Obsolescence As A Service

Yet another Internet of Things service has left its customers in the lurch. IoT devices (mostly lightbulbs) made sold by Greenwave Systems stopped talking to the outside world on July 1. More specifically, the server to which they all connected (ahem, “the cloud”) has been turned off, which rules out using the bulbs with Internet-based services like IFTTT, which was a major selling point of the Things in the first place.

[Edit: We were contacted by Greenwave, and they pointed out that they merely sold the IoT devices in question. They are made by TCP, which is also responsible for cancelling the service. And TCP has a history of doing this sort of thing before.]

It’s not the first time we’ve seen IoT companies renege on their promises to provide service, and it’s surely not going to be the last. We’re preaching to the choir here, but when even Google is willing to take the PR hit to effectively brick your devices, the only protection that you’ve got against obsolescence is an open protocol.

At least the users of Greenwave’s TCP’s devices will continue to be able to control them from within the home. That, plus some clever hacking, will make them workable into the future. But it’s not like the convenience that was sold with the devices.

Boo to shady IoT companies! But thanks to [Adrian] for the tip.

70 thoughts on “Obsolescence As A Service

  1. That’s the only thing I worry about with my (very good) Tado heating system. You’d *hope* that a company going under would have three decency to push one last firmware update that gives you limited functionality without their servers, or open source it.

    Just found out my Tado (incl. the v1.0 I just replaced) has standard debug headers for the onboard Stellaris and MSP430 microcontrollers, so some good stuff there.

    1. > You’d *hope* that a company going under would have three decency to push one last firmware update that gives you limited functionality without their servers, or open source it.

      That could very well be a breach of law – assuming the company behind a product filed bankruptcy. Point is that you should never file bankruptcy before you’ve actually ran out of money (fraud against the people you own money) or act as if you’re soon to run out of money (by releasing “hey, we’re about to be bankrupt” firmware) – because that would give away “hints” to certain stockholder (and not others), which would be also a means of fraud. Furthermore, your firmware is your company’s intellectual property – and thus, the moment you go bankrupt, the property that will be shared among the company’s creditors. Devaluing that property in the context of a bankruptcy is plain sabotage and thus, a crime.

      1. Not if they have open firmware done but kept under lock and key to be released only (and after) if they do file for bankruptcy. By having an oh-shit firmware ready early won’t tell anyone when the company will file for bankruptcy and share holders would not be able to exploit it.

      2. Actually a company can file for bankruptcy before they run out of money. The problem of releasing their firmware for public domain is that it is usually considered as an IP, so they can’t give it out for free when they are owing their creditors money. It is up to whatever legal arrangements they are supposed to settle their debts.

        I would think that there should be a trust held for products that uses “the cloud” to work for a guaranteed number of years. The bonds would pay for the servers for the duration.

        1. When Google/Alphabet did it with Resolv, they weaseled out of the “service for the life of the product” clause by deciding that because they didn’t want to support it anymore, the product’s life had ended.

          Yeah, it’s a tautology. Would you like to put your lawyer up against Google’s?

          1. I think you mean Revolv. I remember seeing it at a tradeshow before it was absorbed by Google. It was like the Wink with too many radios all in one box. You’d pair your phone with it via the camera flash “flashing” information into it. Seemed too “flashy” or me (pun interned).

          2. ^Seemed too “flashy” For me (pun intenDed). I make two typos trying to clarify one, FML.

            Z-Wave has been my go to solution since 2006, so 10 years now and it is approaching the longevity of X10 (which is still used). Sure its proprietary, but they push for interoperability so if you want to move to another gateway or controller software you bring your devices with you. Nothing lasts forever but the Earth and Sky, but at least these devices continue to work in a mesh. And I’d never thought I would say anything good about my Vera Gateway, but compared to these FNGs I have certainly got my money’s worth with Vera. Now I’m primarily working toward using OpenHAB, with Vera as just a Z-Wave transceiver.

            Also I say keep the devices themselves relatively dumb. The intelligence in NEST is fine, but it shouldn’t need the cloud for that. WeMo is Wi-Fi based, so that’s a big “WeNo”. Zigbee is fine, but it was late to the game and has proprietary issues. Viva La Vera and Z-Wave for the majority of devices like switches, remotes, thermostats, and locks.

