I just connected my garage door opener to Home Assistant by taking apart the remote and wiring the button to a Zigbee relay. They can't stop me, no part of this is connected to their cloud. In any case, smart home stuff should never rely on the cloud.
Funny you should mention that. I stayed at an AirBnB a while back that I selected precisely because the listing mentioned that a garage was available. It turned out that yes, you could use the garage, but the remote was not provided by the host. So I had to disengage the door and lift it manually, then close it behind me when I left every morning.
"Fuck that," I said to myself, as any self-respecting hacker would. "I'll just hook a $20 remote key fob switch from Home Depot up to the button on the garage wall."
That's when I found that they actually DRM'ed the button. The usual pair of wires was there, but I couldn't open the door by simply shorting them together. There were several ICs on a PC board inside the button housing doing Woz knows what. So, back to lifting the door manually.
This is only going to get worse. It will get worse because we let them go this far.
This is only going to get worse.
Manual operation seems perfectly understandable in this context. Odds of some AirBnB driving off accidentally with the remote approach 100%.
Honestly, a bigger worry imo is cars that have something like homelink. You can copy a garage door opener, and basically give yourself a garage door opener access whenever you want. I did this accidentally to an old rental house I lived in. When I moved out later I drove by one time and … turns out the homelink still worked. For a criminal, it’d be a very easy way to get back in without any trace.
Yeah but in reality former tenants are statistically unlikely to be criminals -- you probably ran a background check on them prior to them moving in, didn't you? Former tenants could have copied front door keys after all, and probably did for noble reasons like SOs, etc.
The garage door remote I modified with the Zigbee relay is a remote I purchased and paired with my rental unit's garage door opener, and then took apart for modification. I don't own the property or the garage door opener, I just looked up which model of remote it used, bought one, and paired it. I also have the landlord-provided remote as a backup.
I don't think HomeLink is particularly dangerous in this regard; anyone can purchase additional remotes and pair them, they don't need a car with HomeLink.
If you're really worried as a landlord, reset your garage door openers for every new tenant re-pair the remotes they presumably returned to you, and re-key your front door locks while you're at it. Microscopic cost compared to what the tenant probably paid you.
We’re talking about Airbnb here. I don’t know of any vetting you really do for an Airbnb. And, unlike a key, you can copy a garage door to homelink without do almost any work.
Add to that the fact that garages tend to be less covered from a camera perspective (usually there’s a doorbell camera at the door) and it’s a bit of a blind spot for homeowners I’d think.
AirBnB vets users the same way hotels do. When signing up as a tenant, you have to send them a copy of your state ID with photo and provide a third-party payment method. It seems to work well enough for the most part, a few isolated horror stories aside.
Just wait until you see how easy it is to copy keys - and how basically zero landlords ever change them between tenants.
Not a concern for AirBnB hosts and the like, because once they let the bad guy into their house, it's game over anyway.
However, one thing that is interesting is when you get a loaner car from the dealership, and not only is there a valid Homelink recording, but the nav system still shows the start and end points for the last trip(s) the previous person took. Bonus if their phone's contact list is still there.
Always use the vehicle handover function whenever turning in a rental or loaner car, folks.
If that really happens you can factory reset a garage door opener which will unpair all existing remotes.
Re-keying the front door is arguably a bigger pain in the ass, and many Airbnbs just lend you the front door keys.
Right but then you have to buy a new remote, lather rinse repeat.
I can see why an AirBnB host wouldn't bother after 1st or 2nd time, is all I'm saying.
Agree the front door key is a bigger pain, but less likely to accidentally happen.
I mean, I would have a slight preference to have a functioning remote but it's not going to ruin a stay. In the same way that if I went to a place that didn't have an automatic opener at all I wouldn't find it odd.
That's when I found that they actually DRM'ed the button. The usual pair of wires was there, but I couldn't open the door by simply shorting them together.
Oof. That's awful, but put a servo above the button that physically hits the button. Analog loopholes are immune to DRM.
As the DRM arms race continue, in the next model the button will be a fingerprint reader. To make sure you're not cheating, you can only use the reader in the precise moment an ad you have to watch will tell you so. Of course, even then you will have to watch the ad till completion before the button really does anything.
Haha, silicone case of my finger on the end of the button! taps forehead
The arms race continues I guess.
You asked for it. what about a captcha challenge to open your garage? Who is laughing now?
I got rid of my Nest camera for this reason. Gave me a Captcha. To view my own damn camera. Who are they gatekeeping? I'll use robots if I want, it's my apartment and my camera.
OpenAI.
It hurts me deep in my soul that I can actually see such a kafkaesque monstruosity become reality.
Oh, and before you think you are smart and could just replace the fingerprint reader with an Arduino - everything will be using cryptographic hardware attestation, oh so nicely pioneered by Apple so many years before, to make sure all hardware components are authorized to work together.
I don’t really think it’s DRM. I think it’s because a lot of garage door buttons have a few functionalities, like controlling the lights as well as the door, but it works over two wires. So it probably necessitates some more complicated logic.
