Five Giggity

For a variety of reasons, I've been investigating 5G, the fifth generation of mobile communications protocols.  Some of those reasons are pure curiosity and some of them are a bit more professional, but both lead to a "Great Googlie-Mooglie" reaction.  If they actually follow through on the promises this standard makes, then the world may actually change again.

The specs, taken at face value, do not tell the whole story:

• Minimum 20Gbps down per mobile base station, and 10Gbps up.
• One Million connected devices per square kilometer.
• Wicked fast mobility from base station to base station.
• Maximum 4ms ping times with the base station.

All they say is the usual more and faster story that each generation tells.  But these specs allow much more.  Read on.

[Had trouble feeling creative for the artwork.  Sorry]

Internet of Philosophy: Consumer

Over the past two weeks I've been throwing words at the internet about how I think certain IoT systems should be implemented.  Specifically, Municipal (Government) and Enterprise (Business).  But really, all of that blah-blah-blah is just an introduction to this post: the Consumer (Home) side of it all.  After all, I'm not a government official nor am I employed in any way by a business.  However, I do own a home and I do consume.

The not-so-old adage that 'If you're not paying, you're the product' is what got me thinking about all of this in the first place.  Whether that saying is a complaint, a compliment or just a bunch of extruded male bovine waste is up for some debate.  However, is a decade that has seen the rise of Software-as-a-Service and attempts to add subscription models to everything (thanks Obama Amazon), it is worth taking a some time to analyze how it might apply to the SmartHome space.

The Data of Things

"What do you write about?"

I've been trying to explain this blog to a few people and have been having trouble coming up with a decent elevator pitch.  "The Internet of Things is..." and that's where I get stuck.  In my second post of all time, I tried defining it and ended up with "whatever I say it is."  Which is fine, but maybe not that helpful, even for me.  Today, I want to take another crack at it.

The formal definition if you type "What is the Internet of Things?" into Google is:

"...a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data..."

The Internet of Money

The Internet of Things is a definite revolution in its own right, but it is also part of something bigger: the Internet of Money.  The first real "Big Data" collection was/is financial: stock trades, money markets, consumer debt.  It all got stored on computers.  That led to things like Flash Trading, Mortgage Backed Securities and, more recently, BitCoin and its siblings.  Some of it bad, some of it good, mostly just changes brought about by the increasing access and automation of data without any moral compass beyond "it'll make things easier (and there are fees to earn.)"

From Funnel to Cycle

The Internet of Things fits in here because it starts to expand automation from data automation to thing automation.  Which is why we're all excited about it.  But for the companies that are investing in this buzzword, it goes beyond making it easy for you to set your thermostat or have the lights come on when you open the door.  All of that is the hook.  Ultimately, they want to automate your purchase decisions.

This has already been massively accelerated due to the internet.  If you look at the pre-internet consumer decision journey, it is a funnel:

Source: Business2Community.com

With the rise of the Internet and, more importantly, recommendation engines (based on individual buying data = big data), this turned from a funnel into a cycle:

Source: wearesocial.com

Recommendation engines operating on the "If you like this, then you'll like it again and also things similar to it" mean that we consumers no longer have to start at the top of the funnel for each and every purchase, but can work within a trust circle (that inner, smaller loop.)  But we still have to make the purchase every time.  We have to actually click on "Add to Cart."

From Cycle to Out-Of-The-Loop

The big change to the Internet of Money brought on by the Internet of Things is that now, the cycle only needs to happen once.  Instead of us making that lower re-loop when we need to replace something, the purchase has already been made and we no longer have to be part of the loop.

This has been going on in industry for a while.  "Just in Time"  inventory (keeping only enough parts in stock to last a re-stocking cycle) is a similar process, but had purchasing agents involved.  The newer system that everyone from retailers to manufacturers to restaurants have been working on for the past two decades is to connect their inventory management systems together, allowing purchase orders to be automatically sent out when inventory reaches a critical state.

