To put bluntly, anybody who buys hardware that is inexorably linked to some cloud-crap should be ashamed of themselves and deserve the loss of money as a learning experience.
I *only* buy hardware that can be controlled and/or managed locally. Sure, it means some 'cool' gadgets aren't available in my world. But it does mean that what I buy will be supported and will just work.
If that means you buy PoE cameras and get a video storage solution? Well, so be it. That's the cost of doing it yourself, BUT it also means you have your own destiny in your control.
Whereas if you buy cloudcrap, *when* the company decides to alter the deal, you're at their behest. Dont like that? Too fucking bad.
> To put bluntly, anybody who buys hardware that is inexorably linked to some cloud-crap should be ashamed of themselves and deserve the loss of money as a learning experience.
This isn't "blunt", this is just cruel. Nobody "deserves" to be the victim of false advertising or broken guarantees, particularly when they can reasonably lack the necessary contextual knowledge to analyze them beyond face value. Most people do not have the time or the aptitude (which is developed through more time) to become a system administrator of nontrivial local computing resources, but still derive significant value from being able to things like remotely viewable cameras.
The lady mentioned in the article, the one who owns a pet-boarding kennel a few minutes down the road from her house, has her life materially bettered by being able to access cameras remotely, and her life is not materially bettered by becoming a sysadmin to get that except for the fact that she is downstream of bad actors.
The solution to this is not "well, everyone should be a sysadmin". The solution is "make the consequences of being a bad actor so petrifying that companies avoid doing so."
Candidly, I echoed a lot of the sentiments of your post when I was younger, more self-absorbed, and more confident of my ability to attain sufficient expertise in all walks of life to never need help. My attitudes changed as I grew older and it became clearer that I was just as fallible as the next person, just on different axes. I hope you get the chance to attain perspective, too.
We are, as it happens, all in it together, and the attitude your post expresses is counterproductive.
For a while I ran DDWRT on my routers, and spent hours learning about FreeNAS and ZFS. And I ran out of patience for it after a few years. I had more important things to do, and people to spend time with. My routers got replaced with Eeros and my NAS got replaced with a Synology. And while I don’t love that the former got bought by Amazon, both are pain free, and I spend a lot less time on them.
Yup. Even as a power user there's only so much time in the day. I ran a UniFi network locally for a while, because I was generally frustrated with the state of things. I still have the USG at the top of my network but everything south of it has been replaced with Eeros for Wi-Fi, and they just work(tm). I don't have time to fight with that stuff. I have a life.
I still run a FreeNAS box (well, TrueNAS), because I have work-related needs that Synology can't really handle, but that's a conscious choice and I have the skills necessary both to do it and to know that I need to. Most people do not. And that's okay. They have skills I do not have. Modern society functions on division of labor.
Good for you. If you want to have some non-free software in your home, you should have that choice. Someday, I will be skilled enough to run DDWRT on all my routers. But Everyone should have that choice, and plenty of consumer hardware is hardcoded to always serve their manufacturer, and not their owner. I will never again purchase hardware that I cannot control.
> Someday, I will be skilled enough to run DDWRT on all my routers
You probably already are! It's very easy to run an open-source firmware on a router that you purchase for the purpose. Don't bother with DD-WRT because it supports hardware that can only be driven by binary blobs tied to ancient kernel versions.
Just get something compatible with OpenWrt. My favorite manufacturer of this stuff essentially ships with OpenWrt plus an extra web interfaces, so you can just access the upstream web interface at a different URI if you don't want to install the latest firmware.
The standard OpenWrt web UI is as good or better than what your average router comes with. It's not harder to use.
> Nobody "deserves" to be the victim of false advertising or broken guarantees, particularly when they can reasonably lack the necessary contextual knowledge to analyze them beyond face value. Most people do not have the time or the aptitude (which is developed through more time) to become a system administrator of nontrivial local computing resources, but still derive significant value from being able to things like remotely viewable cameras.
You're right - that the government *should* do their thing and stomp down on companies with death-penalty-level fines and jail for the C levels and BoD. But lets be 100% real. Only 1 singular bank executive went to jail during the 2008 banking fraud crisis, and that was in Iceland.
The governments will not act in our best interests. That's transparently evident that we're in it on our selves and each other. I wish it weren't the case, but wishing something so does not make it so.
> The lady mentioned in the article, the one who owns a pet-boarding kennel a few minutes down the road from her house, has her life materially bettered by being able to access cameras remotely, and her life is not materially bettered by becoming a sysadmin to get that except for the fact that she is downstream of bad actors.
No doubt. But I'm surprised that there hasn't been a company who sells a on-prem video solution. Oh wait, there is. A cursory search showed me this https://www.amazon.com/dp/B08329JN9B for $560 with HDD. The cloud here is an optional thing.
This user decided to go with cloud-only crap for the convenience. And it's more convenient for the company to renegotiate the "deal". You pay peanuts, you get monkeys.
> The solution to this is not "well, everyone should be a sysadmin". The solution is "make the consequences of being a bad actor so petrifying that companies avoid doing so."
Or you realize that our country is very much "Caveat Emptor", and defend yourself appropriately, knowing legal remedies are few and far between. And if they ever do get a legal remedy, I'm sure they'll get a $10 voucher to buy more of the Cloud-crap.
Hardware that isn't tied at the hip to someone else's computer is already available. It's just not as cheap.
> Candidly, I echoed a lot of the sentiments of your post when I was younger, more self-absorbed, and more confident of my ability to attain sufficient expertise in all walks of life to never need help. My attitudes changed as I grew older and it became clearer that I was just as fallible as the next person, just on different axes. I hope you get the chance to attain perspective, too.
