Open letter to Homeseer:

Even if I have been a member of this board since 2002, and just a newbie with Homeseer as I really started with HS 2.0 Beta. But I have been using home automation and X-10 for approximately 20 years, and in those 20 years have gone from X-10 timers with clock, to Byte magazine (Steve Ciarcia) home controller version 1 and 2 and finally Stargate for the last 8 years.

The reason I jumped into HS is because of version 2.0. Based on a PC's its makes the hardware low cost and reliable and Windows XP has made enough progress that it does not need to be reboot at least once a week, remember Windows 98, well the fact is very few times you really had to do a reboot for the week, as it tipically crashed at least once a day.

HS 2.0 is multitasking and has the ability, with proper plugin's, to control almost any device in a house or for that matter business that you may need to check or control remotely. Now the remotely part encompasses some risks, as now a days the internet with it "telephone party line" security leaves a lot to be desired. Company's are using the Internet as an extension of the LAN's, but no company in their right mind would do it without some means of securing or restricting access to their data.

Would you want your "Doctor, Banker, Broker or credit card transaction" information to be seen by, not I would say anyone, but a very large number of people at phone companies, cable companies, ISP, or even your neighboor (Rupp ?? , just kidding), NO, most people would mind, but I and many others like me that have been vocal on this thread about SSL do care a lot.

Lets face it, there are other ways of insuring the security of you data, VPN'S (both software and hardware) dedicated circuits $$$, etc and I will use one of the other means if Homeseer does not releases SSL for HS.

Homeseer will control my house, and its remote access will be at times critical for the well being of my family.

I believe that if you want your product to continue being a leader among your competitors, you need to release SSL, and if had not been part of the description of HS 2.0 you could have sold it as a plugin, I would have been willing to buy it for a reasonable amount.

Thank you for your patience.

Rene

Rupp, I must have missed this post quite a few days ago being sick most of the weekend. I never suggested your stupid... I live in an area where not too many blocks away lots of bad things happen. I don't leave my doors unlocked, and don't leave a key under the mat... nor would I tell anyone if I did. I've had two cars broken into in my driveway, one right in front of my house, and a window smashed on another car right out in front. UPS won't leave packages even if you have a signature on file at UPS... they just don't trust the area. I feel fairly safe, people on my street are honest, and keep their eyes and ears on lookout, but occasionally bad stuff does happen... When you put a sign out front that says steal me.... like a pimped out honda civic my roommate used to own.. (from fast and the furious) Bad things are more likely to happen, and did. I now have cameras setup, motion sensors etc... technology to try and stop bad guys... hopefully I never need that stuff for anything important.

Wow, that strayed ways away from my point.... I have no problem with you asking the question, why would you care if someone sees your x10 m1's ons..... for the most part, most people wouldn't care.... but what I care about is someone sending x10 m1's ons... it's hard enough to diagnose x10 problems when someone isn't messing with or have an overlapping x10 housecode and your picking up stray rf etc. the possibilitys of quite harmfull hacking are WAY more severe than those of just normal PC hacking. If someone were to break into your homeseer box, they have access to your physical space, not just your information, and that is quite disturbing.... I would not like to come home to find my therostat turned up to 110 degrees.

Also on another note, I can't stand the concept of security through obsecurity... This is what Microsoft has done for years.... wait until a exploit hole opens up then plug it. They and many other companies are starting to realize how important security is. Fix it before it's broken. It's possible homeseer will never make it to the radar of hackers, then again... you never know. It's like not wearing a safebelt in car becuase the driver has never been in an accident.


Don.... yes I missed the smiley face... I don't ever wish someones system get hacked or people get messed with in a frusterating way, especailly Rupp's he's been a very very helpfull and giving person towards the homeseer community.


And dalskog.... Are we 100 percent sure that it's going to cost us more money now, when we were origonally told it wouldnt? We have not seen anyone from HST post to this fourm in a long time.


As much as I love this community and homeseer, this could be the last straw for many of us.

I was expecting it to show up in HS 2.0 at some point. I'm familiar with the issues regarding setup but think it's worth it.

Ed

Not acceptable behavior from HST

I read the list of enhanced features that HS 2.0 had - I saw the sales pitch asking for money to upgrade to this new version. I see that the features advertised to entice people to pay for an upgrade ARE NOT PRESENT, BY THE CHOICE OF HST.

We could quibble over the definition of this offense; is it false advertising, or fraud, or theft by deception? That's not what bothers me, though - it's more of:

What are you guys thinking, treating your paying customers this way? Why don't you come on over to San Jose so I could whack you with the cluestick a few times?
What is with that condescending "too complicated for you" comment? Is there anyone at HST that has a clue about who's in charge here? Here's a tip: we're the paying customers - without us, you're just a bunch of penniless bozos. Take the hint before it's too late...

Whuffo,
You do no have to ask all of your questions a make all of your points so harshly. They are not trying to rip everyone off they are simply weighing the cost and work and support involved getting this functional and implemented.

