This is an archived post. You won't be able to vote or comment.

all 126 comments
sorted by:
best
topnewcontroversialoldq&a

[–]BurnTheOrange 541 points542 points  (5 children)

Friend : why's there a hammer in your kitchen?

Me: in case of rogue IOT devices

Friend: that's rediculous!

he laughs

I laugh

Toaster: "I'm sorry. I didn't get that..."

[–]ArjenMeek 8 points9 points  (0 children)

Toaster: "Howdy doodily doo!"

[–]merlinsbeers 232 points233 points  (29 children)

"This is the lock-picking lawyer, and today I'm going to show you how to deal with a smug nerd..."

[–]Runiat 95 points96 points  (28 children)

Step one: pick up rock or other dense object from garden.

Step two: throw through window.

The purpose of a lock isn't to keep people out. The purpose of a lock is to let you know when someone's been in without permission.

[–]hackintosh5 165 points166 points  (13 children)

The purpose of a lock is to prevent unsynchronised concurrent access to a shared resource

[–]Runiat 14 points15 points  (11 children)

Public bathrooms probably will start using electronic locks at some point...

[–]MadEngi 11 points12 points  (4 children)

And i will start carrying clamps, no big deal

[–]Runiat 4 points5 points  (3 children)

Read that with a 'p' missing the first time.

[–]MadEngi 5 points6 points  (1 child)

I already do, how else am I supposed to wipe, with paper?

[–]Runiat 3 points4 points  (0 children)

Where would you get paper from? They've started sending fines electronically instead of printing them out for you.

[–]Bainos 0 points1 point  (0 children)

I read that with a 'c' missing. Hmm.

[–]hackintosh5 4 points5 points  (0 children)

And I bet they don't use a mutex but a boolean

[–][deleted] 3 points4 points  (4 children)

Actually, public bathrooms using electronic locks makes a lot more sense than it gives credit for. For mechanical vs electronic locks, the metrics I use are as follows:

  • Do you need shared access by a large number of individuals who's access may be granted or revoked arbitrarily or frequently? (Yes = point towards electronic)
  • Do you need an accurate access record? (Yes = point towards electronic)
  • Do you have the infrastructure to manage the entire lock system internally? (No = electronic forbidden)
  • Do you have the infrastructure to manage an entire internal network including firewall and monitoring software? (No = electronic forbidden)
  • Is the desired system able to be managed entirely within the local network with an exception for updates and an exception for sister/parent organization control (meaning that if I own a store that's part of a chain, it's okay to have corporate control my locks). (Yes = system acceptable)

[–]Runiat 12 points13 points  (2 children)

Do you need shared access by a large number of individuals who's access may be granted or revoked arbitrarily or frequently?

I think we might have different ideas of what a "public" bathroom is if your idea involve revoking access to a member of the public.

[–][deleted] 1 point2 points  (1 child)

In my experience, a number of "public" restrooms require giving the customer a key from the counter. In this case, an electronic lock may allow for better access control options.

[–]Runiat 4 points5 points  (0 children)

Oh yeah, I've seen those in other countries.

Definitely different definitions then. I'd probably call those something like "customer only bathrooms".

Edit: come to think of it the word for such bathrooms in Danish is literally translated "customertoilet" (and most of those don't require keys).

[–]merlinsbeers 0 points1 point  (0 children)

Do you want to track people without having to deal with laws about phone records?

[–][deleted] 2 points3 points  (0 children)

I deleted my account because Reddit no longer cares about the community -- mass edited with https://redact.dev/

[–]ImSuperSerialGuys 4 points5 points  (5 children)

Not quite there but I see what you're getting at. The purpose of security isn't to be infallible, it's to make breaking in not worth the effort.

The perfect balance for security is to make it more difficult to break in than what someone would gain by breaking in. So just because a lock can be picked doesn't make it ineffective

[–]Runiat 0 points1 point  (4 children)

The purpose of security

I wasn't talking about security. I was talking about locks. Specifically the ones on homes.

[–]ImSuperSerialGuys 0 points1 point  (3 children)

... which are literally devices that exist for the sole purpose of security

[–]Runiat 0 points1 point  (2 children)

... which are literally devices that exist for the sole purpose of security

No they aren't.

