Contrary to the popular sentiment in a lot of the comments here, there’s not much value in the analytics. As we all painfully found out in the 2010’s, there are only two viable recurring revenue streams in the IoT space - charging for video storage and charging for commercial access. Chamberlain does both with the MyQ cameras and with the garage access program to partners like Amazon and Walmart. Both retailers have a fraud problem (discussed here https://news.ycombinator.com/item?id=38176891). “In garage delivery” promises dropping delivery fraud to zero - ie users falsely claiming package theft. That solution is worth millions to retailers, naturally Chamberlain would like a cut but only if they can successfully defend that chokepoint.
For historical reasons having to do with the security of three or four generations of wireless protocols used in garage doors they can’t (and products like ratgdo and OpenSesame exploit this.) Other industries such as automotive have a more secure chain of control over their encryption keys so one has to (for instance) go to the dealer to buy a replacement key fob for your Tesla for $300 and not eBay for $5.
Given the turnover in leadership there I’m not surprised the new guy needs to put their hand on the plate to see it’s hot, but there’s a reason this wasn’t implemented before and it wasn’t because of lack of discussion. I can see the temptation in going for monetization given their market share but I think this approach was ill conceived rather than fix foundational issues which would allow home users to integrate with 3rd party services and still charge industry partners for reducing incidences of fraud.
AND
Chamberlain expects me to weaken my digital security posture so they can run some opaque crap on my network¹ that I have very little observability into and even less control over so they can make money?
Money is one hell of a drug because they are high.
How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.
[1] I have a default deny in AND out isolated vlan for crap like this, even if you don't have a network background try to set one up if your networking equipment is capable.
E.g for us in South Africa, this would be unthinkable, regardless of how much time it saves the delivery company. The only time a parcel is left at the door is when it's UberEats. Otherwise delivery is rescheduled if we don't physically collect parcels in person. This is partly an access issue (many houses/apartments/estates have gated access) and largely a trust/crime issue.
I mean, they already do exactly this — this is what Amazon Lockers are. It's just only seemingly worth it to Amazon to deploy them to commercial customers, e.g. at post offices, in front of Whole Foods locations, in some very large apartment building complexes, etc.
(My own guess as to why the economics don't work out for individual residences, is that a hypothetical smaller locker — one small enough to fit on a porch — would also inherently be lightweight enough for thieves to just cart away wholesale.)
Let’s just take a step back here and recognise that we’re asking online retailers to leave our deliveries outside our homes, with direct access to members of the public, but we’re also asking for them to assume responsibility if the packages are stolen.
Morally, in isolation, it’s not a very defensible position for the consumer to take. I personally don’t feel so bad about it when it’s Amazon — they can afford it, basically — but in general it’s not realistic for porch pirates to be anyone else’s problem except the consumer’s.
Most people get quite irked when someone steals their Amazon package between the time it was left at their door and the time they actually try to get the package. Hence for most people who occasionally receive Amazon packages when no one is home to quickly take it inside a way to let Amazon put the package in their locked garage is a benefit.
> How about amazon builds (at their expense) an amazon controlled box, slap a mcu on, do authentication over nfc, rfid, etc etc. Offer it to customers free of charge, hell throw in a sweetener to get them to adopt.
Like Amazon Lockers? That's not as convenient as delivery to your home. Or do you mean they should provide lockers to individual homes?
I'm not sure that would work. If the home locker was not very heavy or very securely attached to something immovable package thieves would just steal the lockers.
As for your security concern it's not unfounded but if your garage is built like most in the US there's probably already a locking exterior grade door between it and the outside because a garage door isn't that great as a security barrier to begin with unless you remove the pull cord that unlocks the door from the carrier.
About Amazon, how fucking hard is it to use a fucking Naive Bayes classifier to just check if product title or description changes significantly? Hell, do it with Babbage or some other (not L)LM that's cheap as fuck. We already have clear leaks showing that they fuck over sellers with their price lockins, are you really hurting them more by dropping all those product reviews? You can also do way better by using an image classifier. I have a hard time believing a company that's bragging about how many robots it uses in its warehouses and replaces shitty support with even shittier LLMs is not going to actually result in higher profits by doing this. A few returns probably covers the cost because shipping is expensive (something they already don't get right. Haven't had 2 day prime delivered in 2 days since 2018...)
Also, anyone else find it weird that stores on Amazon don't list all their products? Like you can click on the store page from the product and then that product is nowhere to be found. Want to reduce scams? Force the listing of their entire product directory. I already can't rely on reviews, you just are making it harder to trust you.
I really do wish there was a halfway decent alternative to Amazon. Even Target and Walmart's online stores are more attractive, just limited. But this seems to be a generally sucky space and I don't understand why. Don't even get me started on NewEgg...
> Money is one hell of a drug because they are high.
They're so high they're even turning down higher profits. But I guess the issue is caring FAR more about short term profits (quarterly statements) than long term (hell, even a fucking year). I really don't get this metric hacking bullshit bureaucracy we've built (and its not just isolated to the US or the West).
Ah, chokepoint capitalism. The problem with every company becoming a tech company is that they all expect unsustainable tech company growth. The strip mining of customers is also scaling up, so efficient that industries will destroy themselves. Can't wait until private equity owns the radios in my home, and controls not just the output but inputs.
Your campaign felt like a “butterfly flapping its wings causing a hurricane” kind of moment. You inspired so many entrepreneurs of that time to take a risk and crowd fund which then inspired another generation. Some of whom ended up huge and going public like Peloton.
