undefined | Better HN

0 pointsa254613e2y ago0 comments

The main reason why HA accounted for so many requests is probably because it was a polling integration, requesting data every 30 seconds from the server, while the official app either had push events when something changes, or it updated state when the app gets opened.

0 comments

giancarlostoro2y ago

Why not... just allow HA receive callback events at that point when things change? I feel like this has an easy resolve that doesn't piss off your power user customers, and makes them encourage others to invest in your products, IE power users, and they'll come back because despite being a little extra engineering effort, they were glad you thought of them.

jacquesm2y ago

Why not simply allow HA to integrate on site rather than to have to go through some crappy service that likely will not last the lifetime of the doors in the first place?

giancarlostoro2y ago

That's also a good question, one reason I'd be okay with having callbacks is if your software that handles what to do is on a server somewhere else entirely, maybe you own multiple homes and don't want to run several on-premise servers when one could do, I'm also thinking of more than just whatever HA is doing and whatever a power user might do.

organsnyder2y ago

I bought MyQ's Homekit bridge to allow local integration with Home Assistant. It was a bit of a pain to set up initially, and it's stupid that I have a separate device when the openers themselves support wifi natively, but it's been rock-solid.

1 more reply

steamer252y ago

I'm not saying owners should be completely barred from modifying their systems but there are security implications to bypassing their centralized / cloud-based authentication.

It'd be possible for a knows-enough-to-be-dangerous customer to modify their system in such a way that they unwittingly allow unauthenticated local access. From my point of view, Chamberlain/MyQ should be totally indemnified in such scenarios but I'm not sure how murky the legalities would be in terms of getting judges/juries to accept "caveat emptor".

EDIT: Maybe there's a way to ensure customers have signed an indemnification agreement before unlocking local API access? I guess there'd also need to be a way to ensure/promote a factory reset if/when ownership/rentalship changes.

2 more replies

twicetwice2y ago

Good suggestion, but where and how does HA receive callbacks? I would guess that almost all HA instances are behind residential LANs and most aren't accessible on the public internet. You could use dynamic DNS and forward ports, but that's flaky, you might run into CGNAT, etc. And anyway, it's best if your HA instance isn't publicly addressable; mine is only accessible over my personal WireGuard VPN and I intend to keep it that way.

I'm sure this is a solvable and solved problem, but I do believe it is non-trivial, and potentially a major headache for a company to implement just to support a tiny niche of users. I'd be delighted to find out I'm wrong though!

And, unfortunately, the business case isn't there, since this weakens lock-in effects. I don't endorse this reason—that's why I run my own HA instance and don't buy or use any products that require the cloud or otherwise can't be operated entirely locally (including flashing Valetudo to my robot vacuum!).

tuckerman2y ago

If you pay for the home assistant cloud subscription (built into HA, ~5 USD/mo) they can provision custom callback URLs for you so you don’t have to expose your HA instance. I have this setup for certain integrations such as Samsung Smart Things.

It’s not a perfect solution since it costs money but it’s a nice alternative to exposing your HA instance or some other front end proxy to the internet.

1 more reply

ndriscoll2y ago

Open a TCP connection from the instance to the cloud service. I don't know about all consumer routers, but I just checked mine and the default TCP established timeout is 7440 seconds. Idle timeouts are supposed to be at least 2 hours.

If you served the entire US (130 million households) and had a 1 hour keepalive, that's only 36k packets per second, which is nothing.

You could also auto-train the idle timeout by using a pair of TCP connections. One uses a known good value while the other probes upwards until it finds its connections start getting closed (with some optional binary search fanciness), feeding new known good values back to the first.

(Obviously the no-cloud solution is better still)

pjsg2y ago

MQTT is the solution for this. Note that the garage door openers talk MQTT to the myq service (over TLS with preshared keys). It should be possible to subscribe to events from your garage door opener(s) and also to send commands to it.

1 more reply

moritonal2y ago

I recently bought a Nuki smart-lock, purely because it offered MQTT support with auto home-assistant discovery. Vote with your wallets and we can have nice things.

https://support.nuki.io/hc/en-us/articles/12947926779409-MQT...

bluGill2y ago

Because that would require them to build a callback system for the 0.2%. I don't have this, but I'm guessing the app only checks if your garage is open when you open the app. That is if you don't have the app open and someone opens the door you don't get a notification.

ryukoposting2y ago

Isn't the high road solution here to open your API to enable users to make a less shitty HA integration?

