Mastodawn

I picked up a nice four probe wireless thermometer today. The big advantage is a long-range base station with an actual display and controls that work without a phone app. I tried to connect their phone app to the actual device and it wanted me to set up an online account.

No.

Let me make this real fucking clear: THERE IS ABSOLUTELY NO GOOD REASON THE INTERNAL TRMPERATURE OF THE TURKEY IN MY OVEN NEEDS TO BE SHARED WITH A SERVER OUTSIDE MY HOUSE. NONE FUCKING WHATSOEVER.

"What harm is there if...?"

Wrong answer. This information is not relevant to anyone but me. Not every moment of my life, not every data point around me needs to go beyond my property line. This telemetry does not need to exist and it's taken for granted that it should by people who do not act in my interest.

arclight Nov 28, 2024

It's not paranoia, it's just basic autonomy and privacy. No, seriously, nobody besides this household's residents need to know the temperature of food in this house. This shouldn't be a controversial stance, much like nobody besides the phone owner has any need to know the geographical coordinates of their phone. Heresy!

If your hardware device doesn't work without an app or the cloud, it's junk, full stop. Full. Fucking. Stop.

arclight Dec 2, 2024

I recently wrote the phrase "meat thermometer attack surface" and it reinforced to me that I have no regrets leaving system administration to return to nuclear safety analysis. There's something comforting working on problems that don't have as their root cause "Someone upstream is a greedy little remora."

arclight Dec 2, 2024

Since at least the 1970s we've been breeding a class of managers and financial operatives that can only be described as walking failure modes. MBAs with a focus in SPOF. Computers just increased the speed and scope of their damage.

eLearningTechie Dec 2, 2024

@arclight 👏👏

Tom Streeter Dec 2, 2024

@arclight I don't know if you are familiar with Leo Bogart. He's often called the father of audience research. One of my most treasured memories is standing about 10 feet from him as he ate a hotdog. But anyway, he wrote a line (that he repeated in more than one place) that has pretty much been a foundational plank of my world view:

"The worst thing that ever happened to audience research was giving an MBA a microcomputer."

clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛Dec 3, 2024

MBAs with a focus in SPOF.

@arclight a.k.a. #ChokepointCapitalism

David Fetter Dec 2, 2024

@arclight I hope that this is a factual description of nuclear safety.

Tim W RESISTS Dec 2, 2024

@arclight @AMS I'm a little surprised nuclear safety doesn't have those problems. Maybe just not yet since most of the reactors are so old? Or people are mostly afraid enough not to fuck around and find out? (Barring the various examples where that HAS happened of course.)

Also: meat thermometer attack surface is a bitchin' band name.

clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛Dec 3, 2024

@tim The secret to nuclear safety from corner-cutting by greedy bean counters: Regulation.

arclight Dec 4, 2024

@clacke @AMS @tim Good regulation is essential but that's only one layer of defense. A huge part is orgazational mindset - developing and maintaining Safety Culture throughout the organization. There has to be psychological safety for people to speak up when they see something that isn't right (either unusual or nefarious), you have to see that concerns are acted upon. There's a lot of transparency (enforced by regulation), it's not perfect but it's so much better than any other industry I've worked in.

arclight Dec 4, 2024

@clacke @AMS @tim Here's the year in Licensee Event Reports https://www.nrc.gov/reading-rm/doc-collections/event-status/event/2024/index.html These are usually lost or stolen test and measurement equipment, medical issues (over/under dose, UPS lost a box of radiopharmaceuticals), and unexpected reactor trips. For a while there were a lot of "controlled substance found in protected area" reports from utilities finding bottles of vanilla extract in the control room operators' kitchen (it's 90% alcohol and edible so it's technically not allowed).

One of today's reports had inconsistent results from a drug testing lab - my guess is one of the (positive) control samples came back negative. You'd have to send the lab known positive and negative samples to independently verify their tests were accurate. The report cites chapter and verse of the Code of Federal Regulations involving drug testing at nuclear facilities and reporting requirements.

Occasionally you'll find reports of QA or training records being forged to meet schedule and people getting fired or banned from the industry. It doesn't happen often but it does happen. Not sure how it's enforced but you can behave badly enough that the NRC prohibits you from working in certain areas. It's like the SEC banning convicted fraudsters from trading securities or acting as a company director https://www.sec.gov/newsroom/press-releases/2024-186

clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛Dec 5, 2024

@arclight What can we do as a society to ensure that safety-critical functions are run by organizations with a responsible mindset?

