> For someone who suffers from insomnia this seemed worth a shot.
I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.
The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.
Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.
If you’d rather not buy another gizmo for a function your phone has likely gobbled up already…
iOS, iPadOS, and macOS have a pretty great built-in background-noise generator these days. While lots of actual beaches can go dead silent and then have a loud wave crash in, the waves that
It’s available in Settings -> Accessibility -> Audio & Visual -> Background Sounds. You’ll have to download the sounds each once, but after that they stay on your device.
Digging this deeply in Settings isn’t pleasant if you just want some white noise, so you may want to add a control to Control Center like “Background Sounds” (way down in the Hearing Accessibility section) to turn the ocean noise on and off.
I turn this on my iPad when going to bed if I want to take extra steps to ensure that I don’t wake up in the middle of the night.
You can also assign it to the triple click shortcut in Accessibility. You probably can to the double/triple back taps too, though I haven’t tried.
I do use a standalone Lectrofan for sleep as I prefer my noise machine to be across the room and Alexa-controlled (via a smart switch), plus it’s louder and the brown noise is “browner.”
But I keep iOS BG sound mapped to the triple-click shortcut for when noise-cancelling just isn’t enough in loud restaurants etc. It works great with AirPods for reducing my noise sensitivity issues.
It's been life-changing when combined with my AirPods Pro. ANC deadens most sound, but acute sounds still get through. Adding background noise on top of it can usually cover the rest. And they have both bright and dark noise, to cover different frequencies of environmental sounds
I can't believe I had to download an app for that because the feature is buried in SETTINGS (!!!!). What an obtuse choice. Thanks for the tip though, I hate that my white noise app has a rotating ad banner.
I use an air filter for that. I have a Levoit Vital 200S and it allows to set up an automatic filter power schedule so I don't have to think about that when going to bed. Mine switches to the white noise mode at 9:30pm and then back to the silent mode at 8:00am (I usually wake up much earlier than that, but hearing the air filter sound change also tells that it's 8:00am without looking at a clock).
I had insomnia for over a decade and all it took to fix that was just weeks of sleep inducer followed by regular melatoin takes. I assumed it will take some gizmos to do that, but apparently it wasn't. Once you could lock your sleep into the daily pattern---something I could never done by myself for a very long time though, hence sleep inducer---then securing it turns out to be much simpler. Consult your psychiatrist first, of course.
I have two white noise machines, have them in stereo, one on each side of the bed. It's useful to be able to adjust them separately, I've got tinnitus in one ear more than the other so don't need it to be as loud on that side.
As I get older, deafness will likely reduce my need to rely on technology.
For the price of a white noise machine you can buy a 10A squirrel cage blower, some mdf to make a box out of, a contactor, and a smart plug and have a white noise machine that filters your air, turns on and off from your phone, and also makes white noise. It can also act as a table to put your phone on and a charge point.
I had the two problems of poor sleep without white noise and a dog allergy and now I have neither.
The state of the product's security wasn't unexpected. I was, however, shocked by this part:
> I was willing to overlook:
> The bed costs $2,000
> It won’t function if the internet goes down
> Basic features are behind an additional $19/mo subscription
> The bed’s only controls are via mobile app
Nothing about this bed should depend on off-site servers. Nothing about the product should necessitate a subscription fee.
The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
In addition to everything else, also love how a bed with the express purpose to increase sleep quality requires you to open your phone every time you want to adjust a setting.
> In addition to everything else, also love how a bed with the express purpose to increase sleep quality requires you to open your phone every time you want to adjust a setting.
Don't worry, they'll repeat over and over how their product was thoughtfully designed with exquisite craftsmanship by the re-animated corpse of Johnny Ive [1] until people believe it's true.
[1] I know he's not dead.
Also...
> ... Essentially all you need to do is unplug the rubber tubing from the Eight Sleep cover, which is available on eBay for a few hundred bucks, and plug it into a $150 aquarium chiller.
> That’s it. Aquarium chillers are somewhat of a misnomer, as they can also provide heat. They use thermoelectric devices to regulate temperature, either cooling or warming the liquid that flows through them, which is the same technology found in eight sleep.
How much do you want to bet the Eight Sleep is literally an off-the-shelf Chinese Aquarium chiller in a custom case marked up 15x, with a shitily-programmed computer bolted on to enable a $20/month subscription?
I mean this comment is slightly disconcerting to next generation of brilliant hackers sleeping on this bed and dreaming big of a Cloud controlled Toilet Paper Dispenser, Effececy®. It will always give right amount of paper based of amount and moisture content of just delivered product.
I rolled my own solution to this using a Boston Dynamics Spot (2nd gen). With the structured light scanner, YOLO v5 for classification, and a custom IK solver (BD's is too hard for me), I can just lay back like a baby once I'm finished and Spot takes care of everything.
Don’t fall for this. I purchased this product then they pushed a bunch of the basic features behind a paywall. The ‘vibrate on SMS’ is worth it if you do go that route and don’t mind proxying your phone comms through their servers, though.
I agree with this so much. Opening an app is the last thing I want to do to adjust something while I'm in bed. I have a zigbee lightswitch so I can turn the light off from bed, and sure I could open an app to do that, but it's so much better to get a zigbee button and stick it to the wall above my head and program it to control the lightswitch.
Unlike all the cloud garbage, my zigbee devices continue to function even when the internet is down. I have my zigbee hub (Home Assistant Yellow) on a battery backup, so all the zigbee devices with a battery keep functioning even when the power is out (like my automatic cat feeders)
Totally agree.
I got a philips hue dimmer switch for next to the bed. One of the best things I got for the home automation.
Just click it and everything in the house goes into night mode. no phone needed.
My room mate had one of these and I found out there was a script online someone put together on github I think to control it over a shell. Was hilarious because I kept turning off their light at weird times.
Yikes, does the hub have some kind of unauthenticated http server exposed to the LAN? Yet another reason I run open source software rather than buying the proprietary hubs.
You have to tap the button on the hub and then you have 30 seconds to send a specific package to create a user. So yeah, not super, but also not totally u authenticated
I’m still fairly upset that ambient devices never really took off. Nanoleaf at least made a remote like this. It’s a dodecahedron with an accelerometer, so you can program each face with a different setting. The simplest being to program opposing faces for two different light levels. You want to take a nap, turn the controller upside down.
There was a cool device I saw once, used for timing your work. You'd program the faces for different tasks (bug fixes, new features, etc.) and whatever you worked on, you'd have that face up, and when you changed tasks, you'd turn it to something else, and it would track how you spent your time.
I've seen energy-harvesting remote light switches for sale — they supposedly get enough energy from the physical act of flipping the toggle to send a few radio packets. I haven't used one in the real world though.
I've got a cube that's hooked into my Home Assistant setup that works similarly. Flipping the cube upside down turns my bedside light on or off, rotating it clockwise increases the brightness, and counterclockwise decreases it.
I did something similar using these: https://eu.aqara.com/products/aqara-cube-t1-pro (or rather, an earlier iteration). Just Zigbee, nothing too complex, and then you hook it into something which knows how to interpret the events it sends (or events + current state if you want it to be a little more contextually smart). I generally tried to centralise the smarts, dumb devices and a smart interpreter always worked out more robust than clever devices. It's amazing how many combinations of actions you can indicate just by shaking/tapping/turning/flipping - more than enough to do the things you commonly do with one actuator (a light or set of lights for example).
I like this idea, now I want to make one of those. Even a two- or six-sided one would be useful, and I can print different enclosures and reprogram the feather or ESP if I want to add sides.
I don’t think they sell it anymore, but I forgot it’s actually a HomeKit controller, so you could (try) to use it to control several devices at once. Since only one face is up at a time you would have to gang the behaviors, such as turning off several lights or turning them on.
And not true, at least for the newest version. V4 has touch sensors for adjusting the temps on the side of the mattress.
I do own of these and while I hate the price, the subscription, the fact that it didn't work for an hour last night due to the internet being down (first time ever really) but there really isn't a better option. I love the temp control and would use anyone else if they had a valid competitor, but sadly there isn't one (or at least wasn't when I bought mine). The alternative is to not have temp control which is pretty amazing.
I've heard the sleep people get with this is excellent, but no way in hell am I paying a subscription and requiring an internet connection for my bed. The entire concept is just absurd. If it sells, it sells, I guess.
The "smart" features on it are genuinely useful for me - I have sleep apnea, as well as an eight sleep + the electronic platform. It automatically changes the elevation of my head based on apnea events, and I see a marked reduction in them when using this feature.
I have a cpap machine that also makes automatic adjustments but I still get noticeably better sleep quality with the eight sleep. I also really enjoy the temperature control, since it saves on HVAC costs vs. climate controlling the whole house. I've not tried an aquarium chiller for this purpose, though I have used one for doing temperature control on a beer fermenter, and I can extrapolate from there that I value the management of the actual eight sleep device vs. managing an aquarium chiller's temp control.
> The "smart" features on it are genuinely useful for me...
All of those features could be provided by local compute, either nestled somewhere in the soft and fluffy gross profit margin of a $2,000 product, or with Bluetooth to a "thick" application running on a phone.
The reason this product, and so many other "IoT" products, put their compute across the Internet is to facilitate a business model. The industry has the technology to put as much compute, storage, and reliability on-site with a high-margin, high-cost product like this.
Even if it were a nightstand device rather than a phone. The immediate loss of functionality when loss of signal to the mothership is an egregious design flaw. There's no reason the thing can't have a bit of storage so it can then upload the logged data when the signal returns.
Of course, they'll probably claim AI running in the cloud is making the decisions which makes the local first controller not possible.
It would be nice if we could provide medical assistance to people who need it without jamming these devices full of adware garbage and forcing people to connect to the internet to use their own possessions.
I've also heard about people finding new foam mattresses too hot :(
like me. will buy a spring mattress next time
Edit thank you for your recommendation but I'm in italy, European and American mattresses are quite different.
Before discovering this, I once wrote to the customer support of the flamingo hotel, Las Vegas, because I loved their mattress: Hi, i do think that what i'm gonna write is weird, but anyway haha.
On july of the summer 2019 i visited the fabulous las vegas. nor the nightlife neither the opulence of sin city could, however, reach the pinnacle of the human civilization, the mattress on which i slept at flamingo. I now have to change my own mattress at home, and i'm looking for the model on which i slept. the website only says "Simmons beautyrest", although Beautyrest is just a brand name used by simmons and doesn't mean a specific model. could you help me in this modern day divine comedy, be my Virgil and help me find the mattress name?
Regards
Name
I got an answer: Thank you for contacting Caesars Entertainment. I was delighted to hear that you enjoyed our mattress on your visit! Currently, we are using the Simmons Hospitality Beautyrest Felicity Pillow Top. They can be purchased at https://caesarsguestpurchase.com/shop or 1-866-926-8233. Please feel free to write back if you have any further questions.
Thank you for choosing Caesars for your gaming entertainment!
While going with a non-foam mattress will be colder than a foam mattress, if you were interested in a colder foam then I'd like to recommend latex mattresses. They're more expensive than memory foam and they feel different but I no longer overheat at night. Also I sleep better knowing my bed has proper kerning.
Because the Talalay and Dunlop processes involve vulcanization at 115+ C to turn the material into a foamed rubber, which denatures the proteins that the immune system recognizes and overreacts to. Denatured protein - think egg white once it's heated and turns white, instead of clear - has its structure radically altered. The molecules get pulled apart, tangled with others, and can in no way be recognized by the antibodies that trigger the immune response.
Similarly, Talalay latex mattress material is usually only about 30% natural and 70% synthetic, and the synthetic does not cause immune response.
If you powder the natural material and directly expose it to IgE, the dominant protein of interest for allergies, you can get a reaction (https://pubmed.ncbi.nlm.nih.gov/10436396/), but in practice with sheets and the outer cloth covering on the mattress basically no proteins ever come into contact with the body. And even in that study only Hev B I was detectable, which is only one of many latex proteins that trigger the immune response, and only 3 of the 21 tested human sera actually had a reaction to the direct mixing with the powdered latex. As far as I understand it, there has never been a confirmed case of an allergic reaction to a latex mattress.
Have you tried a more firm foam mattress? I had similar sentiments about foam mattresses but they were all the type where you just feel like you're sinking into the foam.
I did, but in the showrooms in the short time I tried them (and with jeans and clothes and so on) I didn't got that it was warmer than other firmer mattresses
I wonder if there'd be a cottage industry for new control boards which de-shittify IOT devices but keep their functionality. Like buy the bed, and then buy a little pre-programmed ESP32 logic board to replace the factory board.
ESPHome fills much of this niche for me. It's a framework for turning YAML device definitions into custom microcontroller firmware, with myriad supporting tools. The official device database at https://devices.esphome.io lists 554 devices but that's nowhere near the end of it.
Most manufacturers bolt on IOT functions by dropping an off-the-shelf module onto their device-specific board. It's sometimes possible to replace the factory firmware with ESPHome, sometimes even using over-the-air updates. For example, AirGradient air quality sensors: https://github.com/MallocArray/airgradient_esphome
Even when it isn't possible to commandeer the factory IOT module, the fact that it _is_ a module is still useful, because it's almost always possible to inhibit or remove the factory module and connect your own instead. The factory IOT module controls and senses the device, so your replacement module can too, using the same pins. For example, an IOT air filter: https://github.com/mill1000/esphome-winix-c545#final-assembl...
Some devices are designed around multidrop communication busses. These are usually even easier, since the ability to join the bus is an intended design feature, even if the device you're using is not intended. For example, many Samsung residential HVAC systems: https://github.com/omerfaruk-aran/esphome_samsung_hvac_bus/d...
As an EE, there's a healthy amount of this in some industries with very high costs, equipment use beyond manufacturer obsolescence, and in hobby circles with technical enthusiasts. But not generic devices for the general population.
At my day job, we've replaced and re-engineered controllers in industrial laser cutters, CNCs, welders, robots, and similar equipment. There are replacement control boards for hobbyist stuff like pinball machines, motorcycles, retro computers, and retro game consoles.
But as evidenced by the fact that people are buying shitty cloud-only IoT devices, neither the interest nor the capacity to do this is common.
Likewise, I've looked into this after being asked to build retrofit electronics for both expensive machine tools and consumer goods (I had a client who was adding bill acceptors to massage chairs and other items). I was never able to find a niche with a consistent need. They do exist but are hard to find.
That's good to know but if it's a custom board and it gets fried by soapy water getting in or a decade of humidity, it would still be good if the pinout was something that a new device could be programmed and dropped into to replace.
I think this would need to be enabled by regulation that forced the original manufacturers to make their products open. Hopefully we'll get that eventually.
I feel like websites like https://www.tindie.com could definitely fill that gap. It's like an Etsy + Hackaday where people sell different levels of hardware etc.
Probably could never make that kind of thing work at scale, but maybe as something within the maker community, perhaps adjacent to the world of 3d printing, Arduino, and RPi.
There'd probably be a few liability concerns at scale. Like if you made a replacement board for a Keurig to allow aftermarket k-cups, it'd likely be a matter of time before Keurig sued you, or someone burnt their house down.
