Support checked and it was fine. Just needed time to adjust. They mentioned they checked the cameras (!).
Later on I got a second used one and while cleaning it, noticed that the internals are just a raspberry pi. Took my micro HDMI and keyboard, and... this thing just runs Raspberry Pi OS.
No updates. And ... VNC. People from that company can just remote into my device, look at what the cameras are seeing, and do stuff on my network. These things are a security nightmare.
- Alexa, wipe up that spill in the bedroom.
- Sorry, that requires deep clean, but you had some credit left on your second credit card so I ordeered a deep clening service for Tuesday when you are away.
https://www.abc.net.au/news/2024-10-11/robot-vacuum-yells-ra...
They run Raspberry Pi OS with some custom code.
They have live access to the cameras.
I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.
The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.
Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.
https://www.amazon.com/Yogasleep-Portable-Soothing-Rechargea...
iOS, iPadOS, and macOS have a pretty great built-in background-noise generator these days. While lots of actual beaches can go dead silent and then have a loud wave crash in, the waves that
It’s available in Settings -> Accessibility -> Audio & Visual -> Background Sounds. You’ll have to download the sounds each once, but after that they stay on your device.
Digging this deeply in Settings isn’t pleasant if you just want some white noise, so you may want to add a control to Control Center like “Background Sounds” (way down in the Hearing Accessibility section) to turn the ocean noise on and off.
I turn this on my iPad when going to bed if I want to take extra steps to ensure that I don’t wake up in the middle of the night.
I do use a standalone Lectrofan for sleep as I prefer my noise machine to be across the room and Alexa-controlled (via a smart switch), plus it’s louder and the brown noise is “browner.”
But I keep iOS BG sound mapped to the triple-click shortcut for when noise-cancelling just isn’t enough in loud restaurants etc. It works great with AirPods for reducing my noise sensitivity issues.
If you're trying to get better sleep, get your phone as far away as possible!
I can't believe I had to download an app for that because the feature is buried in SETTINGS (!!!!). What an obtuse choice. Thanks for the tip though, I hate that my white noise app has a rotating ad banner.
At home I have a simple one that plugs in and generates noise with fan. Looks almost exactly like this: https://res.cloudinary.com/guest-supply/image/upload/f_auto,...
When I travel I take this small portable rechargeable one: https://www.amazon.com/Machine-Babelio-Adults-Non-looping-So...
I'm on android so I don't have the built in sounds that iOS has
Turns out most of my anxiety, insomnia, etc sensations were caused by pinched spinal nerves.
I say sensation because I believe, but cannot prove, that my physical sensation led to my mental state. Most diagnosis assume the reverse; that mental state leads to physical symptoms (restlessness, clinching, pit-in-stomach, whatever). I have not yet read anything or met anyone (care providers) supporting my hunch.
So... Anyone experiencing treatment resistent pinched nerves, eg sciatica pain, may want to consider possible physical causes.
In my case, it was collapsing vertebrae due to osteoporosis resolved with a S1-L5-L4 lumbar fusion. Yes, that surgery and recovery was very difficult. The upside is I now often sleep like a corpse. It's glorious.
YMMV.
Very low tech, very cheap, very secure, very effective.
As I get older, deafness will likely reduce my need to rely on technology.
Stereo - genius!
I had the two problems of poor sleep without white noise and a dog allergy and now I have neither.
I used wireless headphones back then. My choice of "white noise" was popcorn in a microwave (because the neighborhood was that noisy)
Also: citation needed. A quick Google says it's not illegal as long as the government entity confirms it in writing.
What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
And yes, I found evidence that this is exactly what’s happening."
^ wow, this is pretty wild. <insert joke about being careful about who you share a bed with>
I’m the founder and CEO of a company called Memfault, we make observability SaaS for hardware companies.
I constantly get asked if we could just offer a remote access solution. Many of our competitors do! But we think it’s (a) a huge security liability and (b) too ripe for abuse.
But fundamentally consumers do not care, and until that changes you can expect any embedded Linux device to have this kind of backdoor (they do more often than not).
More companies do this than not.
.. I'll see myself out.
> I was willing to overlook:
> The bed costs $2,000
> It won’t function if the internet goes down
> Basic features are behind an additional $19/mo subscription
> The bed’s only controls are via mobile app
The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
Don't worry, they'll repeat over and over how their product was thoughtfully designed with exquisite craftsmanship by the re-animated corpse of Johnny Ive [1] until people believe it's true.
[1] I know he's not dead.
Also...