Regulation needs to be such that it's easier (more profitable) to do the right thing than to circumvent the spirit of the regulation.

I work in a bank, and the regulators there very much do not leave it up to the individual organization.

I AM BANKSY ☕ / 🗑‍🔥Nov 28, 2024

@arclight As someone who's moved across geo-fenced borders, the last thing I need is to be unable to use some little device because it woke up in another country and now I can't download the app on my new phone.

AlgoCompSynth by znmeb 🇺🇦Nov 28, 2024

@arclight Well ... OK ... but you and I and every other cell phone user pays a tax every month to support 9-1-1 service, and part of that is that your phone must track its location and make that available to fire/police/ambulance if you call for help.

The rest of it is surveillance capitalism, yes, and some would like to eliminate the 9-1-1 connection on ideological grounds. But it's there until the law changes.

AlgoCompSynth by znmeb 🇺🇦Nov 28, 2024

@arclight If I wake up at 5 AM having a heart attack I want the ambulance crew to know where I am.

Cassandrich Nov 28, 2024

@AlgoCompSynth @arclight It doesn't need to, and doesn't, report location for E911 purposes until the 911 call is made. This is a completely irrelevant and erroneous apologism for surveillance.

Thilo, EE 🤘🏼⚛️ 🇪🇺🎗️🇺🇦🇵🇸Nov 28, 2024

@AlgoCompSynth @arclight Well, counter-point from an EU perspective:
Yes, you could technically be located during an emergency call, but it still is illegal to do so. Thus, it is an opt-in thing based on GDPR.
We also have a specific state-operated app that preemptively activates location services if you call 112 (our 911). Using it counts as you declaring that you want/need to be located.
If you're not able to decide, the first responder will have to make a decision. which, in turn, is covered by our first aid legislation.
I think that's a good system and it's proven to work.

AlgoCompSynth by znmeb 🇺🇦Nov 28, 2024

@VintageProject Yeah, somehow the EU has managed to rein in the worst parts of surveillance capitalism without, you know, injuring the fragile egos of billionaires, breaking monopolies up into their components, or causing a depression.

arclight Nov 30, 2024

@AlgoCompSynth I guess what I mean is that my music player, turkey temperature meter, (random userspace application) doesn't need location info. I'm not going to argue against 911 getting location data in the course of first response. It's the presumption that ID, network info, telemetry, etc are a legitimate request to fully use a turkey temperature monitoring device.

90% of networking was a mistake.

AlgoCompSynth by znmeb 🇺🇦Nov 30, 2024

@arclight It was most certainly not a mistake but a planned corporate development effort. Windows 95 / Internet Explorer was the opening salvo in a plan that turned Tim Berners-Lee's vision into the web of surveillance.

We (the general consumer, not us nerds) voted for this with our wallets and for the most part we are happy with what we got. I don't and won't have an Alexa speaker in my home or a Facebook account, but millions do.

AlgoCompSynth by znmeb 🇺🇦Nov 30, 2024

@arclight The problem is that these technologies can be easily abused, and "AI" and cryptocurrency make it worse. We didn't vote for that!

That was snuck in by a small group of wealthy folks for their own enrichment at our expense. And the only organization I see currently with the muscle to regulate it is the European Union - our Congress is bought and paid for.

Sonikku Nov 28, 2024

@arclight this "cloud" business came about because of techbros. It was also driven, as I understand it, because of the need to collect data from sensors and make all of that wedge into fancy schmantzy web frameworks to render fancy web UIs. It also ties in that they figured they could make money from this, hence the SaaS moniker.

As someone who is a lot more practical than they, I don't see the need to have to use the cloud for anything except one thing... storage of large amounts of data that I have (photos, tax records, etc).

Everything I monitor at home, I do so via connecting to the local network from outside with a VPN I created myself.

Leon Cowle Nov 28, 2024

@arclight I *love* my app-enabled, cloud-stored, wireless thermometer. I share live cooks with my old man half way across the world in real time and he with me. We enjoy it. It’s one of the few devices that I’ll replace within minutes of it ever breaking. LOVE IT! 🍗⏲️👨‍🍳

EndlessMason Nov 29, 2024

@leoncowle
Within minutes of roast2cloud™ becoming a thermprobe gold™ and above level service

WesDym Dec 6, 2024

@arclight Uh.. mobile devices must be locatable in order to work. There's literally no way to do that without some form of geolocation. Your carrier MUST know where you are in order for your phone to work. It would be like trying to do postage without addresses.

