Support checked and it was fine. Just needed time to adjust. They mentioned they checked the cameras (!).
Later on I got a second used one and while cleaning it, noticed that the internals are just a raspberry pi. Took my micro HDMI and keyboard, and... this thing just runs Raspberry Pi OS.
No updates. And ... VNC. People from that company can just remote into my device, look at what the cameras are seeing, and do stuff on my network. These things are a security nightmare.
- Alexa, wipe up that spill in the bedroom.
- Sorry, that requires deep clean, but you had some credit left on your second credit card so I ordeered a deep clening service for Tuesday when you are away.
https://www.abc.net.au/news/2024-10-11/robot-vacuum-yells-ra...
I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.
The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.
Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.
https://www.amazon.com/Yogasleep-Portable-Soothing-Rechargea...
iOS, iPadOS, and macOS have a pretty great built-in background-noise generator these days. While lots of actual beaches can go dead silent and then have a loud wave crash in, the waves that
It’s available in Settings -> Accessibility -> Audio & Visual -> Background Sounds. You’ll have to download the sounds each once, but after that they stay on your device.
Digging this deeply in Settings isn’t pleasant if you just want some white noise, so you may want to add a control to Control Center like “Background Sounds” (way down in the Hearing Accessibility section) to turn the ocean noise on and off.
I turn this on my iPad when going to bed if I want to take extra steps to ensure that I don’t wake up in the middle of the night.
I do use a standalone Lectrofan for sleep as I prefer my noise machine to be across the room and Alexa-controlled (via a smart switch), plus it’s louder and the brown noise is “browner.”
But I keep iOS BG sound mapped to the triple-click shortcut for when noise-cancelling just isn’t enough in loud restaurants etc. It works great with AirPods for reducing my noise sensitivity issues.
If you're trying to get better sleep, get your phone as far away as possible!
I can't believe I had to download an app for that because the feature is buried in SETTINGS (!!!!). What an obtuse choice. Thanks for the tip though, I hate that my white noise app has a rotating ad banner.
I had the two problems of poor sleep without white noise and a dog allergy and now I have neither.
I got tired of replacing $60 sets of HEPA filters after moving in to a forest. I actually bought K&N 20" furnace filters because they're washable. i wash them every 3 months or if they're very obviously grey approaching black, or, during pine mating season, if they're yellow approaching black. I use mean green or simple green, whichever i have handy, and the hot tap in the shower to just wash them off with soap and water.
I have to replace the ~$20 box fans every 3-5 years. They just wear out, probably by design. They break in the startup, if you can get them spinning it'll keep spinning.
[1] shot with on-board mic but you can see the idea. The metal inside is one of those "hold your kitchen utensils" metal baskets, it keeps the form of the carbon filters inside, and stops stuff from getting sucked through. The airflow is in to the hole in the box, through the filter, out the fan. https://www.youtube.com/shorts/zmzs9H4NUCQ?feature=share
Turns out most of my anxiety, insomnia, etc sensations were caused by pinched spinal nerves.
I say sensation because I believe, but cannot prove, that my physical sensation led to my mental state. Most diagnosis assume the reverse; that mental state leads to physical symptoms (restlessness, clinching, pit-in-stomach, whatever). I have not yet read anything or met anyone (care providers) supporting my hunch.
So... Anyone experiencing treatment resistent pinched nerves, eg sciatica pain, may want to consider possible physical causes.
In my case, it was collapsing vertebrae due to osteoporosis resolved with a S1-L5-L4 lumbar fusion. Yes, that surgery and recovery was very difficult. The upside is I now often sleep like a corpse. It's glorious.
YMMV.
I have a slight curve in my spine, but not enough to be a clinical diagnosis of scoliosis. So i will just have "back pain" of all sorts my entire life and that's great, super. But if i get a different sort of back pain i'd expect an xray at some point, right?
As I get older, deafness will likely reduce my need to rely on technology.
Stereo - genius!
At home I have a simple one that plugs in and generates noise with fan. Looks almost exactly like this: https://res.cloudinary.com/guest-supply/image/upload/f_auto,...
When I travel I take this small portable rechargeable one: https://www.amazon.com/Machine-Babelio-Adults-Non-looping-So...
