Contrary to the popular sentiment in a lot of the comments here, there’s not much value in the analytics. As we all painfully found out in the 2010’s, there are only two viable recurring revenue streams in the IoT space - charging for video storage and charging for commercial access. Chamberlain does both with the MyQ cameras and with the garage access program to partners like Amazon and Walmart. Both retailers have a fraud problem (discussed here https://news.ycombinator.com/item?id=38176891). “In garage delivery” promises dropping delivery fraud to zero - ie users falsely claiming package theft. That solution is worth millions to retailers, naturally Chamberlain would like a cut but only if they can successfully defend that chokepoint.

For historical reasons having to do with the security of three or four generations of wireless protocols used in garage doors they can’t (and products like ratgdo and OpenSesame exploit this.) Other industries such as automotive have a more secure chain of control over their encryption keys so one has to (for instance) go to the dealer to buy a replacement key fob for your Tesla for $300 and not eBay for $5.

Given the turnover in leadership there I’m not surprised the new guy needs to put their hand on the plate to see it’s hot, but there’s a reason this wasn’t implemented before and it wasn’t because of lack of discussion. I can see the temptation in going for monetization given their market share but I think this approach was ill conceived rather than fix foundational issues which would allow home users to integrate with 3rd party services and still charge industry partners for reducing incidences of fraud.

AND

Chamberlain expects me to weaken my digital security posture so they can run some opaque crap on my network¹ that I have very little observability into and even less control over so they can make money?

Money is one hell of a drug because they are high.

How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.

[1] I have a default deny in AND out isolated vlan for crap like this, even if you don't have a network background try to set one up if your networking equipment is capable.

E.g for us in South Africa, this would be unthinkable, regardless of how much time it saves the delivery company. The only time a parcel is left at the door is when it's UberEats. Otherwise delivery is rescheduled if we don't physically collect parcels in person. This is partly an access issue (many houses/apartments/estates have gated access) and largely a trust/crime issue.

I mean, they already do exactly this — this is what Amazon Lockers are. It's just only seemingly worth it to Amazon to deploy them to commercial customers, e.g. at post offices, in front of Whole Foods locations, in some very large apartment building complexes, etc.

(My own guess as to why the economics don't work out for individual residences, is that a hypothetical smaller locker — one small enough to fit on a porch — would also inherently be lightweight enough for thieves to just cart away wholesale.)

Every country has these to some degree; I imagine they're most popular in places that 1. have colder climates, but 2. where people don't tend to drive (like Poland?) The US has some, but the suburban long-distance-commute car culture + generally not-too-bad climate, means that people in the US generally expect to pick up packages from further away, and so implementation of these in the US has lagged behind other countries.

However, my comment, and the one it was replying to, are talking about something else — a hypothetical concept of small lockers that serve single homes, given to the homeowner, to be located near the home's mailbox/mailslot. (Basically, logistics-provider-provided versions of these things that you can technically buy online — but where I've never seen anyone with one: https://www.amazon.ca/WeHere-Package-Delivery-Anti-Theft-Pas...).

And the thing about these is... they really aren't a good idea. They're not too big and heavy to just steal. Anyone who can walk up to your porch with a moving dolly can walk away with it.

I agree that per-household lockers are... tricky at best. But then, if we're talking homes, and thus presumably lawns in front of them, I wonder what are the difficulties of selling a multi-slot locker that would be bolted down to the ground (or perhaps a bunch of concrete filling a hole in the ground), and thus as easy to steal as a thick fence post or an ATM? Is this too expensive for homeowners?

Regarding missed packages, are you talking about stolen packages? I've had a few cases where delivery was one day late and one time I got the wrong order (but got to keep the free groceries along with a full refund for my actual order) but I've never had a package just disappear altogether. Even Aliexpress orders that take 2-4 weeks from China eventually show up.

I've had a single-digit number of packages never delivered, most of them years ago, from Aliexpress (which, at least back then, had a very buyer-favoring dispute process, so I would get my money back with three clicks or so).

