microphone, Speech Recognition, Camera, Health, Homekit, Music, Fitness. For each you can see what each application has been approved, and turn it off if you like. There is no secret access on an iPhone.
 
Dean Roddey said:
On the voice control thing, here is something I wrote up a while back that explains some of why it is how it is:
 
https://www.avsforum.com/forum/162-home-automation/2951030-automation-thoughts-part-quarteh-voice-control-pro-con.html
 
Best of both worlds would be an Alexa skill that turns the home screen of an Echo Show into the touch screen interface of your local automation system. Would be great to have a $180 wireless touchscreen voice assistant in each room to select music from your local library, show security cameras, display weather, HVAC status, song lyrics, and fire/security zone status while reading you the news or playing music or answering questions or proactively alerting you by voice to status changes within the automation sensors. Just need Amazon to provide API features that allow more direct /local communication with Echos so that local HA interfaces can be implemented without a cloud service dependency.
 
An interesting point on Google, and the whole 'Google Style Economy', which is from a guy whose name I'm blanking on so I can't give appropriate credit, is that Google's economy is one of zero obligation to the customer. If you never charge customers for things, you have no obligations to them, other than whatever minimums can be forced by law. If you make your money selling information about or targeting ads (for money) towards your 'customers', you can avoid ever actually selling things to your customers. If you don't sell them anything, they have no financial leverage over you other than to quit using your free services (which provide that information based revenue stream), and how likely is it that all those folks are going to do that and start paying someone for those services instead?
 
The only folks who have any financial leverage over Google are the companies that pay for ads, and they aren't in the business of protecting our rights against big data, or enforcing big data's obligations to us. That would in fact be against their interests to do so (at least in the first order business sense, obviously they themselves are also part of that information revenue stream in most cases as individuals.)
 
And of course this is forcing our digital economy more and more in that direction, because it becomes harder and harder to sell an actual product. You have to instead give away the product as a means to sell a service. Microsoft has been pushed this way relentlessly in order to compete. Windows is becoming a service, not a product. Eventually, they'll probably try to make it a pure service (i.e. cloud based) I'm guessing, because all of the pressures are lining up in that direction against them. Thankfully I'll either be dead or struggling to eat oatmeal by then.That's why Windows now hectors you constantly about Azure and Microsoft's cloud services. Google'ism has forced them in this direction. 
 
If you want to get big VC capital these days for a software oriented project, I'm guessing if you don't demonstrate some way in which you are going to A) create a permanent dependence of your customers on your services and hence an ongoing revenue streams by making it a service and B) have some means to gather lots of data that can be used to your advantages, that you probably have a long row to hoe if you are talking about trying to sell an actual product.
 
Of course the loose morals of the buying public haven't helped on this front. You can't steal a service like you can a piece of software. Well, not nearly so easily anyway. If you give away the software, it can't be stolen, it's only a means by which you encourage people to use your service.
 
Being completely hunkered down in DeanWorld for decades I never really understood how things like Microsoft's Azure had changed things. You can sign up, stick in your credit card, self-configure a system, have it up and running in an hour, add more power to it as you go. So it becomes almost frictionless to just set up some service based system and see if it works. If it doesn't, delete the virtual machine, and go try something else. You never sold anything to your customers so there is no obligation for ongoing support or availability. They were paying for a service for a short period of time. Once that time is out, you have no obligation to them. So wait till the end of the month, don't renew any subscriptions, and shut it down.
 
Mea culpa I think I dragged this topic off track a bit... 
 
My real question is how well the "classic" automation vendors or standards are doing, e.g. SA, UPB, Elk, and whether the non-cloud varieties are managing to hang in there and thrive, or is it all hopelessly buried by the Cloudy vendors?
 
Well, the great unwashed masses are pretty much cloudy eyed, because that's how people make money at the low end and the bulk of new entrants are just playing around with simple stuff.
 
Some of those people may leave from the real automation oriented products to disappear into the cloud. But some will get their feet wet and then want to dig deeper. The bulk of people currently coming into it were never viable customers for serious automation products anyway, so it's not like those folks are eating into that more serious market. Those are just people who are making the pie bigger. That does mean that the percentage of the pie owned by the more serious market is smaller in proportion, but not necessarily smaller in absolute volume. 
 
If you want to do serious automation in a completely local manner, it's totally doable. Of course some things do go out the net, but they aren't anything related to the cloud based thing, such as weather data sources. CQC plus Radio RA2 is the core of a totally pro level, all local setup. There's no way Lutron is going away. Companies like them have revenue sources that go well beyond the home. 
 