> ... Essentially all you need to do is unplug the rubber tubing from the Eight Sleep cover, which is available on eBay for a few hundred bucks, and plug it into a $150 aquarium chiller.
> That’s it. Aquarium chillers are somewhat of a misnomer, as they can also provide heat. They use thermoelectric devices to regulate temperature, either cooling or warming the liquid that flows through them, which is the same technology found in eight sleep.
How much do you want to bet the Eight Sleep is literally an off-the-shelf Chinese Aquarium chiller in a custom case marked up 15x, with a shitily-programmed computer bolted on to enable a $20/month subscription?
My e-ass wiper mistook one of my testicles for poo and ripped it off. Please fix
Unlike all the cloud garbage, my zigbee devices continue to function even when the internet is down. I have my zigbee hub (Home Assistant Yellow) on a battery backup, so all the zigbee devices with a battery keep functioning even when the power is out (like my automatic cat feeders)
The lightbulbs themselves only have a Zigbee radio (and Bluetooth, but not in 2018). They communicate with the LAN via the wired bridge.
And double tap turns on a fan.
Tapo is likely a security nightmare.
Old CNet article: https://www.cnet.com/reviews/nanoleaf-remote-review/
I do own of these and while I hate the price, the subscription, the fact that it didn't work for an hour last night due to the internet being down (first time ever really) but there really isn't a better option. I love the temp control and would use anyone else if they had a valid competitor, but sadly there isn't one (or at least wasn't when I bought mine). The alternative is to not have temp control which is pretty amazing.
Not that this ameliorates all the other issues here.
Maybe there needs to be a red answer and a blue answer?
The "smart" features on it are genuinely useful for me - I have sleep apnea, as well as an eight sleep + the electronic platform. It automatically changes the elevation of my head based on apnea events, and I see a marked reduction in them when using this feature.
I have a cpap machine that also makes automatic adjustments but I still get noticeably better sleep quality with the eight sleep. I also really enjoy the temperature control, since it saves on HVAC costs vs. climate controlling the whole house. I've not tried an aquarium chiller for this purpose, though I have used one for doing temperature control on a beer fermenter, and I can extrapolate from there that I value the management of the actual eight sleep device vs. managing an aquarium chiller's temp control.
All of those features could be provided by local compute, either nestled somewhere in the soft and fluffy gross profit margin of a $2,000 product, or with Bluetooth to a "thick" application running on a phone.
The reason this product, and so many other "IoT" products, put their compute across the Internet is to facilitate a business model. The industry has the technology to put as much compute, storage, and reliability on-site with a high-margin, high-cost product like this.
Of course, they'll probably claim AI running in the cloud is making the decisions which makes the local first controller not possible.
This is profit and more profit.
like me. will buy a spring mattress next time
Edit thank you for your recommendation but I'm in italy, European and American mattresses are quite different.
Before discovering this, I once wrote to the customer support of the flamingo hotel, Las Vegas, because I loved their mattress: Hi, i do think that what i'm gonna write is weird, but anyway haha. On july of the summer 2019 i visited the fabulous las vegas. nor the nightlife neither the opulence of sin city could, however, reach the pinnacle of the human civilization, the mattress on which i slept at flamingo. I now have to change my own mattress at home, and i'm looking for the model on which i slept. the website only says "Simmons beautyrest", although Beautyrest is just a brand name used by simmons and doesn't mean a specific model. could you help me in this modern day divine comedy, be my Virgil and help me find the mattress name? Regards Name
I got an answer: Thank you for contacting Caesars Entertainment. I was delighted to hear that you enjoyed our mattress on your visit! Currently, we are using the Simmons Hospitality Beautyrest Felicity Pillow Top. They can be purchased at https://caesarsguestpurchase.com/shop or 1-866-926-8233. Please feel free to write back if you have any further questions.
Thank you for choosing Caesars for your gaming entertainment!
Have an amazing day!
Shirley
Similarly, Talalay latex mattress material is usually only about 30% natural and 70% synthetic, and the synthetic does not cause immune response.
If you powder the natural material and directly expose it to IgE, the dominant protein of interest for allergies, you can get a reaction (https://pubmed.ncbi.nlm.nih.gov/10436396/), but in practice with sheets and the outer cloth covering on the mattress basically no proteins ever come into contact with the body. And even in that study only Hev B I was detectable, which is only one of many latex proteins that trigger the immune response, and only 3 of the 21 tested human sera actually had a reaction to the direct mixing with the powdered latex. As far as I understand it, there has never been a confirmed case of an allergic reaction to a latex mattress.
