First, some background -

I work in technical support for a Chinese manufacturer making (among other things) home monitoring devices. I’m our resident open source enthusiast in the North American market, not that any of my bosses know or care. My background is not in comp sci or networking, so the only applicable knowledge I have is from my meager experience with my own home lab.

We have a product (I’ll refer to it here as the Brain) that communicates wirelessly with our other devices, takes the data from them, sends the data encrypted to our servers, and is available to our customers through our web portal or phone app.

We got a support ticket recently from a customer (and software developer) asking technical questions about the communication protocol from the Brain to our servers. This customer was trying to work on Home Assistant integration for our product stack, but was hitting some roadblock that I can’t even pretend to understand. To my understanding, the integration would allow a Home Assistant server to locally gather the same information sent to our servers.

After escalating the issue to our HQ team and some back and forth there, eventually the answer was that the data transfer is encrypted and we aren’t going to share any details about it. We don’t officially support this type of integration and have no plans to. Our tech contact at HQ offered to sell API access to this customer, but obviously that isn’t what he was hoping to hear.

The customer replied that this answer didn’t surprise him, but that he would be happy to develop the Home Assistant integration if we made the necessary information available to him.

So, here’s my questions - How can I advocate from within my company to open up this aspect of our platform for open source devs to integrate our products into Home Assistant and other open source IOT platforms? Has anyone successfully made a case for this kind of thing within their own companies? What talking points can I use that my higher ups will actually listen to and understand?

I’m considering reaching out to the customer privately to seek a better understanding of what he needs from our platform. Does that seem ill-advised to anyone here?

TLDR - My employer manufactures IOT devices and locks down the platform with proprietary networking protocols. A customer and developer is seeking to write an integration for our products to work locally with Home Assistant. My higher ups said that isn’t possible and I want to convince them to make the changes necessary for it to work.

  • T (they/she)@beehaw.org
    link
    fedilink
    arrow-up
    11
    ·
    6 months ago

    Isn’t there a way to allow the devices to be accessed through the local network? It doesn’t need to interfere with the data collection or the encryption, you are just allowing the user to access the device locally, before it is even encrypted to be sent to the servers.

    To be honest if I am choosing between two devices and one supports HA and the other doesn’t, the choice is quite obvious. I think one way to convince your higher ups is that you will be more appealing to a big niche of tech users that have elaborate IOT setups (which means $$$).

  • CaptObvious@literature.cafe
    link
    fedilink
    arrow-up
    9
    ·
    6 months ago

    One suspects, for numerous reasons, that your employer will never allow any user, especially a North American, to stop data collection by the central servers.

    However, you might refer the customer to your colleagues in the EU. They will have stronger data protections that could be used to force the issue. The Europeans might be able to share how it works with your North American customer.

  • CameronDev@programming.dev
    link
    fedilink
    arrow-up
    5
    ·
    6 months ago

    Are you from Tuya? They seem hellbent on locking their stuff down to the cloud.

    Perhaps point out to your management that IOT is an enthusiast driven market. If you appease the enthusiasts, they will recommend your products to their less technically inclined friends.

    Enthusiasts want both: a good initial software ecosystem, and the option to break out of that if required. If your company can offer that, even if it involves voiding the warrenty, we’ll buy and recommend their stuff.

    In the case of Tuya, their stuff was historically super easy to open, solder some jumpers and flash (or exploit the OTA to flash). I bought loads of their power boards and lights. In some ways I was an ideal consumer, I bought their stuff, voided the warrenty immediately (so no support calls), and never used their cloud, so didn’t waste their resources. Now they are making it near impossible, and I won’t touch their stuff.

    All that said, good luck, your gonna need it.

    • Norah - She/They
      link
      fedilink
      English
      arrow-up
      2
      ·
      6 months ago

      There’s Tuya Cloudcutter now that can hack a lot of current devices wirelessly. It’s a good way to get cheap “open firmware” IoT devices.

        • Norah - She/They
          link
          fedilink
          English
          arrow-up
          2
          ·
          6 months ago

          I’m not sure they have, but there’s still so much stock of old firmware out there, there are even companies who straight up haven’t pushed an update for their devices yet. Maybe I’m having more luck because I’m Aussie? But even CostCo had a home-brand of bulbs they haven’t updated yet.

          • CameronDev@programming.dev
            link
            fedilink
            arrow-up
            2
            ·
            6 months ago

            I am also Aussie, but I’ve been buying from Aliexpress of late. Maybe should try some Mirabella bulbs again, last time I bought them it was after the first OTA exploit was fixed, but before cloudcutter. Had to slice open the bulbs and flash via serial.

            Are you just getting stuff from Costco?

            • Norah - She/They
              link
              fedilink
              English
              arrow-up
              2
              ·
              6 months ago

              Nah got a bunch of bunnings stuff as well. The Arlec Grid Connect stuff works well, I got a smart plug with a USB that actually has a separate relay for the 5V.

