[rochellle]

I don't know why, but I kind of want to see a truly gargantuan IoT debacle unfold at this point.

Something beyond stupid, and completely preventable, and all the more horrendous, because at this point, it can only be funny.

I want to see something like a TV commercial accidentally trigger a home automation system, which corrupts the operation of a class of light switches, which cascades onto smart microwave ovens, which transmit kill signals to self-driving cars which synchronize with flying cars at which point they all swarm the nearest hospitals and explode, demolishing trillions of dollars of health care, and imploding society because of failed credit default swaps on all of the health care insurance (even obamacare), which then causes automated trading platforms to sell, killing off everyone's 401K's, destroying the retirement plans of all survivors, such that the living envy the dead.

Can we make that happen?

IoT is retarded.

[virmundi]

Hyperbole, or just wanting to watch the world burn, aside, why is IoT, as an idea, retarded? It seems to me that having the underlying platform for secured communication to semi-smart technology is good. If my house could intelligently govern itself within a set of parameters I define that fit my life, I bet I could save a few bucks a month on power, not have as much food, and help the environment in my own little way.

I do see the idea of IoT with no security and no long term commitment to the products as actually, technically retarding (we'd be worse than we are no for the reason you enumerated). Could you make an argument for your last statement as to why a good implementation of IoT is bad?

[flukus]

Because it's basically a bunch of gimmicks. That refrigerator with the camera will get me to buy stuff I didn't need because I couldn't see behind the milk. That coffee machine will make me a cup even though I'm too hung over to drink it that morning.

In short, nothing will be intelligent enough to be worth it. I don't believe this for every case, just playing devils advocate, but it does apply for most things.

[pdkl95]

> why is IoT, as an idea, retarded?

The usual complaints about IoT as an excuse for surveillance capitalism aside, the key problem with IoT in most products is the (currently obscured) costs do not outweigh the (often novelty) benefits. By benefits I mean actual, significant time or effort savings that need to outweigh the large risks inherent to anything IoT.

> underlying platform for secured communication

That illustrates a big part of the problem. There is no such think as a "secure platform", because "Security is a process, not a product."[1]

The internet is and will always be an incredibly hostile place. If you plan on internetworking on the shared global network or anything that connects to it in any way, you need to plan on a way to maintain vigilance over the devices you created or are responsible for. This means continuous work into the future[2].

> I bet I could [...beneficial outcomes...]

You're only listing the positive side. To judge IoT properly also need to enumerate the known problems and possible risks. A few examples of the risk that most IoT devices bring are:

* The other end of the supposed "secure communication" being compromised by governments, criminals, disgruntled workers, etc.

* Bugs (everything has bugs) allowing assholes of the "swatting" persuasion messing with your power, food, etc "for the LULZ".

* All that data being logged - even when stored locally - becoming the target for discovery in a trial (maybe involving you, maybe not).

* The manufacturer of your IoT device selling data to your insurance company, or you insurance company requiring that data from you directly (e.g. fitbit data for "cheaper" insurance that now has more ways to deny you coverage).

That's just some obvious examples. The real problem is that after data is collected it tends to be permanent. Nobody has thought of the big risks of plugging your devices into a hostile network. You see the potential benefits of IoT devices, but you also need to consider what some black hat (or script kiddie) will do with all of those devices - and the data they collect - in 10+ years with a clever new exploit.

[1] https://www.schneier.com/essays/archives/2000/04/the_process...

[2] It might be possible to limit this with products that have a limited lifespan and are guaranteed leave the network.

[virmundi]

All the things you listed are things to be planned for. None of them are extremely terrible in and off themselves with the proper vigilance. Even the data logging should be solvable with reasonable laws.

Apply the general argument to personal computers. Anyone can attack your PC. Once pawned, they can get valuable information. Your IP could be wrongfully associated to a crime, which brings Jonny Law to your door. Given all of this, I still assume you see the idea of being connected via a PC as a good thing since you wrote a response via a browser.

My question was essentially, why dismiss something whole cloth? You raise valid things to consider, but I don't think that anyone of them is a death stroke to IoT. They are, at least in my opinion, design considerations for products that make sense.

[pdkl95]

> proper vigilance

You seriously expect the average person to have anything close to "proper vigilance" with a collection of IoT devices?

> reasonable laws

I'd absolutely love to see strong data protection laws passed, but that isn't likely in the near-ish future. Also, laws don't protect against bugs.

> All the things you listed are things to be planned for.

The worst problem in a new, unexplored area are the unknown/unexpected problems. You believe these data risks are minor - I strongly disagree - but how can you even begin to make that kind of judgment? Data persists and CVEs increase with time; how can you be certain that your data (which includes access credentials, e.g. ssl keys/certs, passwords) won't be stolen off some server (or your home devices) 20 years from now?

These are huge, unknown, open-ended risks that could suddenly become a problem at any point in the future.

> personal computers

The PC isn't tied to sensors around the house, with the ability to control various important hardware. The thermostat (nest) is an obvious example: it should be a trivial device, because simplicity is one of the better ways to guarantee reliability. Adding massive complexity and network access left a lot of people with a freezing house[1]. My PC isn't tied to important thing like the thermostat, because adding risk for effectively a nerd toy, social status symbol, and (allegedly) minor heating-bill benefits isn't a good trade-off, and it's terrible security.

The PC is a risk, but it can also serve as a place to contain the risk of being connected to a hostile network.

> why dismiss something whole cloth

I'm not: "...the key problem with IoT in most products is the ... costs do not outweigh the ... benefits."