Seeing the founder fellate Elon and his Doge employees has given me second thoughts. I may be looking for an aquarium chiller in my near future.
Most manufacturers bolt on IOT functions by dropping an off-the-shelf module onto their device-specific board. It's sometimes possible to replace the factory firmware with ESPHome, sometimes even using over-the-air updates. For example, AirGradient air quality sensors: https://github.com/MallocArray/airgradient_esphome
Even when it isn't possible to commandeer the factory IOT module, the fact that it _is_ a module is still useful, because it's almost always possible to inhibit or remove the factory module and connect your own instead. The factory IOT module controls and senses the device, so your replacement module can too, using the same pins. For example, an IOT air filter: https://github.com/mill1000/esphome-winix-c545#final-assembl...
Some devices are designed around multidrop communication busses. These are usually even easier, since the ability to join the bus is an intended design feature, even if the device you're using is not intended. For example, many Samsung residential HVAC systems: https://github.com/omerfaruk-aran/esphome_samsung_hvac_bus/d...
At my day job, we've replaced and re-engineered controllers in industrial laser cutters, CNCs, welders, robots, and similar equipment. There are replacement control boards for hobbyist stuff like pinball machines, motorcycles, retro computers, and retro game consoles.
But as evidenced by the fact that people are buying shitty cloud-only IoT devices, neither the interest nor the capacity to do this is common.
It is a $2000 dollar internet connected bed. The market in this case is probably people who could wipe their ass with that $20 every day and not miss it. I don't think they are stupid. This class of Americans has always been about paying for ongoing service instead of being pragmatic or doing things themselves. "Let the help over in bangladesh fiddle with the connectivity and updating the mobile app for me, while I merely rest my head and make plenty of money," they probably figure, at least subconsciously.
OTOH, I grew up upper-middle class, my dad being quite frugal and a big DIYer. Similarly, I make good money and am also very frugal. I have no reason to flaunt money around my peers.
The collective mass of people who buy these "IoT" devices that (1) don't actually need to use Internet-hosted services to function, (2) don't actually need a subscription for their business model to work _except_ for having been unnecessarily tied to an Internet-hosted service, and (3) will fail to function when the Internet-hosted service is gone do not understand the ramifications of the buying decisions they're making.
They're enabling these awful companies and business models. They're making the world worse by buying this soon-to-be e-waste garbage.
Stupid is a bad word. Let's say ignorant, instead. They don't even know what they don't even know. Our asinine industry normalizes these practices because profit.
I think computers have tremendous power to make life better for humanity. I think that can happen without being contingent on this kind of business model.
The bed is an egregious example. There are certainly other lower-priced products that still have this kind of stupid unnecessary "tie" to Internet-hosted services and subscriptions.
One thing SaaS has not learned from nonprofits with longevity: you do big fund raisers to get money so you can live on the interest payments. If you think of a new project that will increase your burn rate, you throw another fund raiser.
Figure out how many of those beds you expect to be junked for breakage or obsolescence each year and set your margins to keep the long tail running for 10-15 years.
I think SaaS has eschewed strategies for longevitiy because it's contrary to the market's "wisdom" that for-profit companies must have sustained high-rate growth.
Sometimes it’s clearly the founders who go extractive, but others it’s clearly the new owners or partial owners.
I'll play the Devil's Advocate here. If this product isn't controlled by a remote server, it either needs to be controlled by a local bit of hardware (i.e. with its own screen and hardware input devices) or by your phone. Considering the upper-class target market (high-priced luxury product), the "local bit of hardware" option is a bad call. If it's controlled by your phone, then it would presumably happen over Bluetooth, which is both (a) unreliable and (b) would disconnect if you don't have your phone in your bedroom, which if you're willing to spend $2k on a cover for better sleep, you've probably already tried.
The industry went in the direction of direct-to-Internet connections for home devices because, quite frankly, it's the lowest-friction approach for most home users. Everything else is a distraction from a great product experience for 99% of the market.
With all that said... bundling in hard-coded AWS IAM keys (for Kinesis Data Streams) and hard-coded SSH public keys is just bad engineering. You can't revoke an abusive customer without revoking everyone, and you can't fire any employees without updating every customer end device. Sleep Eight needed to set up IAM Roles Anywhere with a private CA where a user's initial setup gets the private CA to issue a cert for the base unit in the user's name, which is then used to get temporary credentials through AWS STS to write to Kinesis. Similar story with SSH, if it's actually genuinely needed for some reason, set up a private CA, in both cases, with certificate revocation lists. They're unlikely to sell enough beds (remember: luxury product) or fire enough employees for CRLs not to scale well on this solution.