We can agree that no one ELSE should have to know (except law enforcement, on appropriate request), but YOU are the only person who knows, then you just have a very expensive paperweight.

Luka Rubinjoni Nov 28, 2024

@arclight But, there is great untapped information on when exactly will you bake your turkey... How will some VC startup keep up the grift it you deny them the data?

Daniel Brotherston Nov 28, 2024

I had the same objection yesterday to an entirely different product.

https://types.pl/@danbrotherston/113556509355726901

Daniel Brotherston (@[email protected])

This seems like a really interesting product, and one that I've been interested in for a while https://www.skylightframe.com/calendar-max/ But given that they mention a subscription in the description even though it's "optional" makes this a hard pass for me. This means it's open for enshittification. I don't own it, it isn't running locally, it'd dependent on their services. They could add ads, remove features, anything. I want no part of that. There's no reason this couldn't run locally. It could grab all this from the internet. Even configuration with an app on your phone could be done locally. The choice to make this a connected service dependent device means it's a hard pass for me. And sad, because it otherwise seems smart and well thought out. I wish more people would take a hard line on this, but we're so accustomed to enshitified crap, I don't even think people are aware that it is possible to have something else. That being said, our regulations around this are non-existent. Even in the EU. I suspect this is remote dependent, but there's nothing in the description that says this definitively, it's just an assumption on my part (I think a very safe one), but if we can't even know for certain that this is the case, how can consumers make informed choices? *sigh*...it's a shame, because I really like the idea. And yeah, I know I could *build* one, but that's a shitty substitute....besides being a ton of work, it's also only accessible to people with time, and extensive skills, not to mention a ton of money to kill on a project like that. If capitalism was working for us, instead of against us, I wouldn't have to build it myself.

types.pl

Cavyherd Dec 6, 2024

@danbrotherston @arclight

I seem to be a voice in the wilderness on this kind of thing. Our company-provided bus passes moved to an app this year: PASS. (Fortunately there you can get a card—you have to *ask* though.) My grocery store is trying to require an app to use their pick-up service. I think I've bullied them into holding off on that for a while. It's this steady drumbeat of pressure and I HATE it.

Daniel Brotherston Dec 6, 2024

@cavyherd @arclight

I think I object less to services being behind an app (certainly so if there is a non-phone alternative). I do find these things being on my phone convenient, and further, the service is already impermanent, lasting only as long as the service is supposed to be rendered.

My objection to products (things I buy, hold, and want to own and keep) being serviced through an online service is that then these objects are just bricks that happen to do something fancy while the company that made them deems me worthy. The fact that a physical object can suddenly turn back into a brick is the kind of insane magic of a children's fairy tale, not something we should tolerate from real businesses.

Like, if you bought a car, and then the company went bankrupt tomorrow and the car stopped driving and turned into a pumpkin, you'd have questions. And yet that is literally the situation we find ourselves in....literally with cars too!

Cavyherd Dec 6, 2024

@danbrotherston @arclight

I don't mind there being an app. I don't mind if the vendor prefers the app.

What enrages me is REQUIRING the app.

Ran into this again today. After I pitched a fit, the phone number worked last week. This week? Apparently didn't even right through (though I'm not sure I believe that, as it acted like someone was actively sending to to VM).

I don't own a smartphone. I don't WANT to own a smartphone. I don't want to PAY for a smart phone. But: Too big to care. >

Cavyherd Dec 6, 2024

@danbrotherston @arclight

I'd quit shopping at this store, but there's really no viable alternative. Especially if Kroeger & Albertsons merge like they want to.

GOD I hate this world we live in.

(And also yes: everything you said about "smart" "devices." Reason umpty-gazillion why I don't own a car.)

"So, sergeant, what are the chances that the suspect was at home at the time of the incident?"

"Well according to his turkey data, the oven started warming at 13:15:33" so he must have been in the vicinity then."

Cassandrich Nov 28, 2024

@marshalla99 @arclight Hmm sounds like an alibi factory... 😈

@dalias @arclight it's what oven timers were invented for 😉

Just Tom... 🐁Nov 28, 2024

We're rapidly reaching the point where your fridge will be connected to the bathroom scales and will send you a snarky message and refuse to open if you put on weight. I love, wherever possible, dumb appliances and gadgets. Nowadays I'm heartily sick of people asking for an email address and insisting I set up an account. And then flooding my email inbox with garbage. And you're right about sharing data on your turkey's innards!

