Welcome to the EGGhead Forum - a great place to visit and packed with tips and EGGspert advice! You can also join the conversation and get more information and amazing kamado recipes by following Big Green Egg to Experience our World of Flavor™ at:
Facebook  |  Twitter  |  Instagram  |  Pinterest  |  Youtube  |  Vimeo
Share your photos by tagging us and using the hashtag #BigGreenEgg.

Want to see how the EGG is made? Click to Watch

SmoBot porn

1234689

Comments

  • paqman said:
    brentm said:
    do you want to know who I'm most disappointed about?

    @paqman

    you should have my back on this freshmen level security concerns.  

    I realize you have politics.  But there's what's right and what's right.

    And if any one of you sit there and tell me that that little paddle lock *UNLOCKED* is EVER OK in your world.

    Please get the fucko out of my life.

    I'll continue posting about whatever I want to talk about until I decide to stop.

    Are we clear?

    -Brent


    wassup?  I haven’t followed this thread, I have 5 pages to read, can someone please give me the executive summary?  I have a feeling this thread will be buffaloed before I’m done reading.
    The TL;DR version is that BrentM here appears to be suffering through some kind of mental breakdown in a very public and brutal way.
    "I've made a note never to piss you two off." - Stike
  • Is BrentM maybe Lit?
    Greensboro North Carolina
    When in doubt Accelerate....
  • paqman
    paqman Posts: 4,661
    Is BrentM maybe Lit?
    😳

    ____________________
    Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
  • I remember when this was a much more friendlier place
  • HeavyG
    HeavyG Posts: 10,326
    Is BrentM maybe Lit?

    Definitely lit. Could also be Lit.
    “Reality is that which, when you stop believing in it, doesn't go away.” ― Philip K. Diçk




  • PigBeanUs
    PigBeanUs Posts: 932
    edited November 2020
    [Hurtful, yet jocular, post deleted]


  • U_tarded
    U_tarded Posts: 2,042
    paqman said:
    A couple of things here:

    I always assume that my network is compromised so my devices are configured taking that into consideration.

    My IOT devices are all installed on a dedicated network/router.  My home devices are connected on another router.  My work devices are connected to a dedicated router with wired connections.  If you connect an IOT device to your home wifi, you should assume that your wifi keys have been compromised.  I realize that this is overkill but I was a smart home early adopter, my whole home is smart so this was my way to mitigate the risk and I am ready to pull the plug if there was a sign that my IOT network is in fact compromised.  Homekit is lagging behind feature wise but it is the most secure of all options available at the moment.

    Plain HTTP is not a bad thing to have for devices like this because some legacy devices (tablets, etc) are not compatible with modern ciphers so leaving the option available is not a bad thing IMHO, just use/bookmark HTTPS if you can.

    I am not familiar with the device and what it stores in the cloud but I would be more concerned with passwords/keys/personal data stored in a database in the cloud than the HTTPS redirection.

    I don’t understand the need for a temp controller on the egg.  I basically set it and forget about it.  I can get rock steady temps for over a day.  A way to remotely monitor temperature is all I need.

    Any device that depends on a private cloud is a waste of money IMHO as it will be useless if the vendor goes out of business.

    About the wifi issue, I suspect it is somehow related to 5GHZ vs 2.4Ghz conflict or 20/40MHZ coexistence.  I am myself fighting with an issue adding a LIFX bulb to homekit because of that.
    Best post on this thread.

    I don’t get if I just spent 30 mins reading this thread he loves it, hates it, loves it, hates it, is going to blow up smobot, loves it, hates it, buys a 2nd. 

    Do people not use burner emails for things like the smobot account?   I don’t feel like smobot is going to be a big hacking target, it’s not like you get a huge audience from it so the HTTPS redirect isn’t a huge deal to me.

    Last @brentm one thing I was taught about buttons at an early age, if you don’t know what the f€<k a button does don’t push it.   Assumptions make an ass out of you.  
  • Did the rocks probe thread end in a melt down as well? 
    South of Columbus, Ohio.


