Security Researcher Gets Threats Over Amazon Review (techcrunch.com) 153
Kate Conger, reporting for TechCrunch:Amazon retailers sometimes go to extreme lengths to guarantee good reviews, as security developer Matthew Garrett recently discovered when he wrote a one-star review of an internet-connected electric socket. When Garrett politely pointed out that the socket in question was woefully insecure, he received emails from the manufacturer claiming that the review would get employees fired and that other reviewers were campaigning to get Garrett's review taken down. The socket in question is the AuYou Wi-Fi Switch, a $30 device that lets you turn the power from a wall outlet on and off using your phone. [...] But like so many Internet of Things devices, the AuYou switch seems to have a serious security flaw. As Garrett explains in his review, if your phone is connected to your home Wi-Fi, it sends the on/off command to the socket directly. But if you're not home, your phone sends the command to a server in China, which then passes the command along to the socket. "The command packets look like they're encrypted, but in reality there's no real cryptography here at all," Garrett explained in his review. [...] "Just now my boss has blamed me, and he said if I do not remove this bad review, he will quit me. Please help me," the representative wrote. "Could you please change your bad review into good?" Garrett responded that he would update the review if the manufacturer fixed the flaw. The AuYou representative insisted she would be fired if the review was not updated.
Your shitty product kills jobs? (Score:5, Insightful)
Then I guess you should have made a better product.
Killing the messenger won't make your product any less shitty.
Re:Your shitty product kills jobs? (Score:5, Insightful)
Agreed. If her job depends on good reviews and no bad reviews, her days were numbered the day she started work anyway.
Re:Your shitty product kills jobs? (Score:5, Insightful)
If your job depends on someone else not fucking up who you have no control over and cannot influence in any way, you're sitting on an ejector seat and someone else holds the trigger. Get out of that chair as soon as you can.
Re: (Score:3)
Get out of that chair as soon as you can.
Or reach over and press the trigger yourself. When a boss gave me "his way or the highway" motivational speech, I left the company. Wasn't long before a dozen senior coworkers headed for the exit after me. The boss road the company all the way into bankruptcy and got fired after the reorganization.
Re: (Score:2)
Rode. If you think "road" is the right word, ask yourself - "would putting "highway" in instead work?" If the answer is "no", then "road" is the wrong spelling.
Re: (Score:2)
Rode. If you think "road" is the right word, ask yourself - "would putting "highway" in instead work?" If the answer is "no", then "road" is the wrong spelling.
I stand corrected.
Re: (Score:3)
Rode. If you think "road" is the right word, ask yourself - "would putting "highway" in instead work?" If the answer is "no", then "road" is the wrong spelling.
"The boss Hershey-highwayed the company all the way into bankruptcy" works, though.
Re: (Score:2)
To stay in the analogy, it is less painful to simply get out of the chair, tell the asshole with the trigger to go fuck himself and leave the room than to hope the chair is really zero/zero and risk spine damage.
To get out of it, it's better to just quietly drop a 2 weeks notice than to make the shit hit the fan yourself to go with a spectacular bang. Companies that you want to get hired by do not look kindly on that kind of thing.
Re: (Score:3, Insightful)
Much more likely her job depends on her ability to manipulate reviewers into taking down bad reviews. She might not even actually be a she, just posing as a woman because women get more sympathy.
The correct response to her is, "Tough shit, princess!"
Re:Your shitty product kills jobs? (Score:5, Informative)
The correct response to her is, "Tough shit, princess!"
Even better would be to append your review to say that they contacted you and tried to intimidate you into changing the review. That is relevant information, and future buyers should be aware of what they are doing.
Re: (Score:3)
I'm wondering if I captured some of those packets and replayed them over and over, really fast, maybe I could kill someone for real! :O
Re:Your shitty product kills jobs? (Score:4)
That will eventually become a very real threat with the IoT. Think of all the various things we have in our home that could be dangerous if they run without supervision.
As soon as stoves get wifi, we'll get to see quite a few more fires.
Re: (Score:3)
Fuck, this ain't the half of it. This one got found, how many do you think didn't?
Compared to this, icebergs hover over the ocean with it all out on show.
