zlacker

>>linker+(OP)
I wish there would be an appliance manufacturer that would actually hire developers to create and maintain Home Assistant.

>>elkos+ya
Home Assistant users are small minority of many of these companies user bases (including ours), and these integrations being locally focused often poll HEAVILY causing an upside down ratio in API traffic compared to all other users.

The solution is to allow local interfaces (matter, HTTP, etc) but most company cybersecurity teams just freak out at this.

Oh, and the reason we don't have a full time team managing HA is like I said.. addressable market versus FAANG/Samsung.

It takes a full time person (persons) to manage Alexa, Google, Samsung, etc.

>>superg+bf
Why would the cybersecurity freak out at that, that seems opposite. The company owning the data (and controls!) is much more of a risk.

>>stefan+Tg
Don't ask me to explain the mindset of your average "tool runner" cybersecurity person.

I've long advocated a local HTTP interface for our products, but usually a losing battle.

>>superg+mh
>local HTTP interface

A lot of the worst IoT vulnerabilities in the past have been due to exactly that. 'Local' unfortunately isn't something decided at design time, it's decided when someone connects it to a network. Most people plugging these devices in don't have any clue how to simultaneously secure them and connect them to the internet, so they often end up directly on the internet with default credentials or with outdated vulnerable software and a port open. That's the biggest reason all of the major players now just close all inbound ports and reach outbound to a cloud service. It checks both boxes of usability and network security with even the most misguided user.

Yes, this arrangement sucks for people who know better. But we aren't the people in the user stories.