>The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
It is a $2000 dollar internet connected bed. The market in this case is probably people who could wipe their ass with that $20 every day and not miss it. I don't think they are stupid. This class of Americans has always been about paying for ongoing service instead of being pragmatic or doing things themselves. "Let the help over in bangladesh fiddle with the connectivity and updating the mobile app for me, while I merely rest my head and make plenty of money," they probably figure, at least subconsciously.
One might argue that the market itself becomes "stupid" (stops accurately indicating value) when people have so much money that they stop caring about how they spend it.
I don't think you're wrong, but I know people who grew up poor and blow money on stupid shit -- or at least unnecessary purchases (eg, upgrading to every single new iPhone).
OTOH, I grew up upper-middle class, my dad being quite frugal and a big DIYer. Similarly, I make good money and am also very frugal. I have no reason to flaunt money around my peers.
I don't think the people buying the bed are stupid.
The collective mass of people who buy these "IoT" devices that (1) don't actually need to use Internet-hosted services to function, (2) don't actually need a subscription for their business model to work _except_ for having been unnecessarily tied to an Internet-hosted service, and (3) will fail to function when the Internet-hosted service is gone do not understand the ramifications of the buying decisions they're making.
They're enabling these awful companies and business models. They're making the world worse by buying this soon-to-be e-waste garbage.
Stupid is a bad word. Let's say ignorant, instead. They don't even know what they don't even know. Our asinine industry normalizes these practices because profit.
I think computers have tremendous power to make life better for humanity. I think that can happen without being contingent on this kind of business model.
The bed is an egregious example. There are certainly other lower-priced products that still have this kind of stupid unnecessary "tie" to Internet-hosted services and subscriptions.
I think one would also assume that some fraction of that $2000 would go into a fund to keep those servers up.
One thing SaaS has not learned from nonprofits with longevity: you do big fund raisers to get money so you can live on the interest payments. If you think of a new project that will increase your burn rate, you throw another fund raiser.
Figure out how many of those beds you expect to be junked for breakage or obsolescence each year and set your margins to keep the long tail running for 10-15 years.
> One thing SaaS has not learned from nonprofits with longevity...
I think SaaS has eschewed strategies for longevitiy because it's contrary to the market's "wisdom" that for-profit companies must have sustained high-rate growth.
I know someone who signed agreeement about delivering an app and then providing fixes for free. He escaped the country. Market is not stupid, market learned nothing is free.
Software is devil-is-in-the-details to the extreme, and maximally opaque even to programmer-capable consumers, much less general consumers.
And all tech companies are now founded with zero regard for good behavior. I mean, they don't even do minimal amounts of customer service, which is the bare minimum of having regard for your customers.
In general, the IoT industry has suffered and adopters get burned over and over and over so the market is what it deserves in the long run. But that doesn't mean that snooping and monitoring doesn't increase insidiously year after year.
This is a serious problem with future technology. What person would do cybernetics or similar life saving products from companies like this? Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.
We are clearly in an age of increasing authoritarianism. China has become far more authoritarian under Xi, right wing fascists are on the rise in Europe, and extreme partisanism just leads to round robin authoritarianism on the path we're on, assuming the next election happens. Russia is trying to expand its reach, and disrupt democratic institutions worldwide.
Undermined privacy and data collection is the tools for total information awareness by authoritarian states, only made far far far far far far far worse by the rise of functional AI.
The future of humanity is bleak. The filter approaches.
> Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.
As someone on an insulin pump they do. Iirc they have reps showing up at hacker conferences looking for red teams.
Definitely agree with your worries generally though.
> The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
A lot of this bullshit only happens long after the sale has been made and consumers are blindsided when things advertised as free are suddenly paywalled off behind a subscription following a ToS update.
"The market" is never going to solve this. What we need are consumer protections in the form of laws and regulations with real teeth and consistent enforcement.
I mean, even at the start 13 - 15 people were killed in leaded gas's infancy all because the oil companies couldn't make as much money from ethanol as from tel. That's insane.
A rational society would have shut those companies down and thrown the executives into prison.
I used to work for match.com and we had a readout in the office that streamed customer feedback. 90% of it was people who had paid subscriptions complaining about intrusive advertising on the site or in the app while logged in.
I raised this at a meeting and was told that they weren‘t going to change it because it made too much money.
I’m sure engineers raised issues about this as well and were shut down by the business people who are more than happy to risk customer satisfaction and security if it means more revenue.
Finding another job and marking them as unethical on glassdoor would be more like taking a stand. Raising awareness of management is just the polite first step.
At the very least, many products have unpopular features that are easier than one might expect to disable. And that’s quite often down to a developer who disagrees creating or leaving a covert channel lying around to circumvent the feature. Their boss didn’t tell them to put it in, and they didn’t tell anyone about it so that it was insubordination if they didn’t agree to take it out. Just a little something we accidentally left in for debugging or PoC purposes. Whupsie!
How easy is it to know what works when the network is down before purchasing? Do you expect everyone to take down their wifi after purchase to test and return if it doesn't work?
Maybe there should be a mandatory information sheet such as listing all functionality that stops working without a network connection.
Consumer protection regulation with mandatory labeling would be a good answer but, at least in the US, we're not going to have anything like that anytime soon (if ever).
I don't have the enthusiasm to start a competing company. It sounds like the barrier to entry to the market is fairly low, the tech isn't unproven, and there appears to be a ton of margin.
My partner has difficulty sleep unless it is the perfect environment (black out curtains, noise cancellation, sound bath, temperature), and is more prone to the effects of a single bad nights sleep. For people like her, $20/mo + $2000 fee is a small price to pay for a solution to a very difficult problem.
I would of course, attempt to veto unnecessary IoT devices and subscriptions for usage, but this would be a fight I would likely not win.
They're not complaining about the price. They're complaining about the high price for a bed where those high priced features stop working if your internet goes down, or there is a server outage, or you stop paying a monthly fee, or the original company goes bankrupt.
How in the world does this necessitate a subscription? All of these things can work without centralization, setup once, and contained entirely within the home.
> How in the world does this necessitate a subscription?
I can only speculate.
But, there is demand to improve sleep quality. The provider wants to charge a monthly fee for that.
The market simply puts buys and sellers together. People making business decisions will stick with Econ 101--charge what the market will bare, and why shouldn't they?
I think there is some naming convention gap here. I would call it Sleep Equipment as we have exercise equipments. Then folks will find pricing more reasonable. There is further opportunity to differentiate market with Sleep, Sleep Pro and Sleep Enterprise products.
The pro and enterprise version would allow local server setup for critical sleep equipment functioning and can manage all beds in a household or hotel etc . It can update the version of software or data models when its online and new features are available on cloud server.
I surmise at 300 dollar/month for pro version could be really attractive proposition. Of course local server setup and maintenance can be charged separately.
I have a mortgage so I will follow all lawful orders. I'll blow the whistle if illegal activities are forced upon me, but if there's an ethical issue bothering you, I'd suggest you write to your MP or if you believe they are incompetent or hostile, to run against them in the next election and change the law yourself.
> In the end, I got enough of the cyber ick, I decided to seek a simpler, less internet-connected solution to my temperature-controlled bed needs.
Great line. And my eyes bugged out a little at this part as I also realized what the implications were:
> - They can know when you sleep
> - They can detect when there are 2 people sleeping in the bed instead of 1
> - They can know when it’s night, and no people are in the bed
I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.
The people who care about security don't buy cloud-connected bed heaters – or run their own software on their IoT devices. You'll have exactly zero ad revenue because there is no overlap between prospective buyers and people who care about security.
> And my eyes bugged out a little at this part as I also realized what the implications were
What if they have a ton of sensors which relay enough information to re-construct a 3D mesh of activity on the bed that they can remotely view? And their more curious less ethical employees give nicknames to particularly "active" or "interesting" users? And start placing bets on their favorites? And start connecting the dots on who is sleeping with whom?
More seriously, this is just a data collection mechanism to learn about user habits that can be sold to other companies and/or use to start new lines of business.
Anything that sends back data, without your clear and expression agreement, isn't sending it to help you.
"When I say backdoor, what am I referring to? Sure, Eight Sleep needs a way to push updates, provide service, and offer support. That’s expected.
What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
And yes, I found evidence that this is exactly what’s happening."
^ wow, this is pretty wild. <insert joke about being careful about who you share a bed with>
You’d be surprised at how many hardware companies think this is a good idea!
I’m the founder and CEO of a company called Memfault, we make observability SaaS for hardware companies.
I constantly get asked if we could just offer a remote access solution. Many of our competitors do! But we think it’s (a) a huge security liability and (b) too ripe for abuse.
But fundamentally consumers do not care, and until that changes you can expect any embedded Linux device to have this kind of backdoor (they do more often than not).
> What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
> While the Eight Sleep CEO Matteo seems focused on providing DOGE with great sleep, the real doge (pictured above), whose name is Latte, is sleeping great tonight.
It’s better than that. He’s putting in backdoors where they sleep. I’m sure there’s a market for that data.
- What's required to justify this cost?
- How many features and updates does the app require?
- What could the ongoing server costs be?
- How many people maintain the software?
I've built some IoT projects and handling events from the hardware was remarkably inexpensive. Piping tiny telemetric packets, even at a high frequency, was no big deal. It wouldn't justify charging customers $20/month. Maybe $2.50?
Plus, these things are only piping out data when they're in use, right? So... Only 1/3 of the day, if that.
Then the feature set, who knows. Is it just a readout with some fixed controls for the firmware in the eight sleep?
How is that justifying $20? Every single month?
I know software (especially when hardware is involved) can be more complicated and demanding than it appears on the surface, so these are genuine questions. I'm very open to having bad assumptions here. It just doesn't map to my experiences properly. Especially since the customers pay a premium for the hardware upfront.
I guess if customers are willing to pay, it's fair game.
in a way, yes. 20$/month to marginally improve sleep efficiency can be worth it, especially when you have high energy expenditure and need to be able to keep up.
on the other hand, paying 20$/month for the right to use the bed, that your purchased at 2000$ cost is a ripoff.
sleeping isn't costly, has never been, yet a company is trying to enforce it and i can see how it doesn't go well with most people.
Depends person to person. For me it's the difference between waking up 6-8 times throughout the night, and sleeping for a sound 8 hours without interruption. For my wife, not much difference, other than we are able to sleep together, where as before our wildly different temperature tolerances meant separate rooms. I've seen a few people in this thread state it negatively impacted their sleep.
If I could afford it, I’d certainly get a >$2000 queen size mattress in a few years. Nice firm mattresses are expensive. Internet connection and temperature control are not something I’m remotely interested in. A subscription doubly so. This is hilarious and illustrates how naive and reliant people are for technology to solve every problem in their lives.
It's not actually a bed, it's a mattress cover. They are willing to sell you a mattress with it if you want, but the product itself is designed to go over your existing mattress. That said, good-quality beds cost money!
Well, you probably already have a bed, no? And if you don't, there are lots of different types of mattresses out there and you may have preferences.
As for frame, if you buy the Eight Sleep Pod 4 Ultra (which is the version that comes with a base that adds head/foot elevation control), you can use the base as a bedframe if you like, though that would be pretty minimalistic.
If this product was an entire bed then it would actually be a lot less appealing because it means you have to replace your bed to use it. It's not a bed, it's a mattress cover (and optional base with the Ultra), so it's purely additive on top of your existing bed, and does not significantly alter the feel of your mattress (besides temperature).
The baseline for mattresses in the US is upwards of $500 according to Costco. If you want a bigger, higher quality regular mattress you get into the neighborhood of $1000. If you want one made with more exotic materials or you want to throw in something like a boxspring or a frame for a bed that sleeps two, you can approach $2000.
They have an excellent product apart from the downsides (subscription and forced internet connectivity), they have no real competitors.
The market is ripe for the taking, but nobody has attempted to compete with EightSleep. EighthSleep is sleek AF, the competitors seem like they are from the 90's, in all the worst ways (HydroSnooze doesn't even have a remote).
Disclaimer: I own one.
TL;DR: What can you give me for ~$70/mo (amortized over 5 years including bed) that makes my sleep better without me having to do anything or put anything in my body?
Think of the alternatives I have: Sleeping pills. Sleep studies. Benzos. "Supplements." Weight loss. Working out. Sleeping hygiene routines. FWIW, I've done/do all of these. They work, and they are work.
Sleep is more important to my health than what I eat. Some of us are like this. You know us. We're your colleagues, friends. You've seen us, heard us mope around.
I checked it out because I saw Bryan Johnson talk about it. Found it to be stupid, the price, the app, the subscription, I get what everyone here is saying. You are right. But, there was a free-x-nights trial policy and curiosity got the better of me.
So far, it's been amazing (5-6 months in).
+ You can slap a faux button/area on the bed to change temp without the app.
+ This App, mentioned in the article, it works 100% of the time, and it's fast. I suspect it's over LAN when you're home, at least it's that fast. For comparison, $3.2 billion dollar Nest's app isn't reliable nor fast -- How many total days of your life have you already lost to a synchronous thermostat app that needs to auth/connect with Google before you're allowed to change the temperature of the room you're sitting in? :) Come on, tell me the truth!
Does that help clarify why this sells?
Note: The bed is now $3k, not $2k, plus sales tax. Amortized over 5 years $3k + $240 * 5 = $4200. Divide by 60 months.
Note: Lots of misunderstanding in the thread by people who haven't checked the product out. It's not even a bed, guys, it's a liquid-cooled cover that fit's on top of your existing mattress. If you want the motorized mattress that lifts you when you snore, that's another few thousand dollars.
My wife uses a Bedjet which has both a remote and app. Thankfully it works without an active Internet connection.
It uses a bag-like sheet that it blows air into, to adjust temperature. For women suffering* through menopause, being able to adjust around hot/cold flushes is sanity-preserving!
* Some women don't suffer much during perimenopause or menopause, but it's a process that seriously fucks with one's hormones. A word of advice to any partner of a woman going through perimenopause: believe them when they tell you what they're going through! So many partners don't realize just how much this can mess up someone, they deserve every sympathy possible.
My wife has been suffering with perimenopause tremendously. Her hormonal fluctuations have caused hair loss, severe insomnia, and mood swings that seriously degrade the quality of her life. It's hard to watch. There's no magic trick to fix it, and she isn't doing anything 'wrong' that she should change.
If she hasn't started taking progesterone and estrogen, I recommend she talk to a doctor about doing that. Good luck, it's hard on both of you and I hope it gets better soon.
Thank you. It really is. It’s similar to pregnancy in that if both people are engaged in caring for mom and baby, it can be exhausting for everyone when things aren’t going smoothly.
My friend Sara had a rare form of breast cancer at 34. Thankfully she survived, but to improve her odds of staying alive she's been essentially put into permanent menopause for the next decade. Constant hot flashes.
Is the Bedjet really that good? Would your wife recommend it without reservations? Are there any other product that have made a difference for her?
Apologies if that's intrusive but improving Sara's sleep would be life-changing for her.