> It won’t function if the internet goes down
> Basic features are behind an additional $19/mo subscription
looks at DOGE
Yep.
And all tech companies are now founded with zero regard for good behavior. I mean, they don't even do minimal amounts of customer service, which is the bare minimum of having regard for your customers.
In general, the IoT industry has suffered and adopters get burned over and over and over so the market is what it deserves in the long run. But that doesn't mean that snooping and monitoring doesn't increase insidiously year after year.
This is a serious problem with future technology. What person would do cybernetics or similar life saving products from companies like this? Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.
We are clearly in an age of increasing authoritarianism. China has become far more authoritarian under Xi, right wing fascists are on the rise in Europe, and extreme partisanism just leads to round robin authoritarianism on the path we're on, assuming the next election happens. Russia is trying to expand its reach, and disrupt democratic institutions worldwide.
Undermined privacy and data collection is the tools for total information awareness by authoritarian states, only made far far far far far far far worse by the rise of functional AI.
The future of humanity is bleak. The filter approaches.
As someone on an insulin pump they do. Iirc they have reps showing up at hacker conferences looking for red teams.
Definitely agree with your worries generally though.
They most certainly do. I'm deep into a security analysis of a similar device rn.
I mean, it's the :CueCat. But comfy.
A lot of this bullshit only happens long after the sale has been made and consumers are blindsided when things advertised as free are suddenly paywalled off behind a subscription following a ToS update.
"The market" is never going to solve this. What we need are consumer protections in the form of laws and regulations with real teeth and consistent enforcement.
Come on. We can improve that! The next version of the bed will go into carnivorous mode if the subscription lapses: https://www.youtube.com/watch?v=vXrAK6sUZ_0
A rational society would have shut those companies down and thrown the executives into prison.
Blame the engineers who know the risks of such foolishness that lack the courage and conviction to stand up to decision makers.
I raised this at a meeting and was told that they weren‘t going to change it because it made too much money.
I’m sure engineers raised issues about this as well and were shut down by the business people who are more than happy to risk customer satisfaction and security if it means more revenue.
I would of course, attempt to veto unnecessary IoT devices and subscriptions for usage, but this would be a fight I would likely not win.
I can only speculate.
But, there is demand to improve sleep quality. The provider wants to charge a monthly fee for that.
The market simply puts buys and sellers together. People making business decisions will stick with Econ 101--charge what the market will bare, and why shouldn't they?
They want you to sleep without any clothing?
The pro and enterprise version would allow local server setup for critical sleep equipment functioning and can manage all beds in a household or hotel etc . It can update the version of software or data models when its online and new features are available on cloud server.
I surmise at 300 dollar/month for pro version could be really attractive proposition. Of course local server setup and maintenance can be charged separately.
https://sleep.me/product/cube-sleep-system
It works rather well, I’m tempted to reverse-engineer the remote control protocol for home automation purposes.
Maybe there should be a mandatory information sheet such as listing all functionality that stops working without a network connection.
I don't have the enthusiasm to start a competing company. It sounds like the barrier to entry to the market is fairly low, the tech isn't unproven, and there appears to be a ton of margin.
I assume Eight Sleep has a patent moat.
I actually commend them for making money off the morons who dreamed this up. They've hopefully put it to better use.
Great line. And my eyes bugged out a little at this part as I also realized what the implications were:
> - They can know when you sleep
> - They can detect when there are 2 people sleeping in the bed instead of 1
> - They can know when it’s night, and no people are in the bed
I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.
1. Work in tech
2. Do care about security
I think this product in particular really attracts the tech nerd life optimizer types.
What if they have a ton of sensors which relay enough information to re-construct a 3D mesh of activity on the bed that they can remotely view? And their more curious less ethical employees give nicknames to particularly "active" or "interesting" users? And start placing bets on their favorites? And start connecting the dots on who is sleeping with whom?
More seriously, this is just a data collection mechanism to learn about user habits that can be sold to other companies and/or use to start new lines of business.
Anything that sends back data, without your clear and expression agreement, isn't sending it to help you.
https://www.technologyreview.com/2024/02/27/1088154/wifi-sen...
It’s better than that. He’s putting in backdoors where they sleep. I’m sure there’s a market for that data.
Once you realize just how important quality sleep is, and how much this can help, $20/month bed subscription becomes a laughably small price to pay.