Here's Where You Come In (Or Not)

What smart home manufacturers want is to create a similar inventory management system for your home.  If your home system knows when you are low on milk (through your smart refrigerator,) then it can order more and have it sent to your home.  It gets charged to your registered account (plus shipping and tax and a fee) and you can cross off a thing you no longer have to worry about.  In theory, the fee is less than the gas that you would use to go get that same milk.

All of this assumes that you have a smart appliance, that you take the time to teach it your tastes in various brands, that it won't start recommending other brands (or simply ordering them) because of some kick back between the various milk cartels, that you have consistent power and a solid internet connection.  Then, after all of that is set up, you won't have to worry about buying milk ever again.

What a world.

Qioto

Source

Today, I want to take a second to make a more personal post.  This will be less about the Internet of Things (however I choose to define it) and more about this blog and IoT information resources.  Fair warning.

Straight Outta Nowhere

A couple of months ago, I received direct message via twitter from some dude asking if I was interested in writing for his up and coming website.  After some back and forth, I decided that, yes, I have the time for this.  More importantly, as I learned more about what they were trying to do, I realized that I wanted to write for Qioto whether I had the time or not.  (Then I was employed, so time really was an issue.  Now I'm not traditionally employed and the actual writing is not much of an issue.)

Walking the Open Path

Not an Apology

The a couple of weeks ago I wrote a post bagging on SmartThings.  While I stand by what I wrote there, I want to clear up any misconceptions that I might have created.

I am a SmartThings fan.  It is as a fan that I feel compelled to point out issues when I see them in the hopes that I can remain a fan.  Stability issues and developer complaints are not fun and no one on any side of the community (corporate, developer, end-user) wants them.  On the other hand, these issues are the result of one of the core reasons that I am a fan of SmartThings: openness.

You Have Already Lost

IoT Security, take 2 (at least)

A couple of weeks ago, I took a stab at the current buzz issue dealing with the Internet of Things: Security.  The bottom line from that attempt: update the defaults and you don't have anything to worry about*.

After reading many articles on IoT security, I feel that I may need to amend that rather blithe recommendation.  With all of the information that corporations, governments, and service level workers have on each of us, your security is no longer in just your hands.  You are now at the mercy of whatever information security policies that all of those entities have put in place.  The result:

You have already been compromised.

And it is not even your fault because it is almost impossible to live in a western, first world economy and avoid having your personal information stolen.through your security.  Think of all of the ways that we offer our information to people without vetting their ability to protect it:

• We hand our credit cards to waitstaff who then walk away to a back room and do who-knows-what.
• We trust that there is nothing funny with the ATM or credit card reader whenever we swipe.
• We give our address and other payment information to credit card companies, on-line shopping sites and other places and assume that they have policies in place.  That's turned out well for Target, Sony and several others.
• We set up our personal email accounts with large corporations who make their money by selling our information (albeit at one remove) to other large corporations who want to sell us something.
• We trust our government with our information.  A government whose own level of bureaucratic  security is no match for the military grade attacks that it is receiving.  For that matter, the government itself is looking to ensure that all of our security is delicately compromised, though only they will have the key (#sure).

Not doing these things is all but impossible in an advanced economy.  What's even worse is that as soon as one security hole is patched, another appears.  This is a 'warhead versus wall' paradigm ('para-dig-em') and the warhead always wins.

What is a person to do?

There are several options.  First, you can cut all ties with technology and live in the wilderness and ignorance scared of Those-Who-Must-Not-Be-Named.  If you are like me, this is not an option worth considering.  How can I chill without NetFlix?  Who would I call out to for my music?  #notgoingtohappen.

What else, then?  Most of the big data security breaches have been to gather personal information so that thieves can steal identities and make purchases using credit cards or bank info.  Only some of that is relevant to the Internet of Things and SmartHome technology.  The best way to deal with a fight you've already lost is to have a plan and know what to do ahead of time.

Securing Your Security

What is relevant to IoT and home automation is planning.  When starting out with your SmartHome system, there are two basic approaches:

• Roll your own.  This approach assumes that you are setting up your own servers, cloud and doing most of the pairing and integration work yourself.  Programs like HomeSeer and OpenHAB rely on you to do more of the work, but also allow many more levels of customization and, because they are local and generally not tied to a large corporate server, more secure. You can even step off the deep end and use a Raspberry Pi.
  