I'm on android so I don't have the built in sounds that iOS has
I used wireless headphones back then. My choice of "white noise" was popcorn in a microwave (because the neighborhood was that noisy)
Believe me, sometimes tinnitus means i don't care if i damage it more, i just need outside to be slightly louder than inside my head.
I use the Snooz white noise machine and their companion bluetooth app actually comes with a sound level display in dB that helps you make sure you're not setting it too loud in settings like a baby's nursery.
Very low tech, very cheap, very secure, very effective.
What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
And yes, I found evidence that this is exactly what’s happening."
^ wow, this is pretty wild. <insert joke about being careful about who you share a bed with>
I’m the founder and CEO of a company called Memfault, we make observability SaaS for hardware companies.
I constantly get asked if we could just offer a remote access solution. Many of our competitors do! But we think it’s (a) a huge security liability and (b) too ripe for abuse.
But fundamentally consumers do not care, and until that changes you can expect any embedded Linux device to have this kind of backdoor (they do more often than not).
More companies do this than not.
.. I'll see myself out.
Could a rogue engineer inject whatever code they want into an app update? Possibly yes, but 1) that code will get shipped to every phone at the same time, 2) that code has to do its thing without anyone noticing, which is tricky at scale (this is how malware gets discovered), and 3) there’s an audit trail so that engineer will be exposed to legal risk.
The difference here is that with Eight Sleep, an engineer can remotely access the customer device in real time and poke around the network the bed is connected to, and there may be no audit logs. They can exfiltrate sensitive data with much less effort and less legal risk than with an app update.
> I was willing to overlook:
> The bed costs $2,000
> It won’t function if the internet goes down
> Basic features are behind an additional $19/mo subscription
> The bed’s only controls are via mobile app
The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
Don't worry, they'll repeat over and over how their product was thoughtfully designed with exquisite craftsmanship by the re-animated corpse of Johnny Ive [1] until people believe it's true.
[1] I know he's not dead.
Also...
> ... Essentially all you need to do is unplug the rubber tubing from the Eight Sleep cover, which is available on eBay for a few hundred bucks, and plug it into a $150 aquarium chiller.
> That’s it. Aquarium chillers are somewhat of a misnomer, as they can also provide heat. They use thermoelectric devices to regulate temperature, either cooling or warming the liquid that flows through them, which is the same technology found in eight sleep.
How much do you want to bet the Eight Sleep is literally an off-the-shelf Chinese Aquarium chiller in a custom case marked up 15x, with a shitily-programmed computer bolted on to enable a $20/month subscription?
Unlike all the cloud garbage, my zigbee devices continue to function even when the internet is down. I have my zigbee hub (Home Assistant Yellow) on a battery backup, so all the zigbee devices with a battery keep functioning even when the power is out (like my automatic cat feeders)
I do own of these and while I hate the price, the subscription, the fact that it didn't work for an hour last night due to the internet being down (first time ever really) but there really isn't a better option. I love the temp control and would use anyone else if they had a valid competitor, but sadly there isn't one (or at least wasn't when I bought mine). The alternative is to not have temp control which is pretty amazing.
Not that this ameliorates all the other issues here.
The "smart" features on it are genuinely useful for me - I have sleep apnea, as well as an eight sleep + the electronic platform. It automatically changes the elevation of my head based on apnea events, and I see a marked reduction in them when using this feature.
I have a cpap machine that also makes automatic adjustments but I still get noticeably better sleep quality with the eight sleep. I also really enjoy the temperature control, since it saves on HVAC costs vs. climate controlling the whole house. I've not tried an aquarium chiller for this purpose, though I have used one for doing temperature control on a beer fermenter, and I can extrapolate from there that I value the management of the actual eight sleep device vs. managing an aquarium chiller's temp control.
Seeing the founder fellate Elon and his Doge employees has given me second thoughts. I may be looking for an aquarium chiller in my near future.
