Haier, the air conditioner maker, takes down open source third-party Home Assistant integration

Dehydrated@lemmy.world to Mildly Infuriating@lemmy.world – 991 points –

Thankfully I don't use any of their products, but this really pisses me off. They claim that this open source project "causes significant economic harm to their company"

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause "significant economic harm"???

Consider forking the repository or mirroring it to another platform like GitLab, Codeberg or your self-hosted Git server, so the project can continue to exist and someone can maybe fork it and maintain it.

The effected repos are: https://github.com/Andre0512/hOn and https://github.com/Andre0512/pyhOn

If you don't know about Home Assistant, check it out. It's an amazing piece of open-source software, that you can run at home on your own server and use it to control your smart home devices. That way, you don't need to connect them to the manufacturer's (probably insecure) cloud. It gives you sovereignty over your smart home instead of some proprietary vendor-locked garbage. Check out their website and the Lemmy community: !homeassistant@lemmy.world

I also highly recommend Louis Rossmann's video about this: https://youtu.be/RcSnd3cyti0

He makes awesome videos in general, consider subscribing.

As Rossmann said, don't ever buy anything from such a shitty company that doesn't respect their customers. This move by Haier is nothing other than a slap in the face for everyone, who just wants to comfortably control the product they paid for. This company is actively hostile towards their paying customers. Fuck these bastards!

135

You are viewing a single comment
View all comments

This is ridiculous. It is truly ridiculous. How can something that enables the user to efficiently control their AC cause “significant economic harm”???

We're discussing this over in !homeassistant@lemmy.world. This absolutely has to be about them losing access to data they can sell to 3rd parties. The hOn ToS will no doubt have a clause that enables this.

It's a dick move for sure.

They want to advertise that their stuff is "cloud enabled", while offering the shittiest service possible and putting as many roadblocks as possible to minimize its use.

Having people use their services efficiently is increasing their cloud services bill, can't have that.

Personally, I've restrained myself from buying into IoT, and if I'm going to do so, I'll make sure it can be controlled locally without depending on a cloud service, and through a hub I can fully control. I need to be able to disconnect my modem and operate everything even if the WAN is down.

I basically run my house IoT setup as you desire. My smart switches are a mix of Tasmota (open source firmware, running totally locally) and ZigBee (an open protocol for IoT interoperability). The whole lot is controlled by a NUC running home assistant. My doorbell camera also streams directly to the server.

Home Assistant basically acts to glue everything together, and provides nice, easy to use GUIs. It can also bridge between networks. It's easy to have all your IoT things on an isolated network, with no internet access. Only the HA install can see both networks.

I've also been careful of WAF (Wife Acceptance Factor). If the internet goes down, almost everything keeps working. If the NUC dies, the switches still work as dumb switches. The bulbs all default to full brightness neutral colour.

I have a bunch of smurt plugs that require internet and I didnt know before buying that they cant be flashed. Jealous.

You can flash them, you just need some tools from AliExpress to hook leads directly to the UART pins on the ESP chip they're using.

Sounds way harder than it actually is.

It used to be most used esp8266 or esp8285 modules. Unfortunately, tuya have created a pin compatible module that explicitly can't be replaced easily. They've pushed it hard with their ecosystem, so it's all over the place.

There are still a lot of esp based devices about, but you need to be careful of anything with a tie in to tuya.

Is home assistant also hardware? How is it configured so that HA can see both networks? Is one of them visible through a USB interface or something?

They do now do a hardware option, though I've not used it. In one of my setups, it just uses the native ethernet, as well as a usb adapter. The software doesn't have any issues with this.

To control Zigbee/Zwave you'll need USB dongles. They did start offering their own hardware (essentially a purpose built Pi) but I'm not sure if it includes either of these radios.

My Home Assistant software and smart devices all are controlled locally and cloud access isn't used but there are other, much more important reasons to avoid running it.

You should avoid it because Home Assistant is an addictive monster. It starts as a hobby and then the next thing you know you're putting temperature sensors in your refrigerator and setting different brightness levels for your bathroom lights depending on the time of day.

Seriously though, the software gives an amazingly useful single dashboard for things you might use everyday including lighting, HVAC, alarm systems, weather, currency exchange rates, and entertainment systems. I use it every day.