What is this self-help garbage doing in the middle of criticizing cloud-locked hardware being at the behest of a company? You do know that there are plenty of options that aren't infected with cloud-crap that are also outside of "build NVR in your basement".
> We are, as it happens, all in it together, and the attitude your post expresses is counterproductive.
We are absolutely not "in it together". You're on HN - you see the inexorable tread towards more profit at all costs for companies. If that means squeezing customers more, so be it. But they are not our friends, nor do they see themselves as us.
The US government is effectively captured at this point. Any remedies that happen here will be long after the damage was done.
Basically what I'm trying to get at is that we need to be vigilant and not buy into these "easy cloud ecosystems". At best, they are long-term contract-mutable rentals, and should be recognized as such. To that end, I'll pay more to stay away from those devices. That's about as much as we can do.
This feels like a very tech-centric perspective. I agree with you, if you restrict this to the very IT-savvy group, but this shifts the blame away from companies’ bad design/behavior.
Most people have no understanding of the difference between a cloud-connected device and one that just uses WiFi or BLE locally to communicate with an app.
I’d say if you work for a company that produces this kind of crap IoT, shame on you, and that people in that position should strongly push for the ability to ship with offline-only firmware.
Wow.. the cognitive dissonance here is staggering.
Nowhere did I say "build it yourself". There's plenty of turnkey commercial/industrial solutions that are also plug-n-play. Most even have PoE already built in. The problem with them for end-users: you front-load the cost to initial build.
The real problem for users with cloud-crap is that it's exceptionally hard to assess risk with cloud crap.
As for me, my simplistic solution is that "cloud = unacceptable risk". But that somehow here has translated to "DIY garage build while etching my own silicon and boards", which totally minimizes what I'm actually saying.
I did not suggest that anyone should DIY their IoT hardware. My point is I don’t find utility in shaming users for buying cheap cloud-based products - the average user doesn’t care or know about the tech choices, they just want to be able to change their light colors, play multi-room audio, etc.
Yes, a subset of consumers will find local-based IoT products and vote with their wallets, and there are great companies serving that market (at a premium). However, the financial incentives push most companies to produce WiFi/internet connected crap. It’s clearly cheapest to build on a ESP-type WiFi platform and build a bad cloud app.
I think the only way you really stop this is with strong financial penalties via regulation. I’d want two pieces:
Fines for cloud exfiltration of analytics or WiFi data beyond the base functionality of an application. Funding for FCC or other organizations to actively investigate reports of this.
Fines when companies “remotely” brick IoT products that are EOL by shutting off a cloud API. Something of this type should push companies away from any sort of cloud-based infrastructure because they’d need to maintain it for much longer. (Admittedly not well-informed here and maybe this is in progress already?)
I understand your perspective is that we can’t trust the government to properly regulate that, and maybe true. But it’s also unrealistic to expect most users to be well-informed. Even if most adults made that choice you still have a huge market of college students buying cheap crap.
Just because a device isn't cloud-connected doesn't mean it isn't designed for planned obsolescence. For example, the ongoing cheapening of major appliances, or the DRM applied to printer cartridges and coffee pods.
This is a legislation problem IMO: companies need to be held to reasonable expectations when they sell a product. My ink cartridge shouldn't say it's "empty" when the page counter reaches 100 [and it's still actually full]. Neither should cloud devices go to the landfill because the company selling them decided that they don't want to support them anymore.
Companies foisting negative externalities on us (like more e-waste) in exchange for more profit are a blight and should be treated (and prevented) as such.
> because the company selling them decided that they don't want to support them anymore.
in IoT for consumer devices companies must ensure that a software is free of security issues. in some cases the support period of 3rd party dependencies is out of control of the vendor. and vendors usually don't control the upstream silicon and firmware. so if an SDK ships an outdated mbedtls and upstream refuses to patch their SDK also downstream will not be able to release a patch. and in that case the law says connectivity needs to be disabled for that appliance. the situation today is that vendors are only starting to realize that this is the future in which they operate. so while the appliance is still operable in a dumb-mode any smart-features will have to be reduced to the max time you can ensure support.
while this sounds like pretty normal and sane to most it absolutely isn't how IoT vendors in the past have operated. And i hope the minute RED directive kicks into gear by Aug 2024 consumers will start to sue them into oblivion if a vendor is for some reason unable to ship a security update.
> I only buy hardware that can be controlled and/or managed locally. Sure, it means some 'cool' gadgets aren't available in my world. But it does mean that what I buy will be supported and will just work.
You are part of a vocal minority.
The vast majority of people aren't tech savvy. That's why smartphones are the way they are nowadays.
How does the average person go about a non cloud connected router? They barely know what it is, let alone what it means to administrate it over the cloud software. How is this their fault for not being a IT professional capable of understanding a $75 purchase?
We're not talking about an average person in this instance. We're talking about a company using video surveillance in watching their business.
If it were individuals, I would have a bit more sympathy. But this is this company's livelihood being able to realtime watch remotely their core business.
So yeah, they can pony up $500 for a good NVR and PoE cams. That would have saved her sob story.
It’s not always clear you’re getting cloudcrap when you buy the product. Sure, you and I can do the research and see that it’s tied to a service that will eventually shut down, but do you expect 100% of people out there to understand this?
I *only* buy hardware that can be controlled and/or managed locally. Sure, it means some 'cool' gadgets aren't available in my world. But it does mean that what I buy will be supported and will just work.
If that means you buy PoE cameras and get a video storage solution? Well, so be it. That's the cost of doing it yourself, BUT it also means you have your own destiny in your control.
Whereas if you buy cloudcrap, *when* the company decides to alter the deal, you're at their behest. Dont like that? Too fucking bad.