Dean Roddey said:
There's no way Lutron is going away. Companies like them have revenue sources that go well beyond the home. 
 
I do a lot of sports photography.  Nikon has some of the best high end cameras in the world (Canon being the other player).  They sell a miniscule number of those in comparison to point and shoot, mirrorless, and low end DSLR's.  But they keep doing them.  Despite $6500 for a high end D5, I suspect they make very little money on the top line cameras, certainly in comparison to ones they will sell 1000x as many.  I almost equate this to the examples above, of unwashed masses, EXCEPT:  It seems most suppliers in HA tend to either be for pro gear, or as you put it, the great unwashed masses.  There seem to be few that find it beneficial to run the gambit from "I just want to plug it in and have it work" to "I want someone to come plug it in for me" to "If it doesn't involve soldering and programming I do not want it". 
 
There are some.  Maybe Elk intends to be, though I do not have an impression a lot of pro installers use it (today), do they?   Some have ranges of products but not really substantially different products, just more/less features (e.g. 3 drivers vs. 10 vs. 20). 
 
I think the camera vendors see at least two things: (1) high end cameras are a lure, built in advertising proving their expertise, much as the Ford racing team's cars help Ford sell Escorts, even if there's nothing similar, and (2) they expect some fraction of their users will upgrade and climb the product hierarchy.
 
I do not get much impression HA vendors do either thing.  Meaning there is a loose connection at best (Lutron) or no connection at worse (C4, etc.) between high end pro products and mass-market and DIYers.
 
It seems like it may be more healthy if they followed a more more like cameras.
 
There are some.  Maybe Elk intends to be, though I do not have an impression a lot of pro installers use it (today), do they?
 
I just replaced my old Omni Pro 2 system with a Qolsys system. I used the Yellow Pages to contact 9 security system installers in my area as part of my selection process. None of the 9 installers handles either the HAI or Elk systems. Most handle either DSC, Honeywell or an OEM version of Honeywell. But some will install any security panel for $$$$$$$. It's usually a “time and materials” bid meaning that they cannot quote you an exact price for installation. For example, they may have to send a tech to Louisianna for training on the system to be installed in order to issue an alarm certificate required by the insurance company. Obviously, the client has to pay for that cost.
 
Implementing home automation is for the most part, a sideline interest. Their bread and butter is installing a security system. If a customer wants home automation, they will install it. Most of them use Alarm.com, a cloud based monitoring system  for monitoring the security system since it also provides home automation capabilites if required by the homeowner. Also, the Alarm.com monitoring is super easy for the installer to set up which means less time spent on the job and in turn means more profit. Time is money in the security system line of work.
 
Home Automation has lots of segments that all seem to operate independently. Certainly there is high-end, like Control 4 where the rest of the world doesn't matter as long as there are enough high-end homes being built. Mid-end and/or DIY market is what is discussed here, and varies a bunch with lots of opinions. The mass-market entry level is what everyone is going after because that is where the money is. These are the hubs and things like you find in Home Depot and Lowes. 
 
Although many people here write-off this "mass-market" equipment as simple or not full-featured, they might want to try it before giving that assessment. I have a SmartThings hub, and a few Echo Dots around my house. They are both pretty simple devices that anyone who can connect them to Wi-Fi can get working. The Dots are maybe $20 each on sale, the hub maybe $80.  For this example I added in 4 Zigbee door locks.
 
This is all stuff you can buy at Home Depot or Lowes, but guess what? Its the average-Joe's introduction to Home Automation. Up and running in a few hours. But what can it really do? Lots actually. I can use my voice in any room to lock or unlock any door. I also can lock or unlock my door anywhere in the world with my phone. But it gets even better. SmartThings knows if I and my wife are actually home or away by monitoring our phone location, so it can lock our door when we leave, automatically. And I, with my phone, can actually add or remove entry codes on any of my door locks at will anywhere in the world. So maybe if my neighbor needs to get in when I'm away, I add a code, then remove it later after they have used it. And note, this all was running a few hours after getting it, at a very reasonable cost. If I want to add lighting, or thermostats, its easy enough.
 
Now does it have some negatives? Sure, and in some ways, the "old generation" of products are better in some areas, but that is even changing with time, and this also explains why ELK and Leviton are not putting giant amounts of money in their old products. Things certainly change over time, and if you don't spend time updating your knowledge, your missing out.
 
ano said:
Although many people here write-off this "mass-market" equipment as simple or not full-featured, they might want to try it before giving that assessment. I have a SmartThings hub, and a few Echo Dots around my house. They are both pretty simple devices that anyone who can connect them to Wi-Fi can get working. The Dots are maybe $20 each on sale, the hub maybe $80.  For this example I added in 4 Zigbee door locks.
 