    2. > You’d *hope* that a company going under would have three decency to push one last firmware update that gives you limited functionality without their servers, or open source it.

      That could very well be a breach of law – assuming the company behind a product filed bankruptcy. Point is that you should never file bankruptcy before you’ve actually ran out of money (fraud against the people you own money) or act as if you’re soon to run out of money (by releasing “hey, we’re about to be bankrupt” firmware) – because that would give away “hints” to certain stockholder (and not others), which would be also a means of fraud. Furthermore, your firmware is your company’s intellectual property – and thus, the moment you go bankrupt, the property that will be shared among the company’s creditors. Devaluing that property in the context of a bankruptcy is plain sabotage and thus, a crime.

  2. Almost all tech in my house is either too simple to fail, hackable with opensource or completely DIY. Only black box is natural gas house/water forced-air heater. I plan to get some backup, either stationary engine, electric heater (simple thing, i repair them myself) or “anything-burner” stove with water block. Routers are miniPCs with voyage linux, everything else is connected to debian server in the attic. No cloud allowed. owncloud maybe…

      1. Whenever I see “cloud” I think someone else’s server(s) somewhere else on the planet, usually provided by the cheapest supplier(s). Allocated 100% trust with minimal responsibility (EULA – no product liability).

          1. I agree absolutely! Cloud companies going out of business is only one of the many problems with the cloud for home control. Although I don’t like to use hyperbole, the cloud is evil in the sense that it is being pushed for home control and other IOT uses because the companies want to make big money from your data while knowingly reducing your privacy, security and the reliability of the systems. Beyond that, it makes the blood run cold when you think what authoritarian regimes or terrorists could do with control of an IOT cloud. With the Internet already acting as “plumbing” for connected systems, the cloud adds little or no value to the end user. For that reason, I am working on open, cloud free approaches to IOT. Specifically, beyond home control systems that you can remotely monitor and control without anyone else’s computer in the loop, I am working on a system that allows IOT objects to manage their own data. You can even sell your data, if you want. It is your data. Take control of it! I am working not just on the technology but also on a non-profit association to promote open, cloud-free IOT system but there is a long way to go.

      2. What we need is to start referring to our own setups as our personal clouds. It would be good if we could do some layer 3 tricks to intercept outgoing cloud traffic and either route it to our own boxes, or let it pass as needed (some may say it’s never needed).

  3. I just don’t understand people who purchase something that will not work if some server somewhere crashes. (Exceptions being phone service, cable, music, ect.)

    Light bulbs are one thing; but security, HVAC, data backup systems…
    Maybe someday ‘normal’ people will get it. Seriously doubt it though.

    Time to buy ‘broken’ cloud-based led bulbs on ebay, right?

    1. A growing number of people don’t realize what the cloud actually is. The first time I heard the term coined, I was thoroughly puzzled. Every description I read amounted to the same damn network we always had in one protocol or another. It’s just a server or servers somewhere.

      It wasn’t until I looked at network map one day and realized just where the term came from. Coined by some marketing pinhead to simplify and obfuscate a complex system. Which also has the unfortunate side effect of masking the multitude of problems inherent in such as a system such as security or data integrity (remember both of the Sidekick fiascos?) I laugh everytime those happy Apple assholes go where there’s no 3G and end up crying when they can’t play their music from their iCloud.

      Hopefully, as these kind of things happen more often, there would be backlash from consumers and we’ll find a sensible medium. No more of this stupid shit with IoT like trying to connect your underwear to the cloud.

      On a side note. How many of these IoT bulbs are going to find their way to the landfill?

    2. It’s not “some server”. The company presumably had tons of failover-safe servers ready to go. They just couldn’t be economically bothered to provide the service anymore.

      Neither the problem nor the solution are technical. (Just all the stuff in the middle.)