- What's required to justify this cost?
- How many features and updates does the app require?
- What could the ongoing server costs be?
- How many people maintain the software?
Plus, these things are only piping out data when they're in use, right? So... Only 1/3 of the day, if that.
Then the feature set, who knows. Is it just a readout with some fixed controls for the firmware in the eight sleep?
How is that justifying $20? Every single month?
I know software (especially when hardware is involved) can be more complicated and demanding than it appears on the surface, so these are genuine questions. I'm very open to having bad assumptions here. It just doesn't map to my experiences properly. Especially since the customers pay a premium for the hardware upfront.
I guess if customers are willing to pay, it's fair game.
The subscription for bed is not, it locks artificially features to pay monthly. Even more, it collecs data to improve the product (which sounds good) - but you need to pay for this. They have an ability to run model locally - they choose to not.
I like Topaz approach: you have an ability over some time (subscription period) to have up to date model that will help you recognise snoring etc, then if you choose not to pay - you stick with this model, but it still works.
Subscription in addition is something that limits an ability to sell it in the future.
on the other hand, paying 20$/month for the right to use the bed, that your purchased at 2000$ cost is a ripoff.
sleeping isn't costly, has never been, yet a company is trying to enforce it and i can see how it doesn't go well with most people.
As for frame, if you buy the Eight Sleep Pod 4 Ultra (which is the version that comes with a base that adds head/foot elevation control), you can use the base as a bedframe if you like, though that would be pretty minimalistic.
If this product was an entire bed then it would actually be a lot less appealing because it means you have to replace your bed to use it. It's not a bed, it's a mattress cover (and optional base with the Ultra), so it's purely additive on top of your existing bed, and does not significantly alter the feel of your mattress (besides temperature).
Think of the alternatives I have: Sleeping pills. Sleep studies. Benzos. "Supplements." Weight loss. Working out. Sleeping hygiene routines. FWIW, I've done/do all of these. They work, and they are work.
Sleep is more important to my health than what I eat. Some of us are like this. You know us. We're your colleagues, friends. You've seen us, heard us mope around.
I checked it out because I saw Bryan Johnson talk about it. Found it to be stupid, the price, the app, the subscription, I get what everyone here is saying. You are right. But, there was a free-x-nights trial policy and curiosity got the better of me.
So far, it's been amazing (5-6 months in).
+ You can slap a faux button/area on the bed to change temp without the app.
+ This App, mentioned in the article, it works 100% of the time, and it's fast. I suspect it's over LAN when you're home, at least it's that fast. For comparison, $3.2 billion dollar Nest's app isn't reliable nor fast -- How many total days of your life have you already lost to a synchronous thermostat app that needs to auth/connect with Google before you're allowed to change the temperature of the room you're sitting in? :) Come on, tell me the truth!
Does that help clarify why this sells?
Note: The bed is now $3k, not $2k, plus sales tax. Amortized over 5 years $3k + $240 * 5 = $4200. Divide by 60 months.
Note: Lots of misunderstanding in the thread by people who haven't checked the product out. It's not even a bed, guys, it's a liquid-cooled cover that fit's on top of your existing mattress. If you want the motorized mattress that lifts you when you snore, that's another few thousand dollars.
Well, working out will help with weight loss and will have a lot of other beneficial effects in the long run.
> FWIW, I've done/do all of these. They work, and they are work.
But you already know that.
The market is ripe for the taking, but nobody has attempted to compete with EightSleep. EighthSleep is sleek AF, the competitors seem like they are from the 90's, in all the worst ways (HydroSnooze doesn't even have a remote).
It uses a bag-like sheet that it blows air into, to adjust temperature. For women suffering* through menopause, being able to adjust around hot/cold flushes is sanity-preserving!
* Some women don't suffer much during perimenopause or menopause, but it's a process that seriously fucks with one's hormones. A word of advice to any partner of a woman going through perimenopause: believe them when they tell you what they're going through! So many partners don't realize just how much this can mess up someone, they deserve every sympathy possible.
If you're running HomeAssistant and you want better controls, grab a spare ESP32 and run the ESPHome BedJet integration. https://esphome.io/components/climate/bedjet.html
(A little ironic you need an external ESP32 to talk to the internal ESP32 that is the BedJet's guts...)
Is the Bedjet really that good? Would your wife recommend it without reservations? Are there any other product that have made a difference for her?
Apologies if that's intrusive but improving Sara's sleep would be life-changing for her.