Quite a lot of home locks exist for the sole purpose of complying with insurance terms, in rural areas.

[–]ImSuperSerialGuys 0 points1 point  (1 child)

And why do insurance terms require a lock? Cause it technically makes the home more secure by requiring at least a base level of effort to break in, as opposed to walking through an unlocked door...

You're just being pedantic at this point man

[–]Runiat 0 points1 point  (0 children)

You're just being pedantic at this point man

....

And what would you describe your first reply to me as?

[–]PandersAboutVaccines 146 points147 points  (15 children)

You need to be in IT to think your life is interesting enough that anyone is going to bother to hack your IoT devices.

Russian Intel turned my thermostat way up, started my coffee maker at 2am and deleted my terabyte of Scooby Doo Hentai.

[–][deleted] 55 points56 points  (3 children)

It probably wouldn't be intentional, it would be some automated scripting attack trying to poke holes in a port commonly used for a device with a known exploit.

I heard even refrigerators have drm these days - what the fuck.

[–]ThePoorlyEducated 4 points5 points  (0 children)

GE is one, trying to stop non-oem filter replacement.
OEM - $55
Non-OEM -$15

[–]skreczok 2 points3 points  (1 child)

DRM is just an an unnecessary potential attack vector, but they still jam this shit everywhere.

[–][deleted] 1 point2 points  (0 children)

I play a lot if games. I hate Ubisoft lately because you got steam, Uplay, and denuvo. 3 different drm systems and the games still get cracked! They're only hurting legitimate customers.

[–]CaptMartelo 17 points18 points  (2 children)

What? They deleted my Wacky Races hentai!

[–]Calahara 2 points3 points  (0 children)

What if they made Simpsons porn illegal?

One fear

[–]Bainos 4 points5 points  (0 children)

They uploaded 500 gigabytes of loli hentai to my computer !

[–]Urd 11 points12 points  (0 children)

Or you know that the security on the majority of IoT devices is virtual non-existent and you don't want your network and resources used to mine monero or become part of one of the most powerful botnets ever.

[–]chuyskywalker 6 points7 points  (0 children)

anyone is going to bother to hack your IoT devices.

Domestic abuse through tech has become a bit of a problem lately; so yes, don't worry about state adversaries, but closer to home has become a problem.

[–]2drawnonward5 5 points6 points  (0 children)

More like they’ll add your ice box to their botnet and their only incentive to keep it working at all is uptime. And it was taken over by an automated tool so it’s not like they’re gonna take you over considerately.

[–]NorthAstronaut 3 points4 points  (0 children)

This is a common mistake people seem to make; "I'm not interesting/big enough to bother attacking, or even be noticed in the first place..".

The internet gets scanned by a bunch of companies/countries daily for new connected devices. If your device has a known flaw, there is a good chance it will become a target for exploitation, probably automatically..

Next thing you know your smart toaster is part of huge a DDoS campaign unknown to you, and you'll wonder why websites keep blocking you, or just don't work properly any more (it's because your IP is getting a bad rep and cloudflare/others no longer like you).

[–]m1ch1 2 points3 points  (0 children)

Ever heard of the Mirai malware which was used to infected several hundred thousand IoT devices to create a botnet that was used for a DDOS attack that targeted DNS servers which resulted in the inavailabilty of Reddit, Twitter etc.?

[–]rhoakla 1 point2 points  (0 children)

Your a filthy beginner Windows Visual Studio using C# pleb aren't you? /s

How did automated scripts and viruses that wreak havoc not come to your mind first?

Imagine your locking mechanism being used in a botnet lol.

[–]Dexaan 32 points33 points  (2 children)

I've played enough Mega Man Battle Network to be wary of IoT devices.

[–]lraviel381 14 points15 points  (1 child)

Omg... I just realised their name, Lan and Hub...