  • U_tarded
    U_tarded Posts: 2,042
    Did the rocks probe thread end in a melt down as well? 
    If you didn’t see it you should find it.  It was like 6 pages of random ranting after he thought rocks (out of company business) should recall it.  
  • brentm
    brentm Posts: 422
    @U_tarded - agreed - I looked online for a "factory reset" sequence.  Typically, you can google "[device name] factory reset"  - couldn't find it.  It was late, I just wanted to reset it so I could get wifi working.  jesus, crucify a guy for that would ya?

    yes, it was a "real-time" experience.  so you experienced what I felt as I unboxed the device, plugged it in, tested it, photographed it, etc.  

    I still love it. 

    I bought a second.  I figure you guys will throw my results out with the "dev" code.

    It's my money, can I spend it how I please?  Please?

    @paqman - appreciate your input.  I think you're being soft.  Your "cloud" portal login typically comes from a modern browser, on a modern OS.  And you think it's OK to send your "cloud" credentials for SmoBot (or anything) in the clear?  
     
    peanut gallery.  meh - please stop rationalizing their security failures.  let the data speak for itself.  


  • caliking
    caliking Posts: 18,727
    edited November 2020
    U_tarded said:
    ...
    Last @brentm one thing I was taught about buttons at an early age, if you don’t know what the f€<k a button does don’t push it.   Assumptions make an ass out of you.  
     I'm the one who disagreed.

    If you don't know what a button does, you should DEFINITELY push it and find out.

    "Hold my beer. I'm gonna push this...."

    #1 LBGE December 2012 • #2 SBGE February  2013 • #3 Mini May 2013
    A happy BGE family in Houston, TX.
  • paqman
    paqman Posts: 4,661
    brentm said:

    @paqman - appreciate your input.  I think you're being soft.  Your "cloud" portal login typically comes from a modern browser, on a modern OS.  And you think it's OK to send your "cloud" credentials for SmoBot (or anything) in the clear?  

    I don’t know what is stored in their cloud so I can’t really make an informed recommendation here but they have an HTTPS login page so just bookmark it and use that when you want to login.  What I want to say is that it is good to have options.  I have an old tablet that I don’t mind leaving outside but it is no longer being updated and it doesn’t support strong ciphers so it often doesn’t work well with HTTPS sites that are setup to only use “better” protocols like TLS 1.2+ with strong ciphers (SSL and TLS 1/1.1 disabled; not using CBC cipher suites, etc).  That’s the tablet that I use outdoor on the deck so if I had a smobot, that’s what I would be using.  I never reuse credentials and my password are randomly generated so I don’t really care if one account gets compromised.  I never store credit card in my accounts, I make purchases online with a low $ limit credit card so if somehow it gets compromised, I can just call my bank and get the transaction reversed.  Paypal are pretty bad to deal with, I had a handful of fraudulous transactions a couple of years ago and it was a painful process to get them to make things right; I ultimately ended up dealing with my credit card issuer.  I got lucky because I had 2 cards linked to my account and somehow the one they used was the one with the low limit (the other had a 20k limit) so it may have been worse; I learned my lesson and never use my high limit cards online anymore.

    Again, how well their database is protected is what I would be concerned about.  SQL injection is another thing.

    ____________________
    Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
  • brentm
    brentm Posts: 422
    @paqman - agreed.  I cannot say how they store OUR credentials "at rest".  I'm looking at in-transit.  I'm not pen testing their cloud datacenter.  That's not what this is about.  No SQL injections here.....  pay me.

    But click here....   and pretend you're as dumb as the rest of the people in this thread

    http://mysmobot.smobot.com/login/auth


  • @reinhart36 What say you!?
    South of Columbus, Ohio.


  • Legume
    Legume Posts: 14,602
    Can’t wait for this to shift to testing of lump.
  • brentm
    brentm Posts: 422
    @reinhart36 What say you!?
    I know exactly what's being said right now.  And I'm really sorry, it's Monday, I know.

    How many of you guys emailed the company out of band to warn them of this evil hax0r?  Cucks.

    I guess I'll cancel the FlameBoss.  Clearly you guys aren't interested in honest review.



