Pretty wild. I used to have one of these beds, but it was before everything got "smart". It had two corded controller's hooked up to the pump. The controller displays the number and had up/down arrow buttons to adjust.
No internet required.
No Linux powered microcontroller required.
My bed couldn't get hacked.
I slept in comfort.
What I’m trying to teach myself to do whenever I think “this is ridiculous overcomplexity” is to imagine whose life it might make simpler.
Let’s assume I have some sort of motor disability: it could be anything from Parkinsons to quadraplegia. Having a bridge out to a common controller that maybe works on speech or some other standardised input method that works for your disability is a massive benefit. And avoids having to deal with the complexities of each individual products’ inability to meet your own accessibility needs in different ways.
So much smart home stuff is basically pointless to those of us fortunate enough to have currently able bodies, and a lifesaver to the rest.
You certainly don't need a cloud defaulted device in order to do what you describe. There are plenty of assistants, Google and Alexa being two, that can talk to things on your local network with a REST API. That controller also has a gig of memory, plenty enough to run a little API.
What manufacturers like about cloud enabled devices is that they can automatically upgrade the firmware and they can get semi-accurate counts for usage.
> What I’m trying to teach myself to do whenever I think “this is ridiculous overcomplexity” is to imagine whose life it might make simpler.
I prefer to think "How can this be used against someone" because while there are a lot of "smart" devices that can help people, they are often also being used to exploit those same people by collecting massive amounts of data and using that data against them or selling/leaking it to those who will use it against them, or allowing hackers to gain access to their data/network.
People with a disability or those with accessibility needs shouldn't need to give up their right to privacy or security to take advantage of every technological advance that might make their lives easier. Even people without a disability don't need some company collecting a detailed record of when/how often/how long they have sex, or how many nights they sleep alone, or what days/hours they spend in bed, or what times they go to sleep or how much sleep they get.
Devices should be designed to protect users and not to collect as much data as possible, or push ads, or expose them to hackers.
Have you considered talking to people instead of imagining their response? Because regular people seem kind of fed up, and we're still over here cramming insecure computers into everything.
I'm currently recovering from some foot and knee injuries that seriously limited my mobility for the past few weeks, the fact that I can adjust my thermostat from my phone has been a Godsend.
This is a nice point that is often missed in the cacophony of complaints about complexity. If companies are not simply leveraging complexity for the sake of profit, restricted use or repair, etc. then these complaints, as feedback, should still be worthwhile in order to employ complexity.
Extending this idea to how devices operate or are maintained it seems like we're still in a nascent stage. I benefit from a few smart devices but even in a very simple setup, things fail sometimes and then I have to fix it. My mom might benefit from some of these things but she feels better off foregoing the benefits because resolving any issue would be far more costly or impractical.
That's all well and good until it's smothered in surveillance capitalist garbage. There's a thin veneer of helping the disadvantaged/vulnerable group du jour that is used to justify abusing everyone that interacts with it. You see the same crap with "think of the children" panic.
Unless these devices respect their users, they're simply profiteering off of the disadvantaged, which in my mind should be just as rage inducing.
This line of thinking is similar to "wont someone think of the children!" where harmful things are done in the name of good and designed so fighting them puts one in a precarious position.
A bridge to a common controller doesn't need an applications processor with millions of bytes of memory to run millions of lines of code to change the firmness of a stupid mattress. Stop using hammers to solve all your problems, other tools exist.
This is the kind of bed I would buy. Imagine having to buy a bed with access for Wi-Fi. That’s crazy because that’s more hardware needed than just plugging the freaking thing in the wall.
>The hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub that their developers can use to connect to the hub and do maintenance when needed.
Kinda interested just to see what the parameters of this are like. Is it using PubkeyAuth or just password? Is it tunnelling home via ip or dns?
If everything is just right, I can imagine the setup for the most hilarious DNS hijack in human history.
In the immortal words of Homer Simpson. Bed goes up. Bed goes down.
Wired: Since Sleep Number beds get tied to orders, break into Sleep Number, find your target, SSH into their bed, and pivot into their home network to steal their crypto wallets.
After all, everyone always hides their money under their mattress ;)
I am not a crypto bro but was the victim of a sim swap attack recently. It was really annoying but at the same time kind of funny because they literally only went after the 2FA app (Authy) once they stole my number, which thankfully didn't have anything meaningful attached to it.
>The hub communicates with the Sleep Number servers by opening an SSH tunnel and providing a reverse tunnel back to the hub that their developers can use to connect to the hub and do maintenance when needed.