Most manufacturers bolt on IOT functions by dropping an off-the-shelf module onto their device-specific board. It's sometimes possible to replace the factory firmware with ESPHome, sometimes even using over-the-air updates. For example, AirGradient air quality sensors: https://github.com/MallocArray/airgradient_esphome
Even when it isn't possible to commandeer the factory IOT module, the fact that it _is_ a module is still useful, because it's almost always possible to inhibit or remove the factory module and connect your own instead. The factory IOT module controls and senses the device, so your replacement module can too, using the same pins. For example, an IOT air filter: https://github.com/mill1000/esphome-winix-c545#final-assembl...
Some devices are designed around multidrop communication busses. These are usually even easier, since the ability to join the bus is an intended design feature, even if the device you're using is not intended. For example, many Samsung residential HVAC systems: https://github.com/omerfaruk-aran/esphome_samsung_hvac_bus/d...
At my day job, we've replaced and re-engineered controllers in industrial laser cutters, CNCs, welders, robots, and similar equipment. There are replacement control boards for hobbyist stuff like pinball machines, motorcycles, retro computers, and retro game consoles.
But as evidenced by the fact that people are buying shitty cloud-only IoT devices, neither the interest nor the capacity to do this is common.
It is a $2000 dollar internet connected bed. The market in this case is probably people who could wipe their ass with that $20 every day and not miss it. I don't think they are stupid. This class of Americans has always been about paying for ongoing service instead of being pragmatic or doing things themselves. "Let the help over in bangladesh fiddle with the connectivity and updating the mobile app for me, while I merely rest my head and make plenty of money," they probably figure, at least subconsciously.
The collective mass of people who buy these "IoT" devices that (1) don't actually need to use Internet-hosted services to function, (2) don't actually need a subscription for their business model to work _except_ for having been unnecessarily tied to an Internet-hosted service, and (3) will fail to function when the Internet-hosted service is gone do not understand the ramifications of the buying decisions they're making.
They're enabling these awful companies and business models. They're making the world worse by buying this soon-to-be e-waste garbage.
Stupid is a bad word. Let's say ignorant, instead. They don't even know what they don't even know. Our asinine industry normalizes these practices because profit.
I think computers have tremendous power to make life better for humanity. I think that can happen without being contingent on this kind of business model.
The bed is an egregious example. There are certainly other lower-priced products that still have this kind of stupid unnecessary "tie" to Internet-hosted services and subscriptions.
And all tech companies are now founded with zero regard for good behavior. I mean, they don't even do minimal amounts of customer service, which is the bare minimum of having regard for your customers.
In general, the IoT industry has suffered and adopters get burned over and over and over so the market is what it deserves in the long run. But that doesn't mean that snooping and monitoring doesn't increase insidiously year after year.
This is a serious problem with future technology. What person would do cybernetics or similar life saving products from companies like this? Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.
We are clearly in an age of increasing authoritarianism. China has become far more authoritarian under Xi, right wing fascists are on the rise in Europe, and extreme partisanism just leads to round robin authoritarianism on the path we're on, assuming the next election happens. Russia is trying to expand its reach, and disrupt democratic institutions worldwide.
Undermined privacy and data collection is the tools for total information awareness by authoritarian states, only made far far far far far far far worse by the rise of functional AI.
The future of humanity is bleak. The filter approaches.
As someone on an insulin pump they do. Iirc they have reps showing up at hacker conferences looking for red teams.
Definitely agree with your worries generally though.
They most certainly do. I'm deep into a security analysis of a similar device rn.
One thing SaaS has not learned from nonprofits with longevity: you do big fund raisers to get money so you can live on the interest payments. If you think of a new project that will increase your burn rate, you throw another fund raiser.
Figure out how many of those beds you expect to be junked for breakage or obsolescence each year and set your margins to keep the long tail running for 10-15 years.
I think SaaS has eschewed strategies for longevitiy because it's contrary to the market's "wisdom" that for-profit companies must have sustained high-rate growth.
> It won’t function if the internet goes down
> Basic features are behind an additional $19/mo subscription
One can just question how we want to live our lives in the future. Behind each and every step a subscription? And all of them seem to be priced 10-20/month, no matter how much value they provide.
