The Market Ticker
Commentary on The Capital Markets- Category [Small Business]
Logging in or registering will improve your experience here
Main Navigation
Full-Text Search & Archives

Legal Disclaimer

The content on this site is provided without any warranty, express or implied. All opinions expressed on this site are those of the author and may contain errors or omissions.

NO MATERIAL HERE CONSTITUTES "INVESTMENT ADVICE" NOR IS IT A RECOMMENDATION TO BUY OR SELL ANY FINANCIAL INSTRUMENT, INCLUDING BUT NOT LIMITED TO STOCKS, OPTIONS, BONDS OR FUTURES.

The author may have a position in any company or security mentioned herein. Actions you undertake as a consequence of any analysis, opinion or advertisement on this site are your sole responsibility.

Market charts, when present, used with permission of TD Ameritrade/ThinkOrSwim Inc. Neither TD Ameritrade or ThinkOrSwim have reviewed, approved or disapproved any content herein.

The Market Ticker content may be sent unmodified to lawmakers via print or electronic means or excerpted online for non-commercial purposes provided full attribution is given and the original article source is linked to. Please contact Karl Denninger for reprint permission in other media, to republish full articles, or for any commercial use (which includes any site where advertising is displayed.)

Submissions or tips on matters of economic or political interest may be sent "over the transom" to The Editor at any time. To be considered for publication your submission must include full and correct contact information and be related to an economic or political matter of the day. All submissions become the property of The Market Ticker.

Considering sending spam? Read this first.

2018-11-07 06:57 by Karl Denninger
in Small Business , 52 references
[Comments enabled]  

So about those locks.....

 

One of the challenges I've had with allowing the manipulation of lock state (other than lock/unlock, or setting the keypad on or off) is the risk of someone picking off a code from your phone -- and then being able to break into your house.  For obvious reasons that would be bad.

I've decided to leverage the notification system built into the software for this purpose.  This has several advantages, chief among them being that neither the phone or the base software has to store a code from a lock in any case.

If you select "Get Code in Slot" and enter the slot number when you click Execute HomeDaemon-MCP retrieves the code in real time over the AES-encrypted channel from the lock and sends it back to your device via the encrypted notification system.  It never touches anything else (like the cloud) and is not stored anywhere other than in RAM on the device when displayed in the notification pane, which can be dismissed.  In addition there is no storage off-site, anywhere, of the event itself either so Mr. Subpoena (or "Mr. NSL") can pound sand since nobody can produce what they don't have.

If you set a code it is transmitted to the lock.  Ditto for deleting a code.

Codes on most common locks (they're all using the same basic board) can be 4 to 8 numeric digits.  8 is quite secure; 4, not so much, although after a few (wrong) attempts the lock will raise an alarm exception.  In all cases when the change "takes" an exception is raised back to the phone, so you know it went through, exactly as is the case for an asynchronous event (e.g. someone uses the code to open the lock.)

Disabling the keypad locks out all the codes, instantly (very useful if you're not at home, don't expect to be home, and don't want anyone to be able to open the door.)  The state of the lock in the background is currently set this way ("Prohibited" .vs. "Accessible.")  Oh, and the manual operation of the lock (e.g. with a key or the inside knob) is also instantly reported.

Again -- no cloud, no BeeEss, no stealing.

HomeDaemon-MCP is available to the firm, large or small, that wants to disrupt the model of "smart home" systems.  All rights, source and all, to both the base code running on a $35 piece of hardware and the Android app are included.  Look to the right and email me today!

View this entry with comments (opens new window)
 



2018-10-16 15:34 by Karl Denninger
in Small Business , 120 references
[Comments enabled]  

HomeDaemon-MCP's Android App now knows how to handle multiple locations at once -- with always-on 24x7 monitoring and control from anywhere, without any cloud involvement.

 

Got a rental house plus your own residence?  Vacation home?  Three properties?  Five?  Need to be able to open the front door for a property manager in real-time to show a rental -- and know if someone uses a 
key to lock or unlock the front door in real-time as well?  No problem.

In addition the license server now populates the HomeDaemon.Org domain automatically when a license registers or renews, and as a result for those who don't have a convenient "dynamic dns" provider, or don't wish to set one up you no longer need to -- the software does it for when the license is validated.  While this is not instant response if your IP number changes but connectivity does not go down or the unit resets (e.g. power goes off) it is convenient and "no setup required."