Shouldn't bed owners sue them if they haven't been warned of that fact prior to purchase? Getting illegitimate access to your network and backdooring it is criminal offense right?
Of all the possible timelines, we live in the dumbest. What was wrong with a plain old bed without 1GB of RAM and a full OS running on it?! It is the same everywhere. Finding a washing machine that was not WiFi-connected was a chore and I dread doing it again in ten years.
As a person who's broken into O(1000) "smart" devices (for fun and for profit both), I do not want them in my house, and avoiding them is getting harder due to insanity like this linux-running bed! Please make it stop!
A bed doesn't have to be complicated. Why in my day, we got shit done on beds with only a Z80 and 32K of RAM. I remember when I bought my first bed with cooperative multitasking - a red letter day! And double density duvets were a game changer. But I don't miss traipsing down to the public library with a blank vinyl record to get the soft wear updates - and if you forgot, you got bed bugs!
And this is another lame "insightful" meme. I work with plenty of cybersecurity people and they have plenty of smart devices. They're the ones with Home Assistant setups and ESPHome flashable hardware on they're own internet isolated wifi.
Which is in fact a standard feature on many consumer routers now.
What we're missing is a "local only" directive from the EU to get manufacturers to play ball for the common man.
We're in the era of measuring yourself for better outcomes. A century ago we figured out antibiotics. Big gains. Then we figured out a lot of other pretty obvious diseases with pretty obvious cures.
Now we're down to the complicated subtle things. This bed is running Linux so it can tell you how you slept. If you're sleeping poorly it has all sorts of mostly mild negative effects. If you know about them you can do things to fix them. It's doing a low-grade sleep study on you every night. That can be valuable information.
>avoiding them is getting harder due to insanity like this linux-running bed
Sleep Number beds cost several thousand dollars, I think you'll be able to avoid them just fine.
> Now we're down to the complicated subtle things.
Totally false. Any gains from micro optimizing people's sleep are wiped out by the constant mind pollution of social media. We are in an era of constant distraction.
I feel the same way -- the silver lining is that it's helped push me to buying older / used / more maintainable stuff for a fraction of the price, all the while learning a little here and there about minor repairs for older electronics. This is a big win for the pocketbook and gratifying to keep something out of the landfill.
Reduce / reuse / recycle -- in order of importance.
"man, i tried going to bed last night, but it was a BSOD so I had to reboot it, but then it needed 45 minutes of OS updates before I could get in the bed."
seems like a pretty good torture on multiple levels
what would be a better way to design this that is cheap and updatable? Specialized hardware is riskier to build, b/c bugs would require a complete reprint.
Sounds like the problem isn't Linux, it's insecure development practices. As mentioned in sibling comment, Linux development is far easier to hire for, iterate on, develop updating mechanisms for, etc - specialized embedded development is less popular.
> Sounds like the problem isn't Linux, it's insecure development practices.
No, it's making devices "smart". There doesn't need to be a wifi-connected computer inside a washing machine, cooker, or fridge. In fact all these things can run without a computer in them at all, and they're arguably better for it.
Funny part to me is that I fully assumed that this was a post about hacking Eight Sleep beds by someone who didn't want to explicitly name the company, presumably for vague legal reasons.
Then I got to a picture of an apparently real "Number Sleep Hub" and my mind was blown. WTF are we in a timeline so weird that there are two companies making water cooled beds, one is called Eight Sleep and the other is Sleep Number? It's like the RNG for this instance had a bad seed.
Sleep Number gets its name from the firmness controls on their mattress. You pick your "sleep number" and your partner picks theirs on the other side of the bed.
You assume it's a funny coincidence, I'd say Eight Sleep picked a name that as a easy to confuse with Sleep Number as they could without getting immediately sued.
Sleep Number the brand has been around I think since the 80s? Never had one personally but definitely an old brand though maybe if you are not in the US you would never have heard of them.
I get your point but is there a significantly cheaper alternative? As far as DIY goes, I don't think I'd be able to replicate a "Sleep Number" bed with my air mattress and foam.
I was forced to buy one against my will. The new models are significantly better than they once were and it feels like a regular bed now rather then two air mattresses with some loosely arranged foam dividers. They've dumbed down the app and made the data reporting worse but it used to give decent stats on breath and heart rates.
I had never heard of either so thought the title was a metaphor for "how to get root access to your brain to improve sleep quality"
I sure hope these beds have tactile controls you can feel and use in the dark, and don't require pulling out a smartphone in front of your face while trying to sleep to adjust them, because bed/matress manufacturers for sure must know what is good and bad for sleep quality
I agree the interface should be simple to operate in the dark without being blinding, but I’m left wondering how common late-night adjustments are. I imagine it tends to be pretty “set it and forget it” for most people.
