Support checked and it was fine. Just needed time to adjust. They mentioned they checked the cameras (!).

Later on I got a second used one and while cleaning it, noticed that the internals are just a raspberry pi. Took my micro HDMI and keyboard, and... this thing just runs Raspberry Pi OS.

No updates. And ... VNC. People from that company can just remote into my device, look at what the cameras are seeing, and do stuff on my network. These things are a security nightmare.

- Alexa, wipe up that spill in the bedroom.

- Sorry, that requires deep clean, but you had some credit left on your second credit card so I ordeered a deep clening service for Tuesday when you are away.

But I am just a user and this is just a vacuum. I rather focus on other than jumping hoops for the products of the indecent manufactureres. While saving a lot of money as bonus. I think I will cope without it.

i am sure others can too, i just know we had to use the fortigate to fix a hard-coded IP that was breaking something. i think it was a fog device, even.

> it'll work for whatever ports or application you want since it's a layer 7 firewall

I'm debating writing a custom firmware, the GPIO pins are documented somewhere.

  * Run pump. 
  * Turn lights on / off / %. 
  * Measure water in tank. 
  * And then they have a moisture / temperature which they use for their 'AI' / heuristics on whether to water more or less. You don't need that. You just water more often. The point of hydroponics is that the roots sit in water. 
  * Occasional photo (via USB). 

I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.

The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.

Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.

https://www.amazon.com/Yogasleep-Portable-Soothing-Rechargea...

iOS, iPadOS, and macOS have a pretty great built-in background-noise generator these days. While lots of actual beaches can go dead silent and then have a loud wave crash in, the waves that

It’s available in Settings -> Accessibility -> Audio & Visual -> Background Sounds. You’ll have to download the sounds each once, but after that they stay on your device.

Digging this deeply in Settings isn’t pleasant if you just want some white noise, so you may want to add a control to Control Center like “Background Sounds” (way down in the Hearing Accessibility section) to turn the ocean noise on and off.

I turn this on my iPad when going to bed if I want to take extra steps to ensure that I don’t wake up in the middle of the night.

I do use a standalone Lectrofan for sleep as I prefer my noise machine to be across the room and Alexa-controlled (via a smart switch), plus it’s louder and the brown noise is “browner.”

But I keep iOS BG sound mapped to the triple-click shortcut for when noise-cancelling just isn’t enough in loud restaurants etc. It works great with AirPods for reducing my noise sensitivity issues.

If you're trying to get better sleep, get your phone as far away as possible!

I can't believe I had to download an app for that because the feature is buried in SETTINGS (!!!!). What an obtuse choice. Thanks for the tip though, I hate that my white noise app has a rotating ad banner.

I had the two problems of poor sleep without white noise and a dog allergy and now I have neither.

I got tired of replacing $60 sets of HEPA filters after moving in to a forest. I actually bought K&N 20" furnace filters because they're washable. i wash them every 3 months or if they're very obviously grey approaching black, or, during pine mating season, if they're yellow approaching black. I use mean green or simple green, whichever i have handy, and the hot tap in the shower to just wash them off with soap and water.

I have to replace the ~$20 box fans every 3-5 years. They just wear out, probably by design. They break in the startup, if you can get them spinning it'll keep spinning.

[1] shot with on-board mic but you can see the idea. The metal inside is one of those "hold your kitchen utensils" metal baskets, it keeps the form of the carbon filters inside, and stops stuff from getting sucked through. The airflow is in to the hole in the box, through the filter, out the fan. https://www.youtube.com/shorts/zmzs9H4NUCQ?feature=share

Turns out most of my anxiety, insomnia, etc sensations were caused by pinched spinal nerves.

I say sensation because I believe, but cannot prove, that my physical sensation led to my mental state. Most diagnosis assume the reverse; that mental state leads to physical symptoms (restlessness, clinching, pit-in-stomach, whatever). I have not yet read anything or met anyone (care providers) supporting my hunch.

So... Anyone experiencing treatment resistent pinched nerves, eg sciatica pain, may want to consider possible physical causes.

In my case, it was collapsing vertebrae due to osteoporosis resolved with a S1-L5-L4 lumbar fusion. Yes, that surgery and recovery was very difficult. The upside is I now often sleep like a corpse. It's glorious.

YMMV.

I have a slight curve in my spine, but not enough to be a clinical diagnosis of scoliosis. So i will just have "back pain" of all sorts my entire life and that's great, super. But if i get a different sort of back pain i'd expect an xray at some point, right?

Getting a helpful diagnosis wasn't straightforward. More like a process of ruling things out and triangulation. Over the course of years.