Re:Your shitty product kills jobs? (Score:5, Informative)
Yeah and not limited to insecure transmissions to foreign servers, embedded stock passwords and keys too. If you check out his other reviews, he actually outs them on another product. For example:
Morjava®MJ-SmallK Intelligent Smart Wifi Plug Socket Wireless Switch Timer Wifi Socket Wifi Smart US Plug for iPhone iPad Android Smartphone APP
https://www.amazon.com/dp/B01F... [amazon.com]
"The ugly:
Oh this is all pretty terrible. To start: the security on this device is a joke. The communication between the app and the device is encrypted with AES, but the encryption key is the same for all devices and is contained within the app - it's "fdsl;mewrjope456fds4fbvfnjwaugfo". This means that it's easy to decrypt any traffic you can see other people send, and also easy to encrypt your own commands. This isn't too much of a problem on your local network (the majority of smart devices will allow anybody on your wifi to control them), but it's awful when it comes to the cloud interface. By default, anyone in the world can send a command to the plug and it'll just perform it. That means anyone can just turn your plugs on and off, and also set the timer. You can avoid the worst of this by setting a password in the app, but there's no sort of rate limiting on the queries so if someone has identified your plug it won't take too long for them to crack your password.
But wait! There's more!
It runs ssh by default and has a default root password (" p9z34c"), so anyone on your network can log into it and run whatever they want on it. Anyone who can see your network traffic can decrypt the commands and extract the password, so don't use the app on any untrusted networks. It downloads app updates and plug firmware updates over http and doesn't do signature validation, so anyone can man in the middle you and get you to flash backdoored firmware onto your plug."
Needless to say, a big thank you to Mr. Garrett for exposing these issues. This is the kind of thing I might buy on a whim and certainly don't have time to figure out what level of security these things are operating at. He's performing a much needed public service.
The real truth is probably worse than we think. (Score:4, Insightful)
The common thread for all these phone home vulnerabilities are all going to servers in China.
Nothing really happens there without the government's knowledge, and probable support.
Would our government do any less?
Hell, Their backdoor traffic probably doesn't even show up in the logs, lol.
The people talking to the security researcher are probably being threatened by the people who designed the backdoors.
Re:The real truth is probably worse than we think. (Score:4, Insightful)
The common thread for all these phone home vulnerabilities are all going to servers in China.
Nothing really happens there without the government's knowledge, and probable support.
There is a nice Chinese saying (Tian gao, Huangdi yuan) that basically says "Heaven is high and the emperor is far away". It's still very much in vogue. It means most Chinese know that as long as they don't draw attention, they can do a lot of things you might get arrested for - but won't. Demonstrating on Tianmen square is a good way to get that attention, but just being one of a gazillion small electric shops isn't.
Never attribute to malice what can be adequately explained by incompetence.
Your post makes me think I'm right. (Score:3)
I have friends who were in Tienanmen Square that day.
Some were tortured; some were not.
Re: (Score:2)
It's built down to a price, which means no money to develop security features and little money to run the server. No conspiracy, you just get what you pay for.
Re: (Score:2)
Well, it looks like the price of no security is going bankrupt; so perhaps they should have put more thought into the security?
Re: (Score:3, Informative)
Not to mention that company is violating the GPL. The next paragraph from his review lays it out:
It's also running Linux and various other pieces of GPLed software. The GPL is a software license that requires that you either include the source code to the GPLed components when you sell a device, or include an offer to provide the source code on request. This does neither, which is a violation of the license. Unless you meet the requirements of the license, you're breaching copyright. So this device breache
Re: (Score:2)
There has always been exceptions to the distribution clause in the gpl. This exception covers system libraries and operating systems if they are already readily available from other normal sources.
It is possible that they do nothing more than configure an operating system for a system on chip processor with the configuration app and do not need any source code.
Re: (Score:2)
Re: (Score:2)
You can probably achieve that with 802.1X. Set up a Raspberry Pi as a RADIUS server, and configure your real devices (laptops) to authenticate over 802.1X. Make it so that non-authenticated devices can send out mDNS advertisements (and be sure to route the mDNS advertisements to the authenticated netblock), but cannot talk to the Internet as a whole unless you explicitly tweak the policy to allow access to some specific server or port for some specific reason (e.g. unblocking NTP).
