Someone posted that URL as a separate submission shortly after this was submitted, but rather than splitting the discussion, we've merged the comments here so it can all be discussed as one topic.
balloob
Founder Home Assistant here. Want to chime in that I always love to see write ups like these to see the great things what people achieve with Home Assistant.
Not everyone might know, but last year we started the Open Home Foundation[1] as a non-profit in Switzerland and I donated Home Assistant to it[2]. It's fully funded by users. There are no investors involved.
We are fully committed to building out a smart home that focuses on local control and privacy. Yes there are rough edges, but we're actively working on it in the open, with progress being released every month.
My friend uses self-hosted open-source software to monitor all his home IoT devices[1] and copies important information to the cloud. I'm using StarFive VisionFive 2 to host my database for monitoring, but also have a copy of the data of a chip hetzner arm vps, as well as hosting backups on the two different clouds. I know users who are running[2] for years to monitor Solar panels, lawn watering and vegetable garden watering.
My question is: is it really convenient to use only SaaS now if there is always the possibility of losing your data? I am referring to the case described in the article.
At some point a company is going to start making hackable, local connection devices (cloud optional) with published APIs and sell them at a higher price tag, and they’re going to be fabulously wealthy, commanding higher margins than the others.
At least, that’s what I like to tell myself.
show comments
protocolture
Home Assistant is great, I have been able to push it to do things I wasnt expecting it to permit. Just running Python within a container arbitrarily interacting with the network and sensors. I used it to backend my own home web application.
I believe a lot of people who are upset with the product have radically incorrect expectations.
Home Assistant is a very popular home automation platform used by many. Most articles and posts fail to mention concerns regarding the user experience, security and long term stability. The most common complaints are related to the ease of use and to the backwards incompatible changes. The ease of use complaints are usually about setting it up, putting together automations and setting up dashboards.
Home Assistant is described as a home automation solution which runs locally on your hardware inside your home. Its current development process has many issues.
https://github.com/home-assistant/frontend/issues/18549 is a serious privacy concern. Nabu Casa and the owners of the CDN can collect the following information about the users of a Home Assistant installation: the integrations they use, the IP address of all devices which use the particular Home Assistant installation, the user agent of the device opening the dashboard, the precise location based on IP address, the user's ISP and possibly very specifically the people through a combination of IP address associated with a specific set of integrations configured for an installation. Nabu Casa employees can claim that the data isn't sold or used. The people who run the CDN can do as they please without Nabu Casa's knowledge. It's not possible to load these icons without an Internet connection.
The recent changes made to the backups in Home Assistant OS aren't user friendly. It's no longer possible to make an unencrypted backup without resorting to manual work by invoking an action. This arbitrary change wasn't necessary. It shows that the development process is chaotic and without a clear focus on making Home Assistant a more polished solution with the user in mind. It's just what they want to do.
Security is yet another weak point for this project. Home Assistant is a Python monolith with 1000 direct Python dependencies and countless other indirect dependencies https://github.com/home-assistant/core/blob/dev/requirements.... All these Python packages and their dependencies are bundled in everyone's Home Assistant installation. This is likely the biggest Python monolith in existence. You can compromise this project by compromising any dependency. Some of these packages are provided by Chinese companies for cloud based integrations.
Some addons can only be run with net: host on Home Assistant OS. This is one more potential vulnerability if one of these addons is compromised.
Bugs and regressions frequently get ignored on their tracker. There's a bot which closes tickets for which the developers have no interest. They choose to implement new features and to refactor without concern for people who can no longer do what was once possible. Features can change from month to month without any regard for the user's experience or for the overall stability. The graphs are one such example. New or changed functionality appears to lack thorough design before implementation. Unstable changes make it into stable releases every month.
Paulus has recently stated that Home Assistant is the best home automation solution out there. It's not really the best because it's very good. It just happens to be the most popular among people with some technical skills. It's the best because the others are very bad, support less hardware, require a cloud connection, have poor security, are privacy invasive, require a subscription, are extremely expensive, are updated once per year or for several of the mentioned reasons.
Home Assistant's advantage over commercial solutions is its large number of integrations, that it's open source and that there's a large community behind it. I wouldn't call it better at all. It's very similar to commercial solutions when privacy, security and usability concerns are ignored. The advantage of some cloud free commercial solutions is that they're likely to be more stable without breaking something once per month or every other month.
Those who still want to run Home Assistant may want to run it as a Docker container without Home Assistant OS, to use a separate network for the smart home devices, to avoid cloud connected cameras, to avoid cloud based integrations and to isolate Home Assistant from the other non-IoT devices found on the network. It can be a high value target for hackers and for companies who want to sell your data. I wouldn't recommend running it if one's not tech savvy. It's not something one sets up for someone else who's not tech savvy either. Things will break. It's just a matter of time.
Please note this is a two-part series. The second part can be read here:
https://lwn.net/SubscriberLink/1017945/93d12d28178b372e/
Someone posted that URL as a separate submission shortly after this was submitted, but rather than splitting the discussion, we've merged the comments here so it can all be discussed as one topic.
Founder Home Assistant here. Want to chime in that I always love to see write ups like these to see the great things what people achieve with Home Assistant.
Not everyone might know, but last year we started the Open Home Foundation[1] as a non-profit in Switzerland and I donated Home Assistant to it[2]. It's fully funded by users. There are no investors involved.