My advice to all patients: Don't accept "No." Each individual doctor can only know so much. Just know that someone(s) out there has the puzzle peice(s) you need.

Of course, you've tried All The Things. Physical & occupational therapies, deep massage, sauna, magnesium, ruled out kidneys, pilates, general fitness (weights, HIIT), lots of walking...

(As an example: A buddy had a bad hip, terrible back pain. Was doing PT for more than year, no improvement. Was considering a hip replacement. Turns out he had late stage kidney cancer. FFS. Then was repeatedly told he had 6 months max. Until he found that one doctor who knew about a clinical trial for a new immunotherapy. Fortunately, it worked and 3 (?) years later was declared in remission.)

Also, I've gotten relief from unexpected areas.

Swedish Hospital's (Seattle) Pain Clinic has a whole program. Was transformative for me and better over time. I'm not healed. Just able to manage my pain(s). There are similar clinics nationwide.

I've even changed my diet. After much trial & error, I figured out that wheat (gluten), peanuts, and even just (too much) sugar were negatives for me. Cutting those out reduced my pain and improved my brain focus. Probably something about inflamation. I'm sure I have more to discover.

I encourage you to not give up. You're experiencing pain. So there's got to be a cause. It may not be treatable. But at least you'll know and can plan better.

As I get older, deafness will likely reduce my need to rely on technology.

Stereo - genius!

Believe me, sometimes tinnitus means i don't care if i damage it more, i just need outside to be slightly louder than inside my head.

I use the Snooz white noise machine and their companion bluetooth app actually comes with a sound level display in dB that helps you make sure you're not setting it too loud in settings like a baby's nursery.

There is a difference between like HVAC and the "noise floor" of a house, and pumping additional noise in. I'm just saying that a "noise machine" may not be a silver bullet. And i even said that me and the wife use it because tinnitus already sucks.

I used wireless headphones back then. My choice of "white noise" was popcorn in a microwave (because the neighborhood was that noisy)

What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.

And yes, I found evidence that this is exactly what’s happening."

^ wow, this is pretty wild.

I’m the founder and CEO of a company called Memfault, we make observability SaaS for hardware companies.

I constantly get asked if we could just offer a remote access solution. Many of our competitors do! But we think it’s (a) a huge security liability and (b) too ripe for abuse.

But fundamentally consumers do not care, and until that changes you can expect any embedded Linux device to have this kind of backdoor (they do more often than not).

More companies do this than not.

Could a rogue engineer inject whatever code they want into an app update? Possibly yes, but 1) that code will get shipped to every phone at the same time, 2) that code has to do its thing without anyone noticing, which is tricky at scale (this is how malware gets discovered), and 3) there’s an audit trail so that engineer will be exposed to legal risk.

The difference here is that with Eight Sleep, an engineer can remotely access the customer device in real time and poke around the network the bed is connected to, and there may be no audit logs. They can exfiltrate sensitive data with much less effort and less legal risk than with an app update.

  > I was willing to overlook:
  >   The bed costs $2,000
  >   It won’t function if the internet goes down
  >   Basic features are behind an additional $19/mo subscription
  >   The bed’s only controls are via mobile app

The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.

Don't worry, they'll repeat over and over how their product was thoughtfully designed with exquisite craftsmanship by the re-animated corpse of Johnny Ive [1] until people believe it's true.

[1] I know he's not dead.

Also...

> ... Essentially all you need to do is unplug the rubber tubing from the Eight Sleep cover, which is available on eBay for a few hundred bucks, and plug it into a $150 aquarium chiller.

> That’s it. Aquarium chillers are somewhat of a misnomer, as they can also provide heat. They use thermoelectric devices to regulate temperature, either cooling or warming the liquid that flows through them, which is the same technology found in eight sleep.

How much do you want to bet the Eight Sleep is literally an off-the-shelf Chinese Aquarium chiller in a custom case marked up 15x, with a shitily-programmed computer bolted on to enable a $20/month subscription?

Unlike all the cloud garbage, my zigbee devices continue to function even when the internet is down. I have my zigbee hub (Home Assistant Yellow) on a battery backup, so all the zigbee devices with a battery keep functioning even when the power is out (like my automatic cat feeders)

I do own of these and while I hate the price, the subscription, the fact that it didn't work for an hour last night due to the internet being down (first time ever really) but there really isn't a better option. I love the temp control and would use anyone else if they had a valid competitor, but sadly there isn't one (or at least wasn't when I bought mine). The alternative is to not have temp control which is pretty amazing.