Regarding choke points - I don’t think they’re all bad. Sometimes certainly, but others it’s a defensible moat that forces an industry to specialize into various key players that serve integral roles. I’m thinking specifically of semiconductors with companies like Western Digital locking up storage, Qualcomm with radios, ARM with compute, Samsung/Hynix with memory, etc This creates a stable enough ecosystem to build various software abstractions on top.
Personally, I hope that Amazon doesn't play ball. You can TRY and seek rent from the world's largest retailer, but you need them, they don't need you.
My main takeaway is that Amazon should offer a discount to deliver packages to buildings with staff to accept the packages. They never go missing, so less refunds, and the building staff does not charge Amazon to receive packages.
The business dynamics are pretty interesting, though. It could be that paying this company reduces missing packages so much that it actually saves Amazon money, which they pass on to consumers in terms of lower prices. Or, it could be that they charge $1 per access, and Amazon passes that on to the customer, and then people are disincentivized from using Amazon. Meanwhile, a competitor (say, Walmart?) brokers a deal where they hide that fee, and take enough customers away from Amazon that Amazon has to play ball (and now the price is $2 per access). Costs go up for everyone.
The phenomenon of partnerships like my hypothetical above are very interesting to me. Every so often I check what I can use my credit card rewards points for, and most of the offers, to me, seem like "failing retailer desperately needs a customer" rather than anything I actually want. Thus, the partnerships must be a pretty important tool for companies that are not in first place.
Finally, I think about the long term effects of this sort of thing. Everyone wants a % of every transaction. "Oh, you turned your lights on when someone came to deliver a package? Pay the manufacturer of the light bulb $1 and your electric company an extra $1." This will look like "economic growth" to each of those intermediaries, but in the end, they just devalued the dollar. ("Inflation.") We end up with bigger numbers, but actually decrease the amount of "value" floating around.
That's most of the tech industry in a nutshell. From the office suite through all the "self-service" web/mobile interfaces, self-service checkouts in stores, to stuff like this - it's all making you do the work that was previously done by full-time professionals. It's a net loss of efficiency, and it only looks otherwise because salaries of full-time professionals are legible to bean-counters, while the same workload redistributed in tiny bits to masses of people is invisible in balance sheets.
In short: I'm starting to believe that most of the "improvements" that came with software are actually just accounting tricks, and this is why actual performance gains don't seem to track expected gains.
Off topic, but FWIW: Teslas don't in general use fobs (maybe you get one with an S or X?). You can buy one for $175 if you want, but in general the primary unlock mechanism is the app on your phone, with the effective root of trust held in an RFID wallet card (of which you can buy extras for $20 each).
If a homeowner wants to let Amazon, Walmart, etc to open their garage door, it should be up to him to provide them with an access token/secret/etc to enter, just like you can put a door keycode in the order notes. The interaction should be purely between him and the retailer and there is absolutely no need for some rent-seeking scum to be involved.
The disgusting business model you seem to be justifying is akin to house builders/contractors being perpetually owed a cut every time you invite over a guest into your house or they switch on the lights.
2. Through research they find user wants to interact with their smart device while outside of range of wifi/bluetooth.
3. Company builds device firmware and cloud infrastructure to support this goal.
4. Company wants to simplify business logic and doesn't provide local (wifi/bluetooth/zigbee) support. Online only can service both on-premise and off-premise.
5. Company needs to reduce costs and justify ongoing operational costs of supporting this cloud + device service.
6. We arrive at the current solution.
If a garage door manufacturer offers me a (free, local) API to fully control my door and allows me to check a box to let Amazon in, what, exactly, is the problem? Sure, I could also allow Amazon in without checking the box (assuming Amazon offers the appropriate integration and I'm willing to deal with maintaining my side of it), but it also seems okay for Amazon to pay the garage door opener company for the first-party version. Everybody wins.
Forcing the actual device owner to use a crappy cloud service is an entirely different story, but it's not required for the Amazon business model. Similarly, many video recording devices support ONVIF and have an optional paid first-party video storage. (And I imagine that quite a few commercial users demand the former -- no one who operates a concierge/security desk or a serious office building or a warehouse or an industrial site has the slightest interest in using four different first-party cloud offerings from four different vendors of their various gizmos that contain cameras. They are going to run one NVR, possibly with off-site backup, with one integrated system for viewing and analyzing the feeds. And they will pay handsomely for that, and they're paying that money to one of several established companies in the space, all of whom require at least token ONVIF or RTSP compliance, and they aren't about to kick any of that money over to the camera makers, because there is no shortage of competing camera makers.)
https://i.imgur.com/lNOXdhe.jpg
If you have a Chamberlain garage door opener and looking to connect it to HA you can do this too.
Same, but this is irrelevant to the point GP was making. Some minority of people do want Amazon Key (and similar services), and those people are now unable to claim their package wasn't delivered once they sign up for the service.
Add those people up and you have something worth millions, even if there aren't many of them.
It doesn't work like this. Delivery workers use an app that opens the door, so if they are at a wrong location, it will be immediately apparent.
Swap in a more traditional automaker, and your point remains correct.
Premium users pay $300 to replace the fob on their Model S / Model X. Mid users pay $175 to replace the fob on the Model 3 / Model Y. And an entry level option exists for the cards. Plus programming fee. Handling fee. Local taxes. Processing fee. Etc :-)
Without control of their PKI anyone could self program a replacement for a few dollars as is the case with the garage door market.
