The Getting-Smarter SmartThings Home Hub

When last we left our intrepid, if challenged, SmartThings home hub, it was not having the best of times.

CNet picked up my previous story, and expanded on it in an article titled Samsung’s smart home push hits disconnect. In addition, researchers exposed what they considered to be serious security flaws with the hub.

Multiple issues exist in SmartThings’ framework, the researchers say, but most pressing are the privileges given to apps, many of which they don’t need to function. A smart lock might only need the ability to lock itself remotely, for instance, but the SmartThings API bundles that command with the unlock command, which an attacker can leverage to carry out a physical attack. Another over-granting of permissions involves the way in which SmartApps connect to physical devices. When a user downloads a SmartApp, it asks for specific permissions to perform its intended purpose. After being installed, SmartThings then lists all the devices that could be used with that app because of its ability to sync with those permissions. But it also gives the app more access than it needs.

In response, SmartThings CEO Alex Hawkinson apologized in the SmartThings community forum, promising improvements. He also posts a weekly update (the latest) about what improvements have been pushed out that week. In addition, the company recently hired Amazon’s former director of engineering, Robert Parker, to oversee the improvements.

As a result, SmartThing users have been seeing an improvement in the hub. We’re no longer seeing the “red bar of death” that used to be so common in the Android app. In addition, performance has improved, including better detection of presence, as well as quicker response to actions. Scheduled events actually run on schedule, after months of erratic behavior.

Hawkinson also responded to the security concerns:

A research report entitled “Security Analysis of Emerging Smart Home Applications” was released this morning by a team from the University of Michigan and Microsoft Research. The report discloses hypothetical vulnerabilities in the SmartThings platform and demonstrates how, under certain circumstances, they could be exploited. Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report. It is important to note that none of the vulnerabilities described have affected any of our customers thanks to the SmartApp approval processes that we have in place.

The system has stabilized enough that some of us are tentatively moving back into the world of the Smart Home Monitor—the golden child of the SmartThings network, responsible for security. It is this application that had the most faulty behavior, with frequent false alarms, and not being able to manually arm or disarm the system.

I turned on SHM last week for the first time in over two months. Unfortunately, I also had a false alarm at exactly 5:04 AM last Thursday, when one of my monitors detected movement where there was none. However, I do believe this is more the monitor (I’ve had some issues with SmartThings own motion sensors in the past)—perhaps reacting to a spider, or air flow eddies—and not the application or the hub. I’ve switched to a different motion sensor (the Fibaro Motion Sensor), and so far no additional false alarms.

We can now easily arm and disarm the SHM security system. When the security alert did go off, all the appropriate lights and alarms were triggered, and notifications sent. In addition, when I dismissed the alert, the alarms were immediately silenced, though I had to turn off all the lights manually.

There are still issues with the SmartThings Hub. The biggest concern is that most of the activity related to the Hub occurs within the cloud rather than locally. This means that if we lose internet connectivity—something that happens daily for me during the hottest part of the day in the summer—automatic actions that should still function, don’t.

We also still don’t have Rule Machine, the extremely popular community-developed application, and no idea if it will ever return.

Still, I’ll take the improvements we’ve received, and the promise of more.

I’m moving the SmartThings Hub from “hold on buying” to, “OK, you can give it a try, but don’t go crazy buying devices just yet”.

Learning Node, 2nd Edition is now live

Learning Node 2nd cover

Learning Node, 2nd Edition is now in production and should be hitting the streets within a few weeks. We had a bit of excitement when Node 6.0 was rolled out, just as we entered production. However, this edition of the book was specifically designed to accommodate Node’s rather energetic release schedule, and the book survived with only minimal changes.

In this edition, I focused heavily on the Node core API, rather than third-party modules. I figured the book audience either consists of front-end developers working with JavaScript in the browser, or server-side developers who have worked with other tools. In either case, the audience wants to know how to work with Node…not this module or that. Node, itself.

My one trip into the fanciful was the chapter on Node in other environments. In this chapter, I had a chance to introduce the reader to Microsoft’s new ChakraCore for Node, as well as using Node with Arduino and Raspberry Pi, and with the Internet of Things (IoT). I figured by Chapter 12, we all deserved a special treat.

The book’s Table of Contents:

Preface
1. The Node Environment
2. Node Building Blocks: the Global Objects, Events, and Node’s Asynchronous Nature
3. Basics of Node Modules and Npm
4. Interactive Node with REPL and More on the Console
5. Node and the Web
6. Node and the Local System
7. Networking, Sockets, and Security
8. Child Processes
9. Node and ES6
10. Full-stack Node Development
11. Node in Development and Production
12. Node in New Environments

A more detailed TOC is available at O’Reilly.

I had a good crew at O’Reilly on the book, and an exceptionally good tech reviewer in Ethan Brown.

Nest: Don’t toss it on the Smart Home dead pile just yet

Nest thermostat set to cool 74 degrees

Having heavily invested in Nest products, it’s disconcerting to read articles with titles such as Nest, Google’s $3 billion Bet, May Be in Trouble, or With $340 million in revenue, Nest is underperforming, and its future at Google is at risk. If Google dumps Nest, then who is going to maintain my Nest Protects (smoke and carbon monoxide detectors), thermostat, and Dropcam/NestCams?

The short version of the stories is that Nest is under-performing, it’s having problems with management, and talent is jumping ship. Well, Google, oh, sorry, Alphabet, can fix all of these problems: solve the management problems and work on keeping the necessary staff onboard. Alphabet/Nest also needs to roll out new products and integrate the Nest products with OnHub, which, from a smart home perspective, is dumb as a stump. Both efforts would be an interesting challenge to employees and engineer fresh interest in the brand.