Actually simple is fine and good and I love this level of stuff.  What I do not is trust it.  Not talking privacy here, but I do not trust the IOT vendors to secure anything.  Are you not worried that these cloud-connected, account-required systems are so frequently hacked?   I guess any one given system at any given home is pretty unlikely for things like physical security.  But bothers me to assume that not being an attractive target makes for good security.
 
For pros, it's not matter of can it do X, it's a matter of can it do X reliably for years at a time? Every time it fails, they get a call. Consumer stuff is just not as reliable as pro level stuff, and that's why pro level stuff exists. It's more conservative and it doesn't follow the latest trends for exactly that reason, because it needs to be highly reliable more than anything else. If it's not, no matter what it can do, pros will resist installing it because they are on the hook for it working. 
 
And it's also a matter of how many other moving parts (that I don't control) are involved before it can do its thing and will those things be reliable for years at a time. For anything connected to the internet, that's basically a hard no, so they will think hard before they support such things. Or they will add a proviso that if it breaks they will charge you to come out and look at it, no matter what the underlying cause, which may make their customers leery of having it installed. Even for things that use the network internally it's a tricky thing and many high end installers will not accept the user's consumer grade network gear as part of the package either.
 
There's just a completely different set of requirements for pro gear vs. consumer gear.
 
Linwood said:
Actually simple is fine and good and I love this level of stuff.  What I do not is trust it.  Not talking privacy here, but I do not trust the IOT vendors to secure anything.  Are you not worried that these cloud-connected, account-required systems are so frequently hacked?   I guess any one given system at any given home is pretty unlikely for things like physical security.  But bothers me to assume that not being an attractive target makes for good security.
I would not use a cloud-based system for my security system. I think that needs to be local, but that's not to say my local security system can't provide zone status to a cloud-based system for use in home automation.  Many companies that monitor home alarms allow a customer to see the state of their alarm and all their zone states on-line, so I'm not sure how that is different.
 
As for hacking, its certainly "possible" but not very likely. As we see daily, hackers steal personal information like credit cards because they sell the information and it yields them money.  So I'm not really sure how a hacker (typically in China, Russia, etc.) is going to make money from knowing my house's temperature, or even controlling the lights?  So even if they could unlock all the doors?  They are in China. Its not like they can steal much. 
 
So can it be hacked? Sure. Is there really any motivation to?  Not that I can see. Plus companies like Samsung are are of the problem and adding security updates.
 
ano said:
So can it be hacked? Sure. Is there really any motivation to? 
 
For a botnet.
 
Armed with an enormous network of pwned devices, you sell your services to anyone needing, for example, to perform a DDOS attack. Imagine harnessing the power of all Amazon Echos or all SmartThings SmartHubs. Like hacking residential routers, it's a huge juicy target.
 
Yeah, and the other aspect of this hinted at above is that while it used to be most hacking was targeted (a human decided to attack a victim), the vast majority of attacks now are automated.  It used to be that being a low value target, if not assured you would be skipped, at least increased the odds.  Now not so much.  Further, attacks on IOT devices provide a foothold.  Unless you have them isolated completely in your network, they (say a camera) can be taken over and they in turn may have direct IP access to real computers inside that are not accessible from the internet directly. 
 
I do get that something like door locks are not a high value target to the Russians (etc), but any kind of exploit of your internal network can end up being quite a bad thing, indeed it may not even be activated for months, just sitting there until it/they notice something interesting, or use you to attack someone else.
 
I ran IT for a company that had vendor reps in a big room (they rented from us), and we gave them internet access.  Then we got a letter from Time Warner (the movie side not the network side) threatening action to terminate our internet service because we were distributing pirated movies.  Turns out one of the vendor reps had an exploit on his laptop, and it was using our big internet pipe as a forwarding node to distribute pirate movies.  Was a mess to get straightened out, as the provider was just going to take Time's word that it was us doing it, and it was our main internet pipe.   That kind of thing rarely happens to residences, but it can.  Plus excessive internet use can run up additional charges for people who are metered (or cause throttling at least). 
 
Honestly I think it's a lot like not getting vaccinations, or not buying flood insurance in a floodplain.  Sure, the odds still favor you having nothing bad happen, but it's just sill to assume nothing bad will happen and not prepare.
 
Back
Top