This one didn't. It was literally just a featureless button, engineered with intelligence it couldn't possibly need except as a means of locking out third-party hardware.
Even the "dumb" buttons are on a common serial bus with Security+.
I agree that it is annoying in a "It's just a momentary switch! How hard can it be!" sort of way, but it be that way anyhow.
It's Security+ or Security+ 2.0, it is literally obfuscated serial traffic over two wires. It is DRM. You can't just get any random button to open/close the garage.
Probably I2C interface. If shorting it wouldn’t work this would be my second guess.
"Doing Woz knows what" is both an awesome phrase and probably factually correct.
Thats cool, how do you monitor status of the door? Open/Closed/Jammed/Overloaded?
Currently I just have a wifi security camera in the garage, but at some point when I'm feeling less lazy I'll install some sort of Zigbee door sensor.
There is also https://opengarage.io/
For anyone who wants an out of the box, and open source, solution.
I'm not here to defend Chamberlain, mostly because I'm a pissed off user, but you are able to control your door still with RF products and buttons. Use of their API is separate, and they are able to authorize or not users to their API, which then also talks to your garage door. A lame nuance. We never own the API, we (sorta) own the product.
…you are able to control your door still with RF products and buttons.
This isn’t relevant since that’s not why I bought a Chamberlain product. I bought it specifically for the capability that they arbitrarily killed.
I filed an FTC complaint, you should too. I don't need the resources to fight Chamberlain on this, I'm going to let the federal government do it.
Great advice, thank you!
You should probably read that EULA that none of us read. We don't own their service. Never have. Downvotes don't make it less true.
I didn’t just fall off a turnip truck, but thank you! Yes, I understand that they’re legally protected, and I’m out hundreds of dollars for a replacement and its installation.
Could small claims them too maybe?
I'm glad they pulled this now, was just looking to upgrade our two openers for something connected to my HA.
yep. the RatGDO project will handily MITM their wired signal and completely circumvent this nonsense with no cloud needed at all.
Opengarage is a similar option that comes out of the box ready to go. Also FOSS.
Thanks for this, glanced at the site and I like that it's got a motion sensor built into the unit which is convenient. But I wasn't able to tell from an admittedly cursory glance if the opengarage can decrypt the Security+ 2.0 signal that's on the wire in MyQ devices, or if it's just a dry contact switch replacement which will not work for such devices.
I bought an OpenGarage for my brother maybe 5 years ago (“Black Friday” sale every year). He gave it back to me when he got a new opener. I updated the firmware , installed it on an old opener at our dad’s house and it works great. You might need the “Security 2.0” accessory, or they have instructions for soldering wires into an existing button:
https://openthings.freshdesk.com/support/solutions/articles/...
It will do Security+ 2.0 with an add-on module (or that was the case several years ago when I got mine).
The device has been fantastic, I got mine about 4 years ago and I just never think about it, it's never failed to work (even after power outages).
Mine isn't a motion sensor, it's a distance measuring device, it's how it can tell if a car is in the bay or the garage door itself is open (you set the distances in the device)
Didn't they try to "solve" this with Security+ 2.0? I'm pretty sure given their current actions that if they could limit RF access from third party openers, they would.
The company I work for has a policy.. [lists some sound policies]
Just a blind guess but is your company free of control by shareholders, venture capitalists and private equity?
is your company free of control by shareholders
A company is by definition controlled by its shareholders.
A company is by definition...
company: noun kʌm.pə.ni
an organization that sells goods or services in order to make money:
- OED
The definition that matters is not the OED, but the laws that govern companies.
There’s no real law to maximize profits. Just greed and a court precedent, which has way more nuance than people realize.
No body of legislation ever said that companies needed to maximize profits.
There’s no real law to maximize profits. Just greed and a court precedent,
I thought that in Common Law countries, court precedents are "real law".
https://en.wikipedia.org/wiki/Common_law
In law, common law (also known as judicial precedent, judge-made law, or case law) is the body of law created by judges and similar quasi-judicial tribunals by virtue of being stated in written opinions.
(emphasis mine)
Y'all are arguing about a specific class of corporation while using the word "company". A company could be one guy with an LLC, and that one guy is obligated by no law or person to earn a profit as long as he can sustain the costs of the business. A great example of a company that appears to be operating at a loss for a very long time because of the beliefs of the founder/owner is Canonical.
If he cannot sustain the costs of the business then I guess you can argue that there's a law of nature in play saying that the proprietor has to earn some amount of profit just to exist, but if you're shaking your fist at Nature demanding that we produce the value that we intend to consume, well, good luck. You may as well be upset about the existence of gravity, or that food must be grown or hunted in order to be eaten.
B-corp's are companies that don't just exist to serve shareholders.
You had a valid point that most companies are structured in that way, but not all.
No law requires companies to have shareholders, unless they're corporations. And even then, a corporation can have a single shareholder.
Pedantic: A corporation is controlled by its shareholders. Other forms of ownership can be sole proprietorships, partnerships, professional associations, etc.
