[cadamsdotcom]

The smartest thing is having a light switch you walk over to. Doesn’t fail randomly, doesn’t need an internet connection to operate, doesn’t stop working when your internet is down.

My garage remote is in a PIN number lock box next to the garage. Open lock box, press remote, close lock box.

That’s smart.

[DoctorOetker]

PIN number lock boxes are pretty unsafe, one could consider 2 simple solutions to stop someone trivially determining your PIN:

1) after closing the box, randomize the digits: humans are pretty bad at randomization, imagine modeling the randomization delta it won't be perfectly uniform, and the different discs would display similar distributions of rotation. Suppose spinning a disc to randomize it, one might have a peak at delta=+3 and sidelobes with lower frequency. Just a handful of observations when the codes were randomized will reveal the relative positions of the true code, and the only missing information is 10 possible global rotations, which is easy to brute force

2) A second approach is to not let an attacker learn anything by always presenting them with the same information: instead of randomizing, always reset to the same value (0000 or 9999 or any other value of choice). But in this case another attack becomes extremely easy: acoustically detecting the number of indentation clicks used per wheel by recording: without access to actuation direction that gives 1 bit of direction doubt per wheel or only 2^4 = 16 combinations left, easy to brute force.

[cadamsdotcom]

My lock box is round the back of our apartment building. Anyone sus would get stopped and asked why they’re there long before they got to it.

Anyone installing recording gear to record the clicks, or trying lots of combinations would - in addition to drawing unwanted attention - be pretty dumb to invest the time as there are much better and easier targets.

And good point, didn’t mention that, I do randomize the pin digits.

It is all tradeoffs between security and convenience. We aren’t hiding state secrets and that opens lots of options.

[bandrami]

I mean, they could also just saw open the box or rip it off whatever mounting brackets it's on. At some point you have to acknowledge you're making unauthorized access inconvenient rather than impossible.

[DoctorOetker]

I'm not an absolutist, what I'm saying is that bruteforcing 10 or 16 states is neither inconvenient nor impossible. Its a lot less risky than spending time sawing open a lock box.

[infthi]

My setup: philips hue switches in 3dprinted boxes on top of (currently perma-on) dump switches.

Smart home works? good

Smart home dies? remove the smart switches (held in place by magnets) - and the buttons of dumb switches are exposed. Lights have power-on behavior configured, so they act as dumb lights in this case.

[shideneyu]

I love Philips hue , probably the only light smart automation that is really worth it.