There's also a cold water circulator, useful for icing a painful limb etc. https://www.amazon.com/gp/aw/d/B09VRJ153X
Not intrusive at all, I hope your friend can find some relief. I hope she can find strength and joy in life.
[Followed by a screenshot of the EightSleep CEO publicly tweeting about SF sleep data in Nov 2023.]
This is reason enough to not patronize this business. What a creep.
I remember because I signed up for e-mail updates. Glad I never signed up though. IIRC, I was turned off by the same issues the author “overlooked”.
A subscription for a bed? Fuck off
This looks a lot more like the device fetches updates via SSH to a remote update server, and the authorized_keys entry is vestigial.
Beyond that, companies being able to push changes via custom firmware is sort of the normal state of consumer IoT devices. And it doesn’t really imply the kind of broad “the whole engineering team can access my LAN” that the OP is speculating about.
Now, from a design standpoint, using SSH to pull firmware updates would be a bit of a wonky choice. But the world is full of wonky choices.
More sycophants coming out of the woodwork.
That's the health secretary's words.
He knows when you are sleeping,
He knows when you're awake,
He knows when you've been bad or good...before anyone tries to mock me for mentioning EMF: https://pmc.ncbi.nlm.nih.gov/articles/PMC5247706/
(Not talking about DOGE btw).
We only had a book in my native language on Pascal. I had heard of C from a magazine that had a CD with a C compiler on it, and I walked into a library wanting to learn C but all they had was a dusty book on COBOL in Russian. Later I bought a book on x86 assembly, also in Russian, because that's all I could find, and it just felt like I'm living inside a leaky bucket whereas I was hungry for the firehose of knowledge.
When we got dial-up Internet, I did not sleep for days. The floodgates were open. I had access to tons of information online, in original English, from primary sources. People I've only had heard about, like Torvalds, would just share information directly on the Internet, like it's another Tuesday. To me it felt like I went to Disneyland and I was meeting all my heroes. You can just... learn about any topic and see the people who invented those topics. You could even send them messages.
25 years later, I still feel like that kid sometimes. I'm thankful for HN. Alan Kay replied to me once, and it made my year! Alan M-Fing Kay. I met rms once in the flesh and could not believe my eyes. I regularly see messages from Walter Bright on HN like he's a real human being and I have to remind myself that yes, he's alive, real and I exist in the same world as him and can actually interact.
I and kids around the world these days are lucky to not be stuck in a world where you cannot learn more than they let you.
He was replaced by a D-9000 AI bot about 6 years ago. He was jeopardizing the mission.
A rare exception to the usual.
https://www.radioworld.com/news-and-business/headlines/reciv...
It's good for temperature control, you can set a profile that changes over night. The cooling is a complete fix for night sweats. It heats too, but I don't use it. I don't use the sleep tracking features.
My only semi-major complaint is that the pump is kind of loud. Only annoyance is that you need to have it connected to wifi w/ internet to set the temperature profile w/ the app, but it keeps working afterwards w/o internet.
But I wouldn't recommend anyone buy it now because of the subscription.
It is good to know that there is an option to continue using it if the company decided to no longer grandfather in people who bought before the subscription crap started.
I was in bed from close to midnight to somewhat before 8:00.
Well, each bed contains a full Linux-based computer. If my estimations above are correct, all of Eight Sleep engineering can take full control of that computer any time they want.
I think that was already a given once you agree to silent automatic updates.
Someone told me they returned their 8 sleep because of the constant fan noise of the computer running the thing. He told me it was like having a server in your bedroom.
I am also not keen at all needing to have my phone in my bedroom either. At the end of his life my father had some health challenges and it wasn't uncommon for a nurse to call me in the middle of the night. It was all the other calls, people tweeting or slacking at me that made it really challenging to get any sleep.
Still looking for something where I can collect sleep data if any entrepreneurs can solve these problems.
But if you're not willing to keep a watch while you're sleeping they have "Sleep analyzer" that you put under your bed to collect Sleeping data, but I never tried it !
I'll do you one better on "collecting sleep data". I've been in the neurotech/sleeptech space for the last 5 years developing https://affectablesleep.com
After getting an Oura ring years ago, and it telling me "you didn't get enough sleep[deep, REM]" I was left thinking "so what?? don't tell me I didn't do it, help me to do it!"
From what I've seen in the market, possibly with the exception of 8Sleep or CPAP (for those who need it), is that everyone is focused on counting minutes, and adding a few minutes to sleep. Particularly "fall asleep faster" where they promote "fall asleep x% faster" where x% in minutes is like 7 or 8 minutes.