Internet connectivity can work if the benefits sufficiently outweigh the cost of having to actually secure the device and remain vigilant and responsive to new security issues for the lifetime of the device. This is expensive, and approximately nobody is doing that right now. I also find it hard to believe that anything remotely similar to the current IoT toys on the market can ever be profitable enough to pay for their own security. There may be exceptions, of course, but they will be expensive (in some way) and rare.

[1] https://www.nytimes.com/2016/01/14/fashion/nest-thermostat-g...

[rochellle]

  ...products that have a limited lifespan and are 
  guaranteed leave the network.

So, perhaps, something like, say... a four year lifespan? And maybe they "get retired" if they fail to leave the network?

Maybe we could give them names like Roy, Zhora, Leon and Pris...

[pdkl95]

That's is more or less the model I intended. Specifically, I was referring to one of Dan Geer's extremely important recommendations in "Cybersecurity as Realpolitik"[1].

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI ( http://geer.tinho.net/geer.blackhat.6viii14.txt )

[rochellle]

How many personal possessions can you think of that cannot operate unattended, but should?

Given that my personal possessions are few to begin with, I have a short list to review.

I honestly can't think of a single one, save my refrigerator, which I do not want buying food for me. To be honest, I don't even like owning a refrigerator. I didn't need one in college, and still don't need one. I don't use DVR, because I don't subscribe to cable TV.

My arms aren't broken. I can get up and turn a light on. Self-driving cars are technically beyond the scope of IoT, even though the "T" in IoT is deliberately vague.

But these are the things in my life, as it is, and not how it could be. The way my life works right now, I spend (at best) 10 hours away from my home, and maybe 8 hours asleep. So possibly 6 hours to reap the benefits of more clutter, automating... whatever.

Even though arranging and aligning the automated systems that hypothetically support the maximization of my free time, consumes time in order to perfect. But wait! Planned obsolescence promises me that if I step onto the product treadmill, it will be harder to exit, ensuring that there will be cycles of realigning and integrating new IoT systems, into my own private ecosystem of personal automation!

We know this, because look at how often we discard our mobile devices, and even our laptops and desktops.

But nevermind that. Maybe I'd value my free time more, if I had more of it. Maybe if I wasn't lashed to a desk all day, working for someone else, living paycheck to paycheck, I'd have more freedom to expound upon all the nothing I can't imagine not doing at the moment, because I'm consistently busy on someone else's terms.

I don't want robots buying shit for me. I don't need robots telling the world which room I just walked into. I'm sick of going to work all day, and sitting in someone else's chair. Fix that, before wasting my paycheck on lightbulbs that change themselves, but never go out anyway, because I'm not even at home 40 or 60 hours a week, and I'm asleep in the dark for another 50 besides.

[virmundi]

There are at least two issues you raise in this response, neither are directly an answer to IoT as an absolutely retarded idea.

First, you say you don't own much, therefore IoT won't help you. That's fine, but it doesn't generalize. It especially doesn't generalize to non-consumer tech of which you'd have little part even if you wanted to own things.

Second, you're life appears to be stuck in dire straights. I have no idea why your stuck in the life you're in. As a result, I have no idea how automation might help or hinder you. Again, it is not a real argument against IoT.

[rochellle]

Oh, except it is, because the only reason we constantly see all this IoT press, is because there's a PR machine pushing the idea of consumer-oriented IoT devices. More devices in more homes means more analytics inputs, which means more targeted marketing, which means more brand loyalty and lock-in for key purchases, which secures cash flow for established businesses.

We never see non-consumer IoT tech stories. It's always more bullshit, in aggregate, because the consumer market is huge. So, web-enabled security camera gadgets, refrigerators, light bulbs.

Never industrial control and automation. No SCADA. But honestly, critical systems are the things we DON'T want to see on the IoT, because that's where the IoT fuck-ups wind up causing the most pain.

We DON'T want to see hotel heating and ventilation systems reversing flow, and start sucking car exhaust from the parking garage at 3AM, when most are asleep in their rooms, because there's a default port open, because of a bug, and some asshole thought it would be cool to do that.

We DON'T want to see a dishwashing system's filter check go ignored, because the filter purchasing sub-system fails an SSL handshake, because an old CA is no longer available and a new CA is untrusted, and 200 people get sick because their plates were washed with grey water.

We DON'T want to see a sensor fail on a specific model of water pressure gauge, but, due to the nature of the failure, a recall is eluded, and aquifers are drained because of constant leakage gone unnoticed, because no one was paying attention anyway, because everything's automatic now, and there's no staff to support such a massive wave of recall repairs, because automated plumbing has produced a shortage of plumbers, and there are too few specialists to change the valves and sensors out, and the drought hits, and irrigation fails, and then crops fail, and there's no harvest and then people starve, and then children die, and then, and then, and then...

No seriously. IoT is retarded.

[123456qwerty]

That last paragraph is the real important one to me, concerning automation in general, be that IoT, self-driving cars, or other kinds of connected devices that do jobs previously done by more humans with fewer.

Case in point: Someone snips the wrong cable and a system that has replaced human operators who would route in-field nurse calls goes down. This is a small system for now with low volume, so an improvised manual process is in place in a matter of minutes. But what if this system was serving 100x more users? This process would not be scalable, and said provider would not have the infrastructure or man-power in place to handle that situation.

Similarly with the idea that in the near-term self driving cars will reduce the need for drivers, not eliminate them completely. It's like some fallacy of averages. What about that week with so shitty visibility that the sensor-suites are blind? Does the world completely stop for a few days?

[IshKebab]

Forget IoT. What's stopping that insane Broadcom Wi-Fi bug from spreading between phones like a virus? There will be plenty of Android phones that are vulnerable to it for years to come.

I kind of hope someone does it so Google finally do something about the Android update situation.