I wouldn't call a sole proprietorships a company. Professional associations are still controlled by their shareholders. You can substitute "partners" for partnerships and "members" for LLCs since they're essentially all the same thing.
Pedantic: a corporation is controlled by its Board of Directors. Shareholders ostensibly elect the directors but they do not control them.
In their “list some sound policies”, they did not mention gather as much data about the user, store that data, analyze that data for earning money from ad sales. If those policies were not left out for convenience and it truly does not happen, then I’d venture the answer to your question is no.
They are authorized if they are trying to control their own garage door.
Chamberlain doesn't get to authorize people to open your door, but they do get to decide who uses their API. While I think it's a very poor decision, they certainly can decide that any use of their API they don't like is unauthorized. That said, I would love to see legislation that ends this kind of vendor lock-in.
It's true, under our current legal framework, the free market is supposed to allow customers to choose to buy more user-friendly alternatives sold by competitors if they aren't happy that one offering is DRMed to hell and back. In practice, how well does that work?
It doesn't in the USA, because antitrust laws are seldom enforced.
Hence "inflation" and shit like this.
Antitrust law doesn't help when "fucking over the customer" is a local minimum for the whole market. Everyone will independently arrive at the "solution", and outcompete those who won't.
And unfortunately, that is the local minima for most markets.
Antitrust is also difficult to enforce. I would rather see laws that require manufactures to provide a reasonable amount of local control for devices. Aside from avoiding situations like this, it also avoids bricking devices when services are shut down. It also seems perhaps easier to enforce although defining what constitutes a reasonable level of local control could prove difficult.
Often not well of course. I don't think it's reasonable to force manufacturers to allow certain third parties access to their servers. However, I would love to see legislation that requires smart home products to have some reasonable level of local access independent of any servers operated by the manufacturer. This is even better since then you don't get bricked if they decide to shut down the service later.
Ah, now it makes sense. Your garage door opener app isn't here only to open your garage door; it's here to display ads and upsell you on services.
"I clicked door open/close event and it popped up the video storage subscription dialog to ask me to subscribe,"
I mean... who, while waiting to get into or out of garage, sitting in the car or soon to be sitting in the car clicks on ads to buy something? Wouldn't conversion rates be ridiculous?
Not that everything else is wrong there with current approaches to IoT: Blocking 3rd party apps, needing 3rd party cloud server somewhere to open garage door, putting ads on top of actual button, needing special app to operate, be dependent on internet. Cannot comment on security for this particular product, but that is a topic on its own.
Slightly less irritating than garage door, but:
I’ve been going to my baseball team’s website recently to buy stuff because they won, and a 5 second video ad pops up every time you go…
I’m here, I want to spend money, and you want to show me ads?
The correct question is why you are on HN and yet don't use an ad blocker.
Yes and no. OP is pointing to the forest, while your reply is focused on his tree
This one pierced the protection of my adblocker.
For what it is worth the video doesn’t load, but the 5 second pop up does load.
I don't use an AdBlocker. Sites need income somehow. I ignore them anyway, but they show.
However, if you run pop-over-everything ads, auto-play videos with audio, resizing ads, run CPU heavy BS, attempt redirects, or other garbage ads, I simply stop visiting your site.
Don't abuse your ads. Don't use an ad provider that supports malicious behaviours. Too many sites abuse their users, I agree, but you're encouraging them by still giving them traffic.
Similar story: I toured Wrigley Field with my dad last week. We're on the MLB team's site, we want to give you money...nope, first you gotta install the MLB app.
Classic case of marketing being separate from operations and having latitude to do whatever the fuck they want. Company suffers but marketing makes their goals.
>who, while waiting to get into or out of garage, sitting in the car or soon to be sitting in the car clicks on ads to buy something? Wouldn't conversion rates be ridiculous?
This reddit thread says it uses a UI dark pattern of moving the "open/close button" from a familiar screen position formed by habitual use such that you accidentally click on an ad for a $3000 pet door:
https://old.reddit.com/r/myq/comments/xoxrlv/shady_af_advert...
It almost reads as parody: right in my Q zone. It's the Darmine Doggy Door!
We're this close to living the original Robocop timeline. Even they didn't expect Trump to actually be president though.
The add-free version will be soon be available for 9.99€ per Month.
In a year you need to subscribe to the 14.99€/month tier to remove all ads, the 9.99€ tier will show you "a low number of highly relevant ads to provide you with information on how to more optimally use our^Wyour device and support our continued development of these industry leading services".
On a less snarky note, I hate how this has become so common that for some reason this is not "sue the company into non-existence" behavior, but we just sigh and either add the company to our shit list or pay the price because we are now locked in.
More like in a year you'll need to subscribe to the 14.99€/month tier to get it to work at all.
The stupidest ad units are the most expensive for some reason
I think it’s not so much about getting a conversion right there and there, but slowly chiseling away at someone’s willpower so that eventually they do buy the thing…whether it’s from their couch or somewhere else.