Ever hear the saying?


You can catch more flies with honey than with vinegar.

Update on SSL.

I will be posting an HS2 update to this forum that includes the SSL support. I would like feedback as to the following (since some of you obviously know more about SSL than we do):

* Did it work when you enabled it?
* Can you install a different certificate ok?
* Is it possible to run with your own certificate and not get any error dialogs?

If it can be administered ok without an added support burden we are willing to include it with the standard HS2 software.

Thank You Rich,

I will be happy to assist in any way that I can. Not that I know it all, but I have some experience with certificates, and I am willing to research any problem that may come up.

Will it be an updated version 1992 (ie 1993 or higher), and if that is the case should I update to 1992 prior to installing it, as I am still running 1972 (very reliable)?

Rene

There you have it... "NOW" haha

I'm sure many of us with SSL experience will be happy to help get this going. It is a "feature" and it should be able to be turned off easily, for people who don't have the knowhow to set it up. Remember, HST, you guys support homeseer and it's functionality, not SSL certification etc... I'm sure one of use can write a FAQ reguaring SSL, and how to set it up for homeseer. It's a support feature, but I don't think you need to hold hands when someone is opting for setting up as long as the problem doesn't reside on your side

Thanks for the update!!!

much appriciated.

Rich,

Thank you for the release, look forward to playing with it!

-Mike

You know, after reading this thread, I am considering reversing our decision last week to include SSL support in the consumer version of HomeSeer.

Some of the biggest messes that we have had to deal with in the construction of HomeSeer 2.0 are those that were created because Rich has almost never said "No" to requests over the past 7 years. There are SO many features and capabilities in HomeSeer because of these end-user requests, and so now a thread started for the purpose of weighing in on how important SSL security is has turned very, very ugly. I don't know about Rich, but I personally respond very poorly to comments like "... the only reason I upgraded to 2.0", "...continue being a leader among your competitors, you need to release SSL...", "I see that the features advertised to entice people to pay for an upgrade ARE NOT PRESENT..." and that we can address the support issues with "disclaimers and EULAs".

Let's set some things straight....
1. I find it hard to believe that the only reason somebody upgraded to 2.0 was the SSL security, especially since nobody complained that it was missing until this thread was started.
2. You are not as familiar with the HA market as we, and cannot accurately predict a cost/benefit analysis of adding such functionality. How many other HA packages that compete with us have SSL support?
3. The HomeSeer 2.0 features advertised in the final release are all there - some are in the standard edition, some are in the PRO edition. This is the same as what Microsoft does with having 3-4 flavors of Microsoft Office - there is a list of features, you have to decide which edition has the ones you want. There are a LOT of other features that we could have listed, many of which are in the PRO edition only. Yes, we are guilty of not marking the SSL feature as being in the PRO edition only, but that is due to us originally planning on releasing it with the standard edition. (More on that in the next item.)
4. The idea that we can fix the SSL support issues with documentation is not grounded with reality. There are PERHAPS 2% of our users who actually read the documentation. We cannot even get NOVICE computer users to refer to the documentation! Our decision to make SSL available in the PRO edition was due to these support issues.

Here is an example of what we face in releasing this in the consumer edition:

• "Where do I go to generate a certificate?"
  
  And once we tell them, how many will be able to actually generate the certificate?
• "I set up my router to forward my HomeSeer ports to my HomeSeer machine, so how come my friends can get to my server without https?"
  
  Since most users will not understand the concept of only making the secure port available externally.
• "Why do I have to keep answering the security warning questions - it is my HomeSeer system so doesn't it know it is OK to show the secure and non-secure information?"
  
  As documentation is never read, and these warnings are out of our control.
• "I turned on the SSL server to make my HomeSeer site secure, now how do I use it?"
  
  Since many times, we have to tell the users how to open up their HomeSeer website in the first place.
• "How do I tell my browser the port number of my SSL server?"
  
  Because the unsecured port number is typically 80, the web browser default, many people do not know how to specify a port or the https protocol.

In our estimation, very few users really desire SSL, and to support those who do want it in navigating the various challenges of setting it up would seriously hinder our other development efforts. We are a small company trying to do big things. SSL tech support is just not something we can handle with our current resources.

As I said earlier, we decided to put SSL in the standard edition late last week, so it will be enabled. However, we will only be supporting the configuration of it for our PRO users. You are welcome to use the MB to discuss the configuration of it yourselves. This is an attempt to satisfy some of your requests, without placing an undue burden on our staff at the same time.

Whuffo:

I cringe when I saw your post. I'm hoping you reconsider your tone when you post in the future.

Sounds like a great compromise!

--David

The SSL build with be the same as the 1996 build that we are putting together right now, except SSL will be added. I hope to have it posted this afternoon. Note that SSL will only be in the build I post here, not in the official release.

Thank you Rich.

As someone else wrote earlier, the SSL setup and support should not be on HomeSeer but on the user who needs the functionality.

What's good to secure a link if you don't understand it in the first place!