OnHub: Google’s Newest Miss/Hit?


Google is known for many things, including being wildly successful and a major cultural impact. But its path is also littered by the skeletal remains of failed projects.

Search, Maps, GMail, Chrome, Android, and some of the Nexus devices—not to mention its acquisition of the ubiquitous YouTube, as well as a successful set of hardware with recent purchases of Nest and Dropcam—are decided hits. But they’re matched by the misses, including Dodgeball, Notebook, Wave, Lively, Nexus Q, and Google Glasses. Reader was successful software that Google abandoned, and Google+ never has achieved the reach of Facebook.

Now we have a new entry into the Google sphere of products in which to dominate the world: OnHub. The question becomes, will it be a hit? Or another miss?

Continue reading “OnHub: Google’s Newest Miss/Hit?”

My Current Version of Learning Node

Orangutan laying on grass looking at camera

As we finished up Learning Node, 2nd, the Node.js Foundation released Node version 6. I quickly did a run through to see if I needed to modify the book text. Yes, indeed, I did.

One of the major changes was how new Buffers are created. This is a major change, considering how integral Buffers are to Node. I hastily re-wrote the section on Buffers in the book, noting that the existing examples demonstrate how to create a Buffer in Node 4.x, but not Node 6.x and later. I also provided additional examples for Node 6.x.

Another major change was how to refer to the fast lane version of Node.js, originally called “Node Stable”. Now, it’s referred to as “Node Current”.

I may have influenced this change. I filed bugs last year about the Node documentation.  One bug had to do with the confusion surrounding which version of Node should be the “default” API.

The Node.js Foundation recommends the LTS versions for production use, because of their long-term stability (hence the name). However, if you access API documentation for Node.js directly, such as searching for Buffer in Google, you’ll get the new Current version.

We went back and forth in the comments about the problems inherent with having the least stable API as the default documented API. I also repeatedly pointed out the problems when you have multiple “current” versions of Node (LTS and Stable), and how would people know which is the current version of Node.js?

To be honest, I didn’t see renaming Stable to Current to be one of the possible solutions. That’s a bit like sweeping dirt under the rug. Oh look! We can’t see the dirt now!

Back to finishing up the book. I quickly changed Stable to Current where applicable. What’s done is done. I hope the book does well.

This is my last book on Node. I may, in the future, write other books on technology, but not Node. Change is the byword for the Node community and that doesn’t translate well when it comes to writing books. I will, eventually, return to technical writing here at Burningbird in addition to my other writing, and I will write about Node. But no books.

And when I write on Node, it will be the current version. Whatever that may be.



The Getting-Smarter SmartThings Home Hub

When last we left our intrepid, if challenged, SmartThings home hub, it was not having the best of times.

CNet picked up my previous story, and expanded on it in an article titled Samsung’s smart home push hits disconnect. In addition, researchers exposed what they considered to be serious security flaws with the hub.

Multiple issues exist in SmartThings’ framework, the researchers say, but most pressing are the privileges given to apps, many of which they don’t need to function. A smart lock might only need the ability to lock itself remotely, for instance, but the SmartThings API bundles that command with the unlock command, which an attacker can leverage to carry out a physical attack. Another over-granting of permissions involves the way in which SmartApps connect to physical devices. When a user downloads a SmartApp, it asks for specific permissions to perform its intended purpose. After being installed, SmartThings then lists all the devices that could be used with that app because of its ability to sync with those permissions. But it also gives the app more access than it needs.

In response, SmartThings CEO Alex Hawkinson apologized in the SmartThings community forum, promising improvements. He also posts a weekly update (the latest) about what improvements have been pushed out that week. In addition, the company recently hired Amazon’s former director of engineering, Robert Parker, to oversee the improvements.

As a result, SmartThing users have been seeing an improvement in the hub. We’re no longer seeing the “red bar of death” that used to be so common in the Android app. In addition, performance has improved, including better detection of presence, as well as quicker response to actions. Scheduled events actually run on schedule, after months of erratic behavior.

Hawkinson also responded to the security concerns:

A research report entitled “Security Analysis of Emerging Smart Home Applications” was released this morning by a team from the University of Michigan and Microsoft Research. The report discloses hypothetical vulnerabilities in the SmartThings platform and demonstrates how, under certain circumstances, they could be exploited. Over the past several weeks, we have been working with this research team and have already implemented a number of updates to further protect against the potential vulnerabilities disclosed in the report. It is important to note that none of the vulnerabilities described have affected any of our customers thanks to the SmartApp approval processes that we have in place.

The system has stabilized enough that some of us are tentatively moving back into the world of the Smart Home Monitor—the golden child of the SmartThings network, responsible for security. It is this application that had the most faulty behavior, with frequent false alarms, and not being able to manually arm or disarm the system.

I turned on SHM last week for the first time in over two months. Unfortunately, I also had a false alarm at exactly 5:04 AM last Thursday, when one of my monitors detected movement where there was none. However, I do believe this is more the monitor (I’ve had some issues with SmartThings own motion sensors in the past)—perhaps reacting to a spider, or air flow eddies—and not the application or the hub. I’ve switched to a different motion sensor (the Fibaro Motion Sensor), and so far no additional false alarms.

We can now easily arm and disarm the SHM security system. When the security alert did go off, all the appropriate lights and alarms were triggered, and notifications sent. In addition, when I dismissed the alert, the alarms were immediately silenced, though I had to turn off all the lights manually.

There are still issues with the SmartThings Hub. The biggest concern is that most of the activity related to the Hub occurs within the cloud rather than locally. This means that if we lose internet connectivity—something that happens daily for me during the hottest part of the day in the summer—automatic actions that should still function, don’t.

We also still don’t have Rule Machine, the extremely popular community-developed application, and no idea if it will ever return.

Still, I’ll take the improvements we’ve received, and the promise of more.

I’m moving the SmartThings Hub from “hold on buying” to, “OK, you can give it a try, but don’t go crazy buying devices just yet”.

Learning Node, 2nd Edition is now live

Learning Node 2nd cover

Learning Node, 2nd Edition is now in production and should be hitting the streets within a few weeks. We had a bit of excitement when Node 6.0 was rolled out, just as we entered production. However, this edition of the book was specifically designed to accommodate Node’s rather energetic release schedule, and the book survived with only minimal changes.

In this edition, I focused heavily on the Node core API, rather than third-party modules. I figured the book audience either consists of front-end developers working with JavaScript in the browser, or server-side developers who have worked with other tools. In either case, the audience wants to know how to work with Node…not this module or that. Node, itself.

My one trip into the fanciful was the chapter on Node in other environments. In this chapter, I had a chance to introduce the reader to Microsoft’s new ChakraCore for Node, as well as using Node with Arduino and Raspberry Pi, and with the Internet of Things (IoT). I figured by Chapter 12, we all deserved a special treat.

The book’s Table of Contents:

1. The Node Environment
2. Node Building Blocks: the Global Objects, Events, and Node’s Asynchronous Nature
3. Basics of Node Modules and Npm
4. Interactive Node with REPL and More on the Console
5. Node and the Web
6. Node and the Local System
7. Networking, Sockets, and Security
8. Child Processes
9. Node and ES6
10. Full-stack Node Development
11. Node in Development and Production
12. Node in New Environments

A more detailed TOC is available at O’Reilly.

I had a good crew at O’Reilly on the book, and an exceptionally good tech reviewer in Ethan Brown.