back to article The answer to Internet of Things madness? Open source, of course!

"Open is always going to win," states Ed Hemphill, CEO of WigWag, a company that hopes to make sense of the ever-expanding and ever-more-complex Internet of Things market. WigWag is named after the traditional flags used by the US military's Signal Corps to communicate messages. Hemphill and his cofounder Travis McCollum both …

  1. Captain DaFt

    The real answer

    "The answer to Internet of Things madness?"

    Two words: Just stop!

    If the safety pin was invented today, it'd have an 8 core ARM, a buggy OS, a battery life of less than 8 hours, and 102 forms of telemetry to "enhance user experience".

    Quit complicating simple things!

    1. Ole Juul
      Coat

      Re: The real answer

      If the safety pin was invented today, it'd have an 8 core ARM, a buggy OS, a battery life of less than 8 hours, and 102 forms of telemetry to "enhance user experience".

      Got it, thanks. I'm off to the patent office.

  2. Tac Eht Xilef

    "If you have a Belkin product, for example, you want to make sure it is only communicating with Belkin's cloud service."

    If I had a Belkin product, the absolute last thing I'd want it to do is communicate with Belkin's cloud service. It's likely to suddenly decide to forward all my local traffic for "quality and training purposes", or be told to reboot every 15 seconds to prevent problems "building up", or try to insist that I should be using only quality Belkin peripherals, or ...

    "Anything else and something unusual may be happening."

    Like what - it might start working quietly, unobtrusively, and to both expectations & specs?

    1. Christian Berger

      "If I had a Belkin product, the absolute last thing I'd want it to do is communicate with Belkin's cloud service."

      Of course, but that's your opinion. In the commercial IT world you are not the customer you are the product. It's always possible to extract more money from you being there if you are the product than if you just pay.

      "Belkin" (or any other company of course) believes they have the right to your data or the right to turn the light bulb into a subscription service. This cannot work without a connection to their cloud services. They believe that whatever data they gathered about you, will be valuable eventually... and seriously once you have a live feed of 10 million light bulbs there surely is some sort of fake business model you can come up with that's plausible enough to extract money from investors.

      1. Tac Eht Xilef

        "Of course, but that's your opinion. In the commercial IT world you are not the customer you are the product. It's always possible to extract more money from you being there if you are the product than if you just pay."

        Of course. Nothing new there. Belkin's just a particularly egregious example of it, and I choose to go out of my way to avoid the worst cases.

        And maybe I just haven't gotten over some of their particularly shitty hardware & firmware tricks, including such memorable examples as "redirect a random http request to our ad servers every few hours", "let's decide not to pass zeroconf / multicast packets between local LAN ports anymore", and "Self-Healing (by silently rebooting)".

  3. Youngone Silver badge

    Not sure

    TFA states that user's number one concern is security, but I don't think that's true.

    I think people who are likely to buy smart light bulbs (or fridges, or toasters, or hat stands) are not thinking about anything other than "Look, I can do stuff with it over the Internet" as if that's a good thing.

    Of course when the shonky companies' "Cloud" fails, they're out of luck, but their money is gone by then, so tough.

    1. Paul Kinsler

      Re: "Look, I can do stuff with it over the Internet" as if that's a good thing.

      Well, to be fair, I might well have bought several sorts of mostly pointless iot-like objects by now, if only for the entertainment value of mucking about with it over the net ... ... ... except for the fact that I manifestly couldn't trust them, what with the various "communicate with manufacturer's servers", security problems, no proper patching, not open source, obscure control protocols, and other fun features they have.

  4. Andrew Jones 2

    "What is less known is the decision by TCP to end support for its lightbulb hub."

    Bloody hell that has been kept quiet - it's still on sale in ASDA in Galashiels and it's not exactly cheap either....

    1. BebopWeBop

      Yes I noticed that as well. Not buying, but just pursuing the Itat on offer while waiting for daughter to choose her ice cream.

      1. Andrew Jones 2

        Yeah I wasn't there to buy one either - I've just been gradually replacing the Halogen bulbs with the 4/8W LED ones (the ones that look like a filament inside) - but obviously you have a look what else is there. The TCP line is actually quite big in Galashiels ASDA I don't know what it's like in other stores, but as well as the Internet Connected ones they have ones with speakers, ones with bluetooth, RGB ones with overcomplicated remote controls.

  5. Anonymous Coward
    Anonymous Coward

    Open? Or is Money?

    "By being open source, not only do the security problems get smaller – because of all the eyeballs on it – but the ability to work with new products grows."