There's also BedJet, who makes a fancy-pants bed blower for between your sheets. It's running on an esp32 inside of itself to control the heater and the blower and the remote control, but they didn't quite make it as smart as I'd like.
There's a similar method to get into an Eight Sleep Pod 3 [0]. This requires less extra hardware though since some models come with a MicroSD card that you can modify. The method used in TFA might be a good way to get root on Pods without the card. That being said, I just learned that while Eight Sleep does sign their firmware updates, they also send you the private key used to sign the update in the same package.
Ironically this makes me more likely to buy one. If I can make the smart thing local and/or home assistant controlled, and kill their internet connectivity... I'm thinking that isn't so bad.
Don't get me wrong $2-4k is steep, but if it's a one-time for a decade or so, that's reasonable. But $4k plus you want $25/mo? Just fluff right off.
I'm interested if anyone has pulled the same thing with eight sleep. Not having access to control my bed's temperature because my internet is out bothers me deeply.
I was going to buy an Eight Sleep and then I immediately lost interest when I realized they pull this shit. If I'm paying you over $1000 for a mattress cover, I'm not paying you "rent" money just so the thing will work.
I slept on inflatable mattresses for years, until the company making them started outsourcing to China and the seams on the internal baffles broke on two mattresses.
> r: Following this guide will require modifying internal files on your Sleep Number hub. This will void your warranty
People, stop spreading this BS.
Just like those stickers that say "warranty void if removed" are not legally enforceable, nothing "automatically" invalidates your product's warranty except misuse or poor maintenance.
If your Smart Bed stops working, you having poked around in the controller does not relieve the manufacturer from their warranty obligations (including implied warranty.) The onus is on them to prove that you damaged it, subjected it to "unreasonable" use, or did not properly maintain it.
You fry the bed's brain trying to hook up a JTAG when you accidentally bridge 5V to a 3.3V logic circuit? That's on you.
The controller fails because the power supply blows? The fact that you installed a JTAG header, googly eyes, and painted it pink is irrelevant. They need to fix your shit.
Even if you modify the firmware, it's on them to prove your modifications caused the failure.
Would you expect to have your laptop's warranty invalidated because you use it to game (which generates lot of heat)? Of course not. How about if you install Firefox? Or install Linux? Again, of course not. So why do you think the rules change just because a device is "dumber"?
There's a difference between law on paper and law in practice. If the manufacturer refuses to honor the warranty, there's very little customers can do.
Readit News
No internet required. No Linux powered microcontroller required. My bed couldn't get hacked. I slept in comfort.
Let’s assume I have some sort of motor disability: it could be anything from Parkinsons to quadraplegia. Having a bridge out to a common controller that maybe works on speech or some other standardised input method that works for your disability is a massive benefit. And avoids having to deal with the complexities of each individual products’ inability to meet your own accessibility needs in different ways.
So much smart home stuff is basically pointless to those of us fortunate enough to have currently able bodies, and a lifesaver to the rest.
What manufacturers like about cloud enabled devices is that they can automatically upgrade the firmware and they can get semi-accurate counts for usage.
I prefer to think "How can this be used against someone" because while there are a lot of "smart" devices that can help people, they are often also being used to exploit those same people by collecting massive amounts of data and using that data against them or selling/leaking it to those who will use it against them, or allowing hackers to gain access to their data/network.
People with a disability or those with accessibility needs shouldn't need to give up their right to privacy or security to take advantage of every technological advance that might make their lives easier. Even people without a disability don't need some company collecting a detailed record of when/how often/how long they have sex, or how many nights they sleep alone, or what days/hours they spend in bed, or what times they go to sleep or how much sleep they get.
Devices should be designed to protect users and not to collect as much data as possible, or push ads, or expose them to hackers.
Extending this idea to how devices operate or are maintained it seems like we're still in a nascent stage. I benefit from a few smart devices but even in a very simple setup, things fail sometimes and then I have to fix it. My mom might benefit from some of these things but she feels better off foregoing the benefits because resolving any issue would be far more costly or impractical.
Unless these devices respect their users, they're simply profiteering off of the disadvantaged, which in my mind should be just as rage inducing.
A bridge to a common controller doesn't need an applications processor with millions of bytes of memory to run millions of lines of code to change the firmness of a stupid mattress. Stop using hammers to solve all your problems, other tools exist.
Deleted Comment
Deleted Comment
Kinda interested just to see what the parameters of this are like. Is it using PubkeyAuth or just password? Is it tunnelling home via ip or dns?