Maybe there needs to be a red answer and a blue answer?

The "smart" features on it are genuinely useful for me - I have sleep apnea, as well as an eight sleep + the electronic platform. It automatically changes the elevation of my head based on apnea events, and I see a marked reduction in them when using this feature.

I have a cpap machine that also makes automatic adjustments but I still get noticeably better sleep quality with the eight sleep. I also really enjoy the temperature control, since it saves on HVAC costs vs. climate controlling the whole house. I've not tried an aquarium chiller for this purpose, though I have used one for doing temperature control on a beer fermenter, and I can extrapolate from there that I value the management of the actual eight sleep device vs. managing an aquarium chiller's temp control.

All of those features could be provided by local compute, either nestled somewhere in the soft and fluffy gross profit margin of a $2,000 product, or with Bluetooth to a "thick" application running on a phone.

The reason this product, and so many other "IoT" products, put their compute across the Internet is to facilitate a business model. The industry has the technology to put as much compute, storage, and reliability on-site with a high-margin, high-cost product like this.

Of course, they'll probably claim AI running in the cloud is making the decisions which makes the local first controller not possible.

like me. will buy a spring mattress next time

Edit thank you for your recommendation but I'm in italy, European and American mattresses are quite different.

Before discovering this, I once wrote to the customer support of the flamingo hotel, Las Vegas, because I loved their mattress: Hi, i do think that what i'm gonna write is weird, but anyway haha. On july of the summer 2019 i visited the fabulous las vegas. nor the nightlife neither the opulence of sin city could, however, reach the pinnacle of the human civilization, the mattress on which i slept at flamingo. I now have to change my own mattress at home, and i'm looking for the model on which i slept. the website only says "Simmons beautyrest", although Beautyrest is just a brand name used by simmons and doesn't mean a specific model. could you help me in this modern day divine comedy, be my Virgil and help me find the mattress name? Regards Name

I got an answer: Thank you for contacting Caesars Entertainment. I was delighted to hear that you enjoyed our mattress on your visit! Currently, we are using the Simmons Hospitality Beautyrest Felicity Pillow Top. They can be purchased at https://caesarsguestpurchase.com/shop or 1-866-926-8233. Please feel free to write back if you have any further questions.

Thank you for choosing Caesars for your gaming entertainment!

Have an amazing day!

Shirley

Similarly, Talalay latex mattress material is usually only about 30% natural and 70% synthetic, and the synthetic does not cause immune response.

If you powder the natural material and directly expose it to IgE, the dominant protein of interest for allergies, you can get a reaction (https://pubmed.ncbi.nlm.nih.gov/10436396/), but in practice with sheets and the outer cloth covering on the mattress basically no proteins ever come into contact with the body. And even in that study only Hev B I was detectable, which is only one of many latex proteins that trigger the immune response, and only 3 of the 21 tested human sera actually had a reaction to the direct mixing with the powdered latex. As far as I understand it, there has never been a confirmed case of an allergic reaction to a latex mattress.

Seeing the founder fellate Elon and his Doge employees has given me second thoughts. I may be looking for an aquarium chiller in my near future.

Most manufacturers bolt on IOT functions by dropping an off-the-shelf module onto their device-specific board. It's sometimes possible to replace the factory firmware with ESPHome, sometimes even using over-the-air updates. For example, AirGradient air quality sensors: https://github.com/MallocArray/airgradient_esphome

Even when it isn't possible to commandeer the factory IOT module, the fact that it _is_ a module is still useful, because it's almost always possible to inhibit or remove the factory module and connect your own instead. The factory IOT module controls and senses the device, so your replacement module can too, using the same pins. For example, an IOT air filter: https://github.com/mill1000/esphome-winix-c545#final-assembl...

Some devices are designed around multidrop communication busses. These are usually even easier, since the ability to join the bus is an intended design feature, even if the device you're using is not intended. For example, many Samsung residential HVAC systems: https://github.com/omerfaruk-aran/esphome_samsung_hvac_bus/d...

At my day job, we've replaced and re-engineered controllers in industrial laser cutters, CNCs, welders, robots, and similar equipment. There are replacement control boards for hobbyist stuff like pinball machines, motorcycles, retro computers, and retro game consoles.

But as evidenced by the fact that people are buying shitty cloud-only IoT devices, neither the interest nor the capacity to do this is common.

It is a $2000 dollar internet connected bed. The market in this case is probably people who could wipe their ass with that $20 every day and not miss it. I don't think they are stupid. This class of Americans has always been about paying for ongoing service instead of being pragmatic or doing things themselves. "Let the help over in bangladesh fiddle with the connectivity and updating the mobile app for me, while I merely rest my head and make plenty of money," they probably figure, at least subconsciously.