In the US all carriers drop packages at door (or in the building's locker if you live in an apartment complex). Some packages need to be signed (alcohol, nicotine, gun ammo, etc) but the vast majority of deliveries involve zero human interaction

Sort of. Note that I'm a city dweller, living in a flat in an apartment block.

This is a real problem; classical solutions involve having another household member receive the parcel, asking the delivery person to deliver to a neighbor who you know is OK with it (since I started working remotely, I frequently am that neighbor), having them drop the package in front of your door (undesirable, but works in case where there's an extra door between your flat and the staircase), or putting your place of work as delivery address (if your company is happy about it; some are not). Dedicated "package send/receive" stores became a thing, then started disappearing as grocery store chains became package drop points. And then came the parcel lockers.

I imagine this problem was the primary driver of mass, enthusiastic adoption of parcel lockers - for the last decade, I've had at least one within 5 minutes of home, and this let me pick the parcel up at my leisure.

These days, most packages we order go through lockers; the ones are don't are usually medical or plain heavy (10-20kg worth of cat litter, soft drinks, etc.). This works because I work remotely, and my wife is yet to return to work after post-partum period.

Let’s just take a step back here and recognise that we’re asking online retailers to leave our deliveries outside our homes, with direct access to members of the public, but we’re also asking for them to assume responsibility if the packages are stolen.

Morally, in isolation, it’s not a very defensible position for the consumer to take. I personally don’t feel so bad about it when it’s Amazon — they can afford it, basically — but in general it’s not realistic for porch pirates to be anyone else’s problem except the consumer’s.

Most people get quite irked when someone steals their Amazon package between the time it was left at their door and the time they actually try to get the package. Hence for most people who occasionally receive Amazon packages when no one is home to quickly take it inside a way to let Amazon put the package in their locked garage is a benefit.

> How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.

Like Amazon Lockers? That's not as convenient as delivery to your home. Or do you mean they should provide lockers to individual homes?

I'm not sure that would work. If the home locker was not very heavy or very securely attached to something immovable package thieves would just steal the lockers.

How expensive pouring some concrete into a small hole in the ground would be? Or would this become real estate then, or otherwise require a construction permit?

The problem is that it's prohibitively expensive compared to just eating the cost of any thefts, keeping an eye on pickup times so you (or a family member) can take the package inside ASAP, and using pick-up for any truly expensive ($1k+) items when possible.

About Amazon, how fucking hard is it to use a fucking Naive Bayes classifier to just check if product title or description changes significantly? Hell, do it with Babbage or some other (not L)LM that's cheap as fuck. We already have clear leaks showing that they fuck over sellers with their price lockins, are you really hurting them more by dropping all those product reviews? You can also do way better by using an image classifier. I have a hard time believing a company that's bragging about how many robots it uses in its warehouses and replaces shitty support with even shittier LLMs is not going to actually result in higher profits by doing this. A few returns probably covers the cost because shipping is expensive (something they already don't get right. Haven't had 2 day prime delivered in 2 days since 2018...)

Also, anyone else find it weird that stores on Amazon don't list all their products? Like you can click on the store page from the product and then that product is nowhere to be found. Want to reduce scams? Force the listing of their entire product directory. I already can't rely on reviews, you just are making it harder to trust you.

I really do wish there was a halfway decent alternative to Amazon. Even Target and Walmart's online stores are more attractive, just limited. But this seems to be a generally sucky space and I don't understand why. Don't even get me started on NewEgg...

> Money is one hell of a drug because they are high.

They're so high they're even turning down higher profits. But I guess the issue is caring FAR more about short term profits (quarterly statements) than long term (hell, even a fucking year). I really don't get this metric hacking bullshit bureaucracy we've built (and its not just isolated to the US or the West).

Because the margins are incredibly low (thanks, Walmart and Amazon?), which means you need capital-heavy hyperefficient warehousing/distribution to even compete, which means you need scale, which means there's little competition to make things better.

I think there'd be a lot of room for innovation if you turned Amazon/Walmart/Home Depot's logistics into their own companies, then allowed people to put whatever between that and the customer that they wanted to.

Which is essentially what Amazon does now... the only difference is they get to control that link and the revenue flow from it.