  The downside is compatibility.  While you'll be able to find sensors and switches and such, larger items will be more difficult.  Connected refrigerators and smart door locks are usually locked to the manufacturer's cloud and won't integrate with a home built jury-rigged system.
  
  
• Use an existing 'ecosystem'.  Here we're talking about something like Apple's HomeKit, Google's Brillo/Weeve/Works-with-Nest, AT&T's Digital Life, Comcast's Xfinity Home, and Samsung's SmartThings.  Here the initial heavy lifting is done for you.  There's no need to learn how to open ports on your router or determine the best mesh network for your needs.  Instead, look at the manufacture's list of compatible devices and go.
  
  Here the downside is that you are relying on their cloud security to keep your home secure.  Who are the faceless minions that maintain their servers?  Why might some group of hackers, corporate rival or government want to attack them?  In fact, what is that manufacturer themselves doing with the data that they collect on you?  You don't know.  Even if you read the Terms of Service document, it's really had to know.
  

The real choice here is control versus time/convenience.  Why are you getting in to home automation?  If it's more about security, then roll your own.  On the other hand, if you like the convenience of switching things on and off from around the world, having your TV turn on when you roll into the garage, but don't have the time to delve into nested if-then statements, go for a pre-built platform.

But if you do go for the pre-built system, try to stick to one.  While you can add Alexa to SmartThings to Hue to Nest, each additional service does not double your chance of exposure, it raises the stakes exponentially.

I think I've ground this into the dirt.  Beaten a dead horse.  So I'll end it.  Here.

*My advice should be taken at your own risk.  My sense of responsibility for your actions is a fart in the wind.  That's enough CYA for now.

Internet of the Least Secure

I Say Securi-Tah, You Say...

One of my favorite Twitter accounts is SecuriTay (@SwiftOnSecurity), purported to be Taylor Swift commenting on the state of consumer data security.  From it, you get gems like:

The author has the same sense of "Yes it's serious, that's why I mock it" that I'm reaching for here.  He/She/It reminds us that the vast majority of us are both as opinionated and clueless as a pop-diva (or actor) at a info-sec convention: that this conversation about how to secure the Internet of Things is over most of our heads.

Even if you manage the user database for a corporate IT system and understand levels of privilege and how to assign them, much of that does not apply to your home life or your social life or your commuting life.  Yet the systems that we are asking to augment (govern) those parts of our lives are generating usable, traceable, exploitable data.  And we are rarely assigned root, or admin, or even power user privileges (just try deleting your FB profile or using YouTube without G+ (though that's changing. Some.))

Won't Someone Think of the Children?

However, because we all have access to the internet and a keyboard or camera or microphone or all three, we feel that we can comment on things that are way over our heads.  Many of those comments as they relate to the Internet of Things are about protecting children and other innocents, those who are not savvy in the ways of the World Wide Web (and other less reputable networks).

And yet... Ultimately, we are all children in this space.

We parents post about our children on FB or Instagram or wherever without thought.  Yet we are concerned about them posting on-line?  We know better?  Maybe.  But by posting, the information is out there: you have a child and at this date they were this old...  For a child predator, this is enough.  Is it enough to outweigh the convenience of instantly sharing your incredible child with your friends and family and basking in the precious likes?  That is left for each of us to decide.  As it should be.  These are supposed to be tools that augment our lives, not limit them.

Love me, Fear me

The truth is that we are living in this on-line space, but it's complexity is becoming unknowable: too many standards, too many variables from this site to that.  How do we deal?  Are we to be governed by fear?  Are we to throw in the towel and let it all hang out?  The answer is somewhere in the middle: be conscious of what you share and where you share it.  Who are you sharing your content with?  If others see this, what will they learn about me from it? Always keep that old saw about seeing IT in the NYT in the back of your mind.

