Muzzling the Google Home Mini?

Google Home Mini at home

When I bought my Google Pixel 2, I received a free Google Home Mini as part of the pre-order deal. While in Madeira it finally came and today I went to Irlam to go get it.

I’ve never liked the idea of the Amazon Alexia and all devices which are listening for an activation word. I get the convenance but it doesn’t equal the given up privacy in my view. I turn off on my phones unless my screen is unlocked and I’m on the home screen (actively using the phone). I’ve been watching and reading how The Google Home mini has already received a ton of privacy strikes and disabled the touch controls.

My justification for getting the Google Home mini was purely to connect it to my Philips Hue lights. They are great but only if you have the app as the controls on the wall are way too simplistic to change colours, brighten and dim.

Unboxing the Google Home mini and getting it online, was pretty straight forward. I currently have it set with the mic on mute and the touch controls seem pretty basic (volume only). I’m surprised its powered with a micro USB cable not USB C and if I had a choice of colours, would have picked a darker colour instead of Chalk. Out of the box the home mini’s top touch fuctionality is disabled, I assume the firmware was updated when I setup the wifi.

Google Home Mini

I’m dispointment that there seems to be no way to connect the google home mini to the hue lights without doing it via the Philips Hue web. I currently blocking external access at my router for hue lights, so theres no way to control them remotely, although everything is on the same network. Honestly find it annoying that it can’t talk locally, especially since there is a good API via the Hue Bridge. I understand it needs internet access to do some processing but to control the lights? Sure this can be done locally?

I’m keeping an eye on dev sites to see what might come up, but right now its little use and I’d like to see more ways to muzzle its use to keep things local unless essential.

Worm attacks over unsecured protocals

Philips Elevation Ambilight+hue

Bruce Schneier isn’t the only person worried about this type of attack. I already turned off external access to my Hue lights following the IOT bot net news.

This is exactly the sort of Internet-of-Things attack that has me worried:

“IoT Goes Nuclear: Creating a ZigBee Chain Reaction” by Eyal Ronen, Colin OFlynn, Adi Shamir and Achi-Or Weingarten.

Abstract: Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack.

Thank goodness for the hackers

Philips Hue lights

I’m now a owner of the Philips Hue lights after my mistake buying cheaper Hue lights from eBay (which turned out to be the American versions) and finally converting all the lighting pendulums to standard B22 bayonets from CFL BLT 4 Pins.

I bought the Zigbee bridge from ebay too and been buying the bulbs one by one. But then I decided to buy a starter kit, as it was more cost effective and I could sell the spare zigbee bridge if not needed. Everything was fine till I couldn’t control the new lights. After a look around the web, it become clear the bulbs were locked to the zigbee bridge which it came with.

I won’t lie I was peed! I took to Twitter to tell Philips what I felt…

Locked internet of things devices, deeply worries me! Philips say they do it for security reasons but frankly thats balls.

After the steam had stopped pouring out my head and I put the bulbs back in the box to send back tomorrow. I looked around and found people talking about a app called Lampstealer. It seemed to factory reset the bulbs so the old bridge could discover it like normal.

The problem… It ran on Windows and OSX only.  Of course the hackers got us covered!

When you buy two Philips Hue light start kits, you have the problem that the lights are already paired with the bridge in each starter pack. When you search you will find a lot of people whining about how unfair this is and people talking about the “Lampstealer” OSX app that Philips released to fix it. I tried using the lamp stealer app but it would never find my bridge. I could also not use QuickHue which supposedly supported the lamp stealer function because it was compiled for OSX 10.8 and I still run 10.7.x. And compiling it from source with xcode didn’t work, likely due missing libraries and other mistakes I made since I’m not too familiar with Xcode.

I found out that the solution was really really simple, and requires no OSX, java or advanced rocket science. Place a bulb of the second starter kit into a socket within 30cm of the bridge from the first starterpack. Telnet to port 30000 of the bridge and type:

[Link,Touchlink]

The light should blink a few times to acknowledge the hostile takeover.