Segregating market functions forevermore would go a long way towards returning competition to marketplaces, imho. (E.g. logistics|retail, advertising|everything, etc.)

Ah, chokepoint capitalism. The problem with every company becoming a tech company is that they all expect unsustainable tech company growth. The strip mining of customers is also scaling up, so efficient that industries will destroy themselves. Can't wait until private equity owns the radios in my home, and controls not just the output but inputs.

Your campaign felt like a “butterfly flapping its wings causing a hurricane” kind of moment. You inspired so many entrepreneurs of that time to take a risk and crowd fund which then inspired another generation. Some of whom ended up huge and going public like Peloton.

Regarding choke points - I don’t think they’re all bad. Sometimes certainly, but others it’s a defensible moat that forces an industry to specialize into various key players that serve integral roles. I’m thinking specifically of semiconductors with companies like Western Digital locking up storage, Qualcomm with radios, ARM with compute, Samsung/Hynix with memory, etc This creates a stable enough ecosystem to build various software abstractions on top.

That's cool to hear—I didn't consider we had that influence, though should've realized it after chatting with y'all, Ring/Doorbot, Particle/Spark, Pebble, etc.

Guess it took two generations to shake out the hardware startup mistakes. We were early and naïve, but we did ship, and the Twine servers remain up. You learned to focus the use case, and I still haven't. Go figure, I think there's still a space for a general-purpose physical computer, so we're doing it again: https://supermechanical.com/pickup

Funny that Kickstarter's history since is a hindrance, and we might go the Selfstarter route to produce the experience we want next time.

At no point does "preventing random people in your garage" required a greedy middleman in the path between you and whoever you want to give your garage door access code.

Of course, I changed my code after that, but drivers still tried to get in with my code code. I opened countless tickets with Amazon to get this reference to my code removed from their system. They gaslit me many times saying it was removed. They were incredibly rude to me when told them they were lying to me, and now I sometimes get delivery drivers getting pissed off at me (for some reason) that the code doesn't work after they ring my doorbell.

What I want people to get from this story is, don't give Amazon your code. Get a separate delivery box instead or even a storm door works to hide most packages.

Since Amazon clearly has no idea what they are doing, I would put up a note next to the keypad saying “Amazon drivers: just drop the package, there is no code”

Amazon's problem is that they outsource the delivery and there is such a terrible turn-over problem with delivery drivers (and delivery contracting companies) that nothing works at their scale.

Nowadays that seems so hopelessly quaint.

I'm not sure what hell these jobs are that turns drivers into such shitty people, but I feel pretty confident that it is the system turning them into shitty delivery drivers rather than exclusively shitty people applying for delivery jobs.

Some are amazing, mail is delivered perfectly, etc.

Others cannot for the life of them match number to address, and it doesn't seem to matter who is delivering as the attitude spreads across the office.

I think a huge part of this is missing actionable feedback messages.

If USPS/UPS/FedEx had better channels for "my mail was screwed up" reporting, to a granularity necessary to isolate bad branches, I think things would clean themselves up.

As-is, customers learn to live with it and the mothership is unaware the branch is screwing up.

No more anything like this "I sometimes get delivery drivers getting pissed off at me (for some reason) that the code doesn't work. You can cut into any their speech with "English, m****r, do you read it?".

Gig workers quite possibly don't, or at least it's a significant effort for them to.

Ergo, both things can be true: Amazon cleared it on their side (customer support sees it cleared) and the delivery drivers still see it (using the subcontractor's system).

Probably because nobody at the sub-contractor's (outsourced) IT/system saw fit to implement a "As a customer, I want to change my note after initially setting it" user story.

I once bought a book delivered to a company (where I dont work anymore) and this address cannot be deleted. Multi billion company. LOL

On a side note, Amazon's interface is so much worse than Allegro

No kidding. Allegro isn't perfect, and seems to get worse every iteration, but they're miles ahead. Amazon - they're down there with eBay, worse than AliExpress. I literally only order Kindle books from Amazon, and that's only because I mastered the "google a book, switch to Kindle edition, click the 'buy with one click' button" flow, which they managed to not break just yet.

