Welcome to the EGGhead Forum - a great place to visit and packed with tips and EGGspert advice! You can also join the conversation and get more information and amazing kamado recipes by following Big Green Egg to Experience our World of Flavor™ at:
Want to see how the EGG is made? Click to Watch
Facebook | Twitter | Instagram | Pinterest | Youtube | Vimeo
Share your photos by tagging us and using the hashtag #BigGreenEgg.
Share your photos by tagging us and using the hashtag #BigGreenEgg.
Want to see how the EGG is made? Click to Watch
SmoBot porn
Options
Comments
-
paqman said:brentm said:do you want to know who I'm most disappointed about?
@paqman
you should have my back on this freshmen level security concerns.
I realize you have politics. But there's what's right and what's right.
And if any one of you sit there and tell me that that little paddle lock *UNLOCKED* is EVER OK in your world.
Please get the fucko out of my life.
I'll continue posting about whatever I want to talk about until I decide to stop.
Are we clear?
-Brent"I've made a note never to piss you two off." - Stike -
Is BrentM maybe Lit?Greensboro North Carolina
When in doubt Accelerate.... -
johnmitchell said:Is BrentM maybe Lit?____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
-
I remember when this was a much more friendlier place
-
“Reality is that which, when you stop believing in it, doesn't go away.” ― Philip K. Diçk
-
A couple of things here:
I always assume that my network is compromised so my devices are configured taking that into consideration.
My IOT devices are all installed on a dedicated network/router. My home devices are connected on another router. My work devices are connected to a dedicated router with wired connections. If you connect an IOT device to your home wifi, you should assume that your wifi keys have been compromised. I realize that this is overkill but I was a smart home early adopter, my whole home is smart so this was my way to mitigate the risk and I am ready to pull the plug if there was a sign that my IOT network is in fact compromised. Homekit is lagging behind feature wise but it is the most secure of all options available at the moment.
Plain HTTP is not a bad thing to have for devices like this because some legacy devices (tablets, etc) are not compatible with modern ciphers so leaving the option available is not a bad thing IMHO, just use/bookmark HTTPS if you can.
I am not familiar with the device and what it stores in the cloud but I would be more concerned with passwords/keys/personal data stored in a database in the cloud than the HTTPS redirection.
I don’t understand the need for a temp controller on the egg. I basically set it and forget about it. I can get rock steady temps for over a day. A way to remotely monitor temperature is all I need.
Any device that depends on a private cloud is a waste of money IMHO as it will be useless if the vendor goes out of business.
About the wifi issue, I suspect it is somehow related to 5GHZ vs 2.4Ghz conflict or 20/40MHZ coexistence. I am myself fighting with an issue adding a LIFX bulb to homekit because of that.____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli -
[Hurtful, yet jocular, post deleted]
-
paqman said:A couple of things here:
I always assume that my network is compromised so my devices are configured taking that into consideration.
My IOT devices are all installed on a dedicated network/router. My home devices are connected on another router. My work devices are connected to a dedicated router with wired connections. If you connect an IOT device to your home wifi, you should assume that your wifi keys have been compromised. I realize that this is overkill but I was a smart home early adopter, my whole home is smart so this was my way to mitigate the risk and I am ready to pull the plug if there was a sign that my IOT network is in fact compromised. Homekit is lagging behind feature wise but it is the most secure of all options available at the moment.
Plain HTTP is not a bad thing to have for devices like this because some legacy devices (tablets, etc) are not compatible with modern ciphers so leaving the option available is not a bad thing IMHO, just use/bookmark HTTPS if you can.
I am not familiar with the device and what it stores in the cloud but I would be more concerned with passwords/keys/personal data stored in a database in the cloud than the HTTPS redirection.
I don’t understand the need for a temp controller on the egg. I basically set it and forget about it. I can get rock steady temps for over a day. A way to remotely monitor temperature is all I need.
Any device that depends on a private cloud is a waste of money IMHO as it will be useless if the vendor goes out of business.
About the wifi issue, I suspect it is somehow related to 5GHZ vs 2.4Ghz conflict or 20/40MHZ coexistence. I am myself fighting with an issue adding a LIFX bulb to homekit because of that.
I don’t get if I just spent 30 mins reading this thread he loves it, hates it, loves it, hates it, is going to blow up smobot, loves it, hates it, buys a 2nd.Do people not use burner emails for things like the smobot account? I don’t feel like smobot is going to be a big hacking target, it’s not like you get a huge audience from it so the HTTPS redirect isn’t a huge deal to me.Last @brentm one thing I was taught about buttons at an early age, if you don’t know what the f€<k a button does don’t push it. Assumptions make an ass out of you. -
Did the rocks probe thread end in a melt down as well?
South of Columbus, Ohio. -
alaskanassasin said:Did the rocks probe thread end in a melt down as well?
-
@U_tarded - agreed - I looked online for a "factory reset" sequence. Typically, you can google "[device name] factory reset" - couldn't find it. It was late, I just wanted to reset it so I could get wifi working. jesus, crucify a guy for that would ya?
yes, it was a "real-time" experience. so you experienced what I felt as I unboxed the device, plugged it in, tested it, photographed it, etc.
I still love it.
I bought a second. I figure you guys will throw my results out with the "dev" code.
It's my money, can I spend it how I please? Please?
@paqman - appreciate your input. I think you're being soft. Your "cloud" portal login typically comes from a modern browser, on a modern OS. And you think it's OK to send your "cloud" credentials for SmoBot (or anything) in the clear?
peanut gallery. meh - please stop rationalizing their security failures. let the data speak for itself.
-
U_tarded said:
...Last @brentm one thing I was taught about buttons at an early age, if you don’t know what the f€<k a button does don’t push it. Assumptions make an ass out of you.