    3. So I just came across this in Google (because I’m going to see if maybe Home Assistant’s ZHA integration does better than Hue did at talking to Greenwave/TCP ZHA bulbs), and what the author of this (admittedly now old article) didn’t catch was:

      This is the EXACT same product that was partially bricked by the forced firmware upgrade in 2014.

      When these products were purchased, the system had a local UI that allowed the units to be controlled without any outside connectivity. The linked article of “TCP has done this before” was that Greenwave/TCP removed the Local UI feature for “security reasons”.

      Yes, that’s right, they removed local control over the same LAN for “security reasons” but left in cloud connectivity???

      Two years later, they removed cloud connectivity, which effectively bricks the system unless someone figures out how to pair the bulbs to another bridge. ZHA standardization was horrible back then, with lots of “ZHA compliant” devices not actually talking to each other. I’m hoping that the advances in open source ZHA implementations has eliminated the issues that prevented Greenwave/TCP ZHA products from talking to anything made by anyone else.

  4. All these devices, I think, need to be treated like mobile phones. A retailer could “lock them” as part of a specific contract period, but provided they pay out their contract, they should be unlockable. The amount of ewaste that orphaned, otherwise functional, IoT devices is set to create is scary…

    1. Having a IoT device locked into a proprietary cloud service doesn’t make sense. It also doesn’t make sense that a company would want to lock their devices in to a proprietary cloud service. There is no data to mine from a light bulb going on and off.

      1. For some reason I laughed. I honestly think ‘they’ would use light bulb data; they could probably correlate it to something involving television usage.
        There’s always a market for something. Someone is making money somehow.

  5. So the bottom line is… don’t rely on promises and if your life (or the comfort of it) depends on it make it work of the grid.
    My TV for instance, it constantly want to update, which I allow it to, but there are no benefits in it for me, because I use the TV only for watching TV (hence the name). I bought this TV because a smart one was cheaper then a dumb one. For some reason the smart one now seems dumber, simply because IOT is anoying (too many updates for things I do not need) and it relies on things (“the cloud” (a silly word for some servers in a dark and air conditioned room)) you cannot control. That cloud (just like any other cloud) will evaporate or fall down so that all products using it will no longer will be supported. So you end up with a non functional or crippled device.

    Which is great, because this crippled hardware now becomes available to us at no cost or dumpster prices.
    And we, makers, creators, hackers… can build something new from it (or for it).
    Welcome to the future, it sounds great ?!?!?

    1. Disconnect it from the network. There’s TVs now, Yakov Smirnov style, that watch you! As long as it still works as a TV.

      I don’t like the idea of everything connected to the Internet, because every single company eventually turns arsehole, soon as they can, and starts manically selling everything they know about you to anyone who wants it. Often scammers. It’s ridiculous. I can imagine in 10 years time I’ll have papered the walls with aluminium foil and be sat over a ZX Spectrum, connected to a tube-driven TV.

      Being a cyborg looked like fun, back when MIT and that Canadian guy were playing with camcorder viewfinders as eyepieces, 20 years ago. Now it looks like you’d be working for Microsoft, whether you actually work for them or not.

      The Internet has truly gone to shit. Businesses are now as predatory and exploitative as they can be. WTF?

        1. Specifically the line:
          “A basic principle unites all of the multipolar traps above. In some competition optimizing for X, the opportunity arises to throw some other value under the bus for improved X. Those who take it prosper. Those who don’t take it die out. Eventually, everyone’s relative status is about the same as before, but everyone’s absolute status is worse than before. The process continues until all other values that can be traded off have been – in other words, until human ingenuity cannot possibly figure out a way to make things any worse.”

  6. Not the first time!?!? Still waiting for the first system that doesn’t brick when the newly-launched company goes out of business. Or Google get bored and re-do everything, which is something they do a lot of. Aaaahhhh, I’ll be able to tell my grandchildren, I remember when Google weren’t evil, and they won’t believe me.

  7. I still don’t see net (pun intended) benefit for most IOT devices. In many cases, no benefit at all. Add that to the history of unilaterally changed service terms, locked devices, and unannounced terminations, mix in some of the user private data and courts allowing, and apparently in a couple cases requiring, the sale of private data to satisfy creditors in bankruptcy resolution plans…. No. Just no.