This is fairly complicated to do locally and securely. If any e-commerce website/app could add tracking numbers as PINs to your smart lock via the local network, that would be a security nightmare. You'd also have to provision domains for every smart lock so that every lock can get Let's Encrypt certs and accept requests from web browsers without configuration. Not to mention most tracking numbers are easily guessable because they consist of a destination code and an auto-increment integer.

Also a lot of companies don't assign a tracking number until the package gets transferred to the last mile carrier. Again, if you're willing to manually copy-paste the tracking number after you get the shipping notification every single time you order something, you're clearly not part of the target demographic

They could afford to give away the openers if they could win that revenue stream.

And Amazon would dump them in a second if consumers could instead click "Link your Home Assistant for secure deliveries and get $0.30 digital credit". Or more likely, Amazon would throw directly wired Dash buttons at consumers to enable secure deliveries.

I don't know what Chamberlain has to gain by sticking it to that particular demo. For HA to be a threat to the "partnerships" like Amazon, it would have to have an audience sizeable enough that Amazon would consider incentivizing adoption.

I would say it seems dumb to piss off the most passionate fans of home automation when you're a vendor of equipment that such people might want to buy, but Chamberlain has such a stranglehold on the market that I think they figure that even if they royally piss off that 5% of the garage door opener market, those suckers (or their garage door installers) will be forced to buy the gear from them anyway.

Yes and no. At the scale Amazon operates, I can see value in being able to automate the process rather than requiring each driver to find and operate the keypad for each garage.

Automation, if implemented perfectly (which it obviously won't be) also prevents one form of bad actor. An Amazon delivery driver who uses your code in the future to gain unauthorized access to your garage. Automation allows this code to be limited to a single use.

Not sure where you live, but every house I've lived in (USA, a few different states) during my entire life has had an exterior-quality door with exterior-quality lock, including deadbolt, between the house and garage.

In the one house I lived in that had a security system, that garage-to-interior door was also wired into the system and arming it would treat it like an exterior door.

Having said that, I still wouldn't want random delivery people entering my garage without my knowledge.

Likewise, but even if it's actually locked, no lock is impenetrable, and a closed garage provides a thief with the privacy to pick it at leisure or even break down the door. Burglary deterrence advice sometimes includes tips like adjusting your landscaping so your front door is visible from the street and locking gates to your back yard. Letting the thief into your garage thoroughly defeats the point of that...

Also, I keep stuff (bikes) in the garage that I don't want stolen.

Most people keep cars in their garage. Which last I checked were usually more expensive than bikes.

Joke aside, people keep a lot of valuable stuff in garages. Hell, tool chests can easily be worth thousands of dollars and are easy to pawn.

[1] https://github.com/scottlamb/moonfire-nvr/

I've been thinking lately about how quickly the world has changed and I think it's a bit underappreciated. I mean cellphones only became a household item 20 years ago, smart phones about 15. Or closer to home, at least for me, generative models went from barely making small black and white human faces (Goodfellow invented GANs mid 2014) to being able to create some fucking good quality images on consumer hardware in a few minutes (not counting all the prompt engineering required. But unconditional is still pretty good). Not to mention that access to these things isn't homogeneously distributed and so rural and poorer regions tend to get thrown into the deep end rather than wade their way in. I think from that perspective a lot of drama makes sense. Especially when we're talking about how people are not very tech literate. Hell, I have a hard time convincing people in my CS PhD department that hate Facebook's spying to switch to Signal or even switch to FF (we see the same stuff here on HN. More excuses than explanations). If the "friction" (even if 90+% mental) is high among tech experts idk how novices can handle all this. At least with my family they're more willing to believe Facebook's app uses an always listening microphone rather than believe me when I explain that they can figure out you're friends and interested in gardening if you just stand next to someone or walk around with them for 30 minutes in the gardening section of Home Depot ¯\_(ツ)_/¯ (sorry, this took a tangent, but I know you think about some of these things too)

Sure, but I've probably locked it barely more than twice.

1. I know it's a broad generalization, also location-dependant

I don't know if that would do much.

It's one thing to be sawing up a front door that is in plain sight of the street -- passer-bys might call the cops if they saw that.