I did it and now I’m sitting pretty with 7 Philips Hues all tied to the zigbee bridge I bought from eBay. Everything is now working correctly and I’m looking forward to playing with the geofencing and ifttt controls. I just need to sort out my lampshades now…

Beware Philips Hue lights from the states

I bought into the Philips Hue system a while ago by buying the part I needed and then the lights afterwards. There are a tons of people selling the wired zeegbee bridge for as low as 25 pounds (I paid 26 for mine) then you can get a bulbs afterwards for much cheaper than the starter kit at 170 pounds.

So this is what I did…

Philips Hue Bridge

However I hit a problem, the first Philips Hue Lux light came and I could see it on the app via the bridge but couldn’t control it. I tried a lot of things including upgrading the system and rebooting the bridge. But it just didn’t response to anything I did. I thought well maybe its a dodgy bulb from ebay. However the next bulb came and I couldn’t even see it via the bridge.

I also ordered some via Amazon and they worked straight away, as expected!  I looked into the differences and found some bad news…

Philips will void warranty if 110V bulbs are used with 220V power and vice versa. Closer look at the packaging shows there maybe a problem.

Philips Hue Lux lights American packaging
The American Hue Lux – E26 bulb

Philips Hue Lux lights Europe packaging
The Europe Hue Lux – E27 bulb

So it looks like I have 2 American bulbs which I’ll have to put back on ebay at a lost (if it works at all?)

The good news is I have replaced my Philips Light/Wakeup clock with a Hue light which slowly turns on when Sleep as Android thinks its time to wake up. Apartment therapy you are wrong, using your phone as an alarm makes perfect sense, when used in the right way.

I bought into the Philips Hue system but why?

Philips Hue Bridge

After my blog post asking about which smart lighting system works best for me… I choose the Philips Hue system but why?

  1. Philips made its simple REST API public! Yeh!
  2. Seen activity of people hacking around with the Philips hue lights.
  3. Replace my aging and dying Philips Light/wake-up clock.
    It keeps waking me up at the wrong time of the night and missing the alarm time! I barely use it because of this. Looking forward to combining my sleep pattern with my wake up. May even help with my alertness?
  4. Have better control over my living room lighting.
    I like warm lights at night and hate the way the lights are in my living room at the moment but don’t want to do the massive alterations to change it at the moment.
  5. I really want to experiment with XBMC and a Ambelight style setup

Hacking your input and outputs

Hacked... Learn, Build, Share

I had the pleasure of supporting and attending Hacked.io which was a hackday in the most traditional sense of the word. Run by the Geeks of London for 02 Labs, it couldn’t have been more fitting to hold it at the 02 arena (the old millennium dome). Now I knew the plans ahead of most people but I didn’t really think that I might have been a good part of the inspiration for the event.

Melinda broke it down for Ankur Oberoi at 5am.

“Ian use to run Geekdinners which we use to go to. Then went on to run BarCampLondon 1, 2 and 3. After which he ran the first hackday and over the air. Most of the Geeks of London went to the events and once Ian moved on, he passed on geekdinners to me and Cristiano. So we did that and formed the geeks of London. Then we took over Barcamplondon. Now I guess we are taking over hackday. Taking it back to the original idea of sharing ideas and knowledge” (power phrased of course)

On the walk back to the hotel at 5:30am I thought about this… Not only am I delighted to be a inspiration but I’m also over the moon that they have given these events a level of professionalism and sustainability which I could not. No matter what I say about hacked.io, I was blown away by the little things and the ultimate aim of open sharing.

I’m kind of gutted I didn’t hack something myself, but talking to people I learned a bunch of things and some of those things I’m following up with.