Also, if you’re about to go into your house, the ad in the car may be priming you for buying something.
Reminds me of news articles about some local crime, new COVID strain, accident, or other emergency and it pops up asking me to subscribe to read further before I have even had a chance to read 3 sentences.
No thanks, I'm looking for information for my own safety ASAP, not your "quality journalism".
The brazenness of Chamberlain here is incredible given how problematic a garage door that opens by itself could prove to be, and they could have chosen to go on about that, but instead they just go for the full crazy angle.
Ultimately this whole using-a-product-means-using-the-user-experience-dictated-by-the-product-seller, be it SaaS, mobile app or hardware is a total dead end. The part Richard Stallman missed when arguing with his printer was you have to allow honest people to make money working in such an ecosystem, or you end up with no UX at all.
I wish this door opener from Ryobi had caught on. Thought it was a great idea.
https://www.homeconstructionimprovement.com/ryobi-launches-l...
I have one of those and trust me, you do not want it.
I was excited about it when we bought the house, but:
1. The remote control range is terrible. Both of our remotes regularly fail to operate the door from less than a car length in to the driveway, through a normal garage door in a normal wood framed home, even with fresh batteries.
2. EVERY control accessory is proprietary, even the wall button. Our house came with the button missing and it can't be replaced with just a normal button. The entire line is out of production as well so the only options for replacement are expensive NOS. Likewise for the keypad and remotes, there are no third party replacements that are compatible and the first party stuff is out of production.
3. The app doesn't work, it won't even detect the opener. Because even the button is proprietary I can't even install an aftermarket controller.
The Ryobi opener has some great ideas like the accessory ports and the support for a battery backup using a battery many of us already have, but they went out of their way to make it worse than any other opener on the market in multiple ways and then abandoned their users. I'm going to be replacing mine with a simple dumb Genie or similar with a DIY controller hooked to the wall button port as soon as we get some garage work completed.
In my personal experience with Ryobi products, I would have been equally served buying from Harbor Freight. At least the prices would have been cheaper for an item that is expected to be a crap shoot on it working. Ryobi batteries have been known to be badly manufactured so a newly purchased battery will not charge. If you take the time to research it and call (no webform for this), they will ask for serial numbers and send you a replacement to be delivered. If there’s a known batch with defects, recall the damn products.
For what it's worth my experience has been the opposite. I bought one of their multiple tool bags back in the mid-00s and I'm still using all the original tools as well as a few more I've purchased since. The original NiMH batteries are all toast, but the tools run better on the new lithium batteries than they ever did on the NiMHs. I have about 8 years on my first set of lithium batteries and those are still going strong too.
When I bought my house I was planning to get in to Ryobi's yard tool ecosystem since my experience with their 18v tools had been so good, but the garage door opener experience was enough to give me a push to eGo.
Yikes. Well, I feel better now. Guess that's why they discontinued it.
Yikes. Well, I feel better now. Guess that's why they discontinued it.
My understanding is that the discontinuation was actually over patent issues or something in that general area.
That is pretty cool. I would buy the ceiling cord and maybe the speaker. No more tripping hazards.
I don't think Richard Stallman missed that point at all.
The dude started the whole FSF movement because he wanted better printer drivers. As you may notice, forty years have passed and the printer drivers are still shitty, and still proprietary. So while his opinions about the goals may be interesting, his opinions on the means can be safely disregarded IMO.
Printer drivers or firmware? Because the drivers are generally whatever CUPS works with, and are perfectly fine.
That "opens by itself" angle is their excuse for not allowing good Alexa or IFTT integration.
The home assistant blog post goes into this issue as well https://www.home-assistant.io/blog/2023/11/06/removal-of-myq...
If anything it highlights the point that having a cloud service to handle your smart home device is a recipe for shenanigans like this.
Stick with ZigBee/Matter devices, and if the device is WiFi try and at least make sure it works over the local network.
Buying smart home devices with cloud integration also just means that at some point, the manufacturer will declare it obsolete and will rip out support to force you to re-buy every 5-7y.
Or force you to make an account and opt-in to their metrics instead of using your devices locally-only after years. Looking at you, Phillips Hue.
Assume you can just connect them to another hub?
Doesn't excuse philips but that was at least the only reason I'd consider using them.
I'm told they do in fact work with other hubs. I've yet to try it, but I'll mourn the loss of my scheduling and scenes in the Hue app when I do.
Luckily, I just have to live with the nagging box about creating an account, but it continues to work without doing so. I just lose that screen real estate.
For now. The box informs us that the change is coming, not that it has come.
Or delete your entire smarthome config during "routine database maintenance" and provide you no recourse other than to wait 6 months for their overwhelmed support to grant you the access key to set your system back up from scratch. Also known as a typical Thursday for Samsung.
Or shorter intervals if you're Sonos.
There's a workaround for now, but somewhere in a lab engineers are designing a motor with encrypted inputs or a clutch that slams the door unless its signal came from the manufacturer.
