this post was submitted on 20 Jun 2024
56 points (100.0% liked)

Free and Open Source Software

17960 readers
15 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

First, some background -

I work in technical support for a Chinese manufacturer making (among other things) home monitoring devices. I'm our resident open source enthusiast in the North American market, not that any of my bosses know or care. My background is not in comp sci or networking, so the only applicable knowledge I have is from my meager experience with my own home lab.

We have a product (I'll refer to it here as the Brain) that communicates wirelessly with our other devices, takes the data from them, sends the data encrypted to our servers, and is available to our customers through our web portal or phone app.

We got a support ticket recently from a customer (and software developer) asking technical questions about the communication protocol from the Brain to our servers. This customer was trying to work on Home Assistant integration for our product stack, but was hitting some roadblock that I can't even pretend to understand. To my understanding, the integration would allow a Home Assistant server to locally gather the same information sent to our servers.

After escalating the issue to our HQ team and some back and forth there, eventually the answer was that the data transfer is encrypted and we aren't going to share any details about it. We don't officially support this type of integration and have no plans to. Our tech contact at HQ offered to sell API access to this customer, but obviously that isn't what he was hoping to hear.

The customer replied that this answer didn't surprise him, but that he would be happy to develop the Home Assistant integration if we made the necessary information available to him.

So, here's my questions - How can I advocate from within my company to open up this aspect of our platform for open source devs to integrate our products into Home Assistant and other open source IOT platforms? Has anyone successfully made a case for this kind of thing within their own companies? What talking points can I use that my higher ups will actually listen to and understand?

I'm considering reaching out to the customer privately to seek a better understanding of what he needs from our platform. Does that seem ill-advised to anyone here?

TLDR - My employer manufactures IOT devices and locks down the platform with proprietary networking protocols. A customer and developer is seeking to write an integration for our products to work locally with Home Assistant. My higher ups said that isn't possible and I want to convince them to make the changes necessary for it to work.

top 16 comments
sorted by: hot top controversial new old
[–] Templa 12 points 5 months ago

Isn't there a way to allow the devices to be accessed through the local network? It doesn't need to interfere with the data collection or the encryption, you are just allowing the user to access the device locally, before it is even encrypted to be sent to the servers.

To be honest if I am choosing between two devices and one supports HA and the other doesn't, the choice is quite obvious. I think one way to convince your higher ups is that you will be more appealing to a big niche of tech users that have elaborate IOT setups (which means $$$).

[–] CaptObvious@literature.cafe 10 points 5 months ago

One suspects, for numerous reasons, that your employer will never allow any user, especially a North American, to stop data collection by the central servers.

However, you might refer the customer to your colleagues in the EU. They will have stronger data protections that could be used to force the issue. The Europeans might be able to share how it works with your North American customer.

[–] Toes@ani.social 6 points 5 months ago (1 children)

So I've been the person who denies projects like these in the office.

There are two non-negotiable requirements for equipment like this.

  1. It absolutely must not in any way interact with outside servers or remote services. All data must stay contained within the company.

  2. The software must be open for inspection with a locally reproducible build. Or accredited by a trustworthy provider such as Microsoft.

Failure to meet those requirements and the proposal is dead.

[–] TwiddleTwaddle@lemmy.blahaj.zone 5 points 5 months ago (1 children)

That makes total sense from a corporate perspective. Maybe I would just love to be the one the pushes us a little bit closer to the enduser having control of their data and hardware. Its probably a pipe dream though lol.

[–] tinkling4938@lemmynsfw.com 2 points 5 months ago

https://csa-iot.org/all-solutions/matter/

See if they will implement this? Backed by Apple, Amazon, and Google. HA had support last I checked. They have bridging support also like ZigBee to Matter for Hue bulbs.

[–] CameronDev@programming.dev 5 points 5 months ago (1 children)

Are you from Tuya? They seem hellbent on locking their stuff down to the cloud.

Perhaps point out to your management that IOT is an enthusiast driven market. If you appease the enthusiasts, they will recommend your products to their less technically inclined friends.

