Never considered buying Haier anyway, but i am looking specifically for appliances that have HAOS support. So them pulling this shit will put them on my black list for ever. I get why Mazda did it, but the car doesn’t need the app to be useful, i can just ignore that part. But this is an home appliance that looses a big part of it’s usefulness…
Sad, isn’t it? For fun, look up Whirlpool, Albertsons, and Kroger on Wikipedia to see all the brands they own. No wonder prices are high when so much competition has been eliminated.
Nope, they are not, at least in terms of household appliances. BUT they still produce quality stuff in Germany and Europe. And they actually never have been separate. And HomeConnect is commited to HAOS, iirc they actually provide some code to the plugin.
Amazing. Let’s truly take it from their point of view.
The only people who care about this plugin are HomeAssistant users, so a very small subset. Those users then either
A) Already own the product, and thus are not going to cost them anything because they already bought it or B) Home Assistant users who are in the market for their product, and from experience will only buy a product if there’s an HA plugin.
In what way are they losing “millions” to these 2 groups again?
I have literally made decisions on purchases like vehicles on if they have a home assistant plugin or not. For HomeAssitant users it’s one of the largest factors.
It is insanely petty. Perhaps they don’t want people reverse engineering their APIs, but all their competitors and threat actors likely do it, just not on a public repo.
I’m in nearly B as I usually only buy things with proper protocols, e.g Zigbee, that might not need a dedicated plugin. So obviously Haier is now a company I won’t buy anything from and will actively not recommend to anything who cares about my opinion on IoT.
“Specifically, the plug-ins are using our services in an unauthorized manner, which is causing significant economic harm to our Company.”
Presumably, they don’t charge customers extra for hOn, so surely the only people using it via HA are the same people that would otherwise have used their (presumably) shitty app that isn’t meeting the customers’ needs in the first place?
Not clear on how this causes them “significant” economic harm. Dick move.
Yeah - in an ideal world, the dev would have the means (and legal standing) to challenge this, just to force the fuckers to admit it in court.
Not that it isn’t written into their ToS somewhere - just would love them to admit exactly how that harms them so much, financially speaking. Shine a light on the whole thing.
The only way I see a company like this having “significant economic harm” from you not using their free app is if 1) they eventually plan to charge a fee to use the app or 2) they profit from data their app collects about you (third party data sales, for example).
Not something I’m interested in either way, so they’ve lost a potential customer.
Looking at the brands they already own, it’s not hard to picture a future where they’ll own a brand I want to buy.
Although, I’m really interested (and haven’t done reading up on hOn yet) - just what level of automation are people looking for on their appliances? I used smart plugs with current measurements, so I can easily get HA to just tell me when my washing machine or dishwasher are finished.
One of the problems with the cloud-polling integrations is that they will frequently poll the back-end APIs to get the current status of that device. A normal user might only open up the app once or twice a day and call the APIs, but these integrations will go 24/7 every 10s-5m. That can add up to a non-trivial amount of traffic. If there’s 100 users opening it up once a day, that’s not a lot of traffic, but 10 users polling every 1 minute is equivalent to 15k people doing something once a day.
I actually saw one of my integrations I used defaulted to updating every 10 seconds. I decreased that because I didn’t want to draw attention to it.
A business will look at their usage and ask why there’s more than expected traffic. They could be running their server on a potato. They could go back and support Matter, that costs money, requires skilled engineers, and cuts into profit margins.
While it sucks, that is something they could point to in a court about “economic harm”.
I reckon it’s probably not that much. There has to be tens of thousands of customers worldwide that are using their shitty app.
Forks and stars on the original repo numbered only in the hundreds.
Cloud services and API gateways usually charge once you get into the millions of requests. Amazon API Gateway doesn’t even charge for having the APIs active - only for the requests that are received and the data transferred out.
I’m finding it very difficult to believe a few hundred HA users even came close to putting a dent in their cloud bill.
This is the great thing about FOSS. Someone else will just take the code and reupload it. If they want it removed from GitHub, they can deal with Microsoft. At which point it’ll just be re-uploaded again. There’s nothing illegal about it.
So Haier suffers the Streisand effect and the people who want to simply continue using it.
Right… they claim hosting it is a violation of their TOS, but I’m not one of their customers. How can I violate their TOS if I don’t even use their product.
An F&P induction range was on our short list for an upcoming replacement to our aging gas range. It is now off the short list. Not sure how many API calls a $8000 range would have paid for, but I’m sure they’ll be happy to know my HA server won’t be pinging them any time soon.
You can find a password checking utility on haveibeenpwned.com (the tool doesn’t send your password to the server, but only the first 5 characters of the hashed password, which is very safe). There are CLI tools on GitHub you can use to bulk test passwords. They also provide a downloadable list of hashes.
Alternatively, check if your password manager has a built-in tool for checking for passwords in known databases.
Alternatively, just start changing passwords, regardless if they’re in the breach or not. Prioritize the ones with financial information, then the ones with personal info, the ones you visit frequently versus some shitty site you visited once that made you make an account back in 2011, etc.
I know that’s a lot of accounts for some people but you don’t have to do them all at once. Go reset a password or two on a site today at lunch. Then do another one tomorrow. And a few the next day.
I actually remember reading about an app or feature on a password manager that would do something like this. Rather than bark at you to reset 100 different accounts at once, it would just give you 1 or 2 random accounts a day to go reset the password on.
What’s more insane is that some of those passwords in the lists are I still live intrusions that companies haven’t acted on, like for example my Dropbox password is there and that’s a new password that I just gave them a few months ago before I deleted my account
But man, I’ll be able to amend all those TODO items that have been accumulating of the last 12 months and fix all those issues while rebuilding my raid.
I mean that’s only if my GITs aren’t hijacked during the ransomware attack.
And I mean, I’ll probably just push the same config to my server and let it on its merry way again.
Well, based on advice of Samsy, take a backup of home-server network to a NAS on your home-network. (I do home that your server-segment and your home-segment are two seperated networks, no?) Or better, set up your NAS at a friend’s house (and require MFA or a hardware security-key to access it remotely)
bleepingcomputer.com
Hot