This. Any device like this that requires the involvement of someone else's servers is not fit for purpose.
Knowing someone involved with the Chamberlain technology stack, it sounds like certain users had reverse engineered the API and suddenly caused a DDOS on the Chamberlain cloud with their requests.
This is a cloud service with real costs. Chamberlain has a responsibility to maintain access for its users.
I can’t speak for Chamberlain, but this reaction seems reasonable.
I know this isn't a correct answer to the overall problem, but holy shit, just how much cloud resources could you possibly need to support a garage door opener? This feels like a "top end of the free tier of some PaaS" kind of usage. 0.2% of their userbase doing a cloud poll every 30 seconds or so is not a DDoS, it's a small caching issue.
I guess when you’re probably talking about millions of customers, it depends on what services they offer.
Although when the API is exposed to unfiltered external requests, I think the answer is no amount of cloud services is enough.
The usual answer to a DDoS from some users is to add rate limiting, not “remove the service”
Another reasonable response would be rate limiting user requests per token or user to stop individuals from spamming.
Sure, it's reasonable to stop unauthorized apps from DDOSing your service.
But is it reasonable to need to make a request to their cloud service to open a door right in front of you?
Sounds like they could implement local network IoT and reduce their server costs to $0 - but then they wouldn't be able to get a continuing revenue stream.
... Do not buy products or services from companies that treat their customers this way. ...
True. But when you have good-enough alternatives, simply do not buy any "smart home", IoT, or connected devices at all. Unless [complex open-source conditions here], buying from NiceCorp does nothing to stop them from being taken over by NastyCorp, with the obvious malicious intent.
This is a strange point to make.
- People complaining that their IoT device doesn't integrate with Home Assistant anymore...
- Solution (?): Stop buying IoT devices so that nothing integrates with Home Assistant.
That's kind of the exact opposite of people's goals in this situation.
That's kind of the exact opposite of people's goals in this situation.
It depends on whether their goal is averaged convenience in the long term. In my opinion, having to deal with this crap always ends up offsetting not having to manually hit a switch.
The goal for people using HomeKit is complete control over all things in their house (cameras, lights, locks, etc.).
So yeah, they took something that worked fine and intentionally broke it.
IIR - the article describes Chamberlain's goal as "force all users to scroll past a bunch of ads in our Garage Door Opener app, in order to get to the OPEN/CLOSE button".
To me, that sounds like a worse case than "Just use a dedicated 1990's-tech garage door opener, that I keep in my car". If Chamberlain's cloudy infrastructure was off-line (internet outage, went bankrupt, or the just lost interest), would there be any way to remotely open the garage door?
The MyQ garage doors have both an app and a regular opener.
Smart home / IoT does not necessarily imply “requires cloud service to run”. Most people impacted by this were running HomeAssistant which necessarily means they have a self-managed home server to control their devices. The migration path for affected users is to double down on the local control route.
If you are trying to say “do not buy smarthome products which depend on a cloud connection” then that’s a position I agree with strongly.
They never technically allowed it in the first place.
Homebridge and Home Assistant used a popular Python library that reverse-engineered the MyQ API from the Android app. Many companies couldn't care less until abuse ramps up, but given that Chamberlain (Blackstone-owned) has gone into rent-seeking mode all of a sudden, they decided to turn the Cloudflare Super Bot Fight stuff way the hell up on their OIDC token exchange endpoint (you can still request auth codes).
I decided to abandon trying to get MyQ to work with Home Assistant (it would have required hours of trying to figure out what combination of headers would have passed the CF checkpoint) and ended up getting a Meross Smart Opener. It was shockingly easy to install (plug the relay device into the same pinouts that your wall door opener uses) and works even better than MyQ (in that you won't get a weird "close error" that prevents you from operating your door that not even MyQ customer service will clear)
They never technically allowed it in the first place.
You own the device, they can fuck off with "allowed".
You don't own their API, and it is not required for the device to operate. Just because we pay cable operators (or streaming services) doesn't mean we have rights to all the channels. The system isn't in our favor.
The way I understand it, is you (for some inexplicable reason, probably being overwhelmed by marketing lies) bought a device that doesn’t do much, but that the company gives you an option to use sometimes in some way, maybe.
Yep, I kicked MyQ out of the house for Meross.
Added benefit, is that Meross opener is just a dry on switch. It doesn't have to be for a garage door, but for any momentary push button.
RatGDO will handily MITM their wired signal and completely circumvent this nonsense with no cloud needed at all.
Everything exposed as entities in home assistant, everything just works, and myQ/chamberlain/genie have absolutely no idea that you are doing anything because you're not even touching their API. Just drop the cloud bs altogether.
This is the unfortunate future of all "smart" devices, but this is still truly a scumbag move on their part, particularly since they're only doing the pump and dump on Android phones. It's like selling crack in poor neighborhoods.
Now I know never to buy Chamberlain products in my home, and recommend anyone I know doesn't either.
Thats the problem. There are really only two garage door companies in America and they are both terrible from a tech perspective.