The company itself is also run by a race car driver and has typical Miami hype. Not sure why they are often tagged as tech companies, besides making a black version of Casper. Could be the heavy Elon association.
They don't have any competitors, for people who need their product it's the only real option. The only competitors have a much worse core product unfortunately, so we have to put up with EightSleep's shit.
"We may not have that many outright Nazis in America, but we have plenty of cowards and bootlickers, and once those fleshy dominoes start tumbling into the Trump camp, the game is up"
I’m missing a step here. I see a var called ssh, and an authorized key, but I don’t see where they’re seeing any method for the device to expose itself outside the NAT that’s in place on basically every consumer LAN.
This looks a lot more like the device fetches updates via SSH to a remote update server, and the authorized_keys entry is vestigial.
After skimming most comments here I still wonder what people want from a temperature-controlled mattress? Is it to have a warmer bed or a cooler one? Or does it depend on each person, some like it hot and some don't?
And for those who prefer a warm bed, isn't it simpler and cheaper to warm the room?
I’m in the market for one. I want a cool sleep in the summer with fresh air (not recycled AC air). I haven’t found one with good reviews and also no required spyware unfortunately. So AC plus humidifier is needed, but I still sweat on the parts of my body in contact with the mattress no matter how much I crank the AC in the middle of Aug.
The air from my air conditioner sits on top of me like a blanket, not touching the parts of me in contact with the mattress. If the mattress itself is actually cool, it will stop me from sweating. The recycled air thing is just personal preference, breathing fresh air feels subjectively better than recycled air so I keep my window open as much as possible. If the weather is hot, but my mattress is cold, then I can keep the window open and still be cool on hot days.
I can't speak to the person you're replying to, but it's like the difference between an electric blanket and a space heater. It's energetically cheaper to cool just the bed than the whole room, and it won't dry out the air as much.
It's good for temperature control, you can set a profile that changes over night. The cooling is a complete fix for night sweats. It heats too, but I don't use it. I don't use the sleep tracking features.
My only semi-major complaint is that the pump is kind of loud. Only annoyance is that you need to have it connected to wifi w/ internet to set the temperature profile w/ the app, but it keeps working afterwards w/o internet.
Offtopic: I grew up in a tiny post-soviet third world country. Aside from the usual daily struggles, one lesser known aspect of that life is that we did not have access to primary sources of information or the people who invented the things we were using.
We only had a book in my native language on Pascal. I had heard of C from a magazine that had a CD with a C compiler on it, and I walked into a library wanting to learn C but all they had was a dusty book on COBOL in Russian. Later I bought a book on x86 assembly, also in Russian, because that's all I could find, and it just felt like I'm living inside a leaky bucket whereas I was hungry for the firehose of knowledge.
When we got dial-up Internet, I did not sleep for days. The floodgates were open. I had access to tons of information online, in original English, from primary sources. People I've only had heard about, like Torvalds, would just share information directly on the Internet, like it's another Tuesday. To me it felt like I went to Disneyland and I was meeting all my heroes. You can just... learn about any topic and see the people who invented those topics. You could even send them messages.
25 years later, I still feel like that kid sometimes. I'm thankful for HN. Alan Kay replied to me once, and it made my year! Alan M-Fing Kay. I met rms once in the flesh and could not believe my eyes. I regularly see messages from Walter Bright on HN like he's a real human being and I have to remind myself that yes, he's alive, real and I exist in the same world as him and can actually interact.
I and kids around the world these days are lucky to not be stuck in a world where you cannot learn more than they let you.
Do you still have any? I've always wanted to acquire a Kerbango (https://en.wikipedia.org/wiki/Kerbango) for my collection. I helped dismantle the backend server that continued running in iTunes data centers, powering the Internet radio feature, long after the hardware was dead.
I was so pleasantly surprised when my Microsoft / Harman Kardon "smart" speaker (Invoke) issued a firmware update upgrading it to act as a simple Bluetooth speaker. It's wildly more useful now!
Google has done this with the Stadia controller, and also recently open sourced the firmware for the Pebble smartwatch. They may discontinue a lot of stuff but their track record for discontinued hardware is pretty decent IMO.
I have one of these bed covers. I bought it before the subscription crap started and I am very satisfied with the product. The dual-zone cooling/heating is super good and has been a big improvement to my quality of life/sleep. Especially considering that my wife has different ideas than me about temperature and what constitutes hot/cold. Yes, it would be nice if I had local control but I am willing to ignore that as long as I don't have to pay more.
But I wouldn't recommend anyone buy it now because of the subscription.
It is good to know that there is an option to continue using it if the company decided to no longer grandfather in people who bought before the subscription crap started.
I have an esp32 next to my bed. I log the rssi strength and with that i know when i was in the bed and when i changed position. It also has a pir which detects movement, but tracking the rssi is good enough. A phone would be just as good, and I wouldn't be surprised if some sdk tracks the rssi of the phone to check if something changes around the phone. It's very telling.
I looked really hard at buying an 8 Sleep. I have techie friends who swear by them. But one of the big reasons I didn't go forward I don't see mentioned here and that is noise. I need a dark and quiet room to sleep.
Someone told me they returned their 8 sleep because of the constant fan noise of the computer running the thing. He told me it was like having a server in your bedroom.
I am also not keen at all needing to have my phone in my bedroom either. At the end of his life my father had some health challenges and it wasn't uncommon for a nurse to call me in the middle of the night. It was all the other calls, people tweeting or slacking at me that made it really challenging to get any sleep.
Still looking for something where I can collect sleep data if any entrepreneurs can solve these problems.
If your goal is just collect sleep data,
I personally use my Withings Scanwatch with a leather bracelet,
But if you're not willing to keep a watch while you're sleeping they have "Sleep analyzer" that you put under your bed to collect Sleeping data, but I never tried it !
I have a friend who felt the cover was really uncomfortable as well. He had a really expensive mattress, but said he could feel the cooling tubes in the cover.
I'll do you one better on "collecting sleep data". I've been in the neurotech/sleeptech space for the last 5 years developing https://affectablesleep.com
After getting an Oura ring years ago, and it telling me "you didn't get enough sleep[deep, REM]" I was left thinking "so what?? don't tell me I didn't do it, help me to do it!"
From what I've seen in the market, possibly with the exception of 8Sleep or CPAP (for those who need it), is that everyone is focused on counting minutes, and adding a few minutes to sleep. Particularly "fall asleep faster" where they promote "fall asleep x% faster" where x% in minutes is like 7 or 8 minutes.
What is really valuable in sleep, and particularly deep sleep, is not really the time, it's the restorative brain functions, and at the moment, we are focused on one metric slow-wave delta power. It's not how many minutes you sleep, it's how much sleep is in each minute.
Of course, there is sleep data along with that, but if your sleep is optimized in the time you get, do you really care about the daily data?
If I'm reading this correctly, the product is just a temperature-controlled mattress?
Well, each bed contains a full Linux-based computer. If my estimations above are correct, all of Eight Sleep engineering can take full control of that computer any time they want.
I think that was already a given once you agree to silent automatic updates.
I use one of their competitors (Sleepme Ooler) but they're not great either. Did not know about aquarium chillers, that seems like a better option. Could probably pair it with Home Assistant too if you wanted to more easily set the temperature.
A night mare I have is that alot of these products like 8 Sleep are actually scams.
Not scams in the sense of swindling money, but that they are appendages of a private or government intelligence network.
If you genuinely care about your customers, can't you simply feel guilty of doxing such sensitive data about them?
Some evil entities what to know when you sleep, wake up or if there is someone else in the bed.
I am not against technology, this can be done responsibly via offline support, self hosting options, E2E Encryption, Homomorphic computing, differential privacy etc.
But I guess implementing those would interfere with the scam i.e the main objective, which is spying on you.
- They can know when you sleep
- They can detect when there are 2 people sleeping in the bed instead of 1
- They can know when it’s night, and no people are in the bed
I'm probably naive, but I'm failing to see how any of this is exclusive to having remote SSH access to the bed. Who's to say this isn't already happening with other binaries in the firmware? Maybe they're already phoning home?
[...]that bypasses all forms of formal code review process.
How does the author know if anything else in the firmware goes under any kind of code review process?
It's not a bad article, but it does seem to make a lot of assumptions, and you already agreed to let arbitrary code run on your network when you added an IoT device to it.
I think what he's trying to emphasise is the idea that anyone who's part of the engineering team could spy on you, without anyone else knowing. It's bad enough that the company has this data, sure, but there's at least an assumption that it will be secured and penalties can be enforced if not. Some random engineering being able to look into your life intimately by themselves is a completely different level of violation.
It is in fact already sending this data to their servers, because it doubles as a sleep tracker and everything goes through their servers. I really wish there was an option to do local-only connectivity, but very few internet-enabled products these days actually care about supporting a local-only mode, and I suspect the number of products that do would be even smaller if HomeKit didn't mandate it (sadly, temperature-controlled beds are not a HomeKit product category).
In case anyone is wondering why someone would pay so much to control their bed temp - I have a similar product the "Chillipad". Essentially I'm a furnace when I sleep and wake up covered in sweet. This thing keeping my bed cool was the biggest single thing I've done to improve sleep quality. Its not quite as stupid as Eight Sleep in terms of initial cost and there's no ongoing subscription but it was still expensive. I've also had to open it up and replace a faulty check valve, and it occasionally floods so I have it sitting in a tray. But damn... it works.
However now I want to try this aquarium chiller...
I have an EightSleep from before their enshittification into a subscription model. It is a good piece of hardware, but I can no longer recommend it because the software is so crappy. I checked the logs on my router and found that it was streaming tons of data to servers even when I wasn't using it. I have no idea why it would stream that much data since the trivial sensors it has shouldn't be producing that much data even if it had multi Hz sampling. I can't tell if this is incompetence or some sort of malfeasance where they are secretly recording audio data via motion sensors and streaming that.
Maybe this guy isnt the first person to discover the backdoor and your mattress has been mining crypto. This whole thing is straight out of a Cory Doctorow novel.
I'd love to be wrong about this, but I'm very skeptical that the aquarium chiller pictured in the post can move enough heat to cool a human. As mentioned in the article, it uses thermoelectric coolers which are extremely inefficient.
I see at least one aquarium chiller on amazon that uses a compressor, but then you have to wonder if it's quiet enough to sleep next to.
Same, though I've seen thermoelectric chillers of that size moving ~200 Watt and a human produces less than 100 Watt at rest. The ones I saw on Amazon for $150 claimed to move around 70 Watt which is ballpark useful. You wouldn't want to cool down to a very low temperature anyway, just remove the heat you produce yourself.
Good point. That does sound plausible then. Here's my napkin math after some quick googling:
- A human produces about 40 watts of heat while sleeping.
- Thermoelectric coolers have a coefficient of performance (CoP) between 0.3-0.6. So for every watt consumed, they can move 0.3-0.6 watts of heat.
- The wattage consumed and moved all needs to be dissipated.
This random chiller [0] on amazon consumes 100 watts, so perhaps this could move 60 watts max. CoP drops as the temperature difference increases. And it's unclear if the unit can dissipate 160 watts steady state.
But it could plausibly keep you from heating up on a warm night. It doesn't seem like there's much margin for actually cooling you down tho. If someone wanted to experiment with this, I'd definitely read that post.
I didn't realize they've come down so much in price. Another really useful application would be to hook it up to pads used to ice joints post joint surgery. I was sold a $100+ dollar medical device which was basically a water pump in a cooler chest (like one of those Polar ones) that circulated water through some pads. I had to refill it every hour or so with ice. This is right after a knee surgery so caring the cooler around was literally painful. Having it connected to the aquarium chiller would have been great.
Nothing here is particularly surprising. The worries about engineers ssh'ing into the machine to see if anyone is sleeping seems rather overblown though. The product itself doubles as a sleep tracker and all data goes through their servers (as is sadly the norm for smart home appliances these days) so they have that data anyway. I have to take it on faith that they anonymize and aggregate the data before doing any analysis on it, but the very nature of the product means they have the data.
I knew there was some shady shit going on with eight sleep! Back last year I posted a comment on Veritasium's YouTube channel because he had eight sleep as a sponsor. I commented that eight sleep is a privacy nightmare.
Yuggh. There is also a bed chilling thing from sleep.me that is around $600. I haven't looked into it enough to tell whether it is internet connected. But I've been aware of it because my mom is very fussy about her sleeping temperature and it might be something I should look into when it gets warmer.
I bought an Eight Sleep Pod 3, as I'm light sleeper who wakes up often at 3 or 4am, and struggles to get the final hours of sleep.
I have to say it made my sleep significantly worse - I was shocked at how bad the temperature setting was - shifting 1 degree warmer or colder was often too much. I also noticed quite a bit of manipulation of reviews & comments on Reddit / subtle sponsorship on YouTube. (=> fake comments, upvoting/downvoting, and unofficial sponsorship).
Maybe it really does improve some people's sleep, but just the noise itself from the Pod meant I needed earplugs to not be disturbed by it. My suggestion is to avoid buying at all costs...
Are there any consumer products offered that provide similar functions (heating, controlling with an app etc.), but which never try to connect to a remote server, other than looking for the control app in the local LAN?
I'm not sure about the latest models, but my early-revision BedJet has no smart features at all: it was all bluetooth. It solves much the same problem as the product here: warm/cool the bed, not the house.
> There’s some zip ties securing the tubes you have to cut, but other than that, it’s a totally reversible, non-destructive process that takes 30 seconds.
Wait until Eight Sleep "upgrades" the connectors to be "incompatible" with Aquarium chillers.
Um, is that Bezos or the AWS account of the company?
Alas, our hope to recover whatever social benefit was in SpaceX and Tesla is with Bezos's companies, although at least the EV space is more diverse. SpaceX cannot be wrested from Musk and TSLA and its board is preferred-stock controlled by Musk.
Tesla actually has a 1 share 1 vote right now but it also has super majority voting rules which means Musk's ~22% stake is nearly a veto unless the entire rest of the stockholders vote for a measure he's against.
I think the key feature is _cooling_ the bed, with warming secondary to that. That arguably sounds like a great nicety to have, notwithstanding all the downsides mentions in the post.
So now your getting hacked and breathing in toxins while you sleep. Hacked up the arse and in the mouth too. Nice.
Yeah, no thanks. I try to make my bedroom as technology free as possible. Apart from a digital alarm clock; at night I put my phone on aeroplane mode and place it outside my closed bedroom door.
It's the best I can do with today's bullshit tech. I've never had a problem with not having a cold bed, so maybe it's the next best thing after the bidet.
Cold cannot be "made", as it's an absence of something (energy), nor can it "leak" as a result.
I take what you mean is that there will be a refrigeration loop involved, and in that, a refrigerant. Just like all substances, refrigerants can be toxic, sure, but that alone is not what makes a toxin [0]. It's also not a binary thing, and between air conditioning and refrigerators, an appliance like this I don't see why would stand out.
I further haven't got a clue what microplastics having been found to pass the blood brain barrier have to do with this, or how you're able to determine whether that applies to me or not, specifically.