I like my Nest products. I like the softly glowing green ring from my Protects when I turn out the light, letting me know they’re watching out for me. I also like that I can see how their battery is holding up just by using my smartphone. No more battery-low beeping in the middle of the night.

My one Dropcam, and a second NestCam are terrific. They’re the only video cameras I know that you can install indoors, point outdoors through windows, and get a good picture—whether daylight, or illuminated by outdoor lights. They adjust beautifully to changing light conditions, are quite responsive, and you can turn them off when you don’t need them.

My Nest thermostat is very useful…other than the one time the software glitch drained all the battery, leading to some very embarrassing moments for Nest and Alphabet. But my energy use has dropped because of the thermostat, and I have more finite control over what happens, and when.

I also have an IFTTT recipe where my Netatmo  triggers my Nest thermostat to turn on the fan, when it detects carbon monoxide levels exceeding 1500ppm. No more groggy, sleepy days working at the computer.

This IFTTT capability isn’t the only new integration. I can now control the thermostat using Amazon’s Echo, and in case of a fire, the Protects trigger my Philips Hue lights to briefly turn on bright red, to wake us up, and then dim red, which is better for seeing in smoke. They also flash yellow when there’s a warning.

What’s been missing from Nest in the past was smart home integration with other products. The division is now getting its act together in this regard. It would be a shame to cut it loose when it’s just now starting to get interesting.

Come on Alphabet, if you’re going to be a multi-headed hydra, then you have to know when to step back and when to step in. If the head of Nest, Tony Fadell, is as bad as people are saying, then toss his butt into the void and bring in fresh talent. If he isn’t that bad, then defend him. Either way, demonstrate your commitment to the company. No one is going to buy your products, no matter how shiny, if people think you’re going to cut both the products and the customers, loose to fend on our own.

A good place to start showing commitment is demonstrating some new smart home magic: Nest, meet OnHub. OnHub…OnHub…wake up, OnHub…meet Nest.

Smart Home, Older House, Cold House

Update:

Several publications have come out today, including one from the New York Times, about a software update being responsible for the battery drain. That’s one bad bug, and Nest is going to take a major credibility hit because of it.

We also had problems with our Nest Protects (smoke/carbon monoxide detection) a few weeks prior, with none of them being able to access the cloud. However, they work without wireless access, including the ability to connect and communicate with each other, so it was more of a nuisance than a problem. I do wonder, though, if the same bug didn’t get introduced into all Nest products.

In the meantime, adding a C wire didn’t work for us. It would have required too many holes being drilled, and damage to floor and wall. We’re going with the add-a-wire feature, instead.

Earlier:

Our home was built in 1986, which means it’s on the border between modern, new standards and the old way of doing things.

When we tried to add new GE smart light switches, we found that most of the switches don’t have a neutral wire needed to power the switches. The old, unintelligent switches didn’t need power—they’re just on or off. The new ones, need power to communicate with the controlling hub and other compatible devices.

The same applies to our thermostat: we don’t have a ‘C’ or common wire that runs from the heating/cooling system to the thermostat.

We have a second generation Nest thermostat, and not having a ‘C’ wire is supposed to not be an issue with this thermostat—at least with most HVAC systems. The device gets its power from the “red” wire (the power line) by “power stealing” a little bit of the power that comes through the line. The problem with this approach is if the system is very active, the device doesn’t have a chance to charge the battery as frequently and you can lose thermostat functionality, or even drain the battery.

The other issue is if the HVAC equipment isn’t running, at all, and the device needs power. What the Nest thermostat does is “pulse” the equipment to get a bit of juice, but supposedly very quickly, so that the equipment doesn’t come on. If this doesn’t sound like something you would want to do,  you’ll get agreement from many HVAC manufacturers.

Then there’s the situation that happened last night. It was very cold, so the system was running intermittently  through the night. In addition, I suspect from chatter in the Nest forum, the thermostat received a software update in the night. I also suspect that the software update drained what little power the battery had, to the point where I was faced with a completely black device this morning. I couldn’t even run it manually.

When the temperatures are below freezing, you don’t want a thermostat that doesn’t work. At this point, you’d settle for a dumb thermostat, as long as it turns on the heat.

I knew I could power the device using a micro-USB cord, connected to my computer. I connected it for about a half hour, charging the battery enough that I could connect it to the wall plate and turn on the heat. Of course, while the heat is running, the device isn’t charging, but it should have enough juice to take the chill edge off the house.

If we weren’t at home, I’m not sure if the device would have even been able to start charging without my assistance. Normally, the Nest thermostat shows a blinking red light when the battery is very low and charging, but it wasn’t showing this light this morning. It was completely drained.  We could have come home to frozen pipes and damaged walls.

Assurances from Nest aside, it’s time to update our wiring. We have a couple of options. One is we could attach a Venstar Add-a-Wire Adapter, which turns a 4-wire setup into the 5-wire setup needed for smart thermostats. Or we can run a ‘C’ wire from the HVAC to the thermostat. Though the latter approach is more expensive, we decided if we were going to fix the problem, we’d do so without a hack and we’d fix it once and for all.

Tomorrow morning our HVAC company is coming out to run the new ‘C’ wire to the thermostat, and hopefully we’ll never again wake up to a freezing cold house. If we do, than the Nest thermostat is being replaced by an Ecobee.