It sounds like a prime industry for disruption. Anyone want to start a garage door company?
If I had the capital I would explore it. At least for targeting the replacement market...not sure if you could convince homebuilders to use your product, but maybe it would be not impossible.
I know there are a lot more steps to it but my mind was telling me that the motor mechanism is a solved problem. Could perhaps even buy the barebones parts to assemble locally. The magic or at least what is the most interesting for me is providing the integration module that allows it to 1) connect to the internet or 2) connect to other local devices that can control it. Would possibly require a subscription from the internet route but not even close to the silly $45 a year Chamberlain charges.
Surely there must be a reasonable solution in the commercial space without the absolute shit that gets foisted on iot consumer gear.
That seems to be the problem across most industries in the U.S.
Seems expected after the courts stopped enforcing the Sherman Antitrust Act and started allowing vertical restraints.
The Ars comments recommend Ratgo and Messo. Ratgo for a WiFi board that connects directly to the garage doors electrical and Messo is another cheap HomeKit option from Amazon.
Have those comments talked about their compatibility with home assistant? I'm done with Chamberlin and their dumb app. I want a one-stop app to control all of my IoT devices, and I don't want it locked into an ecosystem.
Not sure. I’m about done with Apple Home and once I have a free weekend I’ll convert everything to Home Assistant.
Tired of Apple Home automation misses with no logs. My wife’s phone won’t connect to our Home and the only solution is to rebuild your Apple Home from scratch.
I see ratgdo mentioned a lot in home-assistant-related places. I’m not sure about the other.
I don’t have mqtt setup on my home assistant (yet?), which the primary ratgdo firmware relies on, but there’s also an esphome-based firmware that should work for me.
edit: one of those mentions is https://www.home-assistant.io/blog/2023/11/06/removal-of-myq...
Ratgo supports ESPHome so it supports Home Assistant!
Haven't fully wrapped my head around Matter yet, but does that standard solve the problem? It's my understanding that there's no need for specific apps when anything can connect to a Matter device. Or can manufacturers still pull a fast one like this and kill Matter compatibility with an OTA firmware update? Not sure why they'd want to, but I wouldn't put it past them.
If you intentionally remove functionality, why would any functionality be safe from that?
Sorry, my question is if Matter is baked in or can be stripped. Not sure if they can remotely kill the Thread radio or not.
Yes they could push a firmware update and do whatever they want. Matter is also available over WiFi. Leviton is pushing new firmware to enable Matter on existing devices.
Of course, a power user could block their Matter network from accessing the Internet or update server.
It depends. If it's using Matter-over-WiFi, yes, a firmware could change that. If it's using Matter-over-Thread (or ZigBee) it's still tied to that frequency so there's no point in changing or dropping support for the protocol except to intentionally brick the device (assuming it doesn't support another type of communication but for cost reasons most devices only support one comms frequency and that's hardwired).
Note that dropping Matter if the device has WiFi still means it needs to have some pre-existing redundancy or at least add something else instead. This also likely breaks integrations with any voice assistant in a way that would at the very least require reconfiguration, I think. It's certainly a lot less sneaky and a lot more self-destructive than just turning off a proprietary API.
An esp32, a mqtt node and iftt hooked up to google/Siri goes a long way
Unfortunately, mqtt autodiscovery seems fraught with bugs...
I just want some way for devices to publish/report their model numbers and what features they offer/support so everything can auto-configure itself rather than requiring me to manually set MQTT paths/filters/parsers for every device I get.
Specifically... The mqtt server should advertise itself on the local network via mdns. The devices should auto-discover the server. Therefore, no config required of the device beyond wifi username/password.
Then dashboards/controllers (who should also auto discover the server via the same method) should be able to send some message to some well-known topic on the server to find all connected devices.
I don't know the industry well but I always wondered why it was not ripe for a solid entrant to come in and easily scoop up at least some of the market.
I think there is only 2 companies now that control most of the American market. Chamberlain and Overhead Door Company (owned by a Japanese door company). I think I have mostly had Chamberlain brands and of course the door itself always works but the tech behind is has been lacking. I suspect ODC is similar. Lots of gimmicky systems like adding video cameras to the opener which requires yet another subscription along with controlling the door through the web along with a similar subscription. Last I looked the fee was something like $45/year which felt steep, would be happy to pay but the price felt out of line with what it does.
Along with poor tech decision I always felt that the product itself was not very interesting or innovative. Shoot, look what Ryobi did with the now discontinued opener, it had a battery backup, excellent lighting, extension cord, plugs. I don't remember the story on why it was discontinued but I believe it had something to do with supply chain and covid....I might be misremembering.
So yes, I am always a little stumped why someone does not jump in and just make a solid unit. Give me a non-buggy interface, let me pay for a reasonable subscription so I can maybe connect to my apple ecosystem. I never see any clones from China in America, they surely must exist but I never see them.
Chamberlain and Overhead Door Company (owned by a Japanese door company).