If you don't know what a button does, you should DEFINITELY push it and find out.
"Hold my beer. I'm gonna push this...."#1 LBGE December 2012 • #2 SBGE February 2013 • #3 Mini May 2013A happy BGE family in Houston, TX. -
brentm said:
@paqman - appreciate your input. I think you're being soft. Your "cloud" portal login typically comes from a modern browser, on a modern OS. And you think it's OK to send your "cloud" credentials for SmoBot (or anything) in the clear?
Again, how well their database is protected is what I would be concerned about. SQL injection is another thing.____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli -
@paqman - agreed. I cannot say how they store OUR credentials "at rest". I'm looking at in-transit. I'm not pen testing their cloud datacenter. That's not what this is about. No SQL injections here..... pay me.
But click here.... and pretend you're as dumb as the rest of the people in this thread
http://mysmobot.smobot.com/login/auth
-
-
Can’t wait for this to shift to testing of lump.
-
alaskanassasin said:@reinhart36 What say you!?
How many of you guys emailed the company out of band to warn them of this evil hax0r? Cucks.
I guess I'll cancel the FlameBoss. Clearly you guys aren't interested in honest review.
-
Could you please hold off on any updates until this weekend (Thurs-Sun)?
I want to give it my full attention. And I don't have any popcorn at work, either.
Thanks.#1 LBGE December 2012 • #2 SBGE February 2013 • #3 Mini May 2013A happy BGE family in Houston, TX. -
I am interested. Everybody just need to calm down. Here’s my plan:
-we start posting political memes
-buffalo will kill the thread
-wait a few days, everyone will forget about this thread
-start over, everyone love each other again 😂____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli -
Let me start
____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli -
____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli -
caliking said:Could you please hold off on any updates until this weekend (Thurs-Sun)?
I want to give it my full attention. And I don't have any popcorn at work, either.
Thanks.____________________Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli -
caliking said:Could you please hold off on any updates until this weekend (Thurs-Sun)?
I want to give it my full attention. And I don't have any popcorn at work, either.
Thanks.
-
@paqman - who's pocket are you in?
-
fun fact: just the fact that they haven't already fixed it says something.
@paqman - please tell the class what it says when they can't just flip that little redirect switch?
couldn't leave me alone could ya?
-
full disclosure: I haven't run a pcap yet. just having a little fun
-
brentm said:alaskanassasin said:@reinhart36 What say you!?
How many of you guys emailed the company out of band to warn them of this evil hax0r? Cucks.
I guess I'll cancel the FlameBoss. Clearly you guys aren't interested in honest review.What were you likely to tell us about any pit controllers that we didn't already likely know?In the case of the Smobot you have a couple people here that were using early iterations of it for years before it became available to the public.I get that for serious IT types the lack of an https login site might make your short hairs get all tingly. For most of us tho I'm guessing that we don't really care if the NSA and/or Palantir know that my pork butt is at 188°F and the damper is at 25% at 1344hours on Sunday. Or that my login is "brentmeatsboogers" or my password is "brentmeatsotherpeoplesbooger$2".However, if you do change your mind I'd be interested in a complete teardown of a Flame Boss or any other controller (except a Heatermeter as it's obvious what components are on its circuit board) a la BOLTR/AvE or EEVBlog style.Cheers mate!“Reality is that which, when you stop believing in it, doesn't go away.” ― Philip K. Diçk -
@HeavyG
please stop rationalizing their behavior.
When you bought your SmoBot. Did you supply them with details such as
Name:
Address:
Phone Number
CC:
Username:
Password:
PCI compliance????
And I come on the scene and point out the elephant in the room. That all that information you have already handed over to company X, is being protected by your password, is PROBABLY sent in CLEAR TEXT from the IOT device to the cloud endpoint, all day long while you cook (need to validate this hunch).
And you're cool with that?
Remember what I said about the paddle lock. If you think it's EVER OK to be that..... careless.... with my information, well you deserve everything you're about to get.
I agree on the AvE-style review. I was trying to be respectful of their IP. The device is cool inside!!! -
What in the chicken fuk is going on hereLarge and Small BGECentral, IL
-
And just some parting thought about the negative response to my review.
As you know, I recently closed up shop. Only had'er off the ground for a few weeks, but I closed up shop.... high tailed it out of there
But I will say that there are quite a few Stoker owners out there.... who, like me, DO NOT WANT TO CONNECT TO A CLOUD. Do not want to change their ATC. Staunchly opposed.... I was one!!!
Did you think that they might appreciate an honest review, such as mine? And perhaps, if I could be the example of what a "stoker migration" looks like, that others might follow?
How much attention did I give SmoBot? I hope they sell out and have a great Christmas to be honest. Just hearing about folks complain about the "cloud" with FB on a holiday was enough to perk up my ears.
I know SmoBot will fix it. They're clearly a responsible company and have gone through some growing pains.
But please stop telling me my concerns are invalid.
And that no one cares.
And you wouldn't loan me a tool.
Categories
- All Categories
- 182.7K EggHead Forum
- 15.7K Forum List
- 459 EGGtoberfest
- 1.9K Forum Feedback
- 10.3K Off Topic
- 2.2K EGG Table Forum
- 1 Rules & Disclaimer
- 9K Cookbook
- 12 Valentines Day
- 91 Holiday Recipes
- 223 Appetizers
- 516 Baking
- 2.4K Beef
- 88 Desserts
- 164 Lamb
- 2.4K Pork
- 1.5K Poultry
- 30 Salads and Dressings
- 320 Sauces, Rubs, Marinades
- 543 Seafood
- 175 Sides
- 121 Soups, Stews, Chilis
- 35 Vegetarian
- 100 Vegetables
- 313 Health
- 293 Weight Loss Forum