Enthusiasts want both: a good initial software ecosystem, and the option to break out of that if required. If your company can offer that, even if it involves voiding the warrenty, we'll buy and recommend their stuff.

In the case of Tuya, their stuff was historically super easy to open, solder some jumpers and flash (or exploit the OTA to flash). I bought loads of their power boards and lights. In some ways I was an ideal consumer, I bought their stuff, voided the warrenty immediately (so no support calls), and never used their cloud, so didn't waste their resources. Now they are making it near impossible, and I won't touch their stuff.

All that said, good luck, your gonna need it.

[–] princessnorah@lemmy.blahaj.zone 2 points 5 months ago (1 children)

There's Tuya Cloudcutter now that can hack a lot of current devices wirelessly. It's a good way to get cheap "open firmware" IoT devices.

[–] CameronDev@programming.dev 2 points 5 months ago (1 children)

Have they updated it for new stuff? Last time I tried it cloudcutter was patched in new stuff :(

[–] princessnorah@lemmy.blahaj.zone 2 points 5 months ago (1 children)

I'm not sure they have, but there's still so much stock of old firmware out there, there are even companies who straight up haven't pushed an update for their devices yet. Maybe I'm having more luck because I'm Aussie? But even CostCo had a home-brand of bulbs they haven't updated yet.

[–] CameronDev@programming.dev 2 points 5 months ago (1 children)

I am also Aussie, but I've been buying from Aliexpress of late. Maybe should try some Mirabella bulbs again, last time I bought them it was after the first OTA exploit was fixed, but before cloudcutter. Had to slice open the bulbs and flash via serial.

Are you just getting stuff from Costco?

[–] princessnorah@lemmy.blahaj.zone 2 points 5 months ago

Nah got a bunch of bunnings stuff as well. The Arlec Grid Connect stuff works well, I got a smart plug with a USB that actually has a separate relay for the 5V.

[–] TheHobbyist@lemmy.zip 2 points 5 months ago

Perhaps it would be worth checking with the !homelab@lemmy.ml community and see if they have any advice? They are more likely to have dealt with such situations, by nature.

[–] bionicjoey@lemmy.ca 2 points 5 months ago

It's above your pay grade. If I were you, I'd reach out privately and suggest that the customer seek a competitor's product that has the features that want, and tell them that there is no desire within the company to support free software or self hosting.

[–] Kissaki 2 points 5 months ago* (last edited 5 months ago) (1 children)

The only way to meaningfully advocate for it after your company already announced their conditions and offerings is to present value gain.

What do you suggest concretely? What should be offered under what conditions? What would that mean as cost? What would the benefit be? How substantial is it?

Reaching out privately to them is certainly going beyond what you are employed for. I don't know about ill-advised - if you never disclose it or are at least mindful of that. But it's a personal assessment. You seem to be willing to invest a lot into a single customer, who tries to do something not offered or considered by the company. Whether it's personal interest, or first a broader better understanding of the use case, I can see how it could be worth or worthwhile. But I wouldn't get my hopes up about changing the opinions of your company [from their information alone].

Your company offered API access. So there is an interface available. They won't make it free unless they see and deem it worth it to do so.

[–] princessnorah@lemmy.blahaj.zone 1 points 5 months ago

Yes but I'd imagine it's a cloud API if it's paid, not a local API. While yes, you could use this to make a HA integration, it would never reach platinum status. The customer seems to he wanting them to open up the API calls the "Brain" makes to the cloud, to intercept them.

[–] GadgeteerZA 1 points 5 months ago

I only choose to buy hardware that I can connect to Home Assistant, because I can still use it if the company goes bust or no longer supports it. I have one dashboard in HA that manages all my different devices. Point is, I still buy the hardware and the sale is made. I'm not going to buy 5 different standard products which must all be managed through separate apps. Open standards can open up to a much bigger market. There is good reason why so many OEMs opened up to the Matter protocol.

But as I say, I check first for compatibility, then I narrow my choices from there. So yes, right now your company's IOT product won't get onto my radar. Been there, done that, and got a handful of dead paperweights to show for it.