What is really valuable in sleep, and particularly deep sleep, is not really the time, it's the restorative brain functions, and at the moment, we are focused on one metric slow-wave delta power. It's not how many minutes you sleep, it's how much sleep is in each minute.
Of course, there is sleep data along with that, but if your sleep is optimized in the time you get, do you really care about the daily data?
I think there is some value in collecting the data so when someone figures it out you can get the answers. But it is hard to know what data to collect because what the Oura ring provides could end up being of little value.
Good luck on your project, I will be following you.
1. Kenises should be Kinesis
2. The URL template contains {anynumber}, the text refers to anynumbers (plural)
And for those who prefer a warm bed, isn't it simpler and cheaper to warm the room?
- They can know when you sleep
- They can detect when there are 2 people sleeping in the bed instead of 1
- They can know when it’s night, and no people are in the bed
[...]that bypasses all forms of formal code review process.
It's not a bad article, but it does seem to make a lot of assumptions, and you already agreed to let arbitrary code run on your network when you added an IoT device to it.
However now I want to try this aquarium chiller...
Not scams in the sense of swindling money, but that they are appendages of a private or government intelligence network.
If you genuinely care about your customers, can't you simply feel guilty of doxing such sensitive data about them?
Some evil entities what to know when you sleep, wake up or if there is someone else in the bed.
I am not against technology, this can be done responsibly via offline support, self hosting options, E2E Encryption, Homomorphic computing, differential privacy etc.
But I guess implementing those would interfere with the scam i.e the main objective, which is spying on you.
I think the blog post uncovered that here... the CEO is a total creep
I see at least one aquarium chiller on amazon that uses a compressor, but then you have to wonder if it's quiet enough to sleep next to.
- A human produces about 40 watts of heat while sleeping.
- Thermoelectric coolers have a coefficient of performance (CoP) between 0.3-0.6. So for every watt consumed, they can move 0.3-0.6 watts of heat.
- The wattage consumed and moved all needs to be dissipated.
This random chiller [0] on amazon consumes 100 watts, so perhaps this could move 60 watts max. CoP drops as the temperature difference increases. And it's unclear if the unit can dissipate 160 watts steady state.
But it could plausibly keep you from heating up on a warm night. It doesn't seem like there's much margin for actually cooling you down tho. If someone wanted to experiment with this, I'd definitely read that post.
[0] https://www.amazon.com/MOQNISE-Aquarium-Circulation-Function...
I no longer can trust that someone is looking at my TV data, Oven data, thermostat data, etc and tweeting about it.
Anyways, feels good to be vindicated.
I have to say it made my sleep significantly worse - I was shocked at how bad the temperature setting was - shifting 1 degree warmer or colder was often too much. I also noticed quite a bit of manipulation of reviews & comments on Reddit / subtle sponsorship on YouTube. (=> fake comments, upvoting/downvoting, and unofficial sponsorship).
Maybe it really does improve some people's sleep, but just the noise itself from the Pod meant I needed earplugs to not be disturbed by it. My suggestion is to avoid buying at all costs...
https://raw.githubusercontent.com/bambax/hntitles/refs/heads...
I would be interested in knowing who the buyers for this stuff are ..
Who in the sane mind buys that.
Wait until Eight Sleep "upgrades" the connectors to be "incompatible" with Aquarium chillers.
Uh, I don't think I want to buy a used mattress cover on eBay, thanks.
Alas, our hope to recover whatever social benefit was in SpaceX and Tesla is with Bezos's companies, although at least the EV space is more diverse. SpaceX cannot be wrested from Musk and TSLA and its board is preferred-stock controlled by Musk.
Any source for this? I can’t find anything that says the Musk has enough voting power in Tesla to not need others’ votes:
https://www.techopedia.com/largest-tesla-shareholders
This is a pretty in depth analysis that shows that Musk needed retail votes for last year’s compensation and re-domiciling votes:
https://clsbluesky.law.columbia.edu/2024/07/01/how-tesla-pum...
https://www.thestreet.com/investing/stocks/how-elon-musk-con...
> Elon Musk is the largest individual Tesla shareholder, with 410.79 million shares, representing 12.8% of Tesla ownership as of December 2024.
Yeah, no thanks. I try to make my bedroom as technology free as possible. Apart from a digital alarm clock; at night I put my phone on aeroplane mode and place it outside my closed bedroom door.