We are fully committed to building out a smart home that focuses on local control and privacy. Yes there are rough edges, but we're actively working on it in the open, with progress being released every month.
~Paulus Founder Home Assistant & President Open Home Foundation https://github.com/balloob
[1]: https://www.openhomefoundation.org [2]: https://www.openhomefoundation.org/blog/announcing-the-open-...
My friend uses self-hosted open-source software to monitor all his home IoT devices[1] and copies important information to the cloud. I'm using StarFive VisionFive 2 to host my database for monitoring, but also have a copy of the data of a chip hetzner arm vps, as well as hosting backups on the two different clouds. I know users who are running[2] for years to monitor Solar panels, lawn watering and vegetable garden watering.
My question is: is it really convenient to use only SaaS now if there is always the possibility of losing your data? I am referring to the case described in the article.
[1]: https://vrutkovs.eu/posts/home-infra/ [2]: https://github.com/VictoriaMetrics-Community/homeassistant-a...
PS: I'm working at VictoriaMetrics company
At some point a company is going to start making hackable, local connection devices (cloud optional) with published APIs and sell them at a higher price tag, and they’re going to be fabulously wealthy, commanding higher margins than the others.
At least, that’s what I like to tell myself.
Home Assistant is great, I have been able to push it to do things I wasnt expecting it to permit. Just running Python within a container arbitrarily interacting with the network and sensors. I used it to backend my own home web application.
I believe a lot of people who are upset with the product have radically incorrect expectations.
Thanks! Check out Lars' channel for some interesting insights into Home Assistant with remote sensors: https://www.youtube.com/@LarsKlintTech/search?query=home%20a...
The data ownership reminds me a bit of an early business ummm transaction if Dr Phil:
1. Sell the gullible public long-term memberships to a gym, with long-term subscriptions.
2. Sell the subscriptions to a 3rd party.
3. Close gym. Subscription contract still valid.
https://www.celebitchy.com/8971/dr_phil_ran_a_health_club_sc...
Home Assistant is a very popular home automation platform used by many. Most articles and posts fail to mention concerns regarding the user experience, security and long term stability. The most common complaints are related to the ease of use and to the backwards incompatible changes. The ease of use complaints are usually about setting it up, putting together automations and setting up dashboards.
Home Assistant is described as a home automation solution which runs locally on your hardware inside your home. Its current development process has many issues.
https://github.com/home-assistant/frontend/issues/18549 is a serious privacy concern. Nabu Casa and the owners of the CDN can collect the following information about the users of a Home Assistant installation: the integrations they use, the IP address of all devices which use the particular Home Assistant installation, the user agent of the device opening the dashboard, the precise location based on IP address, the user's ISP and possibly very specifically the people through a combination of IP address associated with a specific set of integrations configured for an installation. Nabu Casa employees can claim that the data isn't sold or used. The people who run the CDN can do as they please without Nabu Casa's knowledge. It's not possible to load these icons without an Internet connection.
The recent changes made to the backups in Home Assistant OS aren't user friendly. It's no longer possible to make an unencrypted backup without resorting to manual work by invoking an action. This arbitrary change wasn't necessary. It shows that the development process is chaotic and without a clear focus on making Home Assistant a more polished solution with the user in mind. It's just what they want to do.
Security is yet another weak point for this project. Home Assistant is a Python monolith with 1000 direct Python dependencies and countless other indirect dependencies https://github.com/home-assistant/core/blob/dev/requirements.... All these Python packages and their dependencies are bundled in everyone's Home Assistant installation. This is likely the biggest Python monolith in existence. You can compromise this project by compromising any dependency. Some of these packages are provided by Chinese companies for cloud based integrations.
Some addons can only be run with net: host on Home Assistant OS. This is one more potential vulnerability if one of these addons is compromised.
Bugs and regressions frequently get ignored on their tracker. There's a bot which closes tickets for which the developers have no interest. They choose to implement new features and to refactor without concern for people who can no longer do what was once possible. Features can change from month to month without any regard for the user's experience or for the overall stability. The graphs are one such example. New or changed functionality appears to lack thorough design before implementation. Unstable changes make it into stable releases every month.
Paulus has recently stated that Home Assistant is the best home automation solution out there. It's not really the best because it's very good. It just happens to be the most popular among people with some technical skills. It's the best because the others are very bad, support less hardware, require a cloud connection, have poor security, are privacy invasive, require a subscription, are extremely expensive, are updated once per year or for several of the mentioned reasons.
Home Assistant's advantage over commercial solutions is its large number of integrations, that it's open source and that there's a large community behind it. I wouldn't call it better at all. It's very similar to commercial solutions when privacy, security and usability concerns are ignored. The advantage of some cloud free commercial solutions is that they're likely to be more stable without breaking something once per month or every other month.
Those who still want to run Home Assistant may want to run it as a Docker container without Home Assistant OS, to use a separate network for the smart home devices, to avoid cloud connected cameras, to avoid cloud based integrations and to isolate Home Assistant from the other non-IoT devices found on the network. It can be a high value target for hackers and for companies who want to sell your data. I wouldn't recommend running it if one's not tech savvy. It's not something one sets up for someone else who's not tech savvy either. Things will break. It's just a matter of time.