I'm a two-time Eight Sleep customer and the CEO could post my sleep history specifically with my full name and I'd still use it. It's really comfortable. I think most of the detractors were never remotely in the market for such a product. Everything negative said about the product and the company is true, and they should do better, but it's not enough to scare me away thanks to how good the base product is.
I also have an eight sleep mattress topper. I was unaware of the privacy issues here, but I feel the same as parent that I won't give it up. Having the ability to always have a cool bed has improved my sleep substantially. And the heating is great when you're sick.
Now if a competitor crops up that has better privacy and a better CEO, I'll swap in a heartbeat.
Note: I don't pay for the subscription, just the mattress topper
But is it more comfortable, then say, an old school analog expensive mattress? I can’t shake the feeling these companies are selling snake oil (that is not to say that old school analog mattresses aren’t overpriced either)
You may be misunderstanding the product--it's a topper that goes on top of your existing mattress. It doesn't replace the mattress. I do indeed have it on top of an old school analog expensive mattress. It cools/warms to the desired temperature without impacting the comfort from the mattress. I don't think there's much room for snake oil here: it pumps cooled or heated water through the mattress topper. There's no mystery.
How does it feel? I have a nice foam mattress and I'd hate to buy one of these and have it feel like I'm sleeping on a bunch of tubes and plastic rather than foam.
I can't feel the tubes at all. It does have some electronics stuff on the sides that you can feel through the topper, but nothing on the top where you sleep. It maybe feels slightly firmer than the mattress feels without it.
> But is it more comfortable, then say, an old school analog expensive mattress?
Mattresses wear out, and people end up keeping them too long. Somewhere like walmart.com sells great mattresses for inexpensive prices. They are not related at all to what they sell in stores. Because they are inexpensive, as soon as they start to wear out, buy a new one.
If there was a similar product that does not upload any of your extremely personal data, like whether you're now in your bed, to some server on the internet, would you prefer it?
Sure, there are lots of ways it can be improved. I'd like it to be cheaper too. I'd be happy to switch to an alternative that is just as good but without the Internet nonsense, but SleepMe isn't it. I've got my eyes open for viable competitors for the next time I need to outfit a mattress or when this one dies. For now, Eight Sleep is the best one I've found.
This is a bunch of nonsense, assumption and leaping to conclusions without evidence.
"In the second screenshot, we have the public key that’s authorized to access the device. The email address attached to the public key, eng@eightsleep.com, to me suggests the private key is likely accessible to the entire engineering team."
He has no evidence for this whatsoever and not really any good reason to assume it either.
"In the first image, we see evidence SSH is being exposed remotely, to a far away host, remote-connectivity-api.8slp.net. Typically SSH would only be accessible to the local area network, but the variables in production.json would seem to imply this access was opened up to a remote host."
This isn't how SSH works and he doesn't seem to have enough information, or enough knowledge of SSH, to understand what's being done with the "far away" hostname.
This article is just clickbait nonsense, which should have been obvious from the title. It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup. Based on the fact that the founders seem to have a superficial understanding of technology but a well-developed understanding of hype and bullshit, I am not interested in exploring their business further.
I don't really understand the take here. The post makes it very clear what is concrete evidence, what is speculation based on that, and the reasoning is much better than what you give it credit for. For instance, what would you suggest the "remote-connectivity-api" SSH endpoint URL and the authorized public SSH key is for if not for remotely SSHing into the bed's computer?
This is a Linux image that is, somehow, remotely flashed onto the bed. He found the SSH key on the filesystem.
1. He didn't even bother to check and see if the bed is running an SSH server - ten seconds with nmap could have told him this!
2. Essentially every one of these beds would be behind a NAT and thus the SSH server which he didn't even bother to look for would not be accessible to the internet or to the nefarious engineers he imagines have access to the key - he ignores this fact.
3. The fact that the firmware includes the URL of a specific external endpoint, suggests that the bed connects _to_ that endpoint, not that this is somehow used to screen incoming requests by reverse DNS lookup or anything like that. The architecture he is supposing exists (all remote access requests must come from a host whose reverse DNS resolves to this host?) makes no sense.
4. The fact that the public key exists on the filesystem means nothing if no SSH server is running, or accessible. It might be used, for instance, as part of the manufacturing test process or a maintenance procedure, and then disabled. The SSH public key on the filesystem isn't necessarily related to the JSON config file for their own application which he found!
5. SSH keys don't have "email addresses" associated with them, they have a plaintext field which is used merely for identification purposes, and this is commonly used for the _user account_ that created the key. But it's not an email address and even if it were, it doesn't mean that that email address, much less every engineer at the company, somehow has access to the key!
The sloppiness and level of jumping to conclusions here, for a supposed security company, is ridiculous.
> He has no evidence for this whatsoever and not really any good reason to assume it either.
I'm not sure what kind of evidence or reason you're looking for, I think their assumption is pretty sensible.
> This isn't how SSH works
Maybe I'm just naive, but the wording of it to me seems nontechnical enough that I think the author is skipping over things on purpose. For example, how exactly that "far way" host he thinks is involved.
I'd personally imagine it's a reverse shell type deal going on, although why SSH needed to be involved in that I'm not sure. Could be just a hacky implementation. But it's really not that far removed from sensibility, vendors popping reverse shells without authorization really wouldn't be new.
> It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup.
Didn't even notice that. Can't imagine too many other people did either. So maybe not so clearly?
I saw it. It's not necessary if the process that maintains the reverse connection can just start it as needed.
That said, some actual investigation of that supposed binary would have been a strong support for this whole thing, and indeed an evidence for this theory, so I will give you that.
If the bed requires going through some kind of production endpoint interaction in order to set up the remote connection (as is most likely the case), then his claim that any engineer can connect to any bed is simply false, and this is no more of a security hole than the idea of having a cloud-connected bed which is updated OTA in the first place.
Are you denying the existence of an authorised ssh key on each of these beds allowing the holder of the key?
Are you denying there is a config file pointing to a target called remote-connectivity-api.8slp.net?
No there's not enough evidence to prove in a court of law who has access to the private key, or that the config file is enabling a return ssh connection, but it's pretty damning.
The only thing that's not newsworthy about this is that large amounts of IOT shit does this.
"I downloaded the firmware and I found an SSH key and a configuration file that mentions an SSH endpoint; therefore, I know that all of Eight Sleep’s engineers are allowed to remotely SSH into every customer’s bed and run arbitrary code!"
Do you not see a problem with this line of reasoning? That's literally what he says in the article, and he presents it as a near-certainty, not the wild leap of unsupported reasoning that it is.
> For someone who suffers from insomnia this seemed worth a shot.
I can relate, having suffered the same for most of my life. One thing that really helped me was a simple white noise machine, typically used to help babies sleep. Good: I sleep great with it. Also, it's not connected to the internet and doesn't require an app. Bad: I basically can't sleep without it. I have to travel with it (camping!). I even purchased a backup in case the primary fails, which has happened.
The other major sleep improvement was putting effort into accepting that life is pretty great; all of my worries that kept me awake at night were overblown. This took actual work, but it paid off.
Anyway, just thought I'd pass that along, hoping it might help someone else that struggles with sleep.
https://www.amazon.com/Yogasleep-Portable-Soothing-Rechargea...
If you’d rather not buy another gizmo for a function your phone has likely gobbled up already…
iOS, iPadOS, and macOS have a pretty great built-in background-noise generator these days. While lots of actual beaches can go dead silent and then have a loud wave crash in, the waves that
It’s available in Settings -> Accessibility -> Audio & Visual -> Background Sounds. You’ll have to download the sounds each once, but after that they stay on your device.
Digging this deeply in Settings isn’t pleasant if you just want some white noise, so you may want to add a control to Control Center like “Background Sounds” (way down in the Hearing Accessibility section) to turn the ocean noise on and off.
I turn this on my iPad when going to bed if I want to take extra steps to ensure that I don’t wake up in the middle of the night.
You can also assign it to the triple click shortcut in Accessibility. You probably can to the double/triple back taps too, though I haven’t tried.
I do use a standalone Lectrofan for sleep as I prefer my noise machine to be across the room and Alexa-controlled (via a smart switch), plus it’s louder and the brown noise is “browner.”
But I keep iOS BG sound mapped to the triple-click shortcut for when noise-cancelling just isn’t enough in loud restaurants etc. It works great with AirPods for reducing my noise sensitivity issues.
It's been life-changing when combined with my AirPods Pro. ANC deadens most sound, but acute sounds still get through. Adding background noise on top of it can usually cover the rest. And they have both bright and dark noise, to cover different frequencies of environmental sounds
:facepalm:
I can't believe I had to download an app for that because the feature is buried in SETTINGS (!!!!). What an obtuse choice. Thanks for the tip though, I hate that my white noise app has a rotating ad banner.
just tried it, that's cool, but in what circumstances "should" i use it?
I use an air filter for that. I have a Levoit Vital 200S and it allows to set up an automatic filter power schedule so I don't have to think about that when going to bed. Mine switches to the white noise mode at 9:30pm and then back to the silent mode at 8:00am (I usually wake up much earlier than that, but hearing the air filter sound change also tells that it's 8:00am without looking at a clock).
I also need white noise to sleep.
At home I have a simple one that plugs in and generates noise with fan. Looks almost exactly like this: https://res.cloudinary.com/guest-supply/image/upload/f_auto,...
When I travel I take this small portable rechargeable one: https://www.amazon.com/Machine-Babelio-Adults-Non-looping-So...
I'm on android so I don't have the built in sounds that iOS has
I use the mynoise.net android app. They changed it a few years ago, not for the better, but it is still servicable.
https://mynoise.net/
Android app: https://f-droid.org/en/packages/net.pmarks.chromadoze/
I had insomnia for over a decade and all it took to fix that was just weeks of sleep inducer followed by regular melatoin takes. I assumed it will take some gizmos to do that, but apparently it wasn't. Once you could lock your sleep into the daily pattern---something I could never done by myself for a very long time though, hence sleep inducer---then securing it turns out to be much simpler. Consult your psychiatrist first, of course.
by sleep inducer, you mean sleeping pills? Which one in particular?
I just use 3m ear classic 33 NRR earplugs. they're the best.
Don't you get permanent tinnitus from this?
Have you tried taking magnesium before bed time?
I have two white noise machines, have them in stereo, one on each side of the bed. It's useful to be able to adjust them separately, I've got tinnitus in one ear more than the other so don't need it to be as loud on that side.
As I get older, deafness will likely reduce my need to rely on technology.
For the price of a white noise machine you can buy a 10A squirrel cage blower, some mdf to make a box out of, a contactor, and a smart plug and have a white noise machine that filters your air, turns on and off from your phone, and also makes white noise. It can also act as a table to put your phone on and a charge point.
I had the two problems of poor sleep without white noise and a dog allergy and now I have neither.
Throw a high-grade air filter over the intake and you’ve got an air purifier, too!
I approached this the brutish way: I downloaded hours of white noise as a sound file (mp3) and just use VLC to play it. Any smartphone - no internet.
I used wireless headphones back then. My choice of "white noise" was popcorn in a microwave (because the neighborhood was that noisy)
The state of the product's security wasn't unexpected. I was, however, shocked by this part:
Nothing about this bed should depend on off-site servers. Nothing about the product should necessitate a subscription fee.The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
In addition to everything else, also love how a bed with the express purpose to increase sleep quality requires you to open your phone every time you want to adjust a setting.
> In addition to everything else, also love how a bed with the express purpose to increase sleep quality requires you to open your phone every time you want to adjust a setting.
Don't worry, they'll repeat over and over how their product was thoughtfully designed with exquisite craftsmanship by the re-animated corpse of Johnny Ive [1] until people believe it's true.
[1] I know he's not dead.
Also...
> ... Essentially all you need to do is unplug the rubber tubing from the Eight Sleep cover, which is available on eBay for a few hundred bucks, and plug it into a $150 aquarium chiller.
> That’s it. Aquarium chillers are somewhat of a misnomer, as they can also provide heat. They use thermoelectric devices to regulate temperature, either cooling or warming the liquid that flows through them, which is the same technology found in eight sleep.
How much do you want to bet the Eight Sleep is literally an off-the-shelf Chinese Aquarium chiller in a custom case marked up 15x, with a shitily-programmed computer bolted on to enable a $20/month subscription?
I'm sure they do use a prefab thermoelectric assembly model that they designed their case around. It's usually cheaper.
I mean this comment is slightly disconcerting to next generation of brilliant hackers sleeping on this bed and dreaming big of a Cloud controlled Toilet Paper Dispenser, Effececy®. It will always give right amount of paper based of amount and moisture content of just delivered product.
I rolled my own solution to this using a Boston Dynamics Spot (2nd gen). With the structured light scanner, YOLO v5 for classification, and a custom IK solver (BD's is too hard for me), I can just lay back like a baby once I'm finished and Spot takes care of everything.
This is a super funny idea if it works (in theory; I get it's a joke) and a SUPER funny idea if it malfunctions in particular ways.
Github issue:
My e-ass wiper mistook one of my testicles for poo and ripped it off. Please fix
Ticket raised, please accept complementary Neuticles eVoucher (includes shipping, log on via Q-code to specify required size).
Don’t fall for this. I purchased this product then they pushed a bunch of the basic features behind a paywall. The ‘vibrate on SMS’ is worth it if you do go that route and don’t mind proxying your phone comms through their servers, though.
I agree with this so much. Opening an app is the last thing I want to do to adjust something while I'm in bed. I have a zigbee lightswitch so I can turn the light off from bed, and sure I could open an app to do that, but it's so much better to get a zigbee button and stick it to the wall above my head and program it to control the lightswitch.
Unlike all the cloud garbage, my zigbee devices continue to function even when the internet is down. I have my zigbee hub (Home Assistant Yellow) on a battery backup, so all the zigbee devices with a battery keep functioning even when the power is out (like my automatic cat feeders)
Totally agree. I got a philips hue dimmer switch for next to the bed. One of the best things I got for the home automation. Just click it and everything in the house goes into night mode. no phone needed.
My room mate had one of these and I found out there was a script online someone put together on github I think to control it over a shell. Was hilarious because I kept turning off their light at weird times.
Yikes, does the hub have some kind of unauthenticated http server exposed to the LAN? Yet another reason I run open source software rather than buying the proprietary hubs.
You have to tap the button on the hub and then you have 30 seconds to send a specific package to create a user. So yeah, not super, but also not totally u authenticated
I’m doing this with some Tapo buttons.
And double tap turns on a fan.
Tapo is likely a security nightmare.
I’m still fairly upset that ambient devices never really took off. Nanoleaf at least made a remote like this. It’s a dodecahedron with an accelerometer, so you can program each face with a different setting. The simplest being to program opposing faces for two different light levels. You want to take a nap, turn the controller upside down.
Sounds good until you come home to a house flashing like a Christmas tree because your kid needed another D12 for their table-top role-playing game.
You see a bug, I see a feature
There was a cool device I saw once, used for timing your work. You'd program the faces for different tasks (bug fixes, new features, etc.) and whatever you worked on, you'd have that face up, and when you changed tasks, you'd turn it to something else, and it would track how you spent your time.