But if you're doing it from inside a garage? You could shut the garage door and saw away. Nobody would report saw noises coming from a garage because that's super normal.

Personally, I hope that Amazon doesn't play ball. You can TRY and seek rent from the world's largest retailer, but you need them, they don't need you.

My main takeaway is that Amazon should offer a discount to deliver packages to buildings with staff to accept the packages. They never go missing, so less refunds, and the building staff does not charge Amazon to receive packages.

The business dynamics are pretty interesting, though. It could be that paying this company reduces missing packages so much that it actually saves Amazon money, which they pass on to consumers in terms of lower prices. Or, it could be that they charge $1 per access, and Amazon passes that on to the customer, and then people are disincentivized from using Amazon. Meanwhile, a competitor (say, Walmart?) brokers a deal where they hide that fee, and take enough customers away from Amazon that Amazon has to play ball (and now the price is $2 per access). Costs go up for everyone.

The phenomenon of partnerships like my hypothetical above are very interesting to me. Every so often I check what I can use my credit card rewards points for, and most of the offers, to me, seem like "failing retailer desperately needs a customer" rather than anything I actually want. Thus, the partnerships must be a pretty important tool for companies that are not in first place.

Finally, I think about the long term effects of this sort of thing. Everyone wants a % of every transaction. "Oh, you turned your lights on when someone came to deliver a package? Pay the manufacturer of the light bulb $1 and your electric company an extra $1." This will look like "economic growth" to each of those intermediaries, but in the end, they just devalued the dollar. ("Inflation.") We end up with bigger numbers, but actually decrease the amount of "value" floating around.

The only term that comes to my mind here is cancer.

That's most of the tech industry in a nutshell. From the office suite through all the "self-service" web/mobile interfaces, self-service checkouts in stores, to stuff like this - it's all making you do the work that was previously done by full-time professionals. It's a net loss of efficiency, and it only looks otherwise because salaries of full-time professionals are legible to bean-counters, while the same workload redistributed in tiny bits to masses of people is invisible in balance sheets.

In short: I'm starting to believe that most of the "improvements" that came with software are actually just accounting tricks, and this is why actual performance gains don't seem to track expected gains.

The more parties in a system, the more ossified it becomes. (Hello, healthcare)

Inevitably, the world changes... and now because there are so many intermediary layers the system as a whole is unable to adapt.

Then you're left with a system that can't be changed, that very efficiently does something different than what you need it to do.

Or, in a nutshell, most enterprise software older than 5 years.

Add to it the time lost because software tends to be less reliable than its counterpart because multiple software interfaces tend to increase complexity. There are some things that software is wonderful for improving. But I don’t need a IoT stick of deodorant.

I would say that almost all of it is, eg, disassembling our manufacturing and shipping it over seas - which ultimately eroded the middle class and jeopardized national security. But neither of those is on the balance sheets of the relevant company.

Anti-social short-term metricized business is the ultimate form of Taylorism — and in three generations, we can see that it’s an abysmal failure.

Sprinkling math on top doesn’t make reckless greed a good idea.

Quite possibly. I only thought this through wrt. software, as this is my field, but the overall method seems universal: turn concentrated work into disperse work, and throw it over the organizational boundary, so it looks like you've made the costs go away.

If a homeowner wants to let Amazon, Walmart, etc to open their garage door, it should be up to him to provide them with an access token/secret/etc to enter, just like you can put a door keycode in the order notes. The interaction should be purely between him and the retailer and there is absolutely no need for some rent-seeking scum to be involved.

The disgusting business model you seem to be justifying is akin to house builders/contractors being perpetually owed a cut every time you invite over a guest into your house or they switch on the lights.

2. Through research they find user wants to interact with their smart device while outside of range of wifi/bluetooth.

3. Company builds device firmware and cloud infrastructure to support this goal.

4. Company wants to simplify business logic and doesn't provide local (wifi/bluetooth/zigbee) support. Online only can service both on-premise and off-premise.

5. Company needs to reduce costs and justify ongoing operational costs of supporting this cloud + device service.

6. We arrive at the current solution.

Remember, the S in IoT is for Security.