But all of that is generic to our lives on-line.  When dealing with the Internet of Things and a burgeoning Smart Home, the rules are actually simpler:

• Change all of the defaults: usernames, passwords, IP addresses, TCP/IP ports, etc.  Too many people still have an old router with the factory default passwords and that is an opening just screaming to be exploited.  Not doing this is a big reason why sites like Shodan can exist.
• Regularly schedule password changes.  Your work IT support schedules this on a monthly or quarterly basis.  Use that schedule at home.  Or tie it to something that fits with your home: furnace air filter changes or oil changes or haircuts.  
• Don't put anything in your home in a place that you would not be comfortable being sensed by others.  It may seem like a good idea to link an IR sensor to the bathroom light so you don't have to fumble around in the middle of the night, but now someone will know if you are in the bathroom or not.  Maybe you don't want that.  (Maybe you do.  Hey, I'm not judging).

Finally, please keep in mind that the programmers (not the companies who build all this stuff) that build the code for IoT products are usually much more aware of security issues that the federal government.  Which is good.  However, they have to code for the least common denominator.  Which is bad.

Be better than that least common denominator and you should be okay.

What IoT Is

Stuff.  Small stuff.

Really, it's not the Internet of Things (or Stuff), but the Internet of Small.  And it can all be blamed on Moore's Law: more computing in smaller spaces consuming less electricity means processing can be fitted into more... things.

But why, you may ask, does anyone want to fit computing/processing/connecting into things?  There are two basic answers:

1. Because it allows those things to react to changes in their environment.  They can turn on or off based on the presence of a particular smartphone or changes in the time of day or temperature or motion.  Some can change color or alert us.  Others can warm up or cool down. By adding Systems-On-a-Chip (SOC) to everything from cars to toothbrushes, they can react to these changes so that we don't have to waste our precious grey cells telling them to do things that are obvious to us.
2. Because it is marketable to connect stuff to the web.  People like to buy things that connect because it makes them feel 'cutting edge'.  More importantly, it allows manufacturers (and even less scrupulous entities) to gather information on how you use their things so that they can do a better job of making the next generation (really market more accurately to you).  Or selling you timely refills.

Stuff.  Connected stuff.

Stuffing computer power in small things is only part of this whole mess.  It's using that computing power to connect those small things to each other and to larger things that really makes it work.  That wall switch with a computer as powerful as the Apollo missions is only useful if it can react to:

• Changes in its environment, so it needs to be connected to sensors.  Then it can turn on automatically when the room gets dim.
• Changes in occupancy, so it needs to be connected to the local network.  So it will only turn on in a dim room when someone is actually in it.
• Changes in owner desires, both at home and abroad, so it needs to be connected to the larger internet.  So parents can turn off the bedroom light that the child left on (again), having overridden all of the dim-room/occupancy BS set by the parents.

Stuff.  (Semi) Secure Stuff.

If computing devices can fit into a wall switch or a toaster, why not a lock or a garage opener?  Now, we can check to make sure that we remembered to close the garage from work.  We can let our mother-in-law in (or not) to water the plants from out of state.  We can be alerted to fires and floods and gas leaks while on the other side of the planet (where we can do sooo much about it).

The catch is, that if we connect our home up to allow us to do these things, what's preventing others from doing it to our home as well?  IoT security, especially non-enterprise, consumer grade security is currently an open question in the Internet of Things.  Much can be solved by changing the default passwords and other settings on both the home Wi-Fi router, smarthome hubs, or locks.  But not all.  Not to worry, though.  Any determined thief can still get into your house by de-fenestrating some hardened sediment.

Stuff. So. Much. Stuff.

But locks and lights and thermostats and smoke detectors and window sensors are only the beginning of all this.  Industry is using IoT to do inventory control and monitor manufacturing and employees, everything with sensors and every sensor connected.  And if we can track an employee, why not track the state of the office coffee pot?  Or your fish at home?  Or your plants?

Everything in the developed world is slowly getting connected via bluetooth, mesh-networks and, ultimately, to the internet.  So many things.  So much stuff.  All connected.  All sensing.  What will we do with all of this data?

It's enough to make you want to hug your teddy bear.  You know, the one that's connected to your therapist.


That's it for ground work.  Next week, some actual opinion on current state stuff.