OTOH, I grew up upper-middle class, my dad being quite frugal and a big DIYer. Similarly, I make good money and am also very frugal. I have no reason to flaunt money around my peers.

The collective mass of people who buy these "IoT" devices that (1) don't actually need to use Internet-hosted services to function, (2) don't actually need a subscription for their business model to work _except_ for having been unnecessarily tied to an Internet-hosted service, and (3) will fail to function when the Internet-hosted service is gone do not understand the ramifications of the buying decisions they're making.

They're enabling these awful companies and business models. They're making the world worse by buying this soon-to-be e-waste garbage.

Stupid is a bad word. Let's say ignorant, instead. They don't even know what they don't even know. Our asinine industry normalizes these practices because profit.

I think computers have tremendous power to make life better for humanity. I think that can happen without being contingent on this kind of business model.

The bed is an egregious example. There are certainly other lower-priced products that still have this kind of stupid unnecessary "tie" to Internet-hosted services and subscriptions.

And all tech companies are now founded with zero regard for good behavior. I mean, they don't even do minimal amounts of customer service, which is the bare minimum of having regard for your customers.

In general, the IoT industry has suffered and adopters get burned over and over and over so the market is what it deserves in the long run. But that doesn't mean that snooping and monitoring doesn't increase insidiously year after year.

This is a serious problem with future technology. What person would do cybernetics or similar life saving products from companies like this? Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.

We are clearly in an age of increasing authoritarianism. China has become far more authoritarian under Xi, right wing fascists are on the rise in Europe, and extreme partisanism just leads to round robin authoritarianism on the path we're on, assuming the next election happens. Russia is trying to expand its reach, and disrupt democratic institutions worldwide.

Undermined privacy and data collection is the tools for total information awareness by authoritarian states, only made far far far far far far far worse by the rise of functional AI.

The future of humanity is bleak. The filter approaches.

As someone on an insulin pump they do. Iirc they have reps showing up at hacker conferences looking for red teams.

Definitely agree with your worries generally though.

One thing SaaS has not learned from nonprofits with longevity: you do big fund raisers to get money so you can live on the interest payments. If you think of a new project that will increase your burn rate, you throw another fund raiser.

Figure out how many of those beds you expect to be junked for breakage or obsolescence each year and set your margins to keep the long tail running for 10-15 years.

I think SaaS has eschewed strategies for longevitiy because it's contrary to the market's "wisdom" that for-profit companies must have sustained high-rate growth.

Sometimes it’s clearly the founders who go extractive, but others it’s clearly the new owners or partial owners.

One can just question how we want to live our lives in the future. Behind each and every step a subscription? And all of them seem to be priced 10-20/month, no matter how much value they provide.

  >   It won’t function if the internet goes down
  >   Basic features are behind an additional $19/mo subscription

I'll play the Devil's Advocate here. If this product isn't controlled by a remote server, it either needs to be controlled by a local bit of hardware (i.e. with its own screen and hardware input devices) or by your phone. Considering the upper-class target market (high-priced luxury product), the "local bit of hardware" option is a bad call. If it's controlled by your phone, then it would presumably happen over Bluetooth, which is both (a) unreliable and (b) would disconnect if you don't have your phone in your bedroom, which if you're willing to spend $2k on a cover for better sleep, you've probably already tried.

The industry went in the direction of direct-to-Internet connections for home devices because, quite frankly, it's the lowest-friction approach for most home users. Everything else is a distraction from a great product experience for 99% of the market.

With all that said... bundling in hard-coded AWS IAM keys (for Kinesis Data Streams) and hard-coded SSH public keys is just bad engineering. You can't revoke an abusive customer without revoking everyone, and you can't fire any employees without updating every customer end device. Sleep Eight needed to set up IAM Roles Anywhere with a private CA where a user's initial setup gets the private CA to issue a cert for the base unit in the user's name, which is then used to get temporary credentials through AWS STS to write to Kinesis. Similar story with SSH, if it's actually genuinely needed for some reason, set up a private CA, in both cases, with certificate revocation lists. They're unlikely to sell enough beds (remember: luxury product) or fire enough employees for CRLs not to scale well on this solution.

A rational society would have shut those companies down and thrown the executives into prison.

A lot of this bullshit only happens long after the sale has been made and consumers are blindsided when things advertised as free are suddenly paywalled off behind a subscription following a ToS update.

"The market" is never going to solve this. What we need are consumer protections in the form of laws and regulations with real teeth and consistent enforcement.