They could simplify their business logic by making sure local first is reliable, and internet access can be turned off, and supporting vendors making (user-controlled, upgradeable, etc) gateways that handle the cloud/internet/local handoff

The state of the environment that the IoT device is sensing or controlling, has to match local reality. Therefore, the state that's actually on the IoT's MCU is the true state that matters. (Any state stored cloud-side could be stale if the MCU is disconnected, or misses updates) Ergo, if the cloud service is showing or manipulating the state of the IoT device, it has to read or command the IoT in near realtime, implying some kind of constant/realtime connection.

This would be the same mechanism a local-first connection would use, right? What am I missing here?

This current model is a fucking failure.

If a garage door manufacturer offers me a (free, local) API to fully control my door and allows me to check a box to let Amazon in, what, exactly, is the problem? Sure, I could also allow Amazon in without checking the box (assuming Amazon offers the appropriate integration and I'm willing to deal with maintaining my side of it), but it also seems okay for Amazon to pay the garage door opener company for the first-party version. Everybody wins.

Forcing the actual device owner to use a crappy cloud service is an entirely different story, but it's not required for the Amazon business model. Similarly, many video recording devices support ONVIF and have an optional paid first-party video storage. (And I imagine that quite a few commercial users demand the former -- no one who operates a concierge/security desk or a serious office building or a warehouse or an industrial site has the slightest interest in using four different first-party cloud offerings from four different vendors of their various gizmos that contain cameras. They are going to run one NVR, possibly with off-site backup, with one integrated system for viewing and analyzing the feeds. And they will pay handsomely for that, and they're paying that money to one of several established companies in the space, all of whom require at least token ONVIF or RTSP compliance, and they aren't about to kick any of that money over to the camera makers, because there is no shortage of competing camera makers.)

Off topic, but FWIW: Teslas don't in general use fobs (maybe you get one with an S or X?). You can buy one for $175 if you want, but in general the primary unlock mechanism is the app on your phone, with the effective root of trust held in an RFID wallet card (of which you can buy extras for $20 each).

Literally the bottom of the Chamberlain website reads

> The Chamberlain Group LLC, the corporate parent company to LiftMaster, Chamberlain, Merlin and Grifco, is a global leader in access solutions and products. __We design and engineer residential garage door openers, commercial door operators and gate entry systems.__

[0] https://chamberlaingroup.com/

Also, openers are also a common up-sale when other components are serviced or replaced. For example, if you get a garage door replaced, the installer will often recommend a new opener at the same time.

https://i.imgur.com/lNOXdhe.jpg

If you have a Chamberlain garage door opener and looking to connect it to HA you can do this too.

This is just more enshittification in order to exploit revenue channels other than direct sales.

But isn't the door property of the customer? In this case it is perfectly the customer's choice and right if they want to use the customer-facing API to let a delivery company in.

Not anymore. Now I get to pay $5/mo for IFTTT integration, after paying the premium for the WiFi-enabled version of the same device.

Same, but this is irrelevant to the point GP was making. Some minority of people do want Amazon Key (and similar services), and those people are now unable to claim their package wasn't delivered once they sign up for the service.

Add those people up and you have something worth millions, even if there aren't many of them.

It provides a convenient service for both parties.

I realise that there are the porch pirates who are another issue entirely!

I honestly can't think of a single person I know who routinely locks those doors.

This is just conjecture, btw, I have no authoritative knowledge of their plans to do anything.

I'd guess it's more likely the opposite dynamic, where they'll get a bunch of early adopter types to sign up without thinking through the ramifications. And then after the honeymoon period, Amazon will start demanding those users file police reports for missing packages since from their system it now looks much more airtight that the package must have been stolen from the buyer.

Big pink house on Foo St. (#8-5-5)

or

Big red-and-yellow-striped house on Foo St. (#8-8-5)

or whatever colors they are? If they are the same color, repaint one of them.

As a bonus, this will completely throw off all the automated data brokers, idiots that use "KYC" as an excuse to want to know where you sleep, etc.

Alternatively put an apartment number on your house (there will be only one apartment, of course.)