That sounds cool, but I'm a little resistant to being asked to remember to charge my lightswitch.
That's unfortunately a big part of why mine is dead. The batteries are hard to get to. Also their iOS app is frustrating to use.
Could maybe be made low enough power that it can power itself via ambient light (like an old school calculator) or radio waves.
I've seen energy-harvesting remote light switches for sale — they supposedly get enough energy from the physical act of flipping the toggle to send a few radio packets. I haven't used one in the real world though.
Some of the ones at my company require you to stab them with your fingers for 15 seconds like a maniac before they turn the light on.
That would be cool, but I haven't actually seen it in anything other than an old school calculator so I assume the limitations are pretty significant.
I've got a cube that's hooked into my Home Assistant setup that works similarly. Flipping the cube upside down turns my bedside light on or off, rotating it clockwise increases the brightness, and counterclockwise decreases it.
How exactly does it communicate these changes, if I might ask?
I did something similar using these: https://eu.aqara.com/products/aqara-cube-t1-pro (or rather, an earlier iteration). Just Zigbee, nothing too complex, and then you hook it into something which knows how to interpret the events it sends (or events + current state if you want it to be a little more contextually smart). I generally tried to centralise the smarts, dumb devices and a smart interpreter always worked out more robust than clever devices. It's amazing how many combinations of actions you can indicate just by shaking/tapping/turning/flipping - more than enough to do the things you commonly do with one actuator (a light or set of lights for example).
One that comes to mind is: flip over to turn on/off, flip over and back again to randomize (like a snow globe).
Check out the zigbee2mqtt page for the cube
https://www.zigbee2mqtt.io/devices/MFKZQ01LM.html
kolektiv's parallel comment explains it perfectly.
And if a guest comes round and messes it, the lights dim, blood runs down the walls, nails come out of your head, and the furniture starts moving.
There are a bunch of Zigbee switches, rockers, etc (including the Aqara cube people mentioned) that you can use as rich controls.
Wow. I love that UI concept!
I like this idea, now I want to make one of those. Even a two- or six-sided one would be useful, and I can print different enclosures and reprogram the feather or ESP if I want to add sides.
I don’t think they sell it anymore, but I forgot it’s actually a HomeKit controller, so you could (try) to use it to control several devices at once. Since only one face is up at a time you would have to gang the behaviors, such as turning off several lights or turning them on.
Old CNet article: https://www.cnet.com/reviews/nanoleaf-remote-review/
See my comment to a sibling: https://news.ycombinator.com/item?id=43132279 - there's a few simple little functional objects out there which make this kind of process quite easy.
And not true, at least for the newest version. V4 has touch sensors for adjusting the temps on the side of the mattress.
I do own of these and while I hate the price, the subscription, the fact that it didn't work for an hour last night due to the internet being down (first time ever really) but there really isn't a better option. I love the temp control and would use anyone else if they had a valid competitor, but sadly there isn't one (or at least wasn't when I bought mine). The alternative is to not have temp control which is pretty amazing.
The newer models have a touch control panel on the side. Different taps to adjust settings.
Not that this ameliorates all the other issues here.
You can buy the new 3249€ Pod4: "Control without a phone" https://www.eightsleep.com/eu/product/pod-cover/
I mean while you are opening your phone you might as well check latest savings by DOGE, wouldn't it help you sleep even more safe and sound?
What DOGE say they have saved, what has been saved, and how that looks in 5-10 years time are all very different answers.
Maybe there needs to be a red answer and a blue answer?
I've heard the sleep people get with this is excellent, but no way in hell am I paying a subscription and requiring an internet connection for my bed. The entire concept is just absurd. If it sells, it sells, I guess.
This all has me quite torn.
The "smart" features on it are genuinely useful for me - I have sleep apnea, as well as an eight sleep + the electronic platform. It automatically changes the elevation of my head based on apnea events, and I see a marked reduction in them when using this feature.
I have a cpap machine that also makes automatic adjustments but I still get noticeably better sleep quality with the eight sleep. I also really enjoy the temperature control, since it saves on HVAC costs vs. climate controlling the whole house. I've not tried an aquarium chiller for this purpose, though I have used one for doing temperature control on a beer fermenter, and I can extrapolate from there that I value the management of the actual eight sleep device vs. managing an aquarium chiller's temp control.
> The "smart" features on it are genuinely useful for me...
All of those features could be provided by local compute, either nestled somewhere in the soft and fluffy gross profit margin of a $2,000 product, or with Bluetooth to a "thick" application running on a phone.
The reason this product, and so many other "IoT" products, put their compute across the Internet is to facilitate a business model. The industry has the technology to put as much compute, storage, and reliability on-site with a high-margin, high-cost product like this.
Even if it were a nightstand device rather than a phone. The immediate loss of functionality when loss of signal to the mothership is an egregious design flaw. There's no reason the thing can't have a bit of storage so it can then upload the logged data when the signal returns.
Of course, they'll probably claim AI running in the cloud is making the decisions which makes the local first controller not possible.
It’s not a design flaw, they created a hardware loss-leader and then couldn’t come up with any useful services you couldn’t write yourself.
At $2000, there is no way this is a “loss-leader”.
This is profit and more profit.
It would be nice if we could provide medical assistance to people who need it without jamming these devices full of adware garbage and forcing people to connect to the internet to use their own possessions.
[dead]
I've also heard people are having excellent sleep in their traditional modern beds. Me included.
I've also heard about people finding new foam mattresses too hot :(
like me. will buy a spring mattress next time
Edit thank you for your recommendation but I'm in italy, European and American mattresses are quite different.
Before discovering this, I once wrote to the customer support of the flamingo hotel, Las Vegas, because I loved their mattress: Hi, i do think that what i'm gonna write is weird, but anyway haha. On july of the summer 2019 i visited the fabulous las vegas. nor the nightlife neither the opulence of sin city could, however, reach the pinnacle of the human civilization, the mattress on which i slept at flamingo. I now have to change my own mattress at home, and i'm looking for the model on which i slept. the website only says "Simmons beautyrest", although Beautyrest is just a brand name used by simmons and doesn't mean a specific model. could you help me in this modern day divine comedy, be my Virgil and help me find the mattress name? Regards Name
I got an answer: Thank you for contacting Caesars Entertainment. I was delighted to hear that you enjoyed our mattress on your visit! Currently, we are using the Simmons Hospitality Beautyrest Felicity Pillow Top. They can be purchased at https://caesarsguestpurchase.com/shop or 1-866-926-8233. Please feel free to write back if you have any further questions.
Thank you for choosing Caesars for your gaming entertainment!
Have an amazing day!
Shirley
While going with a non-foam mattress will be colder than a foam mattress, if you were interested in a colder foam then I'd like to recommend latex mattresses. They're more expensive than memory foam and they feel different but I no longer overheat at night. Also I sleep better knowing my bed has proper kerning.
I use latex topper because of this. It works like foam, but has cold feel to it, and hypoallergenic dust mite resistant on top of that.
How can a latex topper be hypoallergenic when tons of people are allergic to latex?
Because the Talalay and Dunlop processes involve vulcanization at 115+ C to turn the material into a foamed rubber, which denatures the proteins that the immune system recognizes and overreacts to. Denatured protein - think egg white once it's heated and turns white, instead of clear - has its structure radically altered. The molecules get pulled apart, tangled with others, and can in no way be recognized by the antibodies that trigger the immune response.
Similarly, Talalay latex mattress material is usually only about 30% natural and 70% synthetic, and the synthetic does not cause immune response.
If you powder the natural material and directly expose it to IgE, the dominant protein of interest for allergies, you can get a reaction (https://pubmed.ncbi.nlm.nih.gov/10436396/), but in practice with sheets and the outer cloth covering on the mattress basically no proteins ever come into contact with the body. And even in that study only Hev B I was detectable, which is only one of many latex proteins that trigger the immune response, and only 3 of the 21 tested human sera actually had a reaction to the direct mixing with the powdered latex. As far as I understand it, there has never been a confirmed case of an allergic reaction to a latex mattress.
Have you tried a more firm foam mattress? I had similar sentiments about foam mattresses but they were all the type where you just feel like you're sinking into the foam.
I did, but in the showrooms in the short time I tried them (and with jeans and clothes and so on) I didn't got that it was warmer than other firmer mattresses
The entire "computer" should probably be replaced by an esp32. Upside being that you could flash an esphome config and be free of The Cloud
I love my device...it has profoundly changed my quality of sleep on the same scale that CPAP therapy has.
Seeing the founder fellate Elon and his Doge employees has given me second thoughts. I may be looking for an aquarium chiller in my near future.
I wonder if there'd be a cottage industry for new control boards which de-shittify IOT devices but keep their functionality. Like buy the bed, and then buy a little pre-programmed ESP32 logic board to replace the factory board.
ESPHome fills much of this niche for me. It's a framework for turning YAML device definitions into custom microcontroller firmware, with myriad supporting tools. The official device database at https://devices.esphome.io lists 554 devices but that's nowhere near the end of it.
Most manufacturers bolt on IOT functions by dropping an off-the-shelf module onto their device-specific board. It's sometimes possible to replace the factory firmware with ESPHome, sometimes even using over-the-air updates. For example, AirGradient air quality sensors: https://github.com/MallocArray/airgradient_esphome
Even when it isn't possible to commandeer the factory IOT module, the fact that it _is_ a module is still useful, because it's almost always possible to inhibit or remove the factory module and connect your own instead. The factory IOT module controls and senses the device, so your replacement module can too, using the same pins. For example, an IOT air filter: https://github.com/mill1000/esphome-winix-c545#final-assembl...
Some devices are designed around multidrop communication busses. These are usually even easier, since the ability to join the bus is an intended design feature, even if the device you're using is not intended. For example, many Samsung residential HVAC systems: https://github.com/omerfaruk-aran/esphome_samsung_hvac_bus/d...
As an EE, there's a healthy amount of this in some industries with very high costs, equipment use beyond manufacturer obsolescence, and in hobby circles with technical enthusiasts. But not generic devices for the general population.
At my day job, we've replaced and re-engineered controllers in industrial laser cutters, CNCs, welders, robots, and similar equipment. There are replacement control boards for hobbyist stuff like pinball machines, motorcycles, retro computers, and retro game consoles.
But as evidenced by the fact that people are buying shitty cloud-only IoT devices, neither the interest nor the capacity to do this is common.
Likewise, I've looked into this after being asked to build retrofit electronics for both expensive machine tools and consumer goods (I had a client who was adding bill acceptors to massage chairs and other items). I was never able to find a niche with a consistent need. They do exist but are hard to find.
If smart devices were required to have standard pinouts that were arduino or raspberry Pi compatible, that would make me so happy.
Plenty of those have just standard ESP8266 modules inside that you can program yourself, even with Arduino IDE if you want.
That's good to know but if it's a custom board and it gets fried by soapy water getting in or a decade of humidity, it would still be good if the pinout was something that a new device could be programmed and dropped into to replace.
I think this would need to be enabled by regulation that forced the original manufacturers to make their products open. Hopefully we'll get that eventually.
I wonder if we could just make this kind of thing illegal so companies can't get away with it anymore.
I feel like websites like https://www.tindie.com could definitely fill that gap. It's like an Etsy + Hackaday where people sell different levels of hardware etc.
Probably could never make that kind of thing work at scale, but maybe as something within the maker community, perhaps adjacent to the world of 3d printing, Arduino, and RPi.
There'd probably be a few liability concerns at scale. Like if you made a replacement board for a Keurig to allow aftermarket k-cups, it'd likely be a matter of time before Keurig sued you, or someone burnt their house down.
These do exist for a number of devices. There's actually a number of options for things like alarm systems
>The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
It is a $2000 dollar internet connected bed. The market in this case is probably people who could wipe their ass with that $20 every day and not miss it. I don't think they are stupid. This class of Americans has always been about paying for ongoing service instead of being pragmatic or doing things themselves. "Let the help over in bangladesh fiddle with the connectivity and updating the mobile app for me, while I merely rest my head and make plenty of money," they probably figure, at least subconsciously.
One might argue that the market itself becomes "stupid" (stops accurately indicating value) when people have so much money that they stop caring about how they spend it.
Anyone who has risen through social classes knows that poorer people use their money much more wisely than richer people :)
I don't think you're wrong, but I know people who grew up poor and blow money on stupid shit -- or at least unnecessary purchases (eg, upgrading to every single new iPhone).
OTOH, I grew up upper-middle class, my dad being quite frugal and a big DIYer. Similarly, I make good money and am also very frugal. I have no reason to flaunt money around my peers.
yeah but what is value? Why someone should be worried about 20$ if he for example can't sleep and it's most important thing to him.
Exactly, it indicates profoundly inefficient dynamics. That money could be put to use far more productively.
I don't think the people buying the bed are stupid.
The collective mass of people who buy these "IoT" devices that (1) don't actually need to use Internet-hosted services to function, (2) don't actually need a subscription for their business model to work _except_ for having been unnecessarily tied to an Internet-hosted service, and (3) will fail to function when the Internet-hosted service is gone do not understand the ramifications of the buying decisions they're making.
They're enabling these awful companies and business models. They're making the world worse by buying this soon-to-be e-waste garbage.
Stupid is a bad word. Let's say ignorant, instead. They don't even know what they don't even know. Our asinine industry normalizes these practices because profit.
I think computers have tremendous power to make life better for humanity. I think that can happen without being contingent on this kind of business model.
The bed is an egregious example. There are certainly other lower-priced products that still have this kind of stupid unnecessary "tie" to Internet-hosted services and subscriptions.
I think one would also assume that some fraction of that $2000 would go into a fund to keep those servers up.
One thing SaaS has not learned from nonprofits with longevity: you do big fund raisers to get money so you can live on the interest payments. If you think of a new project that will increase your burn rate, you throw another fund raiser.
Figure out how many of those beds you expect to be junked for breakage or obsolescence each year and set your margins to keep the long tail running for 10-15 years.
> One thing SaaS has not learned from nonprofits with longevity...
I think SaaS has eschewed strategies for longevitiy because it's contrary to the market's "wisdom" that for-profit companies must have sustained high-rate growth.
So they can get more rounds of VC money or get bought out, yes.
Sometimes it’s clearly the founders who go extractive, but others it’s clearly the new owners or partial owners.
If they sell one a month for $2000 that would be enough to keep the lights on with a sensible backend setup.
I know someone who signed agreeement about delivering an app and then providing fixes for free. He escaped the country. Market is not stupid, market learned nothing is free.
step one is to stop pretending the market is a democracy
Step two is to stop pretending the market isn't a kakistocracy.
It's not rent-seeking if you don't have to buy the bed. The market mostly does not buy this bed.
>The market is clearly too stupid to vote against the rent seeking tech industry
looks at DOGE
Yep.
it's enough to keep you up at night.
This product would be hard to believe if it showed up in an episode of Black Mirror.