As an aside, I find the fob useful for booting the car up prior to getting in, rather than waiting 40 seconds before the fly-by-wire shifter starts responding to commands to put it in gear.
The keyfob is super-useful. It fits perfectly into that small jeans pocket (that was originally meant for watches), so you can trigger the trunk/frunk opening without taking the fob (or phone) out.
I was burned by this change. I don’t know if anyone at Chamberlain is reading this, but you guys have neighbors, users just wanna keep their home safe. You’re one TikTok away from a crisis when you do stuff that is anti-consumer.
The API breakage coincides pretty well with their brand new CTO, whose objective is apparently "transformation to a smart access software company".
It's unclear if the CTO just doesn't understand that "DDoS" generally implies malice, or if they're intentionally using that language to blame users for using their product.
Good news: ratgdo, an ESP-based local solution works great. I hope the author is making a decent profit on the kits.
I've definitely seen "DDoS" used when there was no malice, such as when a developer accidentally releases a client that generates way more traffic than it was supposed to. Probably because we don't seem to have a good term for "event that at the server looks exactly like a malicious DDoS attack but was actually due to a mistake or to the server becoming unexpectedly popular" :-).
My favorite example of whatever we are supposed to call this was John Carmack in 1997. From his 1997-12-09 .plan:
> Cyrix has a new processor that is significantly faster at single precision floating point calculations if you don't do any double precision calculations anywhere.
> Quake had always kept its timebase as a double precision seconds value, but I agreed to change it over to an integer millisecond timer to allow the global setting of single precision mode.
> We went through and changed all the uses of it that we found, but the routine that sends heartbeats to the master servers was missed.
> So, instead of sending a packet every 300 seconds, it is sending one every 300 MILLISECONDS.
> Oops.
> To a server, it won't really make a difference. A tiny extra packet three times a second is a fraction of the bandwidth of a player.
> However, if there are thousands of network games in progress, that is a LOT of packets flooding idsoftware.com.
> So, please download the new executable if you are going to run any servers (even servers started through the menus).
I did do some napkin math to quantify how much that bad traffic may have been: HA estimates between 6857-25576 intallations of the MyQ integration. Let's say 16k clients. HA makes it really easy to detect and "add" the integration (which counts as an installation even if it's not configured), so, that's definitely not all clients hitting the API. Let's say it's 50%, so 8k actually using it. Most users just notice myQ is broken. Let's say some fraction retry, which would look the same as an extra user from a volume perspective. Call it an even 10k users (including repeat users).
The most recent change is after they broke everything past the OAuth dance. Let's say the OAuth request is 1kB. The retry code retries up to 5 times with exponential backoff. Let's say 5 requests over 10 min.
(5 requests / 10 minutes) * 1 request/user * 10k users = 5k requests/minute, or 83 per second, amounting to 83kB/s inbound.
There's no reason to assume those requests would synchronize, but I'm sure there's something (let's say every single myQ user updated at the same time).
If what they're saying is true, sounds like actually malicious botnet wielders can ransom the living daylights out of them. Given 1Tbs DDoS attacks they'd only need a tiny fraction of the full bore ion cannon! ;-)
[1]: https://github.com/arraylabs/pymyq/blob/master/pymyq/request...
This is a problem with the service, not with the developer.
If the service (doesn't want) / (can't handle) something, then it should rate limit it's response.
If the service can't handle "0.2%" of it's clients making a 'not unreasonable' amount of requests, how will the service hold up against a hostile actor who aims to DDOS their service.
Absolutely. Used to work on the Identity team somewhere. Dev accidentally removed code that was supposed to cache a token on a very chatty service. Brought auth to its knees and called it DDoS.
You can go and engage him directly on the topic, maybe he'll present a perspective we haven't seen, or maybe he'll listen to your arguments and reconsider:
https://www.linkedin.com/in/dan-phillips-9a33831/
(and no, this is not doxing: his profile is public).
The ratgdo is more trustworthy, and it just connects (really easily, too, especially with the new v2.5 board) to the opener via the same contacts that the dry contact button does.
https://www.athom.tech/blank-1/garage-door-opener-for-esphom...
I used a local Meross install on my old garage doors, time to break them out, but ugh...
What a shit move to pull on your existing customers.
Then I watched the discussion on discord and realized I’m not alone albeit still a small percentage.
Then I see this as top post on hn.
It’s frustrating to have a company do this. I don’t agree with their choice. Plus forcing you to see ads whenever you open or close the door is Orwellian.
Now I need to somehow sell this device on eBay with hopes a large percentage still wants it.
I wish ratgdo a ton of success and have several on order.
I would try to sue that manufacturer. I hope it we'll be pulled to a court.
This will most likely be a significant factor in though, though good luck getting them to admit it.
HA users will mostly be bypassing the app and therefore not providing revenue via ad impressions.
What brand is he moving to? Does it work with Home Assistant?
I can't recall the last time I saw a garage door that wasn't Chamberlain or one of the brands they own. At least in my area they seem to have a near-monopoly.
One reason this is tricky to do is because up until let's say the last 6 months or so, myQ _wasn't_ hostile, even if it was Cloud-based. (I get that that aligns with your point! I'm not arguing with you there.)
The obvious way to implement this would be to have a front-and-center filter for cloud/local, so that one could use it to check which brands to consider before buying new connected hardware. It's a use case people have been asking for years. It's the only reason one would want to access a searchable list through their own page (as opposed to googling "${brand name} home assistant").