Hacked.io promised a lot and deliver much back many things…

Very long queue outside Hacked.io

Of course this is the same team which mainly wrote the controversial hackday manifesto. So it would make sense to compare Hacked.io against there own thoughts…

Announcing the event
Once you know when and how your event will take place, you’ll want to tell the world about it. At a bare minimum, you should decide on a canonical place where all public information about the event lives – this might be a dedicated web site, an event on an existing event online service or some other place which is publicly accessible.

Once you’ve decided where that location is, use tools like Twitter and Facebook to make people aware of the event, and also consider which Google Groups and mailing lists developers relevant to your event may be hanging out. Don’t spam them, though – nobody enjoys that.

On Announcing everything seemed perfect. Everything you needed to know was at hacked.io and the almanac seemed to have all FAQs ready to go. I also felt they hit the right level of communication. Not too much and not too little. Maybe from a supporter side a tiny bit more might not have gone a miss. But generally it was all good.

Registration was cool but my allergy information did get post in the mix. And I did feel sorry for those who were waiting in the massive line for a long while.

The venue should be relatively easy for people from outside of town to locate, with good public transport links. If it’s difficult to reach, try to provide alternative means of transportation, such as coaches to/from local transport hubs throughout the event. Provide a full address, and if necessary, additional instructions to all attendees well in advance of the event.

Include instructions/contacts/getting in arrangements, too (i.e., what to do at reception/security desks).

Print big signs that will guide your attendees to the venue (and in some case inside the venue).

Hacked.io starts

The venue was top class and a dream to be able to use. The transport links to the 02 are great and I do remember the first time Cristiano and Kevin told me they were looking to use the 02. I was gob smacked. How on earth did they pull that one off?  I had looked at the 02 when we were working on Hackday but it was far too expensive. Transport wise its got plenty going for it and heck its easy on the tube. Many signs and even billboards pointed people in the right direction. There were even helpers guiding people to the right place. Of course getting back was easy even at 5:30am due to the 24hour buses which run to central London when the tube stops.

Of course the venue was accessible with lifts and what not, maybe the stage needed a lift too? And I found the security staff quite firm but nice. I think they were a little bemused by the whole event.

Date clashes. One of the most frustrating things for attendees to see is two similar events on the same day in the same area. To avoid this, check places like Lanyrd, Eventbrite, Meetup, and ask on Twitter “is anything going on in X on X?”. Remember that people may be travelling long distances for hack days, so even if an event is a few hundred miles away, you are still diluting your potential audience.

Always a hard one to solve but they got it out there early enough and the only clash I saw was with Mozilla’s Party Hack which I believe was cancelled when the clash came to light.

If attendees are staying overnight, then a separate (dark, quiet) area should be available away from the hacking should people decide to sleep. If possible, this should be several areas potentially including dedicated areas, for example male/female/mixed, minors (+chaperones?), snorer/non-snorer, night-owls/early birds.

I didn’t check out the sleeping arrangements because I stayed up till 5:30am then walked to my hotel in Greenwich. I noticed there were areas upstairs for sleeping and I assume they were separated or whatever. While downstairs was a place for hacking all night. Of course some people fell a sleep at their computers.

2013-07-21%2003.24.50

The Network. Hack days have special requirements: don’t just trust anyone who tells you that “it’ll be fine”. Think about the networking issues, and verify that they work for the kind of capacity you are going to have. People from the venue or their commercial partner will tell you all sorts of things you want to hear but keep in the back of your mind that they may not have any clue what they are talking about. Given the importance of network access, if you are operating a commercial event consider requiring network performance as part of your contract with venues and suppliers.

One of the bug bears of almost any hackday event. Unfortunately hacked.io was effected pretty badly by 2.4ghz wireless problems. There was a figure banded around estimating 4 devices for every single person in the room. That means supplying wireless for 2000 devices! When we did hackday we estimated roughly 2 devices per person. There seems to be plenty of bandwidth in the backend pipe, because once plugged into a switches (the solution to most of the problems) it was fast and reliable. I had to download the JDK and I blinked and it was downloaded.