I'll play the Devil's Advocate here. If this product isn't controlled by a remote server, it either needs to be controlled by a local bit of hardware (i.e. with its own screen and hardware input devices) or by your phone. Considering the upper-class target market (high-priced luxury product), the "local bit of hardware" option is a bad call. If it's controlled by your phone, then it would presumably happen over Bluetooth, which is both (a) unreliable and (b) would disconnect if you don't have your phone in your bedroom, which if you're willing to spend $2k on a cover for better sleep, you've probably already tried.
The industry went in the direction of direct-to-Internet connections for home devices because, quite frankly, it's the lowest-friction approach for most home users. Everything else is a distraction from a great product experience for 99% of the market.
With all that said... bundling in hard-coded AWS IAM keys (for Kinesis Data Streams) and hard-coded SSH public keys is just bad engineering. You can't revoke an abusive customer without revoking everyone, and you can't fire any employees without updating every customer end device. Sleep Eight needed to set up IAM Roles Anywhere with a private CA where a user's initial setup gets the private CA to issue a cert for the base unit in the user's name, which is then used to get temporary credentials through AWS STS to write to Kinesis. Similar story with SSH, if it's actually genuinely needed for some reason, set up a private CA, in both cases, with certificate revocation lists. They're unlikely to sell enough beds (remember: luxury product) or fire enough employees for CRLs not to scale well on this solution.
I mean, if I wanted to check how many calories are in a food item and the FDA didn't make companies tell me, that's going to be at least 1000 hours of work. For one food item. One time. If I had to do that for everything I'd just starve.
Software is, arguably, more complex than modern ultra-processed food. We can't audit these things. Even when we do audit, we only scratch the surface. There's billions of lines of code behind "hello world".
I mean, it's the :CueCat. But comfy.
Come on. We can improve that! The next version of the bed will go into carnivorous mode if the subscription lapses: https://www.youtube.com/watch?v=vXrAK6sUZ_0
A lot of this bullshit only happens long after the sale has been made and consumers are blindsided when things advertised as free are suddenly paywalled off behind a subscription following a ToS update.
"The market" is never going to solve this. What we need are consumer protections in the form of laws and regulations with real teeth and consistent enforcement.
looks at DOGE
Yep.
Blame the engineers who know the risks of such foolishness that lack the courage and conviction to stand up to decision makers.
I raised this at a meeting and was told that they weren‘t going to change it because it made too much money.
I’m sure engineers raised issues about this as well and were shut down by the business people who are more than happy to risk customer satisfaction and security if it means more revenue.
I actually commend them for making money off the morons who dreamed this up. They've hopefully put it to better use.
Great line. And my eyes bugged out a little at this part as I also realized what the implications were:
> - They can know when you sleep
> - They can detect when there are 2 people sleeping in the bed instead of 1
> - They can know when it’s night, and no people are in the bed
I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.
1. Work in tech
2. Do care about security
I think this product in particular really attracts the tech nerd life optimizer types.
What if they have a ton of sensors which relay enough information to re-construct a 3D mesh of activity on the bed that they can remotely view? And their more curious less ethical employees give nicknames to particularly "active" or "interesting" users? And start placing bets on their favorites? And start connecting the dots on who is sleeping with whom?
More seriously, this is just a data collection mechanism to learn about user habits that can be sold to other companies and/or use to start new lines of business.
Anything that sends back data, without your clear and expression agreement, isn't sending it to help you.
https://www.technologyreview.com/2024/02/27/1088154/wifi-sen...
It’s better than that. He’s putting in backdoors where they sleep. I’m sure there’s a market for that data.
Once you realize just how important quality sleep is, and how much this can help, $20/month bed subscription becomes a laughably small price to pay.
- What's required to justify this cost?
- How many features and updates does the app require?
- What could the ongoing server costs be?
- How many people maintain the software?
Plus, these things are only piping out data when they're in use, right? So... Only 1/3 of the day, if that.
Then the feature set, who knows. Is it just a readout with some fixed controls for the firmware in the eight sleep?
How is that justifying $20? Every single month?
I know software (especially when hardware is involved) can be more complicated and demanding than it appears on the surface, so these are genuine questions. I'm very open to having bad assumptions here. It just doesn't map to my experiences properly. Especially since the customers pay a premium for the hardware upfront.