One of you will be

855 Foo St. Apt. 1

The other will be

885 Foo St. Apt. A

This is the same thing that continuously requires me to use my "ZIP+4" for absolutely everything, even though as far as i can tell, there is zero point in ever using it unless one is literally doing metered US Mail.

If you write "885 Foo St. (blue house)" it will get standardized to "885 Foo St."

If you write "Blue house on Foo St. (eight eight five)" the standardizers will choke and it will be printed as-is.

It doesn't work like this. Delivery workers use an app that opens the door, so if they are at a wrong location, it will be immediately apparent.

And they know that they can't just leave the package there, they have to find the correct door. And there's a flow in the Amazon delivery app to mark an incorrect geolocation, so they won't be penalized for taking longer time.

The app also has pictures of the location in question, to minimize the confusion.

From the homeowner's side, the garage door will be open for half a minute or so with nobody nearby. It's possible for a burglar to use this time to quickly run inside. But the probability of that is pretty low, and there'll be a camera recording of that.

Except that's not true at all. Amazon had my new house geolocated wrong (think robin instead of arden st in their system, even though I put the address in correct and it read back correct).

First delivery came, "delivered", not at my door... Contact CS, get a refund, continue.

"Ok, I'll setup key so they know it's wrong and deliver it in my garage."

Pieced together from video:

Second delivery arrives at wrong location, garage door opens...and was never closed. "delivered"

Took me contacting CS 5 times, with 5 failed deliveries, and doing an email bomb to get them to update my geo-location. Turned out it was literally across the fucking city, ~8 miles away.

https://www.core77.com/posts/103681/When-Houses-Had-Built-In...

Swap in a more traditional automaker, and your point remains correct.

Premium users pay $300 to replace the fob on their Model S / Model X. Mid users pay $175 to replace the fob on the Model 3 / Model Y. And an entry level option exists for the cards. Plus programming fee. Handling fee. Local taxes. Processing fee. Etc :-)

Without control of their PKI anyone could self program a replacement for a few dollars as is the case with the garage door market.

As an aside, I find the fob useful for booting the car up prior to getting in, rather than waiting 40 seconds before the fly-by-wire shifter starts responding to commands to put it in gear.

The keyfob is super-useful. It fits perfectly into that small jeans pocket (that was originally meant for watches), so you can trigger the trunk/frunk opening without taking the fob (or phone) out.

I was burned by this change. I don’t know if anyone at Chamberlain is reading this, but you guys have neighbors, users just wanna keep their home safe. You’re one TikTok away from a crisis when you do stuff that is anti-consumer.

The API breakage coincides pretty well with their brand new CTO, whose objective is apparently "transformation to a smart access software company".

It's unclear if the CTO just doesn't understand that "DDoS" generally implies malice, or if they're intentionally using that language to blame users for using their product.

Good news: ratgdo, an ESP-based local solution works great. I hope the author is making a decent profit on the kits.

I've definitely seen "DDoS" used when there was no malice, such as when a developer accidentally releases a client that generates way more traffic than it was supposed to. Probably because we don't seem to have a good term for "event that at the server looks exactly like a malicious DDoS attack but was actually due to a mistake or to the server becoming unexpectedly popular" :-).

My favorite example of whatever we are supposed to call this was John Carmack in 1997. From his 1997-12-09 .plan:

> Cyrix has a new processor that is significantly faster at single precision floating point calculations if you don't do any double precision calculations anywhere.

> Quake had always kept its timebase as a double precision seconds value, but I agreed to change it over to an integer millisecond timer to allow the global setting of single precision mode.

> We went through and changed all the uses of it that we found, but the routine that sends heartbeats to the master servers was missed.

> So, instead of sending a packet every 300 seconds, it is sending one every 300 MILLISECONDS.

> Oops.

> To a server, it won't really make a difference. A tiny extra packet three times a second is a fraction of the bandwidth of a player.

> However, if there are thousands of network games in progress, that is a LOT of packets flooding idsoftware.com.

> So, please download the new executable if you are going to run any servers (even servers started through the menus).

