It’s become a familiar theme over the last couple of decades — hardware is rendered useless when its manufacturer pulls the cloud service on which it depends. This is particularly annoying when the device is something which shouldn’t need a cloud service to run in the first place, and several manufacturers have found themselves in hot water because of this.
Somewhere in between is the Bose SoundTouch speaker system, which includes a set of six internet radio preset buttons. In early May the service behind them was shuttered, and now here’s [Tostmann] with an ESP32 firmware to bring them back.
As you might imagine, it’s a device that emulates just enough of the now-defunct Bose cloud service to keep the speaker happy, but it has a clever trick up its sleeve. Normally these hacks rely on DNS redirects at the router, but this one avoids that thanks to a diagnostic interface on the Bose unit that allows the rewriting of the server address. The ESP32 does this with its own address, and the speaker is none the wiser.
We like this hack, because of its ingenuity, and because it saves yet another orphaned cloud product from becoming e-waste. This isn’t the first time we’ve seen a manufacturer on the naughty step for these practices.
Header image: TAKA@P.P.R.S, CC BY-SA 2.0.
I feel manufacturers, especially if they still exist or have a legal successor should be
1) forced to provide the service indefinitely
2) forced to open the system after a certain time or pay for ‘the public’ to do so
3) reimburse the owner of a now (partially) defunct product
Ideally 2 is implemented/financed on launch, so that even if they stop to exist the product doesn’t become waste
Better: Seller has to notify buyers by written contract on product box, receipt, everywhere etc. that this device will be a door stopper if the manufacturer stops its service.
ah cool, another contract nobody reads but still signs (or clicks on OK) in order to continue… because well… you do not have a reasonable choice, since nobody offers an alternative other then “don’t use it if you don’t like it”.
If they don’t read, they can’t complain.
If they buy, they can’t complain.
“Learning by burning” [Stoppok]
South Park S15 E1
“HUMANCENTiPAD”
“WARNING: This product contains chemicals known to the State of California to cause cancer ,and will be a door stop in a year or two”
No one reads the fine print. But it would be funny if it were like the UK cigarette warnings. Half the front of the box must show the words “WARNING: CONTAINS REMOTE KILL SWITCH”
I refuse to install the corporate Microsoft Outlook app on my private phone. When some IT / corporate security higherup asked why, I said “because in the fine print it says that that app can remotely wipe my entire phone”. “Oh, I never knew, I am going to read up on that”. A week later, in passing he said “Good that you told me. I removed it from my private phone too!”
It’s not just the fine print, it literally asks for the permission to do so.
The remote wipe ability is requirement from many if not all corporate security departments. That’s also why my company installs all company apps including Outlook in a separate “work partition” on Android (I don’t know about iOS.) If corporate security sends a remote wipe request it’ll wipe the work partition, but my personal partition with my personal apps and data will be untouched.
Are you sure this is possible? I believe apps are sandboxed on Android (and probably even more limited on iOS) so that they can only access their own private folders and the shared media storage, and even the latter has become more complicated recently.
The difference is that a corporate security team MIGHT have legitimate reason for wiping a phone owned and paid for by the company.
Why should MICROSOFT be allowed that power?
Even better.
All manufacturers must submit all design files, firmware, and anything else necessary to operate, repair, repurpose, or recycle equipment to a government “design escrow” agency. (Paid for by a corporate tax)
Any time a company drops support, designates something EoL, or just disappears, all that documentation becomes publicly accessible.
Possibly even usable by competitors, because if Company B want to give instructions on how to reflash your device to use their own service after Company A drops support, why are we stopping them?
As long as a company wants to keep a service alive and security patched, they can keep the info secret.
Once they drop it they have no further claim.
To get in the weeds, the regulation would also need to somehow survive bankruptcy. I.E. it needs to work even if the company ceased to exist overnight. This is important both in the case of sudden liquidation, but also to prevent companies from transferring the obligation to fictional subsidiaries that can be killed at will. Amazon, for example, has hundreds of legal entities that come and go as necessary.
But the real problem with cloud tie-in regulation is that it’s too abstract for the voting public to understand, so it won’t get a political solution. Your best hope is to buy from and evangelize products that already do the right thing, even if they cost a lot more. Learn from my mistake of installing Wemo light switches all throughout my house!
Back in the olden days when I worked for a startup software company, several sales required an escrow account holding source code in case we went belly up. I wonder if something along those lines would be possible. I never really got into the details back then as I was just a startup myself, not a principal in the business. Not sure how one would go about designating the beneficiary as being any purchaser of the product. Maybe an open source software foundation could be bequeathed the server source code?
Not possible.
Force a company to provide a service, they either stop creating the product or charge very high for the risk. Opening a system to the public means only adding the bare minimum, so you have bad products on your market but everyone else have the premium ones.
Reimbursing the owner? That’s asking for fraud (on either side). Owners will try to pass a non-functional device as working, and companies will refuse to accept a working device as damaged.
As someone else mentioned, nothing stops companies to spin-off a subsidiary to inherit a failed product and bankrupt it on purpose. Or “sell” the product line to a shell company.
The only defense against companies is using your wallet. If the product isn’t open enough, don’t buy. Companies can skirt rules as much as they want, bribe politicians, change laws, ignore regulations, lie to audits, but they cannot defeat a boycott.
You hit the nail on its head
My wallet?
I have only ever spent money to AVOID all this AI garbage being shoehorned into everything.
When WE are the product, no matter what business we choose to buy from, the concept of voting with your wallet means nothing.
Simply dont buy it.
I already did not buy it. And I intend not to buy it again.
But seriously, although not buying it is a true option, the issue here is that it is basically a scam, a form of planned obsolescence (where the “planned” moment simply is any moment as soon as profits drop) and ton’s of perfectly fine devices will be thrown in the trash because they no longer suit the business model, which is really really sad.
