I got one of those indoor gardening systems. We thought we had an issue with them. Contacted support.
Support checked and it was fine. Just needed time to adjust. They mentioned they checked the cameras (!).
Later on I got a second used one and while cleaning it, noticed that the internals are just a raspberry pi. Took my micro HDMI and keyboard, and... this thing just runs Raspberry Pi OS.
No updates. And ... VNC. People from that company can just remote into my device, look at what the cameras are seeing, and do stuff on my network. These things are a security nightmare.
> For someone who suffers from insomnia this seemed worth a shot.
I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.
The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.
Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.
"When I say backdoor, what am I referring to? Sure, Eight Sleep needs a way to push updates, provide service, and offer support. That’s expected.
What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
And yes, I found evidence that this is exactly what’s happening."
^ wow, this is pretty wild. <insert joke about being careful about who you share a bed with>
The state of the product's security wasn't unexpected. I was, however, shocked by this part:
> I was willing to overlook:
> The bed costs $2,000
> It won’t function if the internet goes down
> Basic features are behind an additional $19/mo subscription
> The bed’s only controls are via mobile app
Nothing about this bed should depend on off-site servers. Nothing about the product should necessitate a subscription fee.
The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
> In the end, I got enough of the cyber ick, I decided to seek a simpler, less internet-connected solution to my temperature-controlled bed needs.
Great line. And my eyes bugged out a little at this part as I also realized what the implications were:
> - They can know when you sleep
> - They can detect when there are 2 people sleeping in the bed instead of 1
> - They can know when it’s night, and no people are in the bed
I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.
OptionOfT ·8 hours ago
Support checked and it was fine. Just needed time to adjust. They mentioned they checked the cameras (!).
Later on I got a second used one and while cleaning it, noticed that the internals are just a raspberry pi. Took my micro HDMI and keyboard, and... this thing just runs Raspberry Pi OS.
No updates. And ... VNC. People from that company can just remote into my device, look at what the cameras are seeing, and do stuff on my network. These things are a security nightmare.
Show replies
jimt1234 ·1 days ago
I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.
The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.
Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.
https://www.amazon.com/Yogasleep-Portable-Soothing-Rechargea...
Show replies
nadis ·1 days ago
What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
And yes, I found evidence that this is exactly what’s happening."
^ wow, this is pretty wild. <insert joke about being careful about who you share a bed with>
Show replies
EvanAnderson ·1 days ago
The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
Show replies
TheGRS ·1 days ago
Great line. And my eyes bugged out a little at this part as I also realized what the implications were:
> - They can know when you sleep
> - They can detect when there are 2 people sleeping in the bed instead of 1
> - They can know when it’s night, and no people are in the bed
I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.
Show replies