What's the blocker here?
any takers?
Wow, what a contemptuous statement.
I have news for you, Chamberlain Group. You are not only alienating, being hostile and losing a "Small percentage of users" (most companies would prefer to call them "valued customers", but I get it). You are causing an enormous permanent damage to your own brand.
I am in the market for a new opener.. I just need the physical clicker.
I will not be buying one from this brand, as even if I do not need the HA functionality I no longer trust them as a company.
That doesn't need to happen for the Charlatan Group to struggle. Most current hardware companies are dependent on the customer to renew their hardware every 5 years.
Just put it on the porch. Not everyone lives in an area with a package theft problem, let those folks work out their own solution but don't punish the rest of us.
There are plenty of places in the US where packages left on the porch aren't secure, but there are also plenty of places where it's completely fine and saves everyone time. I've never once had a package stolen off my porch anywhere from an apartment in the Bay Area to a house on 10 acres in rural Oregon. I really think that the places where package theft is rampant are the exception, not the rule.
I worked, like most folks, and people are not generally home. The pickup location took two hours to get to via public transit. That’s a four hour round trip. There was one and only one pickup location in the entire NYC region for fedex.
It made life impossible. Amazon came along and decided to take responsibility for losses directly and instructed carriers to leave packages and not reattempt delivery or hold them. Customers vastly preferred this, carriers too as they saved tons of money. Amazon got a reputation for being much more convenient to order from. Their losses as a percentage were low compared to essentially owning mail order due to the convenience. When I had packages stolen they immediately shipped a replacement no questions asked.
Amazon Key is an attempt to mitigate theft but also a lot of folks just feel uncomfortable with packages on their front step. The idea of leaving you garage slightly open for deliveries isn’t a new one, but the Key product improves on that by only opening for the delivery person and recording their interactions to ensure they don’t do something they shouldn’t.
I used it briefly but I didn’t like it because I have a workshop in my garage and I just didn’t want people seeing what I’m working on. I wasn’t worried they would rob me per se, just didn’t like showing my work in progress to random strangers. If it opened the garage slightly to allow the package delivery I would have kept it but it opened 100%.
I only have MyQ for Amazon Key. Fortunately Amazon also supports the Aladdin Connect - which works with all garage doors. And is fully supported in Home Assistant.
I have one on order and will be swapping out, bye bye Chamberlain.
Would be nice if this functionality could work with arbitrary openers via webhooks. You could even have a fancy auth flow that you trigger from your smart home dashboard so users don't have to know or care how it's implemented under the hood.
Sure, we're just a couple drops in the ocean, but eventually those drops can start to add up.
I see several other vendors / openers on the Amazon page for this service besides MyQ.
Genie being one of them, which seems to also support HA just fine
Well, you could always strip it for copper, I guess...
40 bucks, HA, and about half an hour each (mostly fiddling with the ESP/shield pcb wiring inside the light cover of the opener from the awkward overhead-on-a-ladder position) for me to no-cloud smartify two chamberlain MyQ openers. Special sauce is that the device can MITM the "Security2.0+" signal and emulate the discrete functions of the wired wall remote, not just act as a dry contact relay on the motor.
Result is that separate entities are created not just for the door open(ing)-clos(ing) states, but also for the obstruction sensor and a separate switch to turn the opener's light on or off remotely, all exposed (as MQTT topics) in HA.
Why not "This device does not support local cloudless control" and "This device does not allow 3rd party software access" labels too
Garage opener is a 10+ year device, expecting the company/cloud service to survive for that long and still be supported is too optimistic, but local control will still be usable, even if some 'adjustments' are needed.
IOW, this real reason is better than their dumb comment about "unauthorized use".
I' absolutely pissed - I just called the folks who installed my garage door and explained the situation to them, and recommended that they look for a different brand for anyone that wants wi-fi access in the future.
APIs were more readily available and open. Mashups were usually encouraged, so long as you didn't generate undue stress.
Nowadays its a million tiny business silos hoarding tediously-obscure-but-still-sometimes-useful data. And you have to prove that what you want to do with the API doesn't infringe on their ability to capitalize on it better.
The irony is that all the data is way more easily accessible from a technical POV now due to the prevalence of SPAs and REST, but the legal environment is significantly more dangerous.
https://github.com/make-all/tuya-local
One of the main things these “smart” devices do is use your internet connection. It’s wise to create a dedicated _IoT suffixed wifi which can’t access your network or devices, but at the same time your other devices can ping them.
How?
This is a pretty solid guide of a home network setup here. It can be running a $50 EdgeRouter X or translated to other devices.
https://github.com/mjp66/Ubiquiti/blob/master/Ubiquiti%20Hom...
Edit: comments below have additional info on Tasmota and ESPHome
Just a small warning: make sure to check whether your device needs to be added to the Tuya cloud to get a local API key. I was only able to get "my" lamp working locally after registering it via the app and creating a developer account.
Another option can be flashing it with Tasmota: https://tasmota.github.io/docs/Tuya-Convert/
To make things even worse, first position above you devices is an ad (for their other devices) and it periodically suggests that I connect it to Amazon so some random people delivering packages have the power to enter my home.
Genuine question, how?????
For the Germans (maybe other countries as well): The Lidl smart home things are nearly all Zigbee based. So far no problems with them and they are, IMO, reasonably priced. I somehow trust Lidl more to not burn my house down than random Amazon sellers. They also sell a Zigbee gateway that phones home by default, but can be converted to local only, dumb mode that works fine with Home Assistant [1] with a tiny bit of soldering. I use these exclusively without problems, even the one I rooted for my parents works without any maintenance.