I guess if customers are willing to pay, it's fair game.
on the other hand, paying 20$/month for the right to use the bed, that your purchased at 2000$ cost is a ripoff.
sleeping isn't costly, has never been, yet a company is trying to enforce it and i can see how it doesn't go well with most people.
The market is ripe for the taking, but nobody has attempted to compete with EightSleep. EighthSleep is sleek AF, the competitors seem like they are from the 90's, in all the worst ways (HydroSnooze doesn't even have a remote).
Think of the alternatives I have: Sleeping pills. Sleep studies. Benzos. "Supplements." Weight loss. Working out. Sleeping hygiene routines. FWIW, I've done/do all of these. They work, and they are work.
Sleep is more important to my health than what I eat. Some of us are like this. You know us. We're your colleagues, friends. You've seen us, heard us mope around.
I checked it out because I saw Bryan Johnson talk about it. Found it to be stupid, the price, the app, the subscription, I get what everyone here is saying. You are right. But, there was a free-x-nights trial policy and curiosity got the better of me.
So far, it's been amazing (5-6 months in).
+ You can slap a faux button/area on the bed to change temp without the app.
+ This App, mentioned in the article, it works 100% of the time, and it's fast. I suspect it's over LAN when you're home, at least it's that fast. For comparison, $3.2 billion dollar Nest's app isn't reliable nor fast -- How many total days of your life have you already lost to a synchronous thermostat app that needs to auth/connect with Google before you're allowed to change the temperature of the room you're sitting in? :) Come on, tell me the truth!
Does that help clarify why this sells?
Note: The bed is now $3k, not $2k, plus sales tax. Amortized over 5 years $3k + $240 * 5 = $4200. Divide by 60 months.
Note: Lots of misunderstanding in the thread by people who haven't checked the product out. It's not even a bed, guys, it's a liquid-cooled cover that fit's on top of your existing mattress. If you want the motorized mattress that lifts you when you snore, that's another few thousand dollars.
Well, working out will help with weight loss and will have a lot of other beneficial effects in the long run.
> FWIW, I've done/do all of these. They work, and they are work.
But you already know that.
It uses a bag-like sheet that it blows air into, to adjust temperature. For women suffering* through menopause, being able to adjust around hot/cold flushes is sanity-preserving!
* Some women don't suffer much during perimenopause or menopause, but it's a process that seriously fucks with one's hormones. A word of advice to any partner of a woman going through perimenopause: believe them when they tell you what they're going through! So many partners don't realize just how much this can mess up someone, they deserve every sympathy possible.
If you're running HomeAssistant and you want better controls, grab a spare ESP32 and run the ESPHome BedJet integration. https://esphome.io/components/climate/bedjet.html
(A little ironic you need an external ESP32 to talk to the internal ESP32 that is the BedJet's guts...)
Is the Bedjet really that good? Would your wife recommend it without reservations? Are there any other product that have made a difference for her?
Apologies if that's intrusive but improving Sara's sleep would be life-changing for her.
[Followed by a screenshot of the EightSleep CEO publicly tweeting about SF sleep data in Nov 2023.]
This is reason enough to not patronize this business. What a creep.
I remember because I signed up for e-mail updates. Glad I never signed up though. IIRC, I was turned off by the same issues the author “overlooked”.
A subscription for a bed? Fuck off
Also: citation needed. A quick Google says it's not illegal as long as the government entity confirms it in writing.
This looks a lot more like the device fetches updates via SSH to a remote update server, and the authorized_keys entry is vestigial.
More sycophants coming out of the woodwork.
That's the health secretary's words.
He knows when you are sleeping,
He knows when you're awake,
He knows when you've been bad or good...It's good for temperature control, you can set a profile that changes over night. The cooling is a complete fix for night sweats. It heats too, but I don't use it. I don't use the sleep tracking features.
My only semi-major complaint is that the pump is kind of loud. Only annoyance is that you need to have it connected to wifi w/ internet to set the temperature profile w/ the app, but it keeps working afterwards w/o internet.