So what was the problem? Seems some device was spitting out packets into the 2.4ghz space and disrupting the network at the same time. I have some experience of this when the Nimba virus was prevalent and daily Ravensbourne IT staff would have to go find the suspect before they switched to 802.11x authentication. Nimba would just consume the network and all its resources, before you knew it. All spare 802.11 space was crammed with packets

They had the best guys involved in the networking and wireless. Nexus Global networking battled away till most of the machines were on wired network but it was a black eye on a perfectly run event.

Power wasn’t a problem thankfully, lots of spare power sockets all over the place.

Food & Drink…Not everyone in the technical community is hypercarnivorous. Be sure to check with your attendees for dietary requirements: food allergies, vegetarians, vegans and people with dietary restrictions. Make provisions to ensure they are provided for equally. If you’re on a budget, prioritise allergies and vegan alternatives; the vegan alternative will satisfy most non-allergy based requirements. Common food allergies include milk, eggs, nuts, fish, shellfish, soya, and wheat (gluten).

Food was good (mainly salad pots) and there was pizza as a midnight surprise. The dinner was good because there was tickets for 4 different restaurants in the dome. But most people said the portions were quite small and seeked out more food elsewhere. For example my work friends were lucky to get the thai silk tickets which I gather were in high demand. GBK seemed to be 2nd. Last place was dinner at the 02 lounge Which I got stuck with. The last thing I really wanted to eat was mash potatoes and sausages. Weirdly I couldn’t mix the food according to the lady serving!

For the midnight surprise Pizza hut delivered Pizzas but the word didn’t quite get out so quickly so most of the meat ones were gone and we were left with cold pizza. That will teach me to sit and chat upstairs.

There was some confusion over alcohol too but it worked it self out. There was plenty of Fruit and Chocolate, Crisps, Soda and Water around all day and night too.

2013-07-21%2002.16.34

APIs and Datasets was a interesting angle because unlike other hackathons, there was no set API or datasets to play with. You could use what ever you liked but there were challenges for those who couldn’t think of something themselves or needed to be challenged.

Hacked.io demos

Anyone who hacks should be a allowed to Demo at the end of the event, regardless of the quality or completeness.

Each demo should be given a fixed time limit, standard times are 60, 90, 180, and 300 seconds. Tell presenters ahead of time, let them know how much time remains (either half time cards or an on-screen count down), and don’t let them run over.

Try and communicate clear expectations for the demos to all attendees from the beginning of the event. Some attendees will become frustrated when they see others demo-ing paper prototypes or Photoshop mockups when they believed a working implementation was required. If hacks do not meet these base requirements, they should not be able to win a prize.

The demos were by the book. I was very impressed by the use of Hackerleague. Never used it before but I like it a lot. Now if Lanyrd and Hackerleague could connect together… 90 secs was about right for each hack. The only down side was being split up from the hackers presenting but honestly it was for a short time only.

I was really impressed with the range of hacks, I wrote some down which I’d like to follow up on from a BBC point of view and of course hackerleague makes it nice and easy to follow up.

Hacked.io demos

The amount of Philips Hue hacks was impressive and makes sense because I think a lot of people thought it was a totally closed system which was tied to Apple. The amount clearly points the fact Hacked.io was comfortable. People were willing to take more risks and actually learn something new. That makes hacked.io a success right? A return to the learn, build and share ethics of hackers.

I’d also like to say it was amazing all the extra effort the team put in. There was a theme of dogs over cats, be more curious, plus fun and fake facts in the toilets, magically boxes on the tables, the tag line everywhere and finally the first 100 through the door got a prize! Talk about attention to detail! Now thats how you run a hackday!

Massive thanks to the Geeks of London, 02 and everyone who attended and made it a great event. Like everyone asked me after hackday, so whens the next one?

2013-07-21%2016.42.45