You may suspend monitoring on any declared host if you wish at any time, and then turn it back on without altering the others, or having to re-enter a password.  As has been the case thus far in the app's development cycle no passwords are saved, ever in the app itself or in the app's data store.

Power consumption with full-time monitoring enabled and your phone sleeping continues to be negligible -- and yet no cloud management or storage tools are used anywhere in the application.  Nobody gets your data but you -- ever -- on your house. Not your coming and going, not the motion, your thermostat or camera data.

It's yours, and only yours.

Again HomeDaemon-MCP is for sale as a complete, ready-to-go package needing only to have the customer front-end set up to meet your desired licensing scheme.  All rights are available at a very reasonable price -- contact me today if you're interested (and of course can fund the acquisition) and we'll move forward!

View this entry with comments (opens new window)
 

2018-07-27 13:32 by Karl Denninger
in Small Business , 87 references
[Comments enabled]  

Look to the right and email me if you're an entrepreneur looking for a no-cloud, no bee-ess, home control system that was designed from the ground up to be fast, nimble, licensed on a flexible basis (e.g. subscription if you wish, perpetual, "per version upgrade", etc) and is ready to rock-n-roll.  More info here: http://homedaemon.net 

First come first serve, rest cry!

View this entry with comments (opens new window)
 

2018-06-20 14:36 by Karl Denninger
in Small Business , 96 references
[Comments enabled]  

I got 99 problems but secure control of my house isn't one of them.

In no particular order:

  • Problem: Cameras are great. The let you see inside your home when you're not there, along with the periphery.  The problem is that they're inherently insecure, the most-common protocol to view them has no security on the video whatsoever, all of them "phone home", they have low-powered CPUs in them for cost reasons, and they are made and designed in China with who-knows-what sort of back doors in their software.  Solution: HomeDaemon-MCP secures your cameras, making it possible to completely detach them from outside access.  You can obtain the "latest" (last movement) still or real-time video from them over a completely secure connection on your phone at any moment you desire -- from anywhere in the world, and if desired grab an "on demand" video clip to your mobile device.  In addition unlike the simple "if I see movement or detect sound" upload to an insecure cloud some faceless company owns and may use for marketing or other purposes (or almost-as-bad, on-site SD card storage that is trivially stolen by a burglar) HomeDaemon-MCP can, on any set of conditions you define (no matter how complex) upload a fully-secure video clip of a length you determine to a site you, and only you, control using industry-standard and accepted secure communications for use by yourself or the authorities in prosecuting criminal acts.

  • Problem: Locks and other access control devices (e.g. garage door openers) have AES-encrypted (highly secure) options for control, but the "pairing" process is fraught with risk.  Existing controllers poorly handle this, having intentionally sacrificed security on the altar of "convenience", making possible theft of the network security key after which any and all "encrypted" traffic could be intercepted or modified from more than 100' away -- more than enough to tamper with your house from next door or in the street.  This, theoretically at least, could allow a thief to command your door or garage to open for him!  Solution: HomeDaemon-MCP refuses to answer "S0" keying (the risky event) at high power intentionally, preventing key interception at long range with 100% certainty even if you are tricked into attempting to re-install a device.  Instead for S0 secure Z-wave nodes you remove the stick from the controller and pair it at the device itself, which reduces the potential range of interception to inches from hundreds of feet. 

  • Problem: Existing systems all rely on the "cloud" in some fashion or form.  But "cloud" computing is inherently insecure due to computer design priorities that put performance before security, never mind being fraught with the risk that if a server goes down hundreds of thousands or even millions of consumers lose monitoring and control access at once!  Then there are the "microphones" that are supposedly only listening for specific commands yet have been shown to record and send conversations to others without being told to to do so.  Answer: HomeDaemon-MCP never uses voice commands because voice commands are inherently insecure as a microphone must be on and listening all the time in order to detect the alleged "trigger" word or phrase.  This means a programming error or intentional misconduct by a vendor can trivially record, steal and use the contents of your most-intimate conversations -- those in your home (or even bedroom!)  We all have our phones with us today; unlocking yours and touching a screen requires two actions confirming your intent to do something, while denying interception and exploitation by either error or malice.