Either way, they'll almost certainly pull the plug on this service sometime before the end of the decade.

lhamil642y ago

Or open up a local API so Home Assistant users don't even need to hit their servers in the first place, which is preferable anyway...

thecapybara2y ago

If I recall correctly, Chamberlin had an optional accessory that added HomeKit support to garage door openers, and that was discontinued last year. Home Assistant is capable of acting as a HomeKit hub, allowing it to control HomeKit compatible devices locally that otherwise would've required a cloud connection.

1 more reply

epiecs2y ago

I was just going to comment this. The device is network connected anyhow. So just open up the local api.

1 more reply

giancarlostoro2y ago

I would argue that letting HA define a callback URL or some way to receive those events instead of relying on polling would do it. But also, are they caching the responses? I have a weird feeling that the vendor is not caching enough, especially for data that changes insanely infrequently.

criddell2y ago

That’s definitely the high road solution. The low road solution would have been to start suing HA users under the CFAA. So I guess they took the middle road.

Angostura2y ago

Possible answers would be for the company to create an official integration, using a change state trigger rather than a polling trigger - or possibly to throttle requests from a particular IP to a certain number per day to incentivise parsimonious usage

xur172y ago

Absolutely. It would also be possible for them to create a local API that home assistant can call over the local network. The real problem is that the company just doesn't care.

greggsy2y ago

HA even claim that it’s used as a test bed for many iot products, so it can often have integrations before any other platform. Kind of makes sense, give many cross platform integrations there are in it.

lvh2y ago

A third-party hub would have a similar problem, though, right?

mikeryan2y ago

MyQ has built in integrations for Apple Smart Home and Alexa. I’m assuming in those situations the MyQ app passes state to those services so they don’t have to poll.

achandlerwhite2y ago

Not for HoneKit unfortunately. They did sell a separate -$100 box that would bridge it officially but have discontinued it.

j / k navigate · click thread line to collapse

0 comments

giancarlostoro2y ago

jacquesm2y ago

Why not simply allow HA to integrate on site rather than to have to go through some crappy service that likely will not last the lifetime of the doors in the first place?

giancarlostoro2y ago

organsnyder2y ago

1 more reply

steamer252y ago

I'm not saying owners should be completely barred from modifying their systems but there are security implications to bypassing their centralized / cloud-based authentication.

2 more replies

twicetwice2y ago

tuckerman2y ago

It’s not a perfect solution since it costs money but it’s a nice alternative to exposing your HA instance or some other front end proxy to the internet.

1 more reply

ndriscoll2y ago

If you served the entire US (130 million households) and had a 1 hour keepalive, that's only 36k packets per second, which is nothing.

(Obviously the no-cloud solution is better still)

pjsg2y ago

1 more reply

moritonal2y ago

I recently bought a Nuki smart-lock, purely because it offered MQTT support with auto home-assistant discovery. Vote with your wallets and we can have nice things.

https://support.nuki.io/hc/en-us/articles/12947926779409-MQT...

bluGill2y ago

ryukoposting2y ago

Isn't the high road solution here to open your API to enable users to make a less shitty HA integration?

Either way, they'll almost certainly pull the plug on this service sometime before the end of the decade.

lhamil642y ago

Or open up a local API so Home Assistant users don't even need to hit their servers in the first place, which is preferable anyway...

thecapybara2y ago

1 more reply

epiecs2y ago

I was just going to comment this. The device is network connected anyhow. So just open up the local api.

1 more reply

giancarlostoro2y ago

criddell2y ago

That’s definitely the high road solution. The low road solution would have been to start suing HA users under the CFAA. So I guess they took the middle road.

Angostura2y ago

xur172y ago

Absolutely. It would also be possible for them to create a local API that home assistant can call over the local network. The real problem is that the company just doesn't care.

greggsy2y ago

lvh2y ago

A third-party hub would have a similar problem, though, right?

mikeryan2y ago

MyQ has built in integrations for Apple Smart Home and Alexa. I’m assuming in those situations the MyQ app passes state to those services so they don’t have to poll.

achandlerwhite2y ago

Not for HoneKit unfortunately. They did sell a separate -$100 box that would bridge it officially but have discontinued it.

j / k navigate · click thread line to collapse