I raised this at a meeting and was told that they weren‘t going to change it because it made too much money.

I’m sure engineers raised issues about this as well and were shut down by the business people who are more than happy to risk customer satisfaction and security if it means more revenue.

I would of course, attempt to veto unnecessary IoT devices and subscriptions for usage, but this would be a fight I would likely not win.

I can only speculate.

But, there is demand to improve sleep quality. The provider wants to charge a monthly fee for that.

The market simply puts buys and sellers together. People making business decisions will stick with Econ 101--charge what the market will bare, and why shouldn't they?

The pro and enterprise version would allow local server setup for critical sleep equipment functioning and can manage all beds in a household or hotel etc . It can update the version of software or data models when its online and new features are available on cloud server.

I surmise at 300 dollar/month for pro version could be really attractive proposition. Of course local server setup and maintenance can be charged separately.

Maybe there should be a mandatory information sheet such as listing all functionality that stops working without a network connection.

I don't have the enthusiasm to start a competing company. It sounds like the barrier to entry to the market is fairly low, the tech isn't unproven, and there appears to be a ton of margin.

I assume Eight Sleep has a patent moat.

Great line. And my eyes bugged out a little at this part as I also realized what the implications were:

> - They can know when you sleep

> - They can detect when there are 2 people sleeping in the bed instead of 1

> - They can know when it’s night, and no people are in the bed

I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.

1. Work in tech

2. Do care about security

I think this product in particular really attracts the tech nerd life optimizer types.

What if they have a ton of sensors which relay enough information to re-construct a 3D mesh of activity on the bed that they can remotely view? And their more curious less ethical employees give nicknames to particularly "active" or "interesting" users? And start placing bets on their favorites? And start connecting the dots on who is sleeping with whom?

More seriously, this is just a data collection mechanism to learn about user habits that can be sold to other companies and/or use to start new lines of business.

Anything that sends back data, without your clear and expression agreement, isn't sending it to help you.

It’s better than that. He’s putting in backdoors where they sleep. I’m sure there’s a market for that data.

Once you realize just how important quality sleep is, and how much this can help, $20/month bed subscription becomes a laughably small price to pay.

    - What's required to justify this cost?
    - How many features and updates does the app require?
    - What could the ongoing server costs be?
    - How many people maintain the software?

Plus, these things are only piping out data when they're in use, right? So... Only 1/3 of the day, if that.

Then the feature set, who knows. Is it just a readout with some fixed controls for the firmware in the eight sleep?

How is that justifying $20? Every single month?

I know software (especially when hardware is involved) can be more complicated and demanding than it appears on the surface, so these are genuine questions. I'm very open to having bad assumptions here. It just doesn't map to my experiences properly. Especially since the customers pay a premium for the hardware upfront.

I guess if customers are willing to pay, it's fair game.

The subscription for bed is not, it locks artificially features to pay monthly. Even more, it collecs data to improve the product (which sounds good) - but you need to pay for this. They have an ability to run model locally - they choose to not.

I like Topaz approach: you have an ability over some time (subscription period) to have up to date model that will help you recognise snoring etc, then if you choose not to pay - you stick with this model, but it still works.

Subscription in addition is something that limits an ability to sell it in the future.

on the other hand, paying 20$/month for the right to use the bed, that your purchased at 2000$ cost is a ripoff.

sleeping isn't costly, has never been, yet a company is trying to enforce it and i can see how it doesn't go well with most people.

The market is ripe for the taking, but nobody has attempted to compete with EightSleep. EighthSleep is sleek AF, the competitors seem like they are from the 90's, in all the worst ways (HydroSnooze doesn't even have a remote).

As for frame, if you buy the Eight Sleep Pod 4 Ultra (which is the version that comes with a base that adds head/foot elevation control), you can use the base as a bedframe if you like, though that would be pretty minimalistic.

If this product was an entire bed then it would actually be a lot less appealing because it means you have to replace your bed to use it. It's not a bed, it's a mattress cover (and optional base with the Ultra), so it's purely additive on top of your existing bed, and does not significantly alter the feel of your mattress (besides temperature).

Think of the alternatives I have: Sleeping pills. Sleep studies. Benzos. "Supplements." Weight loss. Working out. Sleeping hygiene routines. FWIW, I've done/do all of these. They work, and they are work.

Sleep is more important to my health than what I eat. Some of us are like this. You know us. We're your colleagues, friends. You've seen us, heard us mope around.