List it cheep along with a warts and all discussion of it's problems. Means less waste as there's always someone who'll want it, people who are looking for the product hear about the limits upfront, and the company actually gets a real loss from you leaving (assuming it sells to someone who might have bought a new one).
Plus it's fun to try to convince enquirers why they shouldn't buy your item
I sort of have to assume in the case of large appliances that the manufacturer will drop support for it well before I want to replace it, and that if there is any sort of functionality fully gated behind an app, that it will become unusable to me at some point when I reset my phone and discover they’ve unpublished the app from the store.
I’d much rather buy a dumb garage door opener and bolt on that ratgd device mentioned in this post, than be beholden to the manufacturer’s whims and invariably godawful garbage horrible no-good app.
Protest with your wallet, buy from others, the sooner the hardware companies realize this is a stupid move (locking down), the sooner we'll have better integrations.
In my case, I bought a slightly-inferior product specifically for its HA integration; now that it's broken it's just an inferior product...
I normally leave it disconnected from the switch because I don’t need to open the door remotely and I am afraid that some exploit will have a Russian 13 year old opening and closing my door at 4am.
They never technically allowed it in the first place.
Homebridge and Home Assistant used a popular Python library that reverse-engineered the MyQ API from the Android app. Many companies couldn't care less until abuse ramps up, but given that Chamberlain (Blackstone-owned) has gone into rent-seeking mode all of a sudden (or an incident happened that they won't disclose but prompted them to take a hard look at this), they decided to turn the Cloudflare Super Bot Fight stuff way the hell up on their OIDC token exchange endpoint (you can still request auth codes).
I decided to abandon trying to get MyQ to work with Home Assistant (it would have required hours of trying to figure out what combination of headers would have passed the CF checkpoint) and ended up getting a Meross Smart Opener. It was shockingly easy to install (plug the relay device into the same pinouts that your wall door opener uses) and works even better than MyQ (in that you won't get a weird "close error" that prevents you from operating your door that not even MyQ customer service will clear)
---
I still use and recommend MyQ, however. The Amazon Key and Tesla integrations work great. If they had previously allowed API access but then rescinded it in favor of "providing a better experience" like Reddit is doing, then I'd feel differently. In this case, however, it feels like we took advantage of a backdoor for a long time and the club decided to finally put a lock on it. Shitty, but reasonable.
The next big one to watch out for is Ring.
Ring does not (will not?) support HomeKit. Lots of folks (myself included) have resorted to using Homebridge or Home Assistant as an alternative.
Both are using a library that reverse-engineered Ring's API (though Ring engineers supposedly contributed to it).
While the Homebridge plugin simply exposes device statuses and metrics and RTSP feeds for the cameras, Koush's scrypted NVR platform enables HomeKit Secure Recording for the cameras, which allows more adventurous users to skip paying for Ring Protect ($10/mo)
While I get a lot of value from Ring Protect and will continue to pay it, I really hope Ring doesn't decide to "improve the user experience" for us like Chamberlain did. I'd be really sad if that happens, since HomeKit is amazing and is much better than having a million apps on my phone that don't talk to each other.
I think "abuse" is the wrong word here. I'm just trying to automate my garage door. If there was a way to do that over my local network, without touching their servers, then they'd never see any traffic from me.
I sometimes wonder if Tesla nerfed the homelink functionality in the car just to encourage people to pay monthly for the MyQ software solution. I gave up trying to get my Model 3 to open/close the door automatically for me because the range is just abysmal. Went back to using a push button remote on the visor that will open the door from half a block away.
Just one of the most awful customer hostile products I've ever wasted money on.
I just clicked ratgdo's buy link to support the nice, well-documented open-source [3] project. In truth though I have the right hardware sitting around here already, so I might just use that depending on how long the "back ordered" status lasts...
[1] There's a Home Assistant integration for the Elk M1 Gold with some Python library; I also have my own WIP Rust library for interacting with it here: <https://github.com/scottlamb/elkm1>
[2] something like this one: https://www.amazon.com/Gebildet-Security-Rolling-Magnetic-Ap...
[3] docs at <https://paulwieland.github.io/ratgdo/> but the actual code is in a separate repo at <https://github.com/ratgdo/esphome-ratgdo>
ratgdo[1] is close.
I'm not big on DIY hardware. This has made the "pre-packaged" solution around an open standard nice. Integration within HA was very straightforward.
It is exactly this. Average Joe just downloads the MyQ app for remote control. Or uses Wyze, or Tapo, Kasa, etc, for whatever they buy. The number of people trying to get everything integrated into a single environment like Home Assistant is low. Which makes sense, because HA is a pain in the ass if you're not already technically inclined. Regular folks just don't have any appetite to deal with that.
If there's one thing I'm dedicated to now, it's that all of these custom cloud IoT things are transient user hostile junk. If it's not open source and in my control, then it's not mine.
Also I understand one of the reasons this isn’t a standard offering is because garage openers have a hard time not crushing things? Kind of surprised me.
I'm thinking I'll just get a cheap garage door opener remote, solder the trigger pin to the button on the remote, and tape that to the ceiling next to the z-wave controller. Janky, but at least I'll be able to get it functional again to send the command.