Cavyherd Dec 6, 2024

@tompearce49 @arclight @MintSpies

To get a very meager discount on our medical insurance premiums (if you didn't meet the biometric requirements) my employer required signing up for "coaching." Big surprise when the "coach" asked me about getting a ("free") tracker. "LOL no." 🤦 🤬

No I'm NOT going to provide training data for Cigna's LLM....

Inc Hulk 🧪Nov 28, 2024

@arclight I always give a fake email address if all they ask for is an address. Unfortunately many want to get a click on their email to 'activate' a useless account (I use a dumb email address that I only use for this purpose, with a fake physical address). But of course, an App can have a lot more info... blocking sharing info is a small step, but the App still often has far more info than I am willing to share!

Phil Thane ✅Nov 28, 2024

@arclight Is this a specifically US problem or does it just apply to high-end products? We just had our kitchen refitted, new oven, hob, microwave, freezer, fridge. We recently also bought new washing machine, tumble drier, kettle. None of them have internet connection, in fact none that we looked at in far too many kitchen shops did. Neither does our doorbell, our light fittings or central heating. The TV is 'Smart' ie internet connected but doesn't have voice control.

catch Nov 28, 2024

@arclight I have similar feelings about IoT. Because my solar inverter required a cloud service and app, I ended up installing Home Assistant and a python library that acts as a proxy/trap for the cloud/API calls (works great and allows local control). This meant I later picked up a couple of motion detectors/light switch relays to replace some dead ones, but they run on ZigBee which is also all local (at least until the point you connect HA itself to the internet). Had no idea all this was out there until a couple of years ago, and it makes me hate cloud-dependent stuff even more.

Ianto Jones Dec 2, 2024

@catch56 @arclight same negative feelings re: IoT and all other unnecessary, similar garbage. I actually have a connected air purifier that refuses to join the locked-down guest network reserved for things I don't trust. Perhaps there's an innocent reason for this but I suspect it's because it can't see anything else besides the gateway on said network and therefore doesn't have anything to phone home about. Have yet to find an alternative explanation.

catch Dec 2, 2024

@ianto_jones @arclight depending on the model and how desperate/brave you are, you might be able to replace the firmware. https://templates.blakadder.com/kogan_KASMTPRIFRA.html for example.

Kogan 5-Stage 3S Air Purifier (KASMTPRIFRA) Configuration for Tasmota

Configure your smart air purifier to work with Tasmota open source firmware.

Ianto Jones Dec 2, 2024

@catch56 @arclight crazy, had never seen that before. Could at least offer clues into my brand. Thanks!

catch Dec 2, 2024

@ianto_jones @arclight not very clear from the link. The open source firmware for this kind of thing is called Tasmota. I haven't actually used it, but have some ZigBee devices that theoretically could use it if I could be bothered.

George Roberts 🇵🇸Nov 28, 2024

@arclight
But my smart fridge must talk to my smart doorbell to tell the delivery drone that I overordered bananas so they can spam me with banana bread adverts and over 50s singles, nest ce pas?
@Walrus

clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛Nov 28, 2024

"say you're in IT without saying you're in IT"
"can I pay extra to get a model that doesn't have an app and a cloud service?"

60sRefugee Nov 28, 2024

@arclight Somewhere along the line we gradually moved to a model of what might be termed "consumer serfdom" where no one can actually buy a product, they have to buy a service; and be locked in to the provider of that service. Consumer-driven product choice is extinct, we all have to buy whatever the providers care to sell to us or go without. The cable-TV model of marketing.

Chris Johnson Nov 28, 2024

@arclight Amen!

hyratel Nov 29, 2024

@arclight I bought and returned a NAS for this reason. it was the less expensive model, and when I got it home, I realized it has a *login-based externally-sourced web service* front end. not a Config Webpage hosted by the unit like most routers. I'll have "Defeating the point" for 300, please?

Timo Lindfors Nov 29, 2024

@arclight Do we have any good alternative architectures that the manufacturer could use? Suppose you for example live in a large mansion and the wifi reception is good next to the oven but you want to do some work in the backyard while waiting for the temperature would be reached. Configure port forwarding from wifi router and then connect from your phone to that? I'd like to understand what sort of solutions people are using or if they just have different use cases?

Cavyherd Dec 6, 2024

@lindi2 @arclight

...a kitchen timer...?

Xeno Danger Evil Dec 2, 2024

@arclight slow clap. Good post. No notes.

sspboyd Dec 6, 2024

Exactly!!!!!
“Not every moment of my life, not every data point around me needs to go beyond my property line. This telemetry does not need to exist and it's taken for granted that it should by people who do not act in my interest.”
@arclight