I checked it out because I saw Bryan Johnson talk about it. Found it to be stupid, the price, the app, the subscription, I get what everyone here is saying. You are right. But, there was a free-x-nights trial policy and curiosity got the better of me.

So far, it's been amazing (5-6 months in).

+ You can slap a faux button/area on the bed to change temp without the app.

+ This App, mentioned in the article, it works 100% of the time, and it's fast. I suspect it's over LAN when you're home, at least it's that fast. For comparison, $3.2 billion dollar Nest's app isn't reliable nor fast -- How many total days of your life have you already lost to a synchronous thermostat app that needs to auth/connect with Google before you're allowed to change the temperature of the room you're sitting in? :) Come on, tell me the truth!

Does that help clarify why this sells?

Note: The bed is now $3k, not $2k, plus sales tax. Amortized over 5 years $3k + $240 * 5 = $4200. Divide by 60 months.

Note: Lots of misunderstanding in the thread by people who haven't checked the product out. It's not even a bed, guys, it's a liquid-cooled cover that fit's on top of your existing mattress. If you want the motorized mattress that lifts you when you snore, that's another few thousand dollars.

Well, working out will help with weight loss and will have a lot of other beneficial effects in the long run.

> FWIW, I've done/do all of these. They work, and they are work.

But you already know that.

It uses a bag-like sheet that it blows air into, to adjust temperature. For women suffering* through menopause, being able to adjust around hot/cold flushes is sanity-preserving!

* Some women don't suffer much during perimenopause or menopause, but it's a process that seriously fucks with one's hormones. A word of advice to any partner of a woman going through perimenopause: believe them when they tell you what they're going through! So many partners don't realize just how much this can mess up someone, they deserve every sympathy possible.

Is the Bedjet really that good? Would your wife recommend it without reservations? Are there any other product that have made a difference for her?

Apologies if that's intrusive but improving Sara's sleep would be life-changing for her.

[Followed by a screenshot of the EightSleep CEO publicly tweeting about SF sleep data in Nov 2023.]

This is reason enough to not patronize this business. What a creep.

I remember because I signed up for e-mail updates. Glad I never signed up though. IIRC, I was turned off by the same issues the author “overlooked”.

A subscription for a bed? Fuck off

Also: citation needed. A quick Google says it's not illegal as long as the government entity confirms it in writing.

This looks a lot more like the device fetches updates via SSH to a remote update server, and the authorized_keys entry is vestigial.

Beyond that, companies being able to push changes via custom firmware is sort of the normal state of consumer IoT devices. And it doesn’t really imply the kind of broad “the whole engineering team can access my LAN” that the OP is speculating about.

Now, from a design standpoint, using SSH to pull firmware updates would be a bit of a wonky choice. But the world is full of wonky choices.

More sycophants coming out of the woodwork.

That's the health secretary's words.

It's good for temperature control, you can set a profile that changes over night. The cooling is a complete fix for night sweats. It heats too, but I don't use it. I don't use the sleep tracking features.

My only semi-major complaint is that the pump is kind of loud. Only annoyance is that you need to have it connected to wifi w/ internet to set the temperature profile w/ the app, but it keeps working afterwards w/o internet.

We only had a book in my native language on Pascal. I had heard of C from a magazine that had a CD with a C compiler on it, and I walked into a library wanting to learn C but all they had was a dusty book on COBOL in Russian. Later I bought a book on x86 assembly, also in Russian, because that's all I could find, and it just felt like I'm living inside a leaky bucket whereas I was hungry for the firehose of knowledge.

When we got dial-up Internet, I did not sleep for days. The floodgates were open. I had access to tons of information online, in original English, from primary sources. People I've only had heard about, like Torvalds, would just share information directly on the Internet, like it's another Tuesday. To me it felt like I went to Disneyland and I was meeting all my heroes. You can just... learn about any topic and see the people who invented those topics. You could even send them messages.

25 years later, I still feel like that kid sometimes. I'm thankful for HN. Alan Kay replied to me once, and it made my year! Alan M-Fing Kay. I met rms once in the flesh and could not believe my eyes. I regularly see messages from Walter Bright on HN like he's a real human being and I have to remind myself that yes, he's alive, real and I exist in the same world as him and can actually interact.

I and kids around the world these days are lucky to not be stuck in a world where you cannot learn more than they let you.

I really hope we'll find a way to give the Internet back at least a part of this magic. It makes me sad to see that young people today only know the net as the nightmarish distortion of what it was once promised to be.

A rare exception to the usual.

I am unfamiliar with Kerbango.

But I wouldn't recommend anyone buy it now because of the subscription.

