←back to thread

Nest 1st gen and 2nd gen thermostats no longer supported from Oct 25

(community.hubitat.com)
280 points RyanShook | 3 comments | 05 Sep 25 21:33 UTC | HN request time: 0s | source
Show context
briHass ◴[06 Sep 25 01:31 UTC] No.45145753[source]
I got burned recently by Ecobee in the same way. The problem with 'smart' interfaces for traditionally mechanical devices is that the useable lifetime (support period) of low-end microprocessors and software, especially online APIs, is often far shorter than the mechanical device it's attached to.

Similar to how people that keep cars around for 10+ years are stuck with dated and worthless 'infotainment' systems, Google and Ecobee can't even honor their product for long enough to outlast the HVAC units.

What burns me is that it wouldn't be much of an ask for them to push one final (optional) update that would open LAN-only access to core functionality. I and many others in the HA/ESPHome community have written hardware integrations to devices over RS485/UART with unpublished/black-box protocols, so a simple HTTP API would have an integration within days.

It would maybe cost an engineer at Nest/Ecobee a day or two of work, and the goodwill would make me far more likely to purchase a newer model. As it is, I've committed to avoiding (where possible) devices that aren't local-first.

replies(11): >>45145799 #>>45145931 #>>45146011 #>>45146180 #>>45146556 #>>45146647 #>>45146754 #>>45146922 #>>45147255 #>>45147650 #>>45150597 #
dare944 ◴[06 Sep 25 02:43 UTC] No.45146180[source]
As an early Nest employee who worked on the first-gen thermostat I can tell you definitively that you're way off base here. That doesn't mean that Google shouldn't have done more to keep these units alive (and indeed that's one of the reasons I left Google). But these devices were designed in 2010-11. Even keeping the Linux kernel up to date with the latest version is a major undertaking. Adding major functionality like Matter compatibility, or even a simple (but secure!) local API, would take a seasoned engineering team a considerable amount of time.

That said, investing in devices that are local first is certainly good advice, provided the APIs are open and well supported.

replies(8): >>45146253 #>>45146377 #>>45146476 #>>45146706 #>>45146721 #>>45146737 #>>45147643 #>>45147709 #
throwaway2037 ◴[06 Sep 25 04:55 UTC] No.45146721[source]
First, thank you for posting. Insiders can provide unique persepectives.

    > Even keeping the Linux kernel up to date with the latest version is a major undertaking.
Dumb question: Why does an old Nest need an updated Linux kernel?

    > investing in devices that are local first is certainly good advice, provided the APIs are open and well supported.
Do you have any examples that could sufficiently replace old Nests?
replies(1): >>45146740 #
1. ajmurmann ◴[06 Sep 25 05:00 UTC] No.45146740[source]
"Why does an old Nest need an updated Linux kernel?"

Old versions that no longer receive security updates is a major issue

replies(1): >>45147389 #
2. andybak ◴[06 Sep 25 07:42 UTC] No.45147389[source]
For general purpose computing - yes.

For a thermostat, with presumably an attack surface that could be made arbitrarily small (albeit by removing non essential features) -why?

Surely this means all embedded devices are a serious liability?

replies(1): >>45172194 #
3. ajmurmann ◴[08 Sep 25 18:47 UTC] No.45172194[source]
I'd be worried about any internet-connected IOT device in my home. It the very least it can snoop on traffic. The Nest in particular could a) use it's motion detector to report if you are home b) harass you through temperature changes (and maybe even gaslight you by not showing them) c) maybe overload something (itself?) and cause fire?

That's just what I can come up with sitting here and having no in-depth knowledge. I am sure actual security experts could come up with more scenarios.