  • paqman
    paqman Posts: 4,661
    I am interested.  Everybody just need to calm down.  Here’s my plan:
    -we start posting political memes
    -buffalo will kill the thread
    -wait a few days, everyone will forget about this thread
    -start over, everyone love each other again 😂

    ____________________
    Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
  • paqman
    paqman Posts: 4,661
    Let me start



    ____________________
    Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
  • paqman
    paqman Posts: 4,661


    ____________________
    Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
  • paqman
    paqman Posts: 4,661
    caliking said:
    Could you please hold off on any updates until this weekend (Thurs-Sun)?
    I want to give it my full attention. And I don't have any popcorn at work, either. 
    Thanks.
    Sorry man, this thread is about to vanish in smoke 😂

    ____________________
    Entrepreneurs are simply those who understand that there is little difference between obstacle and opportunity and are able to turn both to their advantage. •Niccolo Machiavelli
  • brentm
    brentm Posts: 422
    caliking said:
    Could you please hold off on any updates until this weekend (Thurs-Sun)?
    I want to give it my full attention. And I don't have any popcorn at work, either. 
    Thanks.
    Please don't - my review is not finished yet.

  • brentm
    brentm Posts: 422
    @paqman - who's pocket are you in?
  • brentm
    brentm Posts: 422
    fun fact:  just the fact that they haven't already fixed it says something.

    @paqman - please tell the class what it says when they can't just flip that little redirect switch?

    couldn't leave me alone could ya?
  • brentm
    brentm Posts: 422
    edited November 2020
    full disclosure:  I haven't run a pcap yet.  just having a little fun
  • HeavyG
    HeavyG Posts: 10,326
    brentm said:
    @reinhart36 What say you!?
    I know exactly what's being said right now.  And I'm really sorry, it's Monday, I know.

    How many of you guys emailed the company out of band to warn them of this evil hax0r?  Cucks.

    I guess I'll cancel the FlameBoss.  Clearly you guys aren't interested in honest review.




    What were you likely to tell us about any pit controllers that we didn't already likely know?
    In the case of the Smobot you have a couple people here that were using early iterations of it for years before it became available to the public.
    I get that for serious IT types the lack of an https login site might make your short hairs get all tingly. For most of us tho I'm guessing that we don't really care if the NSA and/or Palantir know that my pork butt is at 188°F and the damper is at 25% at 1344hours on Sunday. Or that my login is "brentmeatsboogers" or my password is "brentmeatsotherpeoplesbooger$2".

    However, if you do change your mind I'd be interested in a complete teardown of a Flame Boss or any other controller (except a Heatermeter as it's obvious what components are on its circuit board) a la BOLTR/AvE or EEVBlog style.

    Cheers mate!
    “Reality is that which, when you stop believing in it, doesn't go away.” ― Philip K. Diçk




  • brentm
    brentm Posts: 422
    edited November 2020
    @HeavyG

    please stop rationalizing their behavior.  

    When you bought your SmoBot.  Did you supply them with details such as

    Name:
    Address:
    Phone Number
    CC:
    Username:
    Password:

    PCI compliance????

    And I come on the scene and point out the elephant in the room.  That all that information you have already handed over to company X, is being protected by your password, is PROBABLY sent in CLEAR TEXT from the IOT device to the cloud endpoint, all day long while you cook (need to validate this hunch).

    And you're cool with that?

    Remember what I said about the paddle lock.  If you think it's EVER OK to be that..... careless.... with my information, well you deserve everything you're about to get.

    I agree on the AvE-style review.  I was trying to be respectful of their IP.  The device is cool inside!!!
  • saluki2007
    saluki2007 Posts: 6,354
    What in the chicken fuk is going on here
    Large and Small BGE
    Central, IL

  • brentm
    brentm Posts: 422
    And just some parting thought about the negative response to my review.

    As you know, I recently closed up shop.  Only had'er off the ground for a few weeks, but I closed up shop.... high tailed it out of there

    But I will say that there are quite a few Stoker owners out there.... who, like me, DO NOT WANT TO CONNECT TO A CLOUD.  Do not want to change their ATC.  Staunchly opposed....  I was one!!!

    Did you think that they might appreciate an honest review, such as mine?  And perhaps, if I could be the example of what a "stoker migration" looks like, that others might follow?

    How much attention did I give SmoBot?  I hope they sell out and have a great Christmas to be honest.  Just hearing about folks complain about the "cloud" with FB on a holiday was enough to perk up my ears.

    I know SmoBot will fix it.  They're clearly a responsible company and have gone through some growing pains.

    But please stop telling me my concerns are invalid.

    And that no one cares.

    And you wouldn't loan me a tool.