Most businesses practises are scams.
The whole point of business is to get you to part with your money.
By telling you things you want to hear to convince you.
So just dont buy it.
Or you’re being scammed.
That’s putting it just on the potentially uninformed end user.
That’s too easy. It’s like trying to make individuals responsible for all the climate shit going on (what’s your co2 footprint etc).
There needs to be way more accountability to cooperations than just ‘vote with your wallet’
That’s called the individualizing of responsibility. Reagan started it.
But still shame the companies that do it, to increase consumer awareness. And celebrate hackers that make something useful out of the e-waste.
Great to see finally a real hack and not just replacing the guts of the speakers with your own board (which is like taking out the motherboard, cpu, ram, ssd out of your pc and putting in a new one. It aint the same)! But its sad that the bose speakers are basically a Linux box that can be killed of by its own vendor/company remotely if they ever decide to pull the plug. Imo there should be better ways to retire a product. Maybe share the firmware code and toss it at the community, so the community can do stuff with it. I doubt the community is interested in hacking bose hq and the same with hackintoshes, only those really willing to dare will hack their speakers so why not?! But i hate planned obsolesence and companies taking away consumer rights. I am glad Louis Rossman has managed to open my eyes for these stypid planned obsolesence and taking away consumer rights bs!
This. Any product trying to keep users hooked using unnecessary cloud services should be avoided no matter the price. They will eventually stop working, disappear when the companies go bankrupt, become obsolete to sell the newer more pricey model, or just not being free anymore.
No highs? No lows? Must be Bose 🤣
Bose blows no highs no lows.
Better
Off
Somewhere
Else (…as employees have referred to it)
So they rather reverse engineered the interface than the firmware? Well, everyone has their own interests, But still, attaching a micro-computer to it seems less elegant.
Rather, they put one ESP32 on the network and it interfaces with all of the compatible Bose devices on the network.
I wish I had the chops to figure out something like this for my Logitech Harmony Hub. Without the cloud service, I can no longer reprogram the bad boy for new gear.
Same here with my Philips Streamium… the multi-room streaming still works fine, but they turned off the internet radio features years ago, which is admittedly why I got them so cheap :)
The problem is not limited to complete product shutdown. Some years ago I purchased a garage door opener primarily because it interfaced well with HomeAssistant. A couple months later they did not like the idea of people using HA, their door (not my door, apparently) should only operate with subscription phone apps, so I no longer have a “smart” garage door opener. I’d never have purchased this opener if I knew they were shutting down home automation service. Ironically at least physically its a really nice quiet reliable door opener. I was using automations that turned on my house door and walkway lights when the door opened after dark and shut them off 10 minutes after the garage door closed; trivial to implement in HomeAssistant. Many people implement things like this, I got the idea from someone else on the internet doing the same thing, just not using my brand of garage door opener anymore.
Sounds like the product is not fit for purpose anymore, and if you lived in a country with consumer protections laws you’d be refunded, along with reasonable consequential losses. In the case of a garage door opener, that would be the cost to have someone remove it, and the cost you incurred ti install it.
These practices aren’t punished in USA, so will continue to happen.
It’s pretty easy to turn any garage door opener with wired buttons into a smart one with an ESP32 and HomeAssistant.
You also have to have a way to sense whether the door is already open or shut when the ESP “Pushes the button.” If it’s already open, the open command should do nothing, if it’s already closed, it should also do nothing. Also, you need to test whether the door actually closed or encountered an error and reopened. The same sensors should do for both. Not a problem if you’re watching the door when operating it, but if you open it from your living room, you want to know what state it is in.
Yes, that’s just a couple of magnetic or inductive position sensors connected to the GPIO pins and a few lines of code to check them.
stupid IoT stuff like this (the “F” in IoT is for “future-proof”) always seems to end up at the Tibetan Center thrift store, and I always get it, because the price is always $3 and at some point there will be a HaD article such as this one!
I think we need to move to people being more tech and electronics literate and then more modular designs. That way if any part of the system fails, is recalled, is shut down, etc. you can just replace that part. It would also help get more people to care about open source.
We are at a point where nearly everything is Internet based and most people use mobile devices yet your average person cannot figure out if a USB charger will charge their device at full speed. You have people complaining that their fast charging phone doesn’t charge fast when they are using an ancient 5 or 10 W charger. With the EU trying to push everything to USB C and not including chargers in boxes it will just get worse. How many people are going to get confused why their device (not just phones, the EU is trying to replace all wall warts with USB C and PD) wont work when it takes 20 V PD but their charger isn’t capable of that? Or when their device works in a low power mode because they don’t know that it takes 20 V 5 A and either their charger isn’t capable of that or their cable doesn’t have an e-marker chip?
The technology has improved but the general public’s knowledge of electronics hasn’t. Up until now being oblivious to how things work and accepting walled ecosystems has been fine but I think that will change, USB is just one example that does and will cause confusion for a lot of people.
Having wired up my house with low impedance line feed audio and a channel 3 cable video years ago I would have no use for these mono tiny tinny speakers. An FM radio feed is also available for going outside.
Now I exploit a wireless computer keyboard for “num lock” which mutes the local radio receiver allowing computer sound instead or both. It seems to work through walls OK. Now I want to add “p” for pause in Audacity to have 4 buttons, volume up and down, p, and num-lock which fit in an old remote housing with battery holder and 4 real keys. Another USB keyboard lights up with “num-lock” which a transistor and relay does the dirty work of muting the line out of the tuner.
It’s all about instant control not automation. If I want to get into that it would be per-second timing to silence the gob of pledge breaks on the local NPR station through that already existing “num-lock”.