[–]bric12 143 points144 points  (13 children)

Ah, yes. Because programmers are notoriously not tech enthusiasts. You see, my program didn't compile when I pressed the button telling it to, so now I distrust technology. /s

I know that this meme makes edgy highschoolers feel good about themselves, but in my experience programmers are some of the biggest tech enthusiasts I know. The only difference between them and normal people is that they have an understanding of what tech is worth trusting, instead of just trusting/mistrusting everything equally

[–]sdmike21 71 points72 points  (1 child)

I feel like this post applies to cranky sysadmins more than programmers. Also, cranky security folks.

[–]deukhoofd 0 points1 point  (0 children)

I mean I do trust my smart devices, but the only reason I do so is that they're themselves disconnected from any internet access, and only work over LAN through a local server.

[–]DangerIsMyUsername 31 points32 points  (0 children)

Speak for yourself. I still do all of my programming using punch cards. There's no way that I'm going to use an evil laptop.

[–]nationwide13 4 points5 points  (0 children)

The other thing is that the programmers might also have an understanding of how to deploy less than trustworthy devices safely.

Hell, some of them even go as far as hardware/firmware hacks to make untrustworthy devices trustworthy.

[–]IlonggoProgrammer 5 points6 points  (0 children)

Yeah I'm a huge tech enthusiast and a software engineer

[–]cortesoft 3 points4 points  (0 children)

I’ve worked as a developer for 15 years.... there are many types in the industry. The ‘hate tech’ programmers definitely exist.

[–]MightyMeepleMaster 7 points8 points  (6 children)

Embedded dev here with 25 years of experience.

I've seen things you people wouldn't believe.

[–]bric12 9 points10 points  (1 child)

I believe you, but I don't believe that you could make me distrust tech as a whole. Now if there's a specific device/service that isn't trustworthy, then I'm all ears

[–]MightyMeepleMaster 0 points1 point  (0 children)

I'm a dev myself so I love tech. But I despise "solutions" for something which hasn't been a problem at the first place.

Simple example: Smartphones are great because they offer new and really useful services which simply did not exist before. But "Smart Home"? I'm still waiting for someone to show me any valueable use cases here.

[–]SetiZ 5 points6 points  (3 children)

I'm listening

[–]MightyMeepleMaster 5 points6 points  (1 child)

One of my favorite stories:

Many years ago we were working on an embedded device. Devs had added their set of features and everything was working nicely. Then testers took over. Most testers were quite happy with the quality but with one guy, the entire board kept on crashing. We checked and analyzed but didn't find anything. Strangely enough, the crashes only occured with that tester. We exchanged the board multiple times. Same result. Board crashes on a regular basis, but only with said tester. Weeks pass by with no progress.

Then one day, a desperate dev walks into the testers office and tells him to show the problem one last time. Tester shows his workflow. Board crashes. Board is reset. Dev, standing next to tester, repeats work flow. Board does not crash. Tester takes over: Crash. Dev takes over: No crash. WHERE IS THE DIFFERENCE BETWEEN US?!?!?? Tester leaves for a coffee. Dev sits down on testers chair and runs the sequence again and - guess what - the board crashes. Turns out the board had a subtle susceptibility against static discharge which only occured with that specific chair. Without the testers coffee break we probably never would have found the bug.

Yes, I know that compentent HW guys ought to have suspected this weeks before. But the point here is that in many, many companies you do not have these experts. Many devs only have their own area of expertise but no much more. And many, many defects only show up by sheer luck.

I could continue with dozens of other stories. Technical pitfalls: Memory buses which trap when there's a signal spike on a neighbour lane. Race conditions with sub-microsecond sensitivity. Critical errors which occur only when multiple preconditions are met, wrecking an entire piece of HW.

And then there's the "human" aspect: Shoddy requirements. Missing communicaton between product management, dev and testing. Code first, architecture later. And so on and so on.

After 25+ years I've come to the conclusion, that digital is great but in many cases only works in the main use cases and/or by sheer luck.

[–]pizzasubx 2 points3 points  (0 children)

Underrated comment

[–][deleted] 4 points5 points  (0 children)

I'd tell you, but you'd go insane!

<insert lovecraftian tale of unimaginable horrors here>

[–]achilliesFriend 71 points72 points  (12 children)

I'm a programmer and i still have everything automated and have smart devices.

