Smart Gardening Firm's Shutdown a Reminder of Internet of Things' Fickle Nature

AeroGarden, which sells Wi-Fi-connected indoor gardening systems, is going out of business on January 1. While Scotts Miracle-Gro has continued selling AeroGarden products after announcing the impending shutdown, the future of the devices' companion app is uncertain.

This is about proprietary software, not IoT

[Sloppy]

The Internet of Things is not a stupid idea. There is nothing really about IoT which dooms maintenance, necessitates insecurity, or all the other curses you see in IoT context. This is about proprietary Internet of Things. And (surprise!) all the same damn issues exist with tiny computers as exist with desktop computers.

When you buy an IoT thing and have this kind of maintenance problem, remember: it doesn't have to be that way. If it takes a failure to learn, then take that failure and learn. Learn exactly the same thing that RMS learned when he had printer trouble.

Re:

[DarkOx]

It does have to be this way because big tech wants it this way.

You have Apple for example trying to make certs last 45 days as a standard. Why? Because it means your IoT widget will almost certainly stop working unless you let it call back to the mothership...

Re:

[saloomy]

HomeKit does not require an internet connection for the device to operate, and if this device was HomeKit compatible, no one would care if the App or Mothership stopped working because the company shut down. HomeKit mandates the connection be handled on-device so the HomeKit Hub can communicate directly with the device no ifs ands or buts. Relaying your home automation via the internet was a stupid idea from the beginning.

Re:

[Darinbob]

Or the mothership calls it to update, which is what we do. Most consumer grade crap IoT wants a daily charge anyway, so phoning home isn't as big a deal was with a battery powered sensor.

Re:

[rtkluttz]

It isn't even a proprietary software problem and is a forced cloud problem. NO PRODUCT in a home or business should require authentication and asking permission to control something behind your own firewall. It is the digital equivalent of buying a home and the real estate agent refusing to give you a key and saying you must ask them for permission everytime you come and go or want to change anything in your home. Cloud services in addition to local control and local API's are absolutely fine. But as the on

Re:

[Bert64]

It's a side effect of deny-inbound-by-default firewalls and widespread NAT.

If you make a device that is controllable directly then It won't work AT ALL if you're stuck behind CGNAT and don't have IPv6 (assuming the device supports IPv6, and the connection you're on does too).

Even if you do have IPv6 or routable legacy IP, you will still need to open it up on the firewall - try explaining how to do that to random users, or handling support calls for thousands of different types of router, or users stuck behi

Re:

[rtkluttz]

Absolutely incorrect. Devices were running built in web servers for command and control for many years before this cloud control crap started. Many devices, especially stuff like the enphase solar controllers I mentioned, should really be airgapped if you care about security. Set up a vpn and you are golden. Requiring cloud control is absolute bullshit. I even argue that broken communication SHOULD be the default unless a user takes sophisticated action to expose it to the internet. Make no mistake about it

Re:

[Darinbob]

For the home maybe, for industrial or commercial use you can set up a tunnel through the firewall, with a 6-in-4 tunnel because IPv6 makes more sense even if the local ISP doesn't know what that is. Then you can have phone home for data collection, but phone from home to device for command and control and the firewall won't stop you.

But home IoT is all based upon being to market first, meaning generally substandard quality, short battery life, lack of security, and probably talks to a phone.

Re:

[tlhIngan]

It's a side effect of deny-inbound-by-default firewalls and widespread NAT.

If you make a device that is controllable directly then It won't work AT ALL if you're stuck behind CGNAT and don't have IPv6 (assuming the device supports IPv6, and the connection you're on does too).

Even if you do have IPv6 or routable legacy IP, you will still need to open it up on the firewall - try explaining how to do that to random users, or handling support calls for thousands of different types of router, or users stuck behi

Re:

[Darinbob]

Well, for simple home use, you're probably right. For industrial use it's different. The customer demands security, they demand that security be in place to prevent eavesdropping or unauthorized access, and so using PKI based certs makes sense. Also shorter cert lifetimes for better security than the average emarket web site. Certs are cheap, and plenty of them living together on the device, so some can be very short lived and regenerated only when needed. Handy stuff when you've got mutual distruct be

Re:

[Cyberax]

Chamberlain garage door openers no longer have local API's and require asking permission of servers outside your control to open your own garage door.

With Chamberlain garage door openers, I highly recommend ratgdo: https://paulwieland.github.io/... [github.io] , it's a ESP32-based board that provides local control over the opener.

FWIW, Chamberlain's cloud is basically useless for the setup anyway. All it can do is trigger door open/close cycles. It can't be used, for example, to enroll temporary door codes.

Re:

[JaredOfEuropa]

Exactly! Don't buy IoT devices that require the cloud to function. InTRAnet of Things. Period. And when you get an IoT device that you can hook up to your local home controller, firewall it immediately or stick it on a separate VLAN, so it cannot download and run an update "to improve customer experience", i.e. make cloud access mandatory after the fact. Like Philips Hue is about to do.

Re:

[Darinbob]

We sell industrial IoT, and we maintain them. It's the consumer oriented IoT to be wary of, they're all about getting money today and then vanishing tomorrow when the fad for smart sock warmers dies away.

But it was supposed to be a miracle

[50000BTU_barbecue]

Every sheet of toilet paper with nano sensors and GPS 3D print themselves with asteroid mined cryptocoin AI!!!
Glorious era we live in. Can we maybe make more useless e-trash requiring endless engineering meetings powered by Asana to decide what size the logo should be?

Re:

[Darinbob]

But use too much of that TP you end up with assteroids yourself!

$600 flower pot

[awwshit]

Just because you put a chip in it and called it smart does not mean anyone will pay a crazy price for something otherwise ordinary. I can get a flower pot, a light with a timer, and a soil moisture meter for a whole lot less than $600, and I never needed an app for that.

You cannot wish people into wanting a product like this. Juicero failed, now Juicero for plants failed, and Juicero for everything else will fail too.

Re:

[jenningsthecat]

You cannot wish people into wanting a product like this.

That's true - but you can force them into either buying an IOT version of a product, or not buying the product at all. Gardening systems are one thing, and if you don't have one, it's not a big deal. But when you apply the same thef... er, business logic to glucose monitors and the like, prosthetic electronics, automobiles, etc, it's "their way or the highway". Except in the latter case, where the choice is NOT the highway...

We've moved on from internet-enabled devices to internet disabled devices, because

The cloud is a trap

[MpVpRb]

Run Away!