Software is devil-is-in-the-details to the extreme, and maximally opaque even to programmer-capable consumers, much less general consumers.
And all tech companies are now founded with zero regard for good behavior. I mean, they don't even do minimal amounts of customer service, which is the bare minimum of having regard for your customers.
In general, the IoT industry has suffered and adopters get burned over and over and over so the market is what it deserves in the long run. But that doesn't mean that snooping and monitoring doesn't increase insidiously year after year.
This is a serious problem with future technology. What person would do cybernetics or similar life saving products from companies like this? Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.
We are clearly in an age of increasing authoritarianism. China has become far more authoritarian under Xi, right wing fascists are on the rise in Europe, and extreme partisanism just leads to round robin authoritarianism on the path we're on, assuming the next election happens. Russia is trying to expand its reach, and disrupt democratic institutions worldwide.
Undermined privacy and data collection is the tools for total information awareness by authoritarian states, only made far far far far far far far worse by the rise of functional AI.
The future of humanity is bleak. The filter approaches.
> Perhaps the rigor that Medtronic and similar device companies are subjected to would apply, but I'm not sure those regulations cover information security and privacy.
As someone on an insulin pump they do. Iirc they have reps showing up at hacker conferences looking for red teams.
Definitely agree with your worries generally though.
> but I'm not sure those regulations cover information security
They most certainly do. I'm deep into a security analysis of a similar device rn.
You could probably extend from medical devices to children’s toys. And once those are entrenched, go after the rest.
Conspicuous consumption drives a lot of irrational behavior
And if we try to parent them by fixing it for them, they will stay that way.
these are non starters
I'd pay more, a LOT more for a good bed. but if its not self hostable and without a need for a subscription... its a non starterThere is no amount of consumer choices and consumer "activism" that can fix these issues. They are ineffective by design.
This is the sort of thing I would have expected to see during the dot-com era, if they had had the idea to charge a subscription for things back then.
I mean, it's the :CueCat. But comfy.
https://en.wikipedia.org/wiki/CueCat
> The market is clearly too stupid to vote against the rent seeking tech industry. It makes me so sad.
A lot of this bullshit only happens long after the sale has been made and consumers are blindsided when things advertised as free are suddenly paywalled off behind a subscription following a ToS update.
"The market" is never going to solve this. What we need are consumer protections in the form of laws and regulations with real teeth and consistent enforcement.
> It won’t function if the internet goes down
Come on. We can improve that! The next version of the bed will go into carnivorous mode if the subscription lapses: https://www.youtube.com/watch?v=vXrAK6sUZ_0
I'm thinking a Thomas Midgley, Jr.[0] mode.
[0] https://en.wikipedia.org/wiki/Thomas_Midgley_Jr.#Death
Wikipedia seldom disappoints on this kind of thing: https://en.wikipedia.org/wiki/List_of_inventors_killed_by_th...
Thomas has three different inventions with a massive body count. The last one had a fatality rate of 100%.
I mean, even at the start 13 - 15 people were killed in leaded gas's infancy all because the oil companies couldn't make as much money from ethanol as from tel. That's insane.
A rational society would have shut those companies down and thrown the executives into prison.
Well, you remember that total eclipse of the sun about a week ago?
Don't blame the market.
Blame the engineers who know the risks of such foolishness that lack the courage and conviction to stand up to decision makers.
I used to work for match.com and we had a readout in the office that streamed customer feedback. 90% of it was people who had paid subscriptions complaining about intrusive advertising on the site or in the app while logged in.
I raised this at a meeting and was told that they weren‘t going to change it because it made too much money.
I’m sure engineers raised issues about this as well and were shut down by the business people who are more than happy to risk customer satisfaction and security if it means more revenue.
Finding another job and marking them as unethical on glassdoor would be more like taking a stand. Raising awareness of management is just the polite first step.
one of the reasons wallstreet invented outsourcing of uppity techs.
Respectfully, raising an issue isn't the same as taking a stand.
At the very least, many products have unpopular features that are easier than one might expect to disable. And that’s quite often down to a developer who disagrees creating or leaving a covert channel lying around to circumvent the feature. Their boss didn’t tell them to put it in, and they didn’t tell anyone about it so that it was insubordination if they didn’t agree to take it out. Just a little something we accidentally left in for debugging or PoC purposes. Whupsie!
Both. I also blame the guy willing to spend $2,000 for a glorified blanket that also needs a monthly subscription to work properly.
The real gem of this post is the aquarium temperature regulator solution. I'm tempted to implement it myself to deal with hot summers.
The market deserves some blame here.
How easy is it to know what works when the network is down before purchasing? Do you expect everyone to take down their wifi after purchase to test and return if it doesn't work?
Maybe there should be a mandatory information sheet such as listing all functionality that stops working without a network connection.
Consumer protection regulation with mandatory labeling would be a good answer but, at least in the US, we're not going to have anything like that anytime soon (if ever).
I don't have the enthusiasm to start a competing company. It sounds like the barrier to entry to the market is fairly low, the tech isn't unproven, and there appears to be a ton of margin.
I assume Eight Sleep has a patent moat.
My partner has difficulty sleep unless it is the perfect environment (black out curtains, noise cancellation, sound bath, temperature), and is more prone to the effects of a single bad nights sleep. For people like her, $20/mo + $2000 fee is a small price to pay for a solution to a very difficult problem.
I would of course, attempt to veto unnecessary IoT devices and subscriptions for usage, but this would be a fight I would likely not win.
They're not complaining about the price. They're complaining about the high price for a bed where those high priced features stop working if your internet goes down, or there is a server outage, or you stop paying a monthly fee, or the original company goes bankrupt.
How in the world does this necessitate a subscription? All of these things can work without centralization, setup once, and contained entirely within the home.
> How in the world does this necessitate a subscription?
I can only speculate.
But, there is demand to improve sleep quality. The provider wants to charge a monthly fee for that.
The market simply puts buys and sellers together. People making business decisions will stick with Econ 101--charge what the market will bare, and why shouldn't they?
>charge what they market will bare
They want you to sleep without any clothing?
I think there is some naming convention gap here. I would call it Sleep Equipment as we have exercise equipments. Then folks will find pricing more reasonable. There is further opportunity to differentiate market with Sleep, Sleep Pro and Sleep Enterprise products.
The pro and enterprise version would allow local server setup for critical sleep equipment functioning and can manage all beds in a household or hotel etc . It can update the version of software or data models when its online and new features are available on cloud server.
I surmise at 300 dollar/month for pro version could be really attractive proposition. Of course local server setup and maintenance can be charged separately.
If you don’t want IOT for the bed warmer/chiller then there’s this:
https://sleep.me/product/cube-sleep-system
It works rather well, I’m tempted to reverse-engineer the remote control protocol for home automation purposes.
She won't get any sleep if the wifi is down.
Or if the power is out.
> Blame the engineers
I actually commend them for making money off the morons who dreamed this up. They've hopefully put it to better use.
I have a mortgage so I will follow all lawful orders. I'll blow the whistle if illegal activities are forced upon me, but if there's an ethical issue bothering you, I'd suggest you write to your MP or if you believe they are incompetent or hostile, to run against them in the next election and change the law yourself.
> In the end, I got enough of the cyber ick, I decided to seek a simpler, less internet-connected solution to my temperature-controlled bed needs.
Great line. And my eyes bugged out a little at this part as I also realized what the implications were:
> - They can know when you sleep
> - They can detect when there are 2 people sleeping in the bed instead of 1
> - They can know when it’s night, and no people are in the bed
I have a more pragmatic question. Do any consumer publications do security reviews for products? I'm thinking like consumer reports and how they should probably publish if a product is a security nightmare or not. At the end of the day you still need people publish this stuff out and for social media to spread to consumers to beware, but maybe a magazine type of publication could take on part of that responsibility.
The people who care about security don't buy cloud-connected bed heaters – or run their own software on their IoT devices. You'll have exactly zero ad revenue because there is no overlap between prospective buyers and people who care about security.
Mozilla does something like that, privacy reviews of consumer products: https://foundation.mozilla.org/en/privacynotincluded/
> And my eyes bugged out a little at this part as I also realized what the implications were
What if they have a ton of sensors which relay enough information to re-construct a 3D mesh of activity on the bed that they can remotely view? And their more curious less ethical employees give nicknames to particularly "active" or "interesting" users? And start placing bets on their favorites? And start connecting the dots on who is sleeping with whom?
More seriously, this is just a data collection mechanism to learn about user habits that can be sold to other companies and/or use to start new lines of business.
Anything that sends back data, without your clear and expression agreement, isn't sending it to help you.
"When I say backdoor, what am I referring to? Sure, Eight Sleep needs a way to push updates, provide service, and offer support. That’s expected.
What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
And yes, I found evidence that this is exactly what’s happening."
^ wow, this is pretty wild. <insert joke about being careful about who you share a bed with>
You’d be surprised at how many hardware companies think this is a good idea!
I’m the founder and CEO of a company called Memfault, we make observability SaaS for hardware companies.
I constantly get asked if we could just offer a remote access solution. Many of our competitors do! But we think it’s (a) a huge security liability and (b) too ripe for abuse.
But fundamentally consumers do not care, and until that changes you can expect any embedded Linux device to have this kind of backdoor (they do more often than not).
> What goes too far in my opinion, is allowing all of Eight Sleep’s engineers to remotely SSH into every customer’s bed and run arbitrary code that bypasses all forms of formal code review process.
More companies do this than not.
Sounds like a good way to get bed bugs.
.. I'll see myself out.
even more so combined with the fact that these are supposedly being sent into the government.
Love the part about the CEO being a Musk sycophant. Right down to the similar language in tweets: "Some of SF got poor sleep. We must fix this."
I remember when mimicking Steve Jobs dress and etc was a thing and how it was kinda cringey. Man I could go for some of that these days.
We were spoiled back then. Creeps and weirdos were relatively endearing.
Yeah, in hindsight, the black turtlenecks everywhere were the good ol days.
> While the Eight Sleep CEO Matteo seems focused on providing DOGE with great sleep, the real doge (pictured above), whose name is Latte, is sleeping great tonight.
It’s better than that. He’s putting in backdoors where they sleep. I’m sure there’s a market for that data.
A $20/month bed subscription is objectively hilarious. I cant imagine how this company attracts a non-zero number of clients.
*subjectively.
Once you realize just how important quality sleep is, and how much this can help, $20/month bed subscription becomes a laughably small price to pay.
What I don't understand is things like:
I've built some IoT projects and handling events from the hardware was remarkably inexpensive. Piping tiny telemetric packets, even at a high frequency, was no big deal. It wouldn't justify charging customers $20/month. Maybe $2.50?Plus, these things are only piping out data when they're in use, right? So... Only 1/3 of the day, if that.
Then the feature set, who knows. Is it just a readout with some fixed controls for the firmware in the eight sleep?
How is that justifying $20? Every single month?
I know software (especially when hardware is involved) can be more complicated and demanding than it appears on the surface, so these are genuine questions. I'm very open to having bad assumptions here. It just doesn't map to my experiences properly. Especially since the customers pay a premium for the hardware upfront.
I guess if customers are willing to pay, it's fair game.
Indeed, it’s about what consumers are willing to pay, not what it costs to produce. It’s called value-based pricing.
Do you have the same reasoning with cigarettes? $10 every day is a small price to pay to avoid having to stop smoking.
I don't follow, sorry
in a way, yes. 20$/month to marginally improve sleep efficiency can be worth it, especially when you have high energy expenditure and need to be able to keep up.
on the other hand, paying 20$/month for the right to use the bed, that your purchased at 2000$ cost is a ripoff.
sleeping isn't costly, has never been, yet a company is trying to enforce it and i can see how it doesn't go well with most people.
Why is it a ripoff? Is anyone being swindled?
How much can this help?
Depends person to person. For me it's the difference between waking up 6-8 times throughout the night, and sleeping for a sound 8 hours without interruption. For my wife, not much difference, other than we are able to sleep together, where as before our wildly different temperature tolerances meant separate rooms. I've seen a few people in this thread state it negatively impacted their sleep.
If I could afford it, I’d certainly get a >$2000 queen size mattress in a few years. Nice firm mattresses are expensive. Internet connection and temperature control are not something I’m remotely interested in. A subscription doubly so. This is hilarious and illustrates how naive and reliant people are for technology to solve every problem in their lives.
I think that's just the price for the cover. You still need to supply your expensive mattress.
I also wonder what kind of bed costs $2000. Is it a bed made of gold and caviar? This article is confusing.
It's not actually a bed, it's a mattress cover. They are willing to sell you a mattress with it if you want, but the product itself is designed to go over your existing mattress. That said, good-quality beds cost money!
Wait - it's $2000 just for a mattress cover? You still need to spend $1k+ for frame + mattress?
Well, you probably already have a bed, no? And if you don't, there are lots of different types of mattresses out there and you may have preferences.
As for frame, if you buy the Eight Sleep Pod 4 Ultra (which is the version that comes with a base that adds head/foot elevation control), you can use the base as a bedframe if you like, though that would be pretty minimalistic.
If this product was an entire bed then it would actually be a lot less appealing because it means you have to replace your bed to use it. It's not a bed, it's a mattress cover (and optional base with the Ultra), so it's purely additive on top of your existing bed, and does not significantly alter the feel of your mattress (besides temperature).
A $2000 bed (incl. mattress) is not that extraordinarily expensive.
The baseline for mattresses in the US is upwards of $500 according to Costco. If you want a bigger, higher quality regular mattress you get into the neighborhood of $1000. If you want one made with more exotic materials or you want to throw in something like a boxspring or a frame for a bed that sleeps two, you can approach $2000.
They have an excellent product apart from the downsides (subscription and forced internet connectivity), they have no real competitors.
The market is ripe for the taking, but nobody has attempted to compete with EightSleep. EighthSleep is sleek AF, the competitors seem like they are from the 90's, in all the worst ways (HydroSnooze doesn't even have a remote).
Disclaimer: I own one. TL;DR: What can you give me for ~$70/mo (amortized over 5 years including bed) that makes my sleep better without me having to do anything or put anything in my body?
Think of the alternatives I have: Sleeping pills. Sleep studies. Benzos. "Supplements." Weight loss. Working out. Sleeping hygiene routines. FWIW, I've done/do all of these. They work, and they are work.
Sleep is more important to my health than what I eat. Some of us are like this. You know us. We're your colleagues, friends. You've seen us, heard us mope around.
I checked it out because I saw Bryan Johnson talk about it. Found it to be stupid, the price, the app, the subscription, I get what everyone here is saying. You are right. But, there was a free-x-nights trial policy and curiosity got the better of me.
So far, it's been amazing (5-6 months in).
+ You can slap a faux button/area on the bed to change temp without the app.
+ This App, mentioned in the article, it works 100% of the time, and it's fast. I suspect it's over LAN when you're home, at least it's that fast. For comparison, $3.2 billion dollar Nest's app isn't reliable nor fast -- How many total days of your life have you already lost to a synchronous thermostat app that needs to auth/connect with Google before you're allowed to change the temperature of the room you're sitting in? :) Come on, tell me the truth!