Do you... set your thermostat based on the day's currency exchange rate? Do you wake up and say, "Honey, I can see my breath; the Euro must be down. Alexa, call my broker."

Like if you were bitten by a radioactive Scrooge, and got miser-sense

Lol - that's possible. I spend time in Mexico and Canada so I keep the exchange rates on my dashboard. Easier than looking them up every time.

I could set my the thermostat higher on cloudy days in the winter or more usefully, increase the setting when our cell phones are in the house and decrease it when we're away. One guy put a vibration sensor on his nightstand and tapping on the stand turns on his bedroom light. There are way too many possibilities, useful and not.

They probably want to pull a Chamberlain and sell a bunch of crappy buggy, inconsistent, error-prone addon services for $60/yr after you've already purchased the product.

But yeah, lesson mostly learned. Don't support companies who only offer cloud-dependent services because they will definitely turn on the customer when they reach the natural ceiling of people buying the product and start looking for extra ways to squeeze their customers.

Or go the BluAir route and offload all the processing onto the cloud. They sell the new machines for the same cost as the old machines, but they're dumb as a bag of bricks. If not connected to the cloud, none of the automatic settings work correctly. When you contact customer support to troubleshoot why it doesnt work on auto mode, the first thing they have you do is delete it and reconnect it to the app. No care about updates. Its just a fan on a wifi switch now. Total junk.

The tos should only apply to the software and not the hardware, right? Or do you need to sign a waiver when you purchase the damn thing?

Not sure about the Haier thing. My HVAC has an add-on "smart" controller that I had to pay extra for, and the ToS are no doubt attached to that.

The tos applies to their service, that is, they have a cloud service, and you have to abide the tos to use it. It doesn't factor into hardware or software specifically but their hardware and software might not work without the service

It doesn't work without the service. From the email you can tell that the functionality is going through their cloud service.

It's probably to access their API in order to control the device remotely.

And so they can't possibly actually do anything right? This is just a scare letter?

They probably can. I'm sure they've covered themselves with some bullshit ToS that governs the use of the cloud service itself, and acceptance is implied when you use the service.

There's a part of me that really wishes it could be challenged, though, by pointing out that leaving the cloud service open to public consumption without some form of authorization should simply be a case of tough titties to them. Lock your shit down if you don't want people like us using it in ways you didn't intend.

But, as we all well know, once lawyers get involved, it's simply too hard to fight this sort of shit.

Genuine question, since the code itself doesn't infringe on IP (I think) wouldn't the user executing the code be responsible for accepting the tos, not the repo.

The repo is just static non-compiled text files, it afaik isn't actually communicating with their servers and therefore wouldn't be able to accept any tos (implied or otherwise) (I don't know if there are any actions, ci/cd pipelines, or deployments that would be in violation though)

I think it's because the dev might've reverse-engineered the calls to the cloud service, and that may be where the legal sticking point is. Not a lawyer, so not 100% sure - will be interesting to see where this goes.

I saw elsewhere the dev has insurance, and they're going to cover a lawyer, so they may very well fight it.

As a writer of software code and also of contacts (freelancer), I’m intrigued by the challenge of writing a TOS to prevent reverse-engineering an API.

In some way you’d have to represent the interface itself as the intellectual property, or something. Normal copyright covers copies, but this would be sort of like covering complementary parts. Like you invented a lock, and you’re trying to copyright or protect the set of keys that could open that lock.

The only way to stop the advancement of legal red tape is for people to consciously, willingly decide to take legal risks.

The reasons lawyers take over everything is because we do everything they tell us to do. Their job is to minimize our legal risk, and by doing everything they tell us to, we put legal risk at the highest level of priority in our own decision-making.

A conscious decision to, say, take the risk of a lawsuit or something, is the only way to be free of lawyers’ control.

Yeah, I feel like all Chinese companies profit off selling customer data first, selling products second.

In fairness, that's just about any tech-connected company nowadays. Social media, streaming services - you name it. They're all bloody doing it.

They could have done what Chamberlin did with MyQ and just locked the API down so that it can't be used outside the app. What a ridiculous strategy that won't backfire at all.

Yep, good point. That's still a bit of a dick move, but a completely legitimate one too. If you don't like people like us having a play and developing our own capabilities against the service, you can re-assert your ownership and lock it down.

Siccing lawyers onto a dev who is helping your customers use your product in new and improved ways is just plain fucking stupid.