Or, for that matter, si
Re: Your shitty product kills jobs? (Score:1)
I'll hire him to buy the part from China, write better software for it, and resell it at the Apple store for twice the price.
Re: (Score:2)
If you want to sell it on the Apple store, why bother rewriting the software? Want to stand out?
Re: (Score:2, Informative)
Then I guess you should have made a better product.
We don't know that the product isn't good. All we know is that there is a convenience option that has a security issue, but which is trivially eliminated by prudent network management. The device itself may function flawlessly and do exactly what you need it to do.
For example, this [3gstore.com] has a similar "call home to Momma" feature, but by simply blocking outbound connections from it at the router you solve the problem completely. You're left with a pretty reliable remote controllable power switch. I've got four o
Re: (Score:2, Insightful)
So a product being crap doesn't really matter that much if you can easily take care of it?
So glad you agree that VW shouldn't be required to pay that ridiculous fine.
Re:Your shitty product kills jobs? (Score:4, Interesting)
If this device were free I wouldn't complain so much, but in this case you are paying for it.
Re: (Score:3, Informative)
If I have to jump through hoops and block traffic from this device just so it's not a security risk, it's not reliable or secure.
Reliability is a different issue than security. And it's not a big hoop. It's a hoop that you should be jumping through whenever you add a device that you don't want talking to the outside world to your net. You have no reason to believe that any device you use isn't trying to talk to someone somewhere these days and especially if the device is advertised as "IoT" and controllable from a mobile device from anywhere in the world. It shouldn't take a bad review on Amazon to tell you this. If you do the bloc
Re: (Score:2)
My point is that now that you know this product phones home, you should not buy it.
Instead find on that doesn't phone home.
You can block traffic just in case and still buy hardware that (as far as you know) doesn't open you up to huge security risks.
Re: (Score:2)
My point is that now that you know this product phones home, you should not buy it.
You have yet to support your point. Why not buy it? It does the job I want, it does it well and reliably, and it is trivial not only to prevent it from "phoning home" but to actually configure it, and my network, so I can control it from anywhere in the world without that "phone home" feature.
Instead find on that doesn't phone home.
I think the point has been made rather clearly that you cannot determine this a-priori, and have to assume that it does whenever it is marketed as being controllable from anywhere in the world.
You think I should "find
Re: (Score:2)
Also, there's zero evidence that anyone job is really in danger. It's quite possible... I'd guess probable even... that this is just some PR flack or "social media manager" doing a "pull the heartstrings" effort to get the product's reviews up. One employee sending messages or a dozen, it's probably all one person's (poor) efforts at spin control.
Re: (Score:2)
Pulling the "heartstrings" with security researchers is usually a pretty bad move.
We have none. What you mistake for them is the strings that makes us drop the shit on you.
Re: (Score:3)
Pulling the "heartstrings" with security researchers is usually a pretty bad move.
We have none. What you mistake for them is the strings that makes us drop the shit on you.
Another way to look at it is you are protecting the people who would be subject to the consequences of their incompetence. Most of the people buying those products or services don't have the technical knowledge to make an informed evaluation and simply 'trust' the vendor is doing the right thing.
Well it is proper that a security researcher does not have that trust because their duty is to the people who do have that trust so that they don't get hurt or ripped off as a result of those with just enough know
Re: (Score:2)
Yeah, that makes me look nicer, I'll go with that.
In general, though, we've put up with enough bullshit and spin that it is enough for two lifetimes. Yes, also from users. The shortest and also most commonly told lie ever is "nothing", usually told right after being asked what they've done.
Re: (Score:2)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Btw, your sig is stupid. Did a wingnut feed you that nonsense?
Considering the erosion of the Bill of Rights, what rights do you have left?
Due process? Not when added to the No-Fly list
Second Amendment? Slowly being removed by ever more regulation designed for a gun free society instead of the spirit of the amendment.
Free Speech? Nope, go to your free speech zone where we can safely ignore you peasant!
Freedom of religion? Slowly being removed, we can no longer pray in public, as someone might be offended or someone might feel bad that