    I still have not seen the benefits cloud services were to bring, either. Only performance hits, unplanned downtime due to network issues, and unrecoverable lost data (shouldn’t a cloud storage service be able to recover lost files? Isn’t that a major selling point?)

    Great ideas, great toys, but not not ready for the real consumer world, and may never be. Note that my statements here do not apply in the same way to the commercial world, as the needs are very different when your utility bill is $100K/mo vs $100, but I still have questions about net benefit in a couple cases I have seen.

    1. IoT is a perfect idea and it works soundly, given that you provide the server yourself. Many of these devices use a server system far away that deals with entire fleet-wide products. This is a terrible thing because as it has been mentioned several times, they tend to stop working in the convenient fashion when the “cloud” drifts away. All of these devices need access to the internet for remote control away from home, and what better way (and far more secure) than to host the server from a PC inside the home. You never lose your service, the company could make a simple program to download on the computer. The only hurdle would be the DDNS service for people on non static IP. I’m sure they could partner with a major DNS service to provide this, with an option to manually use a static IP for the advanced users. This would future proof your IoT home in the event the company folds, the DDNS breaks up with you, or any other reason I can’t think of.

    2. I see the benefit, but there are trade-offs and risks. In this case, too severe to justify spending any money. I know I won’t be buying a Nest device, I won’t be buying one of this company’s products either. I think Philips had a hub where they decided to axe communication support with third party products. I think they walked back that decision in less than a week, but I resent that they tried. I’ve turned off my TV’s “smart” feature because it’s clunky.

      I agree that the market is too immature and should be considered for early adopters at best.

  8. These clouds, smh. Much prefer the blue sky and stars.

    Feel horribly controlled, invaded and claustrophobic using any of them.
    Keeping things open is good. If we dont really need it there’s little point in relying on it, keep it a useful tool. Not a necessity.

    1. >I refuse to buy or install anything IOT

      That’s where I end the sentence. As Bruce Schnier put it recently, the current generation of programmers is not up to the task of building reliable, secure and safe IoT products. We need a new standard for these products so that we don’t have to hack them to prevent black-hat hackers breaking into them.

      We also need a new legal environment where we aren’t reliant on proprietary software to run the stuff – put any proprietary software in escrow and if the company goes under, release it to the public domain.

  9. The solution to all that IoT b-s would be either suing them for not providing services as agreed upon sale or lobby for the change in law requiring all IoT devices to work also as LAN of Things. Option 3: don’t buy this stuff at all and caution others too. Companies hate bad PR…

    1. Unfortunately, my understanding is courts have allowed a lot of leeway in companies defining what “lifetime” means. So 17 months might really be deemed a reasonable lifetime for a product.

      IoT is really working out to be walled gardens. It uses the Internet but it’s not an interoperating ecosystem of devices like the Internet is. I do wish they had better terminology anyway, computers are things too, making the Internet having always been an Internet of Things, now it’s a fluffy buzz word.

          1. I hate those apps. I just bookmark the site or make a shortcut. Some of them are optimized to use less data but yeah, severely crippled.
            And they usually save user data separate from the main browser, which sometimes is helpful.
            To each their own but not for me.

  10. How hard would it be to lie to the light bulbs? Make a protected nameserver inside your local network, then make a fake ‘company server’ for the device to connect to.

          1. Planned obsolescence. They would call it ‘biodegradable’.
            With an integrated timer that releases cellulose-eating microbes.
            And we would hack the s**t out of it!

            Your post reminded me of the DRM chair/table someone made.

        1. That’s why I wouldn’t tell that I hacked my lights. If company tried to f**k me in the a**, I have moral obligation to retaliate by f***ing it. And because I’m outside the US legal system (which is moronic), they can kiss my sexy a**…
          Remember Spore, the most pirated game of the 2008, not because it was great (it was boring), but because of DRM policy? Great wauy to shof giant “F**k you!” to greedy corporation, and that will be the future of bad IoT companies. And I am for it, stupid laws should be broken just to show that people won’t enjoy being abused by greedy corporations. And this is probably the only way to force the to be honest with clients…

  11. People should also be aware of what they buy.
    If you buy a smart, cloud-based lightbulb then you really buy a service that comes with some on-premises hardware.
    That brings in the risk of the serviceprovider quitting or changing the service.
    But that risk also exists if you hire a cleaninglady, she may also quit or decide to come on a different day.