Does that help clarify why this sells?
Note: The bed is now $3k, not $2k, plus sales tax. Amortized over 5 years $3k + $240 * 5 = $4200. Divide by 60 months.
Note: Lots of misunderstanding in the thread by people who haven't checked the product out. It's not even a bed, guys, it's a liquid-cooled cover that fit's on top of your existing mattress. If you want the motorized mattress that lifts you when you snore, that's another few thousand dollars.
> Weight loss. Working out.
Well, working out will help with weight loss and will have a lot of other beneficial effects in the long run.
> FWIW, I've done/do all of these. They work, and they are work.
But you already know that.
My wife uses a Bedjet which has both a remote and app. Thankfully it works without an active Internet connection.
It uses a bag-like sheet that it blows air into, to adjust temperature. For women suffering* through menopause, being able to adjust around hot/cold flushes is sanity-preserving!
* Some women don't suffer much during perimenopause or menopause, but it's a process that seriously fucks with one's hormones. A word of advice to any partner of a woman going through perimenopause: believe them when they tell you what they're going through! So many partners don't realize just how much this can mess up someone, they deserve every sympathy possible.
I love my BedJet. The app is absolute jank though and really dated, and I didn't get the remote with mine.
If you're running HomeAssistant and you want better controls, grab a spare ESP32 and run the ESPHome BedJet integration. https://esphome.io/components/climate/bedjet.html
(A little ironic you need an external ESP32 to talk to the internal ESP32 that is the BedJet's guts...)
Geez. I had this idea myself a long time ago. Glad to see it's a real thing, good on them for making it!
My wife has been suffering with perimenopause tremendously. Her hormonal fluctuations have caused hair loss, severe insomnia, and mood swings that seriously degrade the quality of her life. It's hard to watch. There's no magic trick to fix it, and she isn't doing anything 'wrong' that she should change.
If she hasn't started taking progesterone and estrogen, I recommend she talk to a doctor about doing that. Good luck, it's hard on both of you and I hope it gets better soon.
Thank you. It really is. It’s similar to pregnancy in that if both people are engaged in caring for mom and baby, it can be exhausting for everyone when things aren’t going smoothly.
My friend Sara had a rare form of breast cancer at 34. Thankfully she survived, but to improve her odds of staying alive she's been essentially put into permanent menopause for the next decade. Constant hot flashes.
Is the Bedjet really that good? Would your wife recommend it without reservations? Are there any other product that have made a difference for her?
Apologies if that's intrusive but improving Sara's sleep would be life-changing for her.
Yes, my wife would recommend it without reservations.
There's also a cold water circulator, useful for icing a painful limb etc. https://www.amazon.com/gp/aw/d/B09VRJ153X
Not intrusive at all, I hope your friend can find some relief. I hope she can find strength and joy in life.
Thank you both very much for your kind words and advice, ordering one now. No doubt it will make a dramatic difference.
I may suggest this to my wife.. She's going through the hot flash stage..
> but the eight sleep sure does harvest people’s bed data, and occasionally tweet about how they’re watching you sleep
[Followed by a screenshot of the EightSleep CEO publicly tweeting about SF sleep data in Nov 2023.]
This is reason enough to not patronize this business. What a creep.
The company itself is also run by a race car driver and has typical Miami hype. Not sure why they are often tagged as tech companies, besides making a black version of Casper. Could be the heavy Elon association.
This brand was heavily advertised on social media (TT, YT ads) as well.
I remember because I signed up for e-mail updates. Glad I never signed up though. IIRC, I was turned off by the same issues the author “overlooked”.
A subscription for a bed? Fuck off
They don't have any competitors, for people who need their product it's the only real option. The only competitors have a much worse core product unfortunately, so we have to put up with EightSleep's shit.
> While the Eight Sleep CEO Matteo seems focused on providing DOGE with great sleep
More sycophants coming out of the woodwork.
It's him and that mattress guy, and the whole stereotype of mattress stores being money laundering fronts. What's up with the bed industry in general?
Could you please let me know who the "mattress guy" is?
Possibly thinking of Mike Lindell? He sold pillows, not mattresses, but I'll count that as close enough.
https://en.wikipedia.org/wiki/Mike_Lindell
"We may not have that many outright Nazis in America, but we have plenty of cowards and bootlickers, and once those fleshy dominoes start tumbling into the Trump camp, the game is up"
That's the health secretary's words.
I’m missing a step here. I see a var called ssh, and an authorized key, but I don’t see where they’re seeing any method for the device to expose itself outside the NAT that’s in place on basically every consumer LAN.
This looks a lot more like the device fetches updates via SSH to a remote update server, and the authorized_keys entry is vestigial.
After skimming most comments here I still wonder what people want from a temperature-controlled mattress? Is it to have a warmer bed or a cooler one? Or does it depend on each person, some like it hot and some don't?
And for those who prefer a warm bed, isn't it simpler and cheaper to warm the room?
Interesting article; clickbait title. There's very little about Amazon in here, never mind its chairman.
It drives clicks! I don't understand why someone would buy a bed chiller. But perhaps the US is a unique market.
I’m in the market for one. I want a cool sleep in the summer with fresh air (not recycled AC air). I haven’t found one with good reviews and also no required spyware unfortunately. So AC plus humidifier is needed, but I still sweat on the parts of my body in contact with the mattress no matter how much I crank the AC in the middle of Aug.
What's the difference between recycled air thats been cooled and then blown into your bed and the air from your air conditioner?
The air from my air conditioner sits on top of me like a blanket, not touching the parts of me in contact with the mattress. If the mattress itself is actually cool, it will stop me from sweating. The recycled air thing is just personal preference, breathing fresh air feels subjectively better than recycled air so I keep my window open as much as possible. If the weather is hot, but my mattress is cold, then I can keep the window open and still be cool on hot days.
I can't speak to the person you're replying to, but it's like the difference between an electric blanket and a space heater. It's energetically cheaper to cool just the bed than the whole room, and it won't dry out the air as much.
I mean when someone says they are chilling in bed, they don't want to be lying.
You don't prefer a cool bed?
I have a chilipad - https://sleep.me/
It's good for temperature control, you can set a profile that changes over night. The cooling is a complete fix for night sweats. It heats too, but I don't use it. I don't use the sleep tracking features.
My only semi-major complaint is that the pump is kind of loud. Only annoyance is that you need to have it connected to wifi w/ internet to set the temperature profile w/ the app, but it keeps working afterwards w/o internet.
Can't but think of
I've bought several internet radio streaming devices over the years, and they all eventually brick when the server goes out of business.
Offtopic: I grew up in a tiny post-soviet third world country. Aside from the usual daily struggles, one lesser known aspect of that life is that we did not have access to primary sources of information or the people who invented the things we were using.
We only had a book in my native language on Pascal. I had heard of C from a magazine that had a CD with a C compiler on it, and I walked into a library wanting to learn C but all they had was a dusty book on COBOL in Russian. Later I bought a book on x86 assembly, also in Russian, because that's all I could find, and it just felt like I'm living inside a leaky bucket whereas I was hungry for the firehose of knowledge.
When we got dial-up Internet, I did not sleep for days. The floodgates were open. I had access to tons of information online, in original English, from primary sources. People I've only had heard about, like Torvalds, would just share information directly on the Internet, like it's another Tuesday. To me it felt like I went to Disneyland and I was meeting all my heroes. You can just... learn about any topic and see the people who invented those topics. You could even send them messages.
25 years later, I still feel like that kid sometimes. I'm thankful for HN. Alan Kay replied to me once, and it made my year! Alan M-Fing Kay. I met rms once in the flesh and could not believe my eyes. I regularly see messages from Walter Bright on HN like he's a real human being and I have to remind myself that yes, he's alive, real and I exist in the same world as him and can actually interact.
I and kids around the world these days are lucky to not be stuck in a world where you cannot learn more than they let you.
> Walter Bright on HN like he's a real human being
He was replaced by a D-9000 AI bot about 6 years ago. He was jeopardizing the mission.
Do you still have any? I've always wanted to acquire a Kerbango (https://en.wikipedia.org/wiki/Kerbango) for my collection. I helped dismantle the backend server that continued running in iTunes data centers, powering the Internet radio feature, long after the hardware was dead.
I was so pleasantly surprised when my Microsoft / Harman Kardon "smart" speaker (Invoke) issued a firmware update upgrading it to act as a simple Bluetooth speaker. It's wildly more useful now!
A rare exception to the usual.
Google has done this with the Stadia controller, and also recently open sourced the firmware for the Pebble smartwatch. They may discontinue a lot of stuff but their track record for discontinued hardware is pretty decent IMO.
A lot of them didn't use their own server, but relied on Reciva, which was shut down a few years ago:
https://www.radioworld.com/news-and-business/headlines/reciv...
ROI!
I have one of these bed covers. I bought it before the subscription crap started and I am very satisfied with the product. The dual-zone cooling/heating is super good and has been a big improvement to my quality of life/sleep. Especially considering that my wife has different ideas than me about temperature and what constitutes hot/cold. Yes, it would be nice if I had local control but I am willing to ignore that as long as I don't have to pay more.
But I wouldn't recommend anyone buy it now because of the subscription.
It is good to know that there is an option to continue using it if the company decided to no longer grandfather in people who bought before the subscription crap started.
I have an esp32 next to my bed. I log the rssi strength and with that i know when i was in the bed and when i changed position. It also has a pir which detects movement, but tracking the rssi is good enough. A phone would be just as good, and I wouldn't be surprised if some sdk tracks the rssi of the phone to check if something changes around the phone. It's very telling.
Oh that's clever! Can you explain more how the rssi changes when you change positions? Is it fairly obvious in a graph?
I looked really hard at buying an 8 Sleep. I have techie friends who swear by them. But one of the big reasons I didn't go forward I don't see mentioned here and that is noise. I need a dark and quiet room to sleep.
Someone told me they returned their 8 sleep because of the constant fan noise of the computer running the thing. He told me it was like having a server in your bedroom.
I am also not keen at all needing to have my phone in my bedroom either. At the end of his life my father had some health challenges and it wasn't uncommon for a nurse to call me in the middle of the night. It was all the other calls, people tweeting or slacking at me that made it really challenging to get any sleep.
Still looking for something where I can collect sleep data if any entrepreneurs can solve these problems.
If your goal is just collect sleep data, I personally use my Withings Scanwatch with a leather bracelet,
But if you're not willing to keep a watch while you're sleeping they have "Sleep analyzer" that you put under your bed to collect Sleeping data, but I never tried it !
The link : https://www.withings.com/eu/en/sleep-analyzer
I have a friend who felt the cover was really uncomfortable as well. He had a really expensive mattress, but said he could feel the cooling tubes in the cover.
I'll do you one better on "collecting sleep data". I've been in the neurotech/sleeptech space for the last 5 years developing https://affectablesleep.com
After getting an Oura ring years ago, and it telling me "you didn't get enough sleep[deep, REM]" I was left thinking "so what?? don't tell me I didn't do it, help me to do it!"
From what I've seen in the market, possibly with the exception of 8Sleep or CPAP (for those who need it), is that everyone is focused on counting minutes, and adding a few minutes to sleep. Particularly "fall asleep faster" where they promote "fall asleep x% faster" where x% in minutes is like 7 or 8 minutes.
What is really valuable in sleep, and particularly deep sleep, is not really the time, it's the restorative brain functions, and at the moment, we are focused on one metric slow-wave delta power. It's not how many minutes you sleep, it's how much sleep is in each minute.
Of course, there is sleep data along with that, but if your sleep is optimized in the time you get, do you really care about the daily data?
If I'm reading this correctly, the product is just a temperature-controlled mattress?
Well, each bed contains a full Linux-based computer. If my estimations above are correct, all of Eight Sleep engineering can take full control of that computer any time they want.
I think that was already a given once you agree to silent automatic updates.
Wow, a full Linux-based computer... what did they spend the other $1990 on?
While we're all here, what are some good alternatives to Eight Sleep? The idea seems to have merit but the required IoT subscription is a dealbraker.
I use one of their competitors (Sleepme Ooler) but they're not great either. Did not know about aquarium chillers, that seems like a better option. Could probably pair it with Home Assistant too if you wanted to more easily set the temperature.
Title is bad, but the piece is good
Ok, we've replaced the article title with a more representative sentence from the article.
A night mare I have is that alot of these products like 8 Sleep are actually scams.
Not scams in the sense of swindling money, but that they are appendages of a private or government intelligence network.
If you genuinely care about your customers, can't you simply feel guilty of doxing such sensitive data about them?
Some evil entities what to know when you sleep, wake up or if there is someone else in the bed.
I am not against technology, this can be done responsibly via offline support, self hosting options, E2E Encryption, Homomorphic computing, differential privacy etc.
But I guess implementing those would interfere with the scam i.e the main objective, which is spying on you.
It's not a bad article, but it does seem to make a lot of assumptions, and you already agreed to let arbitrary code run on your network when you added an IoT device to it.
I think what he's trying to emphasise is the idea that anyone who's part of the engineering team could spy on you, without anyone else knowing. It's bad enough that the company has this data, sure, but there's at least an assumption that it will be secured and penalties can be enforced if not. Some random engineering being able to look into your life intimately by themselves is a completely different level of violation.
It is in fact already sending this data to their servers, because it doubles as a sleep tracker and everything goes through their servers. I really wish there was an option to do local-only connectivity, but very few internet-enabled products these days actually care about supporting a local-only mode, and I suspect the number of products that do would be even smaller if HomeKit didn't mandate it (sadly, temperature-controlled beds are not a HomeKit product category).
In case anyone is wondering why someone would pay so much to control their bed temp - I have a similar product the "Chillipad". Essentially I'm a furnace when I sleep and wake up covered in sweet. This thing keeping my bed cool was the biggest single thing I've done to improve sleep quality. Its not quite as stupid as Eight Sleep in terms of initial cost and there's no ongoing subscription but it was still expensive. I've also had to open it up and replace a faulty check valve, and it occasionally floods so I have it sitting in a tray. But damn... it works.
However now I want to try this aquarium chiller...
Happens when you buy expensive garbage with a subscription attached.
I have an EightSleep from before their enshittification into a subscription model. It is a good piece of hardware, but I can no longer recommend it because the software is so crappy. I checked the logs on my router and found that it was streaming tons of data to servers even when I wasn't using it. I have no idea why it would stream that much data since the trivial sensors it has shouldn't be producing that much data even if it had multi Hz sampling. I can't tell if this is incompetence or some sort of malfeasance where they are secretly recording audio data via motion sensors and streaming that.
Maybe this guy isnt the first person to discover the backdoor and your mattress has been mining crypto. This whole thing is straight out of a Cory Doctorow novel.
Because they want to know what you're doing in bed and when.
> I have no idea why it would stream that much data
I think the blog post uncovered that here... the CEO is a total creep
Using the aquarium chillers is really smart! Just need someone to mfg the mattress membrane covers.
I'd love to be wrong about this, but I'm very skeptical that the aquarium chiller pictured in the post can move enough heat to cool a human. As mentioned in the article, it uses thermoelectric coolers which are extremely inefficient.