Honestly I was always bothered that it used a cloud API at all. The device is right there in my house, on my own wifi. Why should it even phone home if I don't need it to?
I just chucked my MyQ device and replaced it with a Meross MSG100HK--it works perfectly and natively with HomeKit--no cloud service required. Incidentally, the latency is much lower too.
The device is basically a wifi-enabled, USB powered "dry contact" switch. You connect the pigtail in parallel with your existing wired open/close button. There's also a magnetic sensor (similar to what old door alarms used) that goes near the door to verify it has closed.
Homebridge + HomeKit is also an excellent middle ground between Home Assistant and HomeKit alone w/o having to go with some cloud-based solution.
For example, I wanted my garage door to automatically open and close as I leave and arrive in my car. Here's how I did that.
I have a pair of dummy switches in Homebridge. One of those tracks the state of whether my phone is in CarPlay mode or not. I do this with a Siri Shortcut on my phone that toggles the "CarPlay status" dummy switch when my phone enters/exits CarPlay mode. The second dummy switch triggers my garage door to open/close whenever the dummy switch turns on/off. This is a work-around for the opener itself being a secure accessory which HomeKit won't operate w/o the phone being unlocked. The last piece of the puzzle is a HomeKit location-based automation: if my phone leaves my home location and the "CarPlay status" dummy switch is on, then set the garage door dummy switch to off; if my phone enters my home location and the "CarPlay status" dummy switch is on, then set the garage door dummy switch to on.
I drew the home location as tight as possible around my home. The door opens just as I'm pulling up to my home and I see it close just as I'm leaving.
As to why I don't just use the CarPlay garage door button: I mean, why automate anything? Also, if you have multiple garage doors, there seems to be no rhyme or reason to which door CarPlay gives you the button for.
As to why I don't just use the button on my rear view mirror: Again, why automate anything? My mirror also has 3 buttons and it's easy to accidentally press the wrong one.
I have about 20 schedules to close the door lol
That said, I _do_ have an automated gate controller. The installer wanted some insane amount to connect it to wifi. Politely no. An esp32, a couple of relays, some reading in the installation manual about control circuits and a bit of custom code... And now the gate is on local wifi, easily integrated with HA, and nothing opaque about it.
Do garage door openers have the same sort of control circuits?
My solution, after looking into every off-the-shelf option, was to take an esp32 running esp32home + Home Assistant and hot wire it to buttons and status LEDs on a remote + base unit and stick it on the shelf in the garage. It's not pretty, but it works reliably.
I’ve already soldered contacts to a garage door opener to a relay with esphome. That works well, but doesn’t give me as much info as theirs does. I also am at risk of the battery dying.
It’s incredibly annoying and dumb and I now have to get some. grumble
On a side note, i do love my home assistant, but ANYTHING that has to do with entry into my house is not and will not be automated, garage doors, door locks, etc. However that is my personal paranoia talking.
Aren't there plenty of great stand alone garage door openers that you can wire a smart relay or whatever into?
From what I can see there are plenty of "wifi garage door adaptor" options and everything looks to have pretty standard wiring, it's only not "plug and play" cause it's bare wires rather than plugs but it's essentially the same.
It's more like 'why not?'. It's still a dumb opener with a physical button and wireless remotes, and all the same third-party tricks work the same.
A nice thing about tight integration is that you don't need a bunch of extra wiring and a kludge to figure out door status. Minor annoyance, but real.
In any case, I'd wager a fair number of the people complaining about this don't even have the newer 'smart' openers, they have the original MyQ Internet Gateway or the newer MyQ Home Bridge. Liftmasters have been a very popular opener for decades.
No doubt they want to exploit that data and begin integration with all their shady Real State business [3].
Their new CTO/Executive VP says in one of their PR news: "With Blackstone’s partnership, we will capitalize on new market opportunities". And a Senior Management Director says "...unique opportunity to build on its leadership position at the center of housing and e-commerce megatrends (...) expansion into connected homes, businesses and communities" [4].
Very alarming in times that big owners are trying also to force biometric data collection in their buildings (see Atlantic Plaza Towers) or are blindly giving information to agencies (see Amazon Ring cameras and the likes).
Now, the rant:
Of course, with one hand the CEO is donating to buy his name in institutions: "There is a Stephen Schwarzman building at the New York Public Library, a Schwarzman centre at Yale University and the Schwarzman College of Computing in Massachusetts. Soon, the University of Oxford will open the Schwarzman Centre for the Humanities, funded by the largest single donation it has ever received." [5] and the other is receiving billions from universities like UC to speculate in real state [6].
One would say it's curious how Schwarzman creates a huge publicity stunt with "biggest single donation 'since the Renaissance'" (£150m) [7], but why would be important to donate to Oxford, when they have almost £8b in endowments... [8]
1: https://www.blackstone.com/news/press/the-duchossois-group-completes-saleof-chamberlain-group-to-blackstone/
2: https://www.wsj.com/articles/blackstone-to-buy-chamberlain-group-11631019601
3: https://www.theguardian.com/us-news/2019/mar/26/blackstone-group-accused-global-housing-crisis-un
4: https://www.prnewswire.com/news-releases/chamberlain-group-adds-top-tech-leader-dan-phillips-as-cto-to-accelerate-companys-technology-transformation-301744538.html
5: https://www.theguardian.com/business/2022/sep/29/blackstone-rebellion-how-one-country-worlds-biggest-commercial-landlord-denmark
6: https://www.latimes.com/business/story/2023-01-20/university-california-blackstone-real-estate-fund-housing-prices
7: https://www.theguardian.com/education/2019/jun/19/oxford-receive-biggest-single-donation-stephen-schwarzman
8: https://en.wikipedia.org/wiki/List_of_universities_in_the_United_Kingdom_by_endowment#Endowments_over_%C2%A31_billionno one has time for it
you bought the device you should own it
it's not even anything fancy where you could argue that continuous software updated need to be done or similar
also pass a law that all smart home devices had to go through a hub, no direct internet connection allowed, uh put it under "reducing DDOS potential due to long term issues with internet connected smart home device security"
I fully agree, this is the reason I mostly buy Zigbee devices for my smart home. The problem with this rule is that there is already a device on the market that complies with it on paper, but not how you intended: Amazon Echo devices act as Zigbee gateways. While I never tried it, I bet it will not turn on your lights without calling the mothership.