It is good to know that there is an option to continue using it if the company decided to no longer grandfather in people who bought before the subscription crap started.

Well, each bed contains a full Linux-based computer. If my estimations above are correct, all of Eight Sleep engineering can take full control of that computer any time they want.

I think that was already a given once you agree to silent automatic updates.

Someone told me they returned their 8 sleep because of the constant fan noise of the computer running the thing. He told me it was like having a server in your bedroom.

I am also not keen at all needing to have my phone in my bedroom either. At the end of his life my father had some health challenges and it wasn't uncommon for a nurse to call me in the middle of the night. It was all the other calls, people tweeting or slacking at me that made it really challenging to get any sleep.

Still looking for something where I can collect sleep data if any entrepreneurs can solve these problems.

I'll do you one better on "collecting sleep data". I've been in the neurotech/sleeptech space for the last 5 years developing https://affectablesleep.com

After getting an Oura ring years ago, and it telling me "you didn't get enough sleep[deep, REM]" I was left thinking "so what?? don't tell me I didn't do it, help me to do it!"

From what I've seen in the market, possibly with the exception of 8Sleep or CPAP (for those who need it), is that everyone is focused on counting minutes, and adding a few minutes to sleep. Particularly "fall asleep faster" where they promote "fall asleep x% faster" where x% in minutes is like 7 or 8 minutes.

What is really valuable in sleep, and particularly deep sleep, is not really the time, it's the restorative brain functions, and at the moment, we are focused on one metric slow-wave delta power. It's not how many minutes you sleep, it's how much sleep is in each minute.

Of course, there is sleep data along with that, but if your sleep is optimized in the time you get, do you really care about the daily data?

I think there is some value in collecting the data so when someone figures it out you can get the answers. But it is hard to know what data to collect because what the Oura ring provides could end up being of little value.

Good luck on your project, I will be following you.

    - They can know when you sleep
    - They can detect when there are 2 people sleeping in the bed instead of 1
    - They can know when it’s night, and no people are in the bed

    [...]that bypasses all forms of formal code review process.

It's not a bad article, but it does seem to make a lot of assumptions, and you already agreed to let arbitrary code run on your network when you added an IoT device to it.

I think what is often missed in "company gathers data it doesn't need" scenarios is not that someone inside Eight Sleep abuses the data, or the company itself does it, but them gathering this data for years and then losing it to some 14yo hacker who promptly posts it and suddenly all your data is public.

The inside job may sound a little far fetched, but the latter is only a matter of time.

Once it happens multiple times with different services, everyone gets access to everything about you.

I see at least one aquarium chiller on amazon that uses a compressor, but then you have to wonder if it's quiet enough to sleep next to.

- A human produces about 40 watts of heat while sleeping.

- Thermoelectric coolers have a coefficient of performance (CoP) between 0.3-0.6. So for every watt consumed, they can move 0.3-0.6 watts of heat.

- The wattage consumed and moved all needs to be dissipated.

This random chiller [0] on amazon consumes 100 watts, so perhaps this could move 60 watts max. CoP drops as the temperature difference increases. And it's unclear if the unit can dissipate 160 watts steady state.

But it could plausibly keep you from heating up on a warm night. It doesn't seem like there's much margin for actually cooling you down tho. If someone wanted to experiment with this, I'd definitely read that post.

[0] https://www.amazon.com/MOQNISE-Aquarium-Circulation-Function...

However now I want to try this aquarium chiller...

Not scams in the sense of swindling money, but that they are appendages of a private or government intelligence network.

If you genuinely care about your customers, can't you simply feel guilty of doxing such sensitive data about them?

Some evil entities what to know when you sleep, wake up or if there is someone else in the bed.

I am not against technology, this can be done responsibly via offline support, self hosting options, E2E Encryption, Homomorphic computing, differential privacy etc.

But I guess implementing those would interfere with the scam i.e the main objective, which is spying on you.

(Not talking about DOGE btw).

I no longer can trust that someone is looking at my TV data, Oven data, thermostat data, etc and tweeting about it.

And for those who prefer a warm bed, isn't it simpler and cheaper to warm the room?

I have to say it made my sleep significantly worse - I was shocked at how bad the temperature setting was - shifting 1 degree warmer or colder was often too much. I also noticed quite a bit of manipulation of reviews & comments on Reddit / subtle sponsorship on YouTube. (=> fake comments, upvoting/downvoting, and unofficial sponsorship).

Maybe it really does improve some people's sleep, but just the noise itself from the Pod meant I needed earplugs to not be disturbed by it. My suggestion is to avoid buying at all costs...