Sidenote but in Europe many architects pick Hörmann:
https://en.wikipedia.org/wiki/H%C3%B6rmann
I've got this both here (apartment in a building) and in another country at my vacation house. I've even got the same remote control in both (EU) countries.
They've got their own home automation system too but I'm not using it. I know there are people just opening the box containing the motor and screwing (no need to solder AIUI) some open home-automation thinggamagic into them.
They're compatible with cars having "homelink" too (buttons in your car which you can configure to act as this or that remote control).
it had a battery backup
Oh that is sweet for...
I remember the "fun" of having electricity down (black out in the entire rural area) and needing to hurry up to go pick my kid at school... I wasn't familiar with garage doors openers and black out meant no WiFi and no 4G (black out was obviously affecting 4G too: don't know why but everytime we had that black out, we'd have no 4G either). Anyway I ended up removing a safety wire on the garage door, to then remove a bolt, then used a rope and a pulley of sort to create leverage to be able to lift up the wide sectional door.
There probably was a simple way but I was in a hurry.
Fixing the mess was fun too: it involved watching YouTube vids and talking with my brother on the phone (he's familiar with these) to understand how to "clip" the motor again on the belt (or whatever that is called) and how to have the door close at the correct spot (at first there was a big gap!).
Anyway I ended up removing a safety wire on the garage door, to then remove a bolt, then used a rope and a pulley of sort to create leverage to be able to lift up the wide sectional door.
There's usually a rope hanging down you can pull on to disengage the chain lock, then the door will be loose to move.
http://www.thedoorco.net/wp-content/uploads/2019/12/Garage-D...
Being subjected to banner ads in the app you're forced to use to interact with your garage door is only a few steps away from "watch this 30 second video before we open your door, or subscribe to MyQ+ for $49/yr for an ad-free experience!"
I am not sure anyone is being forced to use an app, I imagine the door opens just fine with a clicker and with the button in the car. The problem is with the integration with other "smart" systems, I imagine.
Just looked at mine (I rarely use the app), it's now got an ad on top but the screen is otherwise as before. No need to scroll.
I use a very crude DIY setup for garage doors and yard gate: bought a spare keyfob on aliexpress, took it apart and connected it to wall power supply and ESP relay board running esphome. Works great and will work as long as my garage door and yard gate openers work.
The only drawback is that it's less secure, as it uses RF but I can't be bothered to dig a new cable to gate motor through already paved driveway.
That solution has multiple drawbacks, not least of all you lose access to the sensors (motion, door open/closed state, etc) but also it is difficult to install.
It would, if I had them in the first place (most of the systems I've seen locally don't- it's typically just a motor and keyfob here).
bought a MyQ - tossed it in the trash after 2 months. Even 2 years ago it was clearly designed as a tie in for Amazon Key, which i do not want.
Bought a Tailwind - it's glorious. No batteries, tons of integrations, the bluetooth+android to open/close automatically is crazy solid (doesn't work with ios sadly, but you can buy a fob).
Not only did Amazon ask for the integration, Amazon paid a bounty for the number of myq/key connected users.
How do they block access? I always wondered how these types of things get implemented.
They used CloudFlare's anti-bot features.
I just know the real reason for this will be some undisclosed security bug.
Since Chamberlain admits it is about money (i.e. their authorized 3rd party integrations pay them, and Home Assistant does not) do we really need to look further? Plus the official app is full of ads.
I have their myQ smart garage system, and they wanted something like $600 for a "lifetime subscription" to be able to open my garage door from my tesla.
What a joke.
Oh that's too harsh. Don't forget, you could subscribe to this valuable and expensive to run HTTP handler for an ongoing $45/year.
These decisions don't only sour me on Chamberlain, or smart garage door openers. They make me want to avoid home automation entirely. Yes I understand the open protocol options that are out there.
Are there industry groups representing home automation solutions that push back on these decisions?
But I suppose a company that controls 70% of the market is uninterested in what anyone thinks, including their own customers.
Use products on open protocols. Zigbee is the current standard. Anyhting using a zigbee radio, and to a lesser extent another protocol called zwave, can talk to any hub with a compatible radio. They are local, dedicated radio networks that do not have to talk to anyone else's servers.
There is a newer protocol called "matter" that a lot of big names have gotten behind. These devices are slowly rolling out, but id check for matter compatibility with any hub at this point.
As for the hubs, use open source that are not cloud based. The largest and most active project is called Home assistant. Its robust, has good options to build it yourself or buy devices, and it's dedicated to being forever FOSS. Another hub in the same "local, FOSS" ethos is called Hubitat. Their UI/hardware was easier than home assitant for a long time, but not really anymore. I still consider them more "turnkey" but both systems work great and support literally thousands of devices.
Used to work for the IoT platform that powered Chamberlain devices. Name was Arrayent. Exit seemed unsuccessful: sold to a competitor. Wouldn't be surprised if the Arrayent stack still powering Chamberlain IoT stuff. We actually respected Chamberlain a fair bit: wrote the check that started our biz and had a technically capable engineering team. They def do have a monopoly on the garage door market: maybe this a good differentiator for an upstart HW startup competitor?