If this rule were to become reality, vendors would just sell your their "mandatory" hubs that handle the calling home part. Smaller vendors would no longer be able to offer their ESP based devices, even though I can easily decloud them via ESPHome etc, if even necessary.
From a purely idealistic PoV, I guess the only way we achieve ownership as you described is if we require by law, with proper enforcement, that reasonable technical people are able to connect to the device on a local interface. But this has so many weasel words already, it would be ineffective and/or lead to regulatory capture ("implement this 600 page, 200$ ISO standard based on XML, don't mind the proprietary extensions ensuring no interop!").
For me, the way to have some degree of ownership of my smart home is doing research before buying to ensure the device either runs on Zigbee, has a local network interface and does not rely on the cloud even for initial configuration or can be flashed with Tasmota or ESPHome with minimal fuzz. I don't see this changing any time soon. It is sad that you need to have the knowledge and time to be able to "own" your smart home, but I at least can help my "tech support circle" where possible to make informed decisions.
Assuming no authentication/encryption/intentional obfuscation shenanigans (which would need to be covered), I don't really care if it is forced to go through a local hub if only they were required to provide an easy mechanism for pointing the device at a local network endpoint.
> all smart home devices had to go through a hub
I think ultimately this is the only way to get it to even work properly, let alone last long enough that the next purchaser of a smart home can use it reliably. But it will also slow innovation and Big Tech will hate it.
https://www.grainger.com/product/LIFTMASTER-Commercial-Door-...
Reading this is the first I've learned about ads in the app (sure enough, I looked and they are there now). This annoys me greatly as if the device bought and paid for isn't enough, so now they get to serve up ads...
Are the device brand that are more adequate for Home Assistant?
I have a meross garage door opener that uses homelink (a standard that virtually ever garage door opener supports) to open/close the garage door with a sensor on the top of the door to detect when it's open and closed. It was $49. That's cheaper than myQ addons for chamberlain. It works with google home, ifttt and home assistant. (I have reminders set if the door is open for more than X minutes and if it is still open after a certain time of day).
Having to have "yet another app" (myQ) installed just to use a garage door is pretty ridiculous - if you're a power user you should understand the folly of using unofficial integrations and as an unofficial integration provider you should know you're walking on ice.
A garage door opener can be activated from the inside with a momentary pushbutton switch. It should be trivially easy to have a Raspberry Pi or similar wired in parallel, and have that running some code to enable remote operation by an app or service.
Having done some research into Chamberlain's products, I don't recommend anyone to use them if they have the choice.
I don't know what such a mandate would look like. I just know that we're at least a decade behind where we should be because the market isn't getting it done.
A quick Google search shows there were approximately 144 million homes in the US. Do wifi door openers really have 1% total home penetration?
More discussion over here: https://news.ycombinator.com/item?id=38186303
> Buy products that work locally and won’t stop functioning when management wants an additional revenue stream.
1. My wife can check that we didn't forget to close it instead of driving 20 minutes back home to quell her nerves.
2. We can let a friend or neighbor into the garage (or into the house if we use the smart lock on the door inside the garage) when we're not home. Without giving permanent access to a key or PIN code.
Also many smaller smart home device manufacturers with an app seem to be heading in the direction of wanting to expand into other smart home devices and lock you into their proprietary ecosystem, while the rest of the industry simultaneously seems to move towards more interoperability via things like the Matter protocol, presumably to make it easier to interact with various voice assistants without requiring an individual gateway for each one.
This is just another reason to distrust any smart home device that doesn't support ZigBee, Matter, or a similar purpose-built local protocol.
I thought all garage doors had this, but from ratgdo's website I learned that the newer Security+ 2.0 ones don't. Possibly as part of the same money grab to prevent local/third-party; paulgerhardt's comment nicely explains the motivation for that. [1]
If only there was a LOCAL way. But I can't poll the device locally. I can't send it commands.
But it is external to the device, you're right :) And for some crazy reason this guy is getting a lot of orders recently ;)
I can open the door from anywhere to let someone in if they've forgotten their keys (times I've done this is > 0).
I can enter the house through the garage if I've forgotten my keys (times I've done this is > 0).
I have given access to my house to a houseguest without giving them a set of keys to my house; I easily revoked this access when they left.
> Our customers rely on us to make access simple without sacrificing quality and reliability. Unauthorized app integrations, stemming from only 0.2% of myQ users, previously accounted for more than half of the traffic to and from the myQ system, and at times constituted a substantial DDOS event that consumed high quantities of resources.