If everything is just right, I can imagine the setup for the most hilarious DNS hijack in human history.
In the immortal words of Homer Simpson. Bed goes up. Bed goes down.
Wired: Since Sleep Number beds get tied to orders, break into Sleep Number, find your target, SSH into their bed, and pivot into their home network to steal their crypto wallets.
After all, everyone always hides their money under their mattress ;)
Shouldn't bed owners sue them if they haven't been warned of that fact prior to purchase? Getting illegitimate access to your network and backdooring it is criminal offense right?
Of all the possible timelines, we live in the dumbest. What was wrong with a plain old bed without 1GB of RAM and a full OS running on it?! It is the same everywhere. Finding a washing machine that was not WiFi-connected was a chore and I dread doing it again in ten years.
As a person who's broken into O(1000) "smart" devices (for fun and for profit both), I do not want them in my house, and avoiding them is getting harder due to insanity like this linux-running bed! Please make it stop!
"The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise."
Which is in fact a standard feature on many consumer routers now.
What we're missing is a "local only" directive from the EU to get manufacturers to play ball for the common man.
Dead Comment
We're in the era of measuring yourself for better outcomes. A century ago we figured out antibiotics. Big gains. Then we figured out a lot of other pretty obvious diseases with pretty obvious cures.
Now we're down to the complicated subtle things. This bed is running Linux so it can tell you how you slept. If you're sleeping poorly it has all sorts of mostly mild negative effects. If you know about them you can do things to fix them. It's doing a low-grade sleep study on you every night. That can be valuable information.
>avoiding them is getting harder due to insanity like this linux-running bed
Sleep Number beds cost several thousand dollars, I think you'll be able to avoid them just fine.
Totally false. Any gains from micro optimizing people's sleep are wiped out by the constant mind pollution of social media. We are in an era of constant distraction.
Reduce / reuse / recycle -- in order of importance.
I agree with fixing older stuff. I buy used frequently. Estate sales are my lifeblood. If you can't fix it you don't own it.
seems like a pretty good torture on multiple levels
No, it's making devices "smart". There doesn't need to be a wifi-connected computer inside a washing machine, cooker, or fridge. In fact all these things can run without a computer in them at all, and they're arguably better for it.
the bed got envious of the toaster and refused inference until Linux was installed.
Then I got to a picture of an apparently real "Number Sleep Hub" and my mind was blown. WTF are we in a timeline so weird that there are two companies making water cooled beds, one is called Eight Sleep and the other is Sleep Number? It's like the RNG for this instance had a bad seed.
https://i.ytimg.com/vi/pMiTq6YkJ2c/maxresdefault.jpg
People are literally paying a couple grand for a fancy adjustable airbed with some foam on top of it.
I sure hope these beds have tactile controls you can feel and use in the dark, and don't require pulling out a smartphone in front of your face while trying to sleep to adjust them, because bed/matress manufacturers for sure must know what is good and bad for sleep quality
Sleep Number aren't water cooled I don't think.
As a night shifter it’s completely life changing in allowing me to sleep comfortably during the day. 100% worth the price to me
Fortunately I can just use the ESPHome Bedjet module (https://esphome.io/components/climate/bedjet.html) and just yell out in the middle of the night if I'm too cold.
[0]: https://github.com/bobobo1618/ninesleep
Don't get me wrong $2-4k is steep, but if it's a one-time for a decade or so, that's reasonable. But $4k plus you want $25/mo? Just fluff right off.
I slept on inflatable mattresses for years, until the company making them started outsourcing to China and the seams on the internal baffles broke on two mattresses.
People, stop spreading this BS.
Just like those stickers that say "warranty void if removed" are not legally enforceable, nothing "automatically" invalidates your product's warranty except misuse or poor maintenance.
If your Smart Bed stops working, you having poked around in the controller does not relieve the manufacturer from their warranty obligations (including implied warranty.) The onus is on them to prove that you damaged it, subjected it to "unreasonable" use, or did not properly maintain it.
You fry the bed's brain trying to hook up a JTAG when you accidentally bridge 5V to a 3.3V logic circuit? That's on you.
The controller fails because the power supply blows? The fact that you installed a JTAG header, googly eyes, and painted it pink is irrelevant. They need to fix your shit.
Even if you modify the firmware, it's on them to prove your modifications caused the failure.
Would you expect to have your laptop's warranty invalidated because you use it to game (which generates lot of heat)? Of course not. How about if you install Firefox? Or install Linux? Again, of course not. So why do you think the rules change just because a device is "dumber"?