P.S. the phrase "the S in IoT stands for security" was def true in our case
https://web.archive.org/web/20150205230218/http://arrayent.c...
This scenario has been the case for more than one brand.
A brand doesn't necessarily have cloud/IoT expertise, so they partner with someone else. Time passes, business crap happens, the partnership fails, and the brand itself is out in the cold along with its customers, not necessarily by any fault of its own.
And now we have the likes of Tuya quietly providing turn-key white-labeled IoT services to a vast ocean of gold rush products flooding Amazon.
Why the dependency on the cloud and the lack of support for HomeKit or Matter in these devices ... I can only speculate.
I'm planning to upgrade my old garage door openers in teh upcoming months, and this very nicely just pruned my decision tree — all the Chamberlain Group garage door opener options are off the list.
HN just made my life a bit easier and better — Thanks!
Their integration with Google was terrible and last I used it only worked with Assistant and not Home. They’re dropping HomeKit and Google Assistant support now as well. So most customers won’t get what they want and will look elsewhere.
If you just got locked out consider adding a button pusher (I have one, it’s fine but would probably prefer a more open one) or a ratgdo (have not used) https://paulwieland.github.io/ratgdo/
Anyone know of something like the ratgdo, but for motorized swing gates (like DoorKing)? I'd love to check the status as well as actuate open/close, but some of the "upgrade" quotes I've seen are $5k USD. It seems like I should be able to get this thing integrated with either WiFi or Z-wave...
Surprising how, today, some companies believe integration with your own product is a business model or even a lever
You want "Unauthorized Bread" [1]? Because this is how you get "Unauthorized Bread".
[1] https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-...
The meross garage door opener works perfectly, I highly recommend it. I have both the homekit and google version. I knew myq would pull this so I avoided those door openers.
Why does one company have so much market share in garage doors anyway? This should be a commodity. Just a bunch of motors attached to a door attached to a rpi.
As I understand, this is _after_ they explicitly removed support for homekit/android's equivalent?
I just don't get this behaviour
When your business model starts as advertisement, you may be okay. When it devolves to advertisement, you're on life support. When it devolves to forcing a funnel by breaking existing functionality, you're dead.
Chamberlain has always rubbed me the wrong way...
A friend of mine has a relation (uncle?) that was part of the litigation team that spent startling amounts of time trying to block third party accessories from being able to interoperate with Chamberlain openers, because of their proprietary "encryption" routine. But their encryption was startlingly simple, IIRC something like basically being one of 3 effective codes.
If you're going to do security, don't half ass it, and don't use shitty security to litigate.
One less company I need to consider for the new house we're building.
I agree that MyQ shouldn't have e to support an API with a bunch of ad-hoc users if they don't want to. I just don't understand why everything has to be an internet connected API for a cess. I wish companies would provide local access and the option to disable the connected functionality.
Are we approaching the Internet of Shit event horizon? Interest going up, the end of free money; all those MBAs are squeezing harder and harder on that sweet monetization orange. Soon, nothing but a fist full of dripping, sticky pulp will remain.
The Shit Squeeze.
Well, it looks like the MBAs e Marketing Folks are at it again.
For anyone who’s stuck having to use ad riddled app: use DNS based ad blocker on your smart<device>. It blocks ads in apps.
Chamberlain Group recently made the decision to prevent unauthorized usage of our myQ ecosystem through third-party apps. This decision was made so that we can continue to provide the best possible experience for our 10 million+ users, as well as our authorized partners who put their trust in us. We understand that this impacts a small percentage of users, but ultimately this will improve the performance and reliability of myQ, benefiting all of our users.
This is corporate doublespeak at its worst. If you switch every sentence there to the exact opposite of what he said, you'll get a far more accurate version of reality.
It seems like Chamberlain has been playing this "Cat and Mouse" with us garage door owners for years. The home assistant integration has been spotty for ages. Chamberlain will add some new measure to block it, and the integration folks update the library to work around it.
Personally, I moved to an ESPHome based controller and deleted their app years ago. That said... I'm definitely ordering a ratgdo, that seems like a way better option than what I've got now!
One of my clients is a large reseller of a different Chamberlain product. I don't normally work with the product lines. However, I might need to insert myself and see if it needs defending from manufacturer sabotage.
[dupe]
Earlier discussions: https://news.ycombinator.com/item?id=38186303
Short version: the garage door opener company put ads in their phone app and doesn't want them bypassed.
"unauthorized users". They are authorized if they are trying to control their own garage door.
The company I work for has a policy where we don't block third party clients, as long as they use a uniquely identifiable user agent and API key that we provide to them. That way we can easily monitor if they're calling endpoints excessively and make sure that our alarms don't go off when they did something wrong, but still offer power users flexibility. Power users are the users you can get good feedback from, and they spread the word more than a regular user would. If keeping them happy doesn't require active effort, it would be silly to start a cat-and-mouse game just to keep them busy and angry with you.