  • Problem: "Skills" loaded to a device from some third party inherently rely on trust you place in someone else to not misuse your data or worse, spy on you intentionally.  The incentives to violate your trust or spy on you are great and the penalties for firms caught misusing your data have never resulted in a single criminal prosecution of anyone, ever, in the history of these devices and companies.  There is no incentive for a firm not to do this sort of thing because any "penalty" is always limited to a fine (and then only rarely), which is simply passed on to you in the form of higher prices.  Solution: HomeDaemon-MCP is configured and controlled entirely by you or your chosen installer on a local basis in your home, with its configuration stored on a local SD card.  It relies on no external "skills" or code, ever.  You can always, as an administrator and the owner of your home, look at and verify what it is looking at and what actions it takes because unlike an opaque "skill" the configuration is all in an English-like language that is easily understood.

  • Problem: "Cloud" solutions to notifications and events are touted as "more friendly" yet sacrifice security and privacy on the altar of someone else's convenience, particularly when it comes to your mobile phone.  Answer: HomeDaemon-MCP's Android app has zero reliance on a "cloud" for anything, including real-time monitoring.  It provides notification of events as they occur within 90 seconds, even when your phone is asleep and in "low power" mode, and within one second when it's awake, frequently beating the delivery of a text message when sleeping and always beating it when the device is awake, and yet the app consumes only about 1% of your phone's battery power overnight to do so.

  • Problem: Storing passwords on a mobile device is fraught with risk for all the obvious reasons, yet most apps do exactly that, again for your convenience.  Answer: HomeDaemon-MCP's Android app never stores a password.  It instead obtains an authentication token of which you control the length of validity.  Further, a second, one-time use token is returned to the device which is valid for only one command after which it expires, preventing "injection" attacks launched from malicious web sites you may accidentally visit from working.  With no password stored by the app it's impossible to steal it since it's never stored, but only presented when necessary to obtain the authentication token.  Should you lose your mobile device logging out from any device (e.g. a web browser) instantly invalidates the access (and one-time-use) tokens, rendering the connection immediately secure from further access.

Got a desire to make a lot of money?  Then pay me a reasonable amount, own this wholesale (including source) and make a fortune. 

Email karl@denninger.net for more info, or look here.

View this entry with comments (opens new window)
 

2018-05-14 14:28 by Karl Denninger
in Small Business , 121 references
[Comments enabled]  

Well, that wasn't all that hard.

I've never previously written a single line of Java, nor developed for Android.  Ported Android itself, yes, but not written apps -- nor used "Android Studio", Google's IDE for it.

A few weeks ago I bought the "Big Nerd Ranch" book on it, and read it.  It's a solid couple inches thick and, if you've never done programming, you'll be lost in the first half-dozen pages.  Figuring out Java at the same time was quite a trick (and one the authors warn against), but being a guy I don't read instructions anyway.

 

But now Beastie (yes, phk, the beer is on me if we are co-resident somewhere) peeks out the window, and the App lives.

 

I find some of the admonitions from Google rather amusing.  They really want you to use their cloud message management system rather than exempt your app from their battery sleep/doze stuff, for example.  I understand why, in many cases, but, in this specific case.... nope, nope and nope.  The impact on power consumption?  Nearly unmeasurable over a full night's sleep with the phone unplugged; according to GSAM consumption is about 1% over 8 hours.

A couple of weeks post-sitting down with this monstrosity and there's an app, complete with power management, background networking, preferences and all that.

HomeDaemon-MCP itself (the server/operational piece) has been taught how to do persistent notifications to mobiles as well, which is very nice.  What that means is that if you "miss one" because you're out of range (for example) as soon as you come back into range you'll get the notification.  Ditto if your phone reboots.  This also means that the complexity of said notifications can be infinite, and is subject to user permissions.

Speaking of which that's one of the big deals.  Multiple users with different permission bit masks are fully supported down to an individual device level for both read and write access flags.

I don't know if I prefer the app over the web interface for HomeDaemon-MCP, to be honest.  The app has its advantages on a phone, not the least of which is its persistence and notification capabilities.  That's real nice; what I used to do for notifications was to have the base system send a text message.  That works of course but this is nicer, easier to customize (choose your tone, do you want vibration or just sound, etc) more-granular, and has less risk of getting lost (yes, carriers do lose text messages on a somewhat-regular basis.)

The "about" page can be read here for the app... I think you'll like it.

If you do, and want to pick up the whole package -- including the App -- for marketing and sale of course, the email link is on the right.  No cloud used, security is completely under the owner's control and licensing is done with privately-CA-issued certificates -- which are damn near bomb-proof and enable both buy-once-use-forever models as well as annual or even monthly subscription-type licenses.  You choose.  And yes, the price for the whole shooting match is reasonable.

View this entry with comments (opens new window)