    Do they get smaller? If we look at the Debian OpenSSL disaster we've seen a major problem sitting at the very heart of the encryption engine yet it was undiscovered for over three years. And that's but one example, many open source projects have had issues (both big and small) which took their sweet time to be found.

    What this theory is ignoring is that many eyes can still overlook the obvious. And I don't mean that in a negative or disrespectful way. But if you know a certain environment inside-out then the chances of overlooking obvious small caveats only increases. This is also why you usually let other (outside) people test your stuff. Open source doesn't change this concept at all.

    Another problem is that not every user of open source software will actually look at the source code. And even if they do: with bigger projects you'll have several people working on it, who usually all have their own coding style. This only makes it more difficult for an outsider to actually grasp the whole code structure. It's the same issue with forking; although one of the major advantages of open source projects is that you can fork one to make it your own, forking isn't the thing to worry about: it's maintaining the new source tree, especially with those bigger projects.

    So basically I see a lot of hollow marketing talk here. And that usually indicates commercial interests, which make me convinced that, as usual, the money factor is going to be the real winner.

    1. Richard 12 Silver badge

      Re: Open? Or is Money?

      If OpenSSL had been closed source, it is quite probable that the serious security flaws in it would still be unfixed - and probably unknown.

      However it's also certain that it wouldn't have been anywhere near as popular, so the impact of those bugs would be several orders of magnitude less.

      On the gripping hand, those products would have used something else, with another set of security flaws. Almost everyone uses the "SDK pack", so there would be the NXP flaws, the Freescale flaws, the Intel ones, the MIPs etc.

      So the fact that those OpenSSL flaws were found and fixed means that a lot of products got simultaneously better, instead of just one SDK.

      On the fourth hand, a heterogeneous set of flaws across different products is much safer than a homogeneous set...

  6. Christian Berger

    Actually hire mature programmers

    Every programmer goes through a phase where they do not understand that complexity is a huge problem. Therefore they design systems which lay one layer of complexity on top of another, without doing that in a way that actually works towards solving your problem.

    So only hire programmers and software architects which have learned that the more lines of code you write and the more boxes you draw on a whiteboard, the worse your code will be.

    If you look at todays systems, you'll notice that they don't get popped because of things like buffer overflows, but because someone left a debugging option open over the network which should only have been available over the serial port... and that debug port gives you access to a full fledged operating system.

  7. heyrick Silver badge

    How open is open?

    I have a several devices claiming to be open source. Only one of them is actually capable of having firmware built (and that is including a number of binary blobs for talking to the hardware).

    If one cannot build their own firmware to install, then any pretence of "open" is simply useless marketing bull.

  8. Karl Vegar

    No, this is not the solution to the problem with IOT, it's a workaround to limit the symptoms of the problem with IOT.

    The problem is: Every vendor have a "standard" communications protocoll pr generation and type of device.

    This is merely a hub that will speak them all.

    That bein said, if it at least remain true to the promise of openness, then it might be worth procuring for my own smarthouse experiments.

    1. Adrian 4

      Indeed. You don't want to merely speak the protocol and pass the data through, you want to open it up and inspect it.

      A hub should block a connection to the company servers until it can :

      1. Unpick all the content

      2. Copy it into a provider-agnostic database such as MQTT

      3. Filter it until it only contains what you wish to be public - by time, by adding noise, by making up some content

      4. Pass on to the provider filtered versions telling them only what you want them to know.

      This may sound extreme but it returns the balance to where it was when companies obtained data on us from questionnaires - we only told them the story we wanted them to hear. What they do still get is timely and frequent updates with no need to trouble the user for every datapoint.

  9. John Brown (no body) Silver badge

    hold the market back.

    "The IoT market is so diverse, with every product seemingly requiring its own app (and sometimes its own hub), that it has actually started to hold the market back."

    It's the Apple effect. Or the AOL/Compuserve effect if you prefer. The walled garden where once the punter is tempted in, they can never leave because they have so much invested in your proprietary systems/hardware etc. Maybe call it the Hotel California effect if you will.

    Another cause (or possibly an effect) is NAT. You can't expect average consumers to learn how to safely poke holes in their firewalls. So you need something the IoT device can connect to and something the users smartphone can connect to. Et voila, remote servers are the answer.so both devices can talk to each other with almost no complication for the consumer. If we had widespread adoption of IPV6 then we'd not need the intermediary remote servers. On the other hand, NAT forcing the use of remote servers is a dream come true for the data slurpers. (yes, I know it's not impossible, but Joe/Jo Chav just wants to plug in their new light bulb, install the app on the phone and start playing)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like