Anyways, feels good to be vindicated.

1. Kenises should be Kinesis

2. The URL template contains {anynumber}, the text refers to anynumbers (plural)

And this is why I have any device that needs connectivity to the Internet to function in its own vlan with very specific and oppressive rules about what can talk with what. If you don't have a fancy router, use your guest network for these things.

I hate this future.

Alas, our hope to recover whatever social benefit was in SpaceX and Tesla is with Bezos's companies, although at least the EV space is more diverse. SpaceX cannot be wrested from Musk and TSLA and its board is preferred-stock controlled by Musk.

Wait until Eight Sleep "upgrades" the connectors to be "incompatible" with Aquarium chillers.

Yeah, no thanks. I try to make my bedroom as technology free as possible. Apart from a digital alarm clock; at night I put my phone on aeroplane mode and place it outside my closed bedroom door.

It's the best I can do with today's bullshit tech. I've never had a problem with not having a cold bed, so maybe it's the next best thing after the bidet.

I take what you mean is that there will be a refrigeration loop involved, and in that, a refrigerant. Just like all substances, refrigerants can be toxic, sure, but that alone is not what makes a toxin [0]. It's also not a binary thing, and between air conditioning and refrigerators, an appliance like this I don't see why would stand out.

I further haven't got a clue what microplastics having been found to pass the blood brain barrier have to do with this, or how you're able to determine whether that applies to me or not, specifically.

[0] https://en.m.wikipedia.org/wiki/Toxin

Now if a competitor crops up that has better privacy and a better CEO, I'll swap in a heartbeat.

Note: I don't pay for the subscription, just the mattress topper

Mattresses wear out, and people end up keeping them too long. Somewhere like walmart.com sells great mattresses for inexpensive prices. They are not related at all to what they sell in stores. Because they are inexpensive, as soon as they start to wear out, buy a new one.

1. He didn't even bother to check and see if the bed is running an SSH server - ten seconds with nmap could have told him this!

2. Essentially every one of these beds would be behind a NAT and thus the SSH server which he didn't even bother to look for would not be accessible to the internet or to the nefarious engineers he imagines have access to the key - he ignores this fact.

3. The fact that the firmware includes the URL of a specific external endpoint, suggests that the bed connects _to_ that endpoint, not that this is somehow used to screen incoming requests by reverse DNS lookup or anything like that. The architecture he is supposing exists (all remote access requests must come from a host whose reverse DNS resolves to this host?) makes no sense.

4. The fact that the public key exists on the filesystem means nothing if no SSH server is running, or accessible. It might be used, for instance, as part of the manufacturing test process or a maintenance procedure, and then disabled. The SSH public key on the filesystem isn't necessarily related to the JSON config file for their own application which he found!

5. SSH keys don't have "email addresses" associated with them, they have a plaintext field which is used merely for identification purposes, and this is commonly used for the _user account_ that created the key. But it's not an email address and even if it were, it doesn't mean that that email address, much less every engineer at the company, somehow has access to the key!

The sloppiness and level of jumping to conclusions here, for a supposed security company, is ridiculous.

I'm not sure what kind of evidence or reason you're looking for, I think their assumption is pretty sensible.

> This isn't how SSH works

Maybe I'm just naive, but the wording of it to me seems nontechnical enough that I think the author is skipping over things on purpose. For example, how exactly that "far way" host he thinks is involved.

I'd personally imagine it's a reverse shell type deal going on, although why SSH needed to be involved in that I'm not sure. Could be just a hacky implementation. But it's really not that far removed from sensibility, vendors popping reverse shells without authorization really wouldn't be new.

> It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup.

Didn't even notice that. Can't imagine too many other people did either. So maybe not so clearly?

That said, some actual investigation of that supposed binary would have been a strong support for this whole thing, and indeed an evidence for this theory, so I will give you that.

Are you denying there is a config file pointing to a target called remote-connectivity-api.8slp.net?

No there's not enough evidence to prove in a court of law who has access to the private key, or that the config file is enabling a return ssh connection, but it's pretty damning.

The only thing that's not newsworthy about this is that large amounts of IOT shit does this.

Under the path ".ssh.endpoint", too. It's not like it's just a mystery hostname; it clearly has something to do with SSH.

> The only thing that's not newsworthy about this is that large amounts of IOT shit does this.

And - just to be clear - that doesn't mean it shouldn't be reported on! Talking about this stuff, and having concrete, specific examples, is good.

Do you not see a problem with this line of reasoning? That's literally what he says in the article, and he presents it as a near-certainty, not the wild leap of unsupported reasoning that it is.