  • Toes♀@ani.social
    link
    fedilink
    arrow-up
    5
    ·
    6 months ago

    So I’ve been the person who denies projects like these in the office.

    There are two non-negotiable requirements for equipment like this.

    1. It absolutely must not in any way interact with outside servers or remote services. All data must stay contained within the company.

    2. The software must be open for inspection with a locally reproducible build. Or accredited by a trustworthy provider such as Microsoft.

    Failure to meet those requirements and the proposal is dead.

    • TwiddleTwaddleOP
      link
      fedilink
      arrow-up
      5
      ·
      6 months ago

      That makes total sense from a corporate perspective. Maybe I would just love to be the one the pushes us a little bit closer to the enduser having control of their data and hardware. Its probably a pipe dream though lol.

  • bionicjoey@lemmy.ca
    link
    fedilink
    arrow-up
    2
    ·
    6 months ago

    It’s above your pay grade. If I were you, I’d reach out privately and suggest that the customer seek a competitor’s product that has the features that want, and tell them that there is no desire within the company to support free software or self hosting.

  • Kissaki@beehaw.org
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    6 months ago

    The only way to meaningfully advocate for it after your company already announced their conditions and offerings is to present value gain.

    What do you suggest concretely? What should be offered under what conditions? What would that mean as cost? What would the benefit be? How substantial is it?

    Reaching out privately to them is certainly going beyond what you are employed for. I don’t know about ill-advised - if you never disclose it or are at least mindful of that. But it’s a personal assessment. You seem to be willing to invest a lot into a single customer, who tries to do something not offered or considered by the company. Whether it’s personal interest, or first a broader better understanding of the use case, I can see how it could be worth or worthwhile. But I wouldn’t get my hopes up about changing the opinions of your company [from their information alone].

    Your company offered API access. So there is an interface available. They won’t make it free unless they see and deem it worth it to do so.

    • Norah - She/They
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      Yes but I’d imagine it’s a cloud API if it’s paid, not a local API. While yes, you could use this to make a HA integration, it would never reach platinum status. The customer seems to he wanting them to open up the API calls the “Brain” makes to the cloud, to intercept them.

  • dactylotheca@suppo.fi
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    6 months ago

    What are the suits specifically objecting to? Ie. what are the reasons they don’t want to do this? If you don’t know the exact objections and can’t find out due to whatever reason, then you’ll probably have to take an educated guess.

    When you know what they’re objecting to, you can then start thinking about whether the problems or obstacles they see are even valid in the first place or if they can be solved or worked around, and form an argument from there.

    Asking a little bit more information from the client might be a good idea; you can build an actual business case out of it if their case is generalizable enough, and even if not it might still be useful. If you can get a developer in the loop on this it might be helpful, since they’ll know better what questions to ask etc. if you’re not clear on what the client wants to do and why it didn’t work, and a developer could also help you with doing a quick guesstimate of what would need to be done. Don’t want to go too far into planning at this point though, just enough to be able to make some sort of business case out of it.

    Also, suits like money; you’ll want build an argument where you can ultimately conclude “so if we do this, it’ll make us $ X over K years based on these estimates, and it’ll only cost us $ Y and we can outsource the development to this person here”

    • TwiddleTwaddleOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      6 months ago

      I don’t know really if the suits even do object to it. The response from my counterpart at HQ was essentially “modbus TCP through wifi isn’t supported. The application layer protocol is protobuf. We can’t provide you with a decoding file. Buy API access instead.”

      Our competitors do have Home Assistant integrations already (community maintained as well, obviously) so there may be room for me to make the case that we’re losing customers to them over this.

      Edit: protobuf means nothing to me, but the customer indicated that he already knew that.

      • dactylotheca@suppo.fi
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        6 months ago

        Seems like a bit of a case of shortsighted leadership.

        Considering that your competitors already provide HA integration, that could be a good angle for you as you mentioned. I assume the issue is that they want to squeeze more money out of people by shunting them to the in-house API instead of supporting HA – plus I assume that by telling people to use the API they get more data out of clients, since things have to hit the company’s servers instead of everything happening on the client’s network.

        How much does that API access cost? Would bridging that API to Home Assistant work, ie. writing a HA integration that talks to the API instead of directly to your doodad?

  • GadgeteerZA@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    6 months ago

    I only choose to buy hardware that I can connect to Home Assistant, because I can still use it if the company goes bust or no longer supports it. I have one dashboard in HA that manages all my different devices. Point is, I still buy the hardware and the sale is made. I’m not going to buy 5 different standard products which must all be managed through separate apps. Open standards can open up to a much bigger market. There is good reason why so many OEMs opened up to the Matter protocol.

    But as I say, I check first for compatibility, then I narrow my choices from there. So yes, right now your company’s IOT product won’t get onto my radar. Been there, done that, and got a handful of dead paperweights to show for it.