We only had a book in my native language on Pascal. I had heard of C from a magazine that had a CD with a C compiler on it, and I walked into a library wanting to learn C but all they had was a dusty book on COBOL in Russian. Later I bought a book on x86 assembly, also in Russian, because that's all I could find, and it just felt like I'm living inside a leaky bucket whereas I was hungry for the firehose of knowledge.
When we got dial-up Internet, I did not sleep for days. The floodgates were open. I had access to tons of information online, in original English, from primary sources. People I've only had heard about, like Torvalds, would just share information directly on the Internet, like it's another Tuesday. To me it felt like I went to Disneyland and I was meeting all my heroes. You can just... learn about any topic and see the people who invented those topics. You could even send them messages.
25 years later, I still feel like that kid sometimes. I'm thankful for HN. Alan Kay replied to me once, and it made my year! Alan M-Fing Kay. I met rms once in the flesh and could not believe my eyes. I regularly see messages from Walter Bright on HN like he's a real human being and I have to remind myself that yes, he's alive, real and I exist in the same world as him and can actually interact.
I and kids around the world these days are lucky to not be stuck in a world where you cannot learn more than they let you.
A rare exception to the usual.
https://www.radioworld.com/news-and-business/headlines/reciv...
But I wouldn't recommend anyone buy it now because of the subscription.
It is good to know that there is an option to continue using it if the company decided to no longer grandfather in people who bought before the subscription crap started.
Well, each bed contains a full Linux-based computer. If my estimations above are correct, all of Eight Sleep engineering can take full control of that computer any time they want.
I think that was already a given once you agree to silent automatic updates.
Someone told me they returned their 8 sleep because of the constant fan noise of the computer running the thing. He told me it was like having a server in your bedroom.
I am also not keen at all needing to have my phone in my bedroom either. At the end of his life my father had some health challenges and it wasn't uncommon for a nurse to call me in the middle of the night. It was all the other calls, people tweeting or slacking at me that made it really challenging to get any sleep.
Still looking for something where I can collect sleep data if any entrepreneurs can solve these problems.
But if you're not willing to keep a watch while you're sleeping they have "Sleep analyzer" that you put under your bed to collect Sleeping data, but I never tried it !
I'll do you one better on "collecting sleep data". I've been in the neurotech/sleeptech space for the last 5 years developing https://affectablesleep.com
After getting an Oura ring years ago, and it telling me "you didn't get enough sleep[deep, REM]" I was left thinking "so what?? don't tell me I didn't do it, help me to do it!"
From what I've seen in the market, possibly with the exception of 8Sleep or CPAP (for those who need it), is that everyone is focused on counting minutes, and adding a few minutes to sleep. Particularly "fall asleep faster" where they promote "fall asleep x% faster" where x% in minutes is like 7 or 8 minutes.
What is really valuable in sleep, and particularly deep sleep, is not really the time, it's the restorative brain functions, and at the moment, we are focused on one metric slow-wave delta power. It's not how many minutes you sleep, it's how much sleep is in each minute.
Of course, there is sleep data along with that, but if your sleep is optimized in the time you get, do you really care about the daily data?
- They can know when you sleep
- They can detect when there are 2 people sleeping in the bed instead of 1
- They can know when it’s night, and no people are in the bed
[...]that bypasses all forms of formal code review process.
It's not a bad article, but it does seem to make a lot of assumptions, and you already agreed to let arbitrary code run on your network when you added an IoT device to it.
I think the blog post uncovered that here... the CEO is a total creep
I see at least one aquarium chiller on amazon that uses a compressor, but then you have to wonder if it's quiet enough to sleep next to.
However now I want to try this aquarium chiller...
Not scams in the sense of swindling money, but that they are appendages of a private or government intelligence network.
If you genuinely care about your customers, can't you simply feel guilty of doxing such sensitive data about them?
Some evil entities what to know when you sleep, wake up or if there is someone else in the bed.
I am not against technology, this can be done responsibly via offline support, self hosting options, E2E Encryption, Homomorphic computing, differential privacy etc.
But I guess implementing those would interfere with the scam i.e the main objective, which is spying on you.
I think what is often missed in "company gathers data it doesn't need" scenarios is not that someone inside Eight Sleep abuses the data, or the company itself does it, but them gathering this data for years and then losing it to some 14yo hacker who promptly posts it and suddenly all your data is public.