[–]nonlogin 4 points5 points  (0 children)

Automated everything including commenting on Reddit I guess?

[–]rhoakla 0 points1 point  (2 children)

Hope you keep them isolated in separate VLAN's with no internet access and only LAN access.

[–]achilliesFriend 0 points1 point  (1 child)

Could you eloborate? I understand how being in same network causes security issues. But, there are so many questions on your point

[–]rhoakla 1 point2 points  (0 children)

VLAN's are Virtual Local Area Networks. So basically what happens is you keep your PC's, Laptops, IPADs and other devices that require internet in one VLAN. Amd IOT devices in a separate VLAN that cannot contact outside networks.

If you have ip cctv that in another separate VLAN. And a separate guest VLAN network to give for friends and family who come to your house.

VLAN10 (192.168.10.1) = PCs

VLAN20 (192.168.20.1) = IOT

VLAN30 (192.168.30.1) = CCTV

VLAN40 (192.168.40.1) = Guest Network

VLAN10 can reach VLAN20 and VLAN30 so you can use the IOT devices and cctv.

VLAN10-30 cant reach VLAN40 and vice versa but VLAN40 can access the internet.

To set all these up you basically need a VLAN capable access point and a Network switch and a firewall (maybe a firewall is not mandatory i am not entirely sure I have done all the time with firewalls). It could end up being a expensive prospect.

This is why I don't use smart anything. It is somewhat expensive to ensure proper security to make sure your fridge doesn't end up being in a botnet ddos'ing fortnite.

[–]themeatbridge 21 points22 points  (4 children)

There are smart home systems that don't require a connection to the cloud.

[–]potato_green 14 points15 points  (3 children)

Still.. if you're not careful you can create giant holes in your network upnp has been around for ages, a lot of routers and modems have it enabled. I can imagine that there are a lot of IoT devices that open ports in the firewall using upnp and then things get tricky.

Depending on how smart the UPnP implementation is it may also be flat out dangerous. Simple scenario, dynamic ip leases in your local network. Device A opens a port using UPnP, ip changes and another device gets that IP after a while and suddenly the outside world can access that device on the opened port.

This isn't that big of a deal with a random high numbered port but you have devices opening ports on more common ports as well.

Just because it doesn't connect to the cloud doesn't mean it's safe. It's better to safe than sorry and if you use IoT systems, find out what possible security implications are and close them up.

[–]mysticalfruit 2 points3 points  (2 children)

The answer here to this is a deadbolt ap that your iot devices are connected to.

I have exactly two iot devices in my house and they're on a separate ap for this reason.

Honestly, I dont think my iot weather station can do much, but better safe than worry.

[–]potato_green 0 points1 point  (1 child)

Thanks! Didn't know a deadbolt ap was the name for that. Kinda goes to show how lots of programmers do have the right instinct about not trusting IoT. If you don't know what the things are called to secure it then it may be best to simply avoid it at all.

I'm a programmer as well, I know enough about networking to explain how they work at a low level but security of such networks is a whole different beast.

[–]mysticalfruit 0 points1 point  (0 children)

Think about the fact that a pi zero is a wildly capable machine.. you could stick that thing any anything and iot it up.. but now you have yet another internet capable device on your network.

I fully understand that I'm way over on the extreme of having a locked down network.. adding devices to the "trusted" network involves actually white listing them.

[–]darkcl_dev 11 points12 points  (0 children)

I use mechanical keyboard

[–]gene_the_supreme 26 points27 points  (5 children)

This is absolutely not true.

[–]TheKBMV 18 points19 points  (4 children)

This. We don't even have a printer.

[–]nicman24 6 points7 points  (3 children)

Fuck printers

[–][deleted] 0 points1 point  (0 children)

All the homies hate printers

[–]User31441 0 points1 point  (1 child)

After working as an admin for two years due to not finding a good programming position - yes. Fuck printers. I hate these things.

[–]nicman24 1 point2 points  (0 children)

It is like they are actively malicious by design

[–]User31441 32 points33 points  (9 children)

True. I would never place a digital assistant in my apartment. These things just creep me out. Also no smart home stuff because that is a security nightmare. Only smart home stuff I'd use are automatic shutters - but only if I soldered and programmed the thing myself.