It's the best I can do with today's bullshit tech. I've never had a problem with not having a cold bed, so maybe it's the next best thing after the bidet.
when cold leaks, it can be toxic.
I take what you mean is that there will be a refrigeration loop involved, and in that, a refrigerant. Just like all substances, refrigerants can be toxic, sure, but that alone is not what makes a toxin [0]. It's also not a binary thing, and between air conditioning and refrigerators, an appliance like this I don't see why would stand out.
I further haven't got a clue what microplastics having been found to pass the blood brain barrier have to do with this, or how you're able to determine whether that applies to me or not, specifically.
Now if a competitor crops up that has better privacy and a better CEO, I'll swap in a heartbeat.
Note: I don't pay for the subscription, just the mattress topper
Mattresses wear out, and people end up keeping them too long. Somewhere like walmart.com sells great mattresses for inexpensive prices. They are not related at all to what they sell in stores. Because they are inexpensive, as soon as they start to wear out, buy a new one.
"In the second screenshot, we have the public key that’s authorized to access the device. The email address attached to the public key, eng@eightsleep.com, to me suggests the private key is likely accessible to the entire engineering team."
He has no evidence for this whatsoever and not really any good reason to assume it either.
"In the first image, we see evidence SSH is being exposed remotely, to a far away host, remote-connectivity-api.8slp.net. Typically SSH would only be accessible to the local area network, but the variables in production.json would seem to imply this access was opened up to a remote host."
This isn't how SSH works and he doesn't seem to have enough information, or enough knowledge of SSH, to understand what's being done with the "far away" hostname.
This article is just clickbait nonsense, which should have been obvious from the title. It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup. Based on the fact that the founders seem to have a superficial understanding of technology but a well-developed understanding of hype and bullshit, I am not interested in exploring their business further.
1. He didn't even bother to check and see if the bed is running an SSH server - ten seconds with nmap could have told him this!
2. Essentially every one of these beds would be behind a NAT and thus the SSH server which he didn't even bother to look for would not be accessible to the internet or to the nefarious engineers he imagines have access to the key - he ignores this fact.
3. The fact that the firmware includes the URL of a specific external endpoint, suggests that the bed connects _to_ that endpoint, not that this is somehow used to screen incoming requests by reverse DNS lookup or anything like that. The architecture he is supposing exists (all remote access requests must come from a host whose reverse DNS resolves to this host?) makes no sense.
4. The fact that the public key exists on the filesystem means nothing if no SSH server is running, or accessible. It might be used, for instance, as part of the manufacturing test process or a maintenance procedure, and then disabled. The SSH public key on the filesystem isn't necessarily related to the JSON config file for their own application which he found!
5. SSH keys don't have "email addresses" associated with them, they have a plaintext field which is used merely for identification purposes, and this is commonly used for the _user account_ that created the key. But it's not an email address and even if it were, it doesn't mean that that email address, much less every engineer at the company, somehow has access to the key!
The sloppiness and level of jumping to conclusions here, for a supposed security company, is ridiculous.
I'm not sure what kind of evidence or reason you're looking for, I think their assumption is pretty sensible.
> This isn't how SSH works
Maybe I'm just naive, but the wording of it to me seems nontechnical enough that I think the author is skipping over things on purpose. For example, how exactly that "far way" host he thinks is involved.
I'd personally imagine it's a reverse shell type deal going on, although why SSH needed to be involved in that I'm not sure. Could be just a hacky implementation. But it's really not that far removed from sensibility, vendors popping reverse shells without authorization really wouldn't be new.
> It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup.
Didn't even notice that. Can't imagine too many other people did either. So maybe not so clearly?
That said, some actual investigation of that supposed binary would have been a strong support for this whole thing, and indeed an evidence for this theory, so I will give you that.
Are you denying there is a config file pointing to a target called remote-connectivity-api.8slp.net?
No there's not enough evidence to prove in a court of law who has access to the private key, or that the config file is enabling a return ssh connection, but it's pretty damning.
The only thing that's not newsworthy about this is that large amounts of IOT shit does this.
Under the path ".ssh.endpoint", too. It's not like it's just a mystery hostname; it clearly has something to do with SSH.
> The only thing that's not newsworthy about this is that large amounts of IOT shit does this.
And - just to be clear - that doesn't mean it shouldn't be reported on! Talking about this stuff, and having concrete, specific examples, is good.
Do you not see a problem with this line of reasoning? That's literally what he says in the article, and he presents it as a near-certainty, not the wild leap of unsupported reasoning that it is.