  12. I think that we’ll start to call mainframe the cloud and terminals the appliance we’ll have a better, albeit, old terminology and mental model.
    It’s interesting that when minicomputers first, and then personal computer were developed, was to get rid of the shortcomings of the mainframe/terminal systems. Programmable desktop calculators like the Olivetti P101 or HP 9100A had an huge success because they didn’t rely to external remote systems to work, even if they were clunky, costly and severely underpowered compared to a timesharing system.
    The same thing was absoluterly true for the ’70s personal computers, that with the simple fact that they could run without external systems and were easy to program.
    Now the personal computer isn’t normally so personal, and the effort to return to the mainframe/terminal model is enourmous. Is working because I suspect people that reaaly ned a personal computer are actually of the same order of magnitute of the ones that bought and used a personal in the early ’80s. Not so many, actually.

    1. Definitely reminds of Computer Lib (Ted Nelson). Liberating computing from the priests in white coats. (Or now the suits.) It continues to amuse me that at one time Microsoft press published Computer lib, which was against it’s current emphasis on the centralized priests/control.
      (Somebody should redo the Apple 1984 commercial, since Apple is now one of the big brothers.)

      This is one of those cycles that keeps repeating.

      Terminal/dumb device that runs from central server. (Terminal, XTerm, …)
      Make it smarter. (Smart terminal, …)
      Make them smart enough to operate on its own. (PC, Workstation, …)
      Connect it to mainframe/supercomputer/servers/network/cloud to add extra functions.

  13. Remember DIVX? https://en.wikipedia.org/wiki/DIVX That had a function built into its server to command all DIVX players to permanently unlock for all DIVX discs, but Circuit City chose not to use that function when they pulled the plug.

    That left a huge amount of useless coasters out there. People who paid to upgrade discs to “silver” were able to watch them until 30 days after the server was shut down, so it became a dead and unusable medium on June 30, 2001. The “gold” option to unlock a disc on all DIVX players was never enabled. There were hacks to freeze the security module clock so hacked players may still be able to play DIVX discs that were “silver” unlocked on them. New DIVX players that were unsold after the shutdown had their security modules removed and were sold on online auctions.

    AFAIK, nobody has ever bothered to come up with a hack for DIVX players to unlock all DIVX discs on them. Not much point since all the movies on them are from 1997~1999.

    Massive and expensive fail of a cloud controlled hardware service – but that hasn’t stopped companies from repeating the same mistakes of DIVX. Total estimated loss for the companies involved was around $337 million.

  14. and this is why I DESPISE anything “cloud-based”, especially something for which I pay hard-earned money. If I pay for something, I want to OWN it. I want it to WORK, regardless of whether the company goes under or whether the company wants to “support” it. I will never forget the Divx DVD rental scheme where you bought the discs and you could play them anytime you wanted for a $4-5 rental fee. That was all well and good until the company discontinued the payment server and refused to open up the codec to play those discs. Now, if anyone else still has any (I collect obsolete technology), they are worthless coasters. All of these people paying hundreds of dollars for “cloud” services like Adobe or Microsoft are going to be pretty upset when they suddenly are unable to use the software that they thought they bought.

  15. Nah, I dont like IoT devices that talk to much to “foreign” servers. I wouldnt buy such a thing in the first place. I am using OpenVPN to connect my laptop or phone to my home network and then I am talking with the devices.

  16. BWAHAHAHAHA. Look folks, people want your money and for you to die. Buying into ideologies and having so much shit that you can’t manage it without a computer may be a sign to simplify.

  17. I don’t see that big a problem here. As soon as enough people get pissed off, some will try to reverse engineer the communication (a little bit too late as it’s now only one-way), then it’s possible to reroute the target host to some other IP or even a small piece of software directly on the router.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.