Yeah, that sounds plausible, because:
- Home Assistant users are power users, thus more likely to actually use the devices in question;
- Official IoT software and integrations are uniformly shit, designed to discourage effective use (while maximizing data collection).
Thus, I read this statement as: "We're not happy that some of our customers decided to actually use the 'smart'/'connected' aspects of our product; our service-providing part was not ready to provide the service, and unlike the data collection part, it was never intended to."
Why in the hell does a garage door opener need a server?
Oh, data collection. And subscriptions. Nothing for the user.
I avoid any home automation thing that has any cloud backing that's not strictly optional. It's a strong anti-feature. In home stuff cloud means it won't work when the Internet is down, it spies on you, and it can become a brick or start requiring a subscription at any time.
And obviously people with HA will use it more than people that have to wait a ridiculous amount of time every time they open that stupid myq app. It was terrible.
>50% traffic from 0.2% of the users is far too big of a discrepancy to just explain it away with powerusers. Customers too have to follow a fair level of usage.
> designed to discourage effective use (while maximizing data collection).
What valuable data can they collect, if nobody is using it?
This is bullshit. Their app is bloatware that they use to try to push additional services like Amazon home delivery etc. I mean it’s just a button, that’s all it needs to do.
I’m going to replace it with one of the recommended devices. This is such an overt money grab.
Chamberlain/myQ makes very low cost (likely loss-leader) mass manufactured devices. Like anything else if you can identify 0.2% of your users leading to 50% of an issue you're having the reasonable thing to do (from a business perspective) is to just cut them loose. If this CTO or anyone at Chamberlain were to try to champion support for HA users people with the numbers would look at them like they are crazy. For 0.2% of the user base it barely justifies anything more than a 10 minute conversation with a foregone decision.
I use and love Home Assistant. While it's a "big deal" to techies and power users like us the total installed base (as these numbers show) is infinitesimally small when you zoom out and look at the total "smart home" market. There are 275k active Home Assistant installations[0]. This number is already tiny compared to myQ sales. Then you can check the myQ integration and see that it's only used by 3% of HA installs[1]. Home Assistant is insignificant to Chamberlain and Chamberlain is insignificant to Home Assistant.
For a device that sells for $30 8,250 HA installs is $247,500 of total device lifetime revenue. Chamberlain has $820m of revenue per year. Even if every one of these installs bought four devices that's less than $1m. They. Do. Not. Care.
Again, I don't love this either. It's a jerk move but when viewed through the eyes of a cold and calculating business it makes perfect sense. Frankly I'm surprised this decision didn't come sooner. Especially when you consider all of these awful commercial devices really want you to install their app so they can push who-knows-what and upsell at every possible opportunity. That's an entire revenue stream they will never tap into with users utilizing the API and few businesses can resist gobs of money they see as ripe for the taking. Sad but true and standard for nearly any business. Even more so for a de-facto monopoly like Chamberlain.
HA users and people here are outraged, and that is completely fair but with these numbers Chamberlain isn't even going to remotely feel this.
At the end of the day HA is extremely powerful and the ecosystem and maker-ish community around it is incredibly robust. A device with a contact sensor on door close/open and relay (or something) to toggle the door is trivial. It's what I've been using since before MyQ or anything like it was even on the market.
Just avoid the commercial "IoT/smart home" junk whenever possible.
I bought a Miku baby monitor specifically because of the 2 devices that offered a feature I wanted, Miku had no subscription fees. And they advertised that they never would. It cost $400.
Then they went bankrupt and during bankruptcy they sent out a proposal to start charging for previously free features. Then they retracted that proposal. Not sure if the judge shut that down, or what happened. But then they sold to a company conveniently created the day of the sale.
Within a month the new company forced out an over the air update that disabled most functionality until you pay them $10 a month (they went bankrupt in the first place because they did a normal over the air firmware update that bricked every single unit and had to replace them all).
Last time I checked they were still being advertised on Amazon as being subscription free.
Honestly I think we need regulation to force companies to purchase a bond to provide basic security and support for any IOT devices they sell for some number of years from the purchase date. I don’t see any sign of the market solving this anytime soon.
These days the local RF ones are very solid. Modern DECT-based systems use encryption and frequency hopping so once paired you're not realistically going to get someone listening in.
The only benefit I see for these cloud connected cameras is if you're out of the house and are going to check in on the baby sitter, but in the end I'm not even a big fan of that feature. There's tons of pros for the local RF ones and few negatives, and mostly a bunch of unknowns and concerns with the cloud ones.
You can report this action to the ftc https://reportfraud.ftc.gov/#/
Sounds to me like it's about time to publish some 3rd party firmware for the hubs/embedded controllers in the openers. Software developers who tolerate implementing consumer-hostile antipatterns all day long tend to be absolute shit at embedded systems security. At the end of the day it's just a garage door opener. The hardware is based on an FN-Link WiFi IOT module with fairly minimal customization. The door sensor is BLE. This shouldn't be too hard to root.
You don't need anyone's permission or API to control any garage door opener --- smart or dumb. The suggested "ratgo" device is one option but looks kinda overpriced to me.
Every garage door opener has 2 sets of dry contacts. One set controls the open/close function and normally connects to a physical button on the inside wall. This is easily shared with any other device. The other set is a limit switch that tells the motor to stop once the door is open. This too can be easily shared and read.
All that is required for full control is a wifi device with 1 output and 1 input that speaks Home Assistant. Sonoff or some other manufacturer must have an affordable one. If not, maybe I'll make one. It's not that hard with readily available hardware.