I did do some napkin math to quantify how much that bad traffic may have been: HA estimates between 6857-25576 intallations of the MyQ integration. Let's say 16k clients. HA makes it really easy to detect and "add" the integration (which counts as an installation even if it's not configured), so, that's definitely not all clients hitting the API. Let's say it's 50%, so 8k actually using it. Most users just notice myQ is broken. Let's say some fraction retry, which would look the same as an extra user from a volume perspective. Call it an even 10k users (including repeat users).

The most recent change is after they broke everything past the OAuth dance. Let's say the OAuth request is 1kB. The retry code retries up to 5 times with exponential backoff. Let's say 5 requests over 10 min.

(5 requests / 10 minutes) * 1 request/user * 10k users = 5k requests/minute, or 83 per second, amounting to 83kB/s inbound.

There's no reason to assume those requests would synchronize, but I'm sure there's something (let's say every single myQ user updated at the same time).

If what they're saying is true, sounds like actually malicious botnet wielders can ransom the living daylights out of them. Given 1Tbs DDoS attacks they'd only need a tiny fraction of the full bore ion cannon! ;-)

[1]: https://github.com/arraylabs/pymyq/blob/master/pymyq/request...

Absolutely. Used to work on the Identity team somewhere. Dev accidentally removed code that was supposed to cache a token on a very chatty service. Brought auth to its knees and called it DDoS.

The ratgdo is more trustworthy, and it just connects (really easily, too, especially with the new v2.5 board) to the opener via the same contacts that the dry contact button does.

You can go and engage him directly on the topic, maybe he'll present a perspective we haven't seen, or maybe he'll listen to your arguments and reconsider:

https://www.linkedin.com/in/dan-phillips-9a33831/

(and no, this is not doxing: his profile is public).

What a shit move to pull on your existing customers.

https://www.athom.tech/blank-1/garage-door-opener-for-esphom...

I wish ratgdo a ton of success and have several on order.

I would try to sue that manufacturer. I hope it we'll be pulled to a court.

This will most likely be a significant factor in though, though good luck getting them to admit it.

HA users will mostly be bypassing the app and therefore not providing revenue via ad impressions.

What brand is he moving to? Does it work with Home Assistant?

I can't recall the last time I saw a garage door that wasn't Chamberlain or one of the brands they own. At least in my area they seem to have a near-monopoly.

Then I watched the discussion on discord and realized I’m not alone albeit still a small percentage.

Then I see this as top post on hn.

It’s frustrating to have a company do this. I don’t agree with their choice. Plus forcing you to see ads whenever you open or close the door is Orwellian.

Now I need to somehow sell this device on eBay with hopes a large percentage still wants it.

[0] https://github.com/Lash-L

One reason this is tricky to do is because up until let's say the last 6 months or so, myQ _wasn't_ hostile, even if it was Cloud-based. (I get that that aligns with your point! I'm not arguing with you there.)

The company could go out of business and shut down their servers. Or shut down the servers because they're no longer selling the product.

Sometimes incompetence is as bad or worse than malice. The company could break an API accidentally. Or the API only works intermittently. Or they could add poorly-implemented rate limiting that unintentionally affects multiple users when they share an IP via NAT.

What matters is that they provide proper documentation for their APIs, encourage devs to use them, and don't have a history of breaking old clients with new firmware updates (without very good security reasons).

But in general, OK - some things are better done via an on-line service. But it's the minority of cases - almost none of IoT devices have a legitimate reason to route control and diagnostics through the cloud.

The obvious way to implement this would be to have a front-and-center filter for cloud/local, so that one could use it to check which brands to consider before buying new connected hardware. It's a use case people have been asking for years. It's the only reason one would want to access a searchable list through their own page (as opposed to googling "${brand name} home assistant").

What's the blocker here?

It's an open source project. Stuff generally gets worked on by people who care about features. You seem to care about this. https://github.com/home-assistant/home-assistant.io

Wow, what a contemptuous statement.

I have news for you, Chamberlain Group. You are not only alienating, being hostile and losing a "Small percentage of users" (most companies would prefer to call them "valued customers", but I get it). You are causing an enormous permanent damage to your own brand.