The inside job may sound a little far fetched, but the latter is only a matter of time.
Once it happens multiple times with different services, everyone gets access to everything about you.
(Not talking about DOGE btw).
I no longer can trust that someone is looking at my TV data, Oven data, thermostat data, etc and tweeting about it.
And for those who prefer a warm bed, isn't it simpler and cheaper to warm the room?
I have to say it made my sleep significantly worse - I was shocked at how bad the temperature setting was - shifting 1 degree warmer or colder was often too much. I also noticed quite a bit of manipulation of reviews & comments on Reddit / subtle sponsorship on YouTube. (=> fake comments, upvoting/downvoting, and unofficial sponsorship).
Maybe it really does improve some people's sleep, but just the noise itself from the Pod meant I needed earplugs to not be disturbed by it. My suggestion is to avoid buying at all costs...
Anyways, feels good to be vindicated.
before anyone tries to mock me for mentioning EMF: https://pmc.ncbi.nlm.nih.gov/articles/PMC5247706/
1. Kenises should be Kinesis
2. The URL template contains {anynumber}, the text refers to anynumbers (plural)
I would be interested in knowing who the buyers for this stuff are ..
Who in the sane mind buys that.
https://raw.githubusercontent.com/bambax/hntitles/refs/heads...
And this is why I have any device that needs connectivity to the Internet to function in its own vlan with very specific and oppressive rules about what can talk with what. If you don't have a fancy router, use your guest network for these things.
I hate this future.
Alas, our hope to recover whatever social benefit was in SpaceX and Tesla is with Bezos's companies, although at least the EV space is more diverse. SpaceX cannot be wrested from Musk and TSLA and its board is preferred-stock controlled by Musk.
Any source for this? I can’t find anything that says the Musk has enough voting power in Tesla to not need others’ votes:
https://www.techopedia.com/largest-tesla-shareholders
This is a pretty in depth analysis that shows that Musk needed retail votes for last year’s compensation and re-domiciling votes:
https://clsbluesky.law.columbia.edu/2024/07/01/how-tesla-pum...
Wait until Eight Sleep "upgrades" the connectors to be "incompatible" with Aquarium chillers.
Uh, I don't think I want to buy a used mattress cover on eBay, thanks.
Now if a competitor crops up that has better privacy and a better CEO, I'll swap in a heartbeat.
Note: I don't pay for the subscription, just the mattress topper
"In the second screenshot, we have the public key that’s authorized to access the device. The email address attached to the public key, eng@eightsleep.com, to me suggests the private key is likely accessible to the entire engineering team."
He has no evidence for this whatsoever and not really any good reason to assume it either.
"In the first image, we see evidence SSH is being exposed remotely, to a far away host, remote-connectivity-api.8slp.net. Typically SSH would only be accessible to the local area network, but the variables in production.json would seem to imply this access was opened up to a remote host."
This isn't how SSH works and he doesn't seem to have enough information, or enough knowledge of SSH, to understand what's being done with the "far away" hostname.
This article is just clickbait nonsense, which should have been obvious from the title. It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup. Based on the fact that the founders seem to have a superficial understanding of technology but a well-developed understanding of hype and bullshit, I am not interested in exploring their business further.
I'm not sure what kind of evidence or reason you're looking for, I think their assumption is pretty sensible.
> This isn't how SSH works
Maybe I'm just naive, but the wording of it to me seems nontechnical enough that I think the author is skipping over things on purpose. For example, how exactly that "far way" host he thinks is involved.
I'd personally imagine it's a reverse shell type deal going on, although why SSH needed to be involved in that I'm not sure. Could be just a hacky implementation. But it's really not that far removed from sensibility, vendors popping reverse shells without authorization really wouldn't be new.
> It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup.
Didn't even notice that. Can't imagine too many other people did either. So maybe not so clearly?
Are you denying there is a config file pointing to a target called remote-connectivity-api.8slp.net?
No there's not enough evidence to prove in a court of law who has access to the private key, or that the config file is enabling a return ssh connection, but it's pretty damning.
The only thing that's not newsworthy about this is that large amounts of IOT shit does this.