Often there are two control paths. Sometimes more! Plenty of inverters will quite happily give you an RS232 port specification and you can create your own dongle!
However, for purpose of the security of the nation's power grid, I don't just need my inverter to be secure, I need pretty much everyone's inverter to be secure. If an attack bricks 95% of solar inverters, the fact the nerdiest 5% of users have their inverters airgapped won't stop the grid having a lot of problems.
> RS232 port specification and you can create your own dongle!
This is just a way of pretending to give access while making it as hard as possible. We are talking about a device that is already connected to the network. The local path is not some rest services, but a serial port for which I need to fabricate some hardware? Don't piss on me and tell me it's raining.
Perhaps I wasn't clear - when I say "Sometimes more!" I mean many cheap chinese inverters actually support four options:
1. Cloud management with their app.
2. Wifi management without the cloud (when you're on your home wifi).
3. Unplug the wifi dongle from the inverter for a fully offline system. You don't really need your inverter on the internet anyway.
4. Unplug the wifi dongle and DIY whatever you want, the dongle's just a serial-to-wifi converter.
That's not to say the security of any of this stuff is good, of course. In fact the security is pretty bad! But you can for sure get inverters with multiple options for non-cloud operation.
The real answer is it's more than twice the work to have both paths, and there's not enough demand for it.
That said, Apple Homekit integration is local network based, so products that do that and the typical manufacturer cloud system have done both paths.
Homekit is a pain to use without Apple hardware/software, but there you go. (There's a plugin for HomeAssistant, but I'm still classifying that as a pain)
Cheapness. It would require to be at least semi secure, application on phone would need to find those devices locally and it should be synchronized with cloud anyway, synchronization is error prone and we had problems with devices sometimes responding twice or very slowly through local interface (through cloud was much faster, no idea why, not our firmware). Also not enough people requesting that feature, most don't care and think that losing internet is not often enough to warrant worrying about this.
Why not offer an either/or rather than both? Some people (I am one of them) actively do not want these kinds of things to be managed through the cloud servers. I don't want it to sync, I want to fully turn that off. I want to locally host, and I'm willing to take responsibility for that feature, including when it breaks. All I want is access to whatever the data reporting and control APIs are.
I get that I'm a tiny minority, and that very few customers want what I want. But A) it seems like giving me what I want should be very cheap (i.e should not entail ongoing customer support costs beyond normal, and in fact would get rid of the small cloud hosting cost) and B) I'd be willing to pay a premium to get it.
In some areas like cameras there are a decent number of cloud-free alternatives. Hopefully as the IOT market grows we'll get cloud-free versions of everything.
I think you're too optimistic about costs though. Providing any support at all, even one-time during the install, is expensive and cloud-free IOT is going to require support due to home networks being broken.
Yes, support is expensive, but what I am proposing will, if anything, reduce support. I'm imagining something where, if I opt into local control, I am giving up all rights to any support that is not related to the core functionality of the device. For example the solar panels/inverters in the article. If I opt in to local control, then the only support I am entitled to is the solar panels stop generating power or if the inverter stops inverting. Anything that is network related is no longer the companies problem, because I have assumed complete responsibility for that. I'd even be willing to agree that, in the case that I ever decide I don't want local control, and I want to switch to the cloud hosting, that I will pay for the support required to switch me back over.
So if my home network breaks, that is not their problem. And they don't need to set it up, they just need to make it possible for me to set up, including figuring out how to make it work with my potentially broken home network. If it requires a new router because mine doesn't provide some necessary functionality? Not their problem. Etc. Etc.
Consumer electronics doesn't work that way. If people can't get a product to work they will return it to the retailer and when the retailer gets a lot of returns they will penalize the company or drop them completely.
> So if my home network breaks, that is not their problem.
Differentiating between people like you, who can take blame for misconfiguring device and 99% of other consumers is not viable for most companies. Also, if you bought our device and wanted to do that, I would probably make a firmware version for you that connects to your endpoint and give you some docs. But:
- Just talking and coordinating that possibility for one user would cost my company more than the final price of device, when considering time spent on this.
- You would have to spend a lot of time to implement a lot of functionality to glue our protocol to your desired endpoint.
I have some shelly devices which manage to do all that, and cost next to nothing. Work with local rest services or cloud, password protection, TLS. Sure, it costs more than zero, but not much.
In the end, freedom goes away because we could not be arsed to ask for it at least, let alone fight.
However, for purpose of the security of the nation's power grid, I don't just need my inverter to be secure, I need pretty much everyone's inverter to be secure. If an attack bricks 95% of solar inverters, the fact the nerdiest 5% of users have their inverters airgapped won't stop the grid having a lot of problems.