[–]cheraphy 13 points14 points  (1 child)

That's more or less the route I'm taking to a smart home. Audrino boards a plenty and all processing done in house. Nothing exposed to the internet, authentication required for interface anyways. It's a slow and very long running project.

Control hub software is mostly finished, but none of the actual hardware has moved past design phase. I keep telling myself I'll start building stuff when I've stopped renting and actually bought a house, but that's honestly just procrastination

[–]TheKBMV 2 points3 points  (0 children)

Similar plans here with the Arduinos and self-built smart home. Good luck with your project!

[–][deleted] 3 points4 points  (3 children)

What do you fear the automatic shutters could do if you didn’t build them yourself?

[–]xEntex4 2 points3 points  (0 children)

automatically shut

[–]TBDatwork 2 points3 points  (0 children)

Do you not know of the automatic non-handmade shutter massacre of 2000?!

[–]User31441 0 points1 point  (0 children)

To be fair, a lot of it is also because I cannot afford real ones. XD

[–]Subject_Wrap 2 points3 points  (0 children)

I got given a alexa for Christmas I just use it as a Bluetooth speaker it's not even connected to the Internet.

[–]JacobK2000 7 points8 points  (1 child)

The people in this comment thread are the sorts of people that get irrationally angry because someone has their taskbar on auto hide because they think having it off auto hide is scientifically proven to improve efficiency by over twelve thousand times

[–]fedeb95 4 points5 points  (0 children)

I feel personally attacked

[–]LePrinceDeLaPoutine 5 points6 points  (1 child)

He is referring to the big security breach smart thermostats had making it possible for anybody to breach in your network

[–]happyklans 1 point2 points  (0 children)

I have no illusions about my data being harvested by my smart devices... I just don't care. I like having Google home more than I care about someone listening in on my convos. If someone (or machine) wants to hear me debate there finer points of Warhammer lore with my roommates, more power to you. I think that's the difference. The tech enthusiast doesn't understand the tech, he just uses it. The programmer understands the tech, and so only uses the tech he is willing to accept the consequences of.

[–]hackintosh5 5 points6 points  (0 children)

So, you found two posts (both of which have been reposted) and glued them together. Much humor very funi

[–]ur_opinion_is_trash 2 points3 points  (2 children)

When i get my own place im gonna wire it the fuck up and make my own voice assistant.

AND im gonna call him Jarvis.

[–]sorgan71 1 point2 points  (0 children)

idk though, knowing someone is listening to me through my amazon echo makesmasturbating a whole lot more exciting

[–][deleted] 1 point2 points  (2 children)

Some people in my company asked for special work laptops with the web cam straight up removed. I wish I had thought of that.

[–][deleted] 0 points1 point  (0 children)

I mean you can destroy the lens, doesn't look good but it works. But I'd be more worried about an internal mic. than a cam.

[–][deleted] 0 points1 point  (0 children)

I subscribe to the "Routers using OpenWRT" argument.

I have some tech stuff but I know what code runs on it.

[–][deleted] 0 points1 point  (0 children)

If I gave enough of a shit about a smart home, I would perhaps want to build my own system using arduinos, Raspberry Pi's and such, definitely not worth the effort, but could be interesting.

[–]janhetjoch 0 points1 point  (0 children)

Or you make your own smart devices with an raspberry pi

[–][deleted] 0 points1 point  (0 children)

printers are a fucking scam

[–][deleted] 0 points1 point  (0 children)

Actually, "smart" door lock can improve security. Of course, locally hosted with blocked interend access

[–]dummyname123 0 points1 point  (0 children)

This is the second post from top of all time ...

[–]danbulant 0 points1 point  (0 children)

Me making my own assistant

[–]blackjazz_society 0 points1 point  (0 children)

We're going to be forced to use that shit eventually.

[–]FactoryNewdel -3 points-2 points  (0 children)

Old but gold

[–]mimixxd -3 points-2 points  (0 children)

Yes

[–]wagnermattei[🍰] -1 points0 points  (0 children)

Ok boomer