I see at least one aquarium chiller on amazon that uses a compressor, but then you have to wonder if it's quiet enough to sleep next to.
Same, though I've seen thermoelectric chillers of that size moving ~200 Watt and a human produces less than 100 Watt at rest. The ones I saw on Amazon for $150 claimed to move around 70 Watt which is ballpark useful. You wouldn't want to cool down to a very low temperature anyway, just remove the heat you produce yourself.
Good point. That does sound plausible then. Here's my napkin math after some quick googling:
- A human produces about 40 watts of heat while sleeping.
- Thermoelectric coolers have a coefficient of performance (CoP) between 0.3-0.6. So for every watt consumed, they can move 0.3-0.6 watts of heat.
- The wattage consumed and moved all needs to be dissipated.
This random chiller [0] on amazon consumes 100 watts, so perhaps this could move 60 watts max. CoP drops as the temperature difference increases. And it's unclear if the unit can dissipate 160 watts steady state.
But it could plausibly keep you from heating up on a warm night. It doesn't seem like there's much margin for actually cooling you down tho. If someone wanted to experiment with this, I'd definitely read that post.
[0] https://www.amazon.com/MOQNISE-Aquarium-Circulation-Function...
I didn't realize they've come down so much in price. Another really useful application would be to hook it up to pads used to ice joints post joint surgery. I was sold a $100+ dollar medical device which was basically a water pump in a cooler chest (like one of those Polar ones) that circulated water through some pads. I had to refill it every hour or so with ice. This is right after a knee surgery so caring the cooler around was literally painful. Having it connected to the aquarium chiller would have been great.
you know those "VR backpacks"? imagine... knee chiller backpack
Nothing here is particularly surprising. The worries about engineers ssh'ing into the machine to see if anyone is sleeping seems rather overblown though. The product itself doubles as a sleep tracker and all data goes through their servers (as is sadly the norm for smart home appliances these days) so they have that data anyway. I have to take it on faith that they anonymize and aggregate the data before doing any analysis on it, but the very nature of the product means they have the data.
Actual title: "Removing Jeff Bezos from my bed"
Editing of titles on HN is annoying; I maintain this Tampermonkey script to mark moderated titles and show the original one:
https://raw.githubusercontent.com/bambax/hntitles/refs/heads...
https://news.ycombinator.com/item?id=43133674
I knew there was some shady shit going on with eight sleep! Back last year I posted a comment on Veritasium's YouTube channel because he had eight sleep as a sponsor. I commented that eight sleep is a privacy nightmare.
Anyways, feels good to be vindicated.
This is so cringe, i am getting motivated to only use dumb devices.
I no longer can trust that someone is looking at my TV data, Oven data, thermostat data, etc and tweeting about it.
Yuggh. There is also a bed chilling thing from sleep.me that is around $600. I haven't looked into it enough to tell whether it is internet connected. But I've been aware of it because my mom is very fussy about her sleeping temperature and it might be something I should look into when it gets warmer.
Bed as a service? Hell no. What an awful idea.
I bought an Eight Sleep Pod 3, as I'm light sleeper who wakes up often at 3 or 4am, and struggles to get the final hours of sleep.
I have to say it made my sleep significantly worse - I was shocked at how bad the temperature setting was - shifting 1 degree warmer or colder was often too much. I also noticed quite a bit of manipulation of reviews & comments on Reddit / subtle sponsorship on YouTube. (=> fake comments, upvoting/downvoting, and unofficial sponsorship).
Maybe it really does improve some people's sleep, but just the noise itself from the Pod meant I needed earplugs to not be disturbed by it. My suggestion is to avoid buying at all costs...
here a related discussion about a guy who did a similar thing with an aquarium cooler to cool his bed https://news.ycombinator.com/item?id=41824138
Are there any consumer products offered that provide similar functions (heating, controlling with an app etc.), but which never try to connect to a remote server, other than looking for the control app in the local LAN?
I'm not sure about the latest models, but my early-revision BedJet has no smart features at all: it was all bluetooth. It solves much the same problem as the product here: warm/cool the bed, not the house.
Anyone here tried those aquarium chillers? Sounds like a great alternative, I would love to read more about using them in practice.
isn't it safe if your home network is not exposing port 22?
> exceeding $300 million dollars in annual revenue
I would be interested in knowing who the buyers for this stuff are ..
> (the bed...) won’t function if the internet goes down
Who in the sane mind buys that.
Can recommend hot water bottles and a hairdryer for occasional on demand bed warming.
> There’s some zip ties securing the tubes you have to cut, but other than that, it’s a totally reversible, non-destructive process that takes 30 seconds.
Wait until Eight Sleep "upgrades" the connectors to be "incompatible" with Aquarium chillers.
How did the author find the backdoor URL in the first place?
I always knew that internet-connected thermostat was a bad idea.
re: the kinesis key - curious, what is the right way to configure log delivery for remotely deployed appliances?
in this situation, is it just like, you should front kinesis with a service that can apply appropriate quotas / limits?
Clickbait title.
Ok, we've replaced the article title with a more representative sentence from the article.
> the Eight Sleep cover, which is available on eBay for a few hundred
Uh, I don't think I want to buy a used mattress cover on eBay, thanks.
Um, is that Bezos or the AWS account of the company?
Alas, our hope to recover whatever social benefit was in SpaceX and Tesla is with Bezos's companies, although at least the EV space is more diverse. SpaceX cannot be wrested from Musk and TSLA and its board is preferred-stock controlled by Musk.
> TSLA and its board is preferred-stock controlled by Musk.
Any source for this? I can’t find anything that says the Musk has enough voting power in Tesla to not need others’ votes:
https://www.techopedia.com/largest-tesla-shareholders
This is a pretty in depth analysis that shows that Musk needed retail votes for last year’s compensation and re-domiciling votes:
https://clsbluesky.law.columbia.edu/2024/07/01/how-tesla-pum...
Tesla actually has a 1 share 1 vote right now but it also has super majority voting rules which means Musk's ~22% stake is nearly a veto unless the entire rest of the stockholders vote for a measure he's against.
https://www.thestreet.com/investing/stocks/how-elon-musk-con...
That is an Apr 2018 article. Elon has a substantially smaller share now. From first link in above post:
> Elon Musk is the largest individual Tesla shareholder, with 410.79 million shares, representing 12.8% of Tesla ownership as of December 2024.
https://www.secform4.com/insider-trading/1494730.htm
We give these companies hard earned fucking cash and they want _more_. Rapacious neoliberal capitalists will be the end of capitalism itself.
That CEO tweet to Elon is peak cringe.
[dead]
[dead]
You would have to be insane to buy a computer that remains someone else's computer...
[flagged]
I think the key feature is _cooling_ the bed, with warming secondary to that. That arguably sounds like a great nicety to have, notwithstanding all the downsides mentions in the post.
So now your getting hacked and breathing in toxins while you sleep. Hacked up the arse and in the mouth too. Nice.
Yeah, no thanks. I try to make my bedroom as technology free as possible. Apart from a digital alarm clock; at night I put my phone on aeroplane mode and place it outside my closed bedroom door.
It's the best I can do with today's bullshit tech. I've never had a problem with not having a cold bed, so maybe it's the next best thing after the bidet.
Toxins? What?
Why else is there plastic in your brain? How do you think you make "cold"?
when cold leaks, it can be toxic.
Cold cannot be "made", as it's an absence of something (energy), nor can it "leak" as a result.
I take what you mean is that there will be a refrigeration loop involved, and in that, a refrigerant. Just like all substances, refrigerants can be toxic, sure, but that alone is not what makes a toxin [0]. It's also not a binary thing, and between air conditioning and refrigerators, an appliance like this I don't see why would stand out.
I further haven't got a clue what microplastics having been found to pass the blood brain barrier have to do with this, or how you're able to determine whether that applies to me or not, specifically.
[0] https://en.m.wikipedia.org/wiki/Toxin
[flagged]
I'm a two-time Eight Sleep customer and the CEO could post my sleep history specifically with my full name and I'd still use it. It's really comfortable. I think most of the detractors were never remotely in the market for such a product. Everything negative said about the product and the company is true, and they should do better, but it's not enough to scare me away thanks to how good the base product is.
I also have an eight sleep mattress topper. I was unaware of the privacy issues here, but I feel the same as parent that I won't give it up. Having the ability to always have a cool bed has improved my sleep substantially. And the heating is great when you're sick.
Now if a competitor crops up that has better privacy and a better CEO, I'll swap in a heartbeat.
Note: I don't pay for the subscription, just the mattress topper
But is it more comfortable, then say, an old school analog expensive mattress? I can’t shake the feeling these companies are selling snake oil (that is not to say that old school analog mattresses aren’t overpriced either)
You may be misunderstanding the product--it's a topper that goes on top of your existing mattress. It doesn't replace the mattress. I do indeed have it on top of an old school analog expensive mattress. It cools/warms to the desired temperature without impacting the comfort from the mattress. I don't think there's much room for snake oil here: it pumps cooled or heated water through the mattress topper. There's no mystery.
So it's a fancy mattress topper with a water pump for $2k.
How does it feel? I have a nice foam mattress and I'd hate to buy one of these and have it feel like I'm sleeping on a bunch of tubes and plastic rather than foam.
I can't feel the tubes at all. It does have some electronics stuff on the sides that you can feel through the topper, but nothing on the top where you sleep. It maybe feels slightly firmer than the mattress feels without it.
> But is it more comfortable, then say, an old school analog expensive mattress?
Mattresses wear out, and people end up keeping them too long. Somewhere like walmart.com sells great mattresses for inexpensive prices. They are not related at all to what they sell in stores. Because they are inexpensive, as soon as they start to wear out, buy a new one.
[dead]
If there was a similar product that does not upload any of your extremely personal data, like whether you're now in your bed, to some server on the internet, would you prefer it?
Sure, there are lots of ways it can be improved. I'd like it to be cheaper too. I'd be happy to switch to an alternative that is just as good but without the Internet nonsense, but SleepMe isn't it. I've got my eyes open for viable competitors for the next time I need to outfit a mattress or when this one dies. For now, Eight Sleep is the best one I've found.
This is a bunch of nonsense, assumption and leaping to conclusions without evidence.
"In the second screenshot, we have the public key that’s authorized to access the device. The email address attached to the public key, eng@eightsleep.com, to me suggests the private key is likely accessible to the entire engineering team."
He has no evidence for this whatsoever and not really any good reason to assume it either.
"In the first image, we see evidence SSH is being exposed remotely, to a far away host, remote-connectivity-api.8slp.net. Typically SSH would only be accessible to the local area network, but the variables in production.json would seem to imply this access was opened up to a remote host."
This isn't how SSH works and he doesn't seem to have enough information, or enough knowledge of SSH, to understand what's being done with the "far away" hostname.
This article is just clickbait nonsense, which should have been obvious from the title. It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup. Based on the fact that the founders seem to have a superficial understanding of technology but a well-developed understanding of hype and bullshit, I am not interested in exploring their business further.
I don't really understand the take here. The post makes it very clear what is concrete evidence, what is speculation based on that, and the reasoning is much better than what you give it credit for. For instance, what would you suggest the "remote-connectivity-api" SSH endpoint URL and the authorized public SSH key is for if not for remotely SSHing into the bed's computer?
This is a Linux image that is, somehow, remotely flashed onto the bed. He found the SSH key on the filesystem.
1. He didn't even bother to check and see if the bed is running an SSH server - ten seconds with nmap could have told him this!
2. Essentially every one of these beds would be behind a NAT and thus the SSH server which he didn't even bother to look for would not be accessible to the internet or to the nefarious engineers he imagines have access to the key - he ignores this fact.
3. The fact that the firmware includes the URL of a specific external endpoint, suggests that the bed connects _to_ that endpoint, not that this is somehow used to screen incoming requests by reverse DNS lookup or anything like that. The architecture he is supposing exists (all remote access requests must come from a host whose reverse DNS resolves to this host?) makes no sense.
4. The fact that the public key exists on the filesystem means nothing if no SSH server is running, or accessible. It might be used, for instance, as part of the manufacturing test process or a maintenance procedure, and then disabled. The SSH public key on the filesystem isn't necessarily related to the JSON config file for their own application which he found!
5. SSH keys don't have "email addresses" associated with them, they have a plaintext field which is used merely for identification purposes, and this is commonly used for the _user account_ that created the key. But it's not an email address and even if it were, it doesn't mean that that email address, much less every engineer at the company, somehow has access to the key!
The sloppiness and level of jumping to conclusions here, for a supposed security company, is ridiculous.
> He has no evidence for this whatsoever and not really any good reason to assume it either.
I'm not sure what kind of evidence or reason you're looking for, I think their assumption is pretty sensible.
> This isn't how SSH works
Maybe I'm just naive, but the wording of it to me seems nontechnical enough that I think the author is skipping over things on purpose. For example, how exactly that "far way" host he thinks is involved.
I'd personally imagine it's a reverse shell type deal going on, although why SSH needed to be involved in that I'm not sure. Could be just a hacky implementation. But it's really not that far removed from sensibility, vendors popping reverse shells without authorization really wouldn't be new.
> It is clearly intended to draw traffic to their company website, which is some kind of venture-backed security startup.
Didn't even notice that. Can't imagine too many other people did either. So maybe not so clearly?
Please see my reply to another person in this same thread. He didn't even verify that the bed is running an SSH server in the first place!
I saw it. It's not necessary if the process that maintains the reverse connection can just start it as needed.
That said, some actual investigation of that supposed binary would have been a strong support for this whole thing, and indeed an evidence for this theory, so I will give you that.
If the bed requires going through some kind of production endpoint interaction in order to set up the remote connection (as is most likely the case), then his claim that any engineer can connect to any bed is simply false, and this is no more of a security hole than the idea of having a cloud-connected bed which is updated OTA in the first place.
Why is it false?
Are you denying the existence of an authorised ssh key on each of these beds allowing the holder of the key?
Are you denying there is a config file pointing to a target called remote-connectivity-api.8slp.net?
No there's not enough evidence to prove in a court of law who has access to the private key, or that the config file is enabling a return ssh connection, but it's pretty damning.
The only thing that's not newsworthy about this is that large amounts of IOT shit does this.
> Are you denying there is a config file pointing to a target called remote-connectivity-api.8slp.net?
Under the path ".ssh.endpoint", too. It's not like it's just a mystery hostname; it clearly has something to do with SSH.
> The only thing that's not newsworthy about this is that large amounts of IOT shit does this.
And - just to be clear - that doesn't mean it shouldn't be reported on! Talking about this stuff, and having concrete, specific examples, is good.
"I downloaded the firmware and I found an SSH key and a configuration file that mentions an SSH endpoint; therefore, I know that all of Eight Sleep’s engineers are allowed to remotely SSH into every customer’s bed and run arbitrary code!"
Do you not see a problem with this line of reasoning? That's literally what he says in the article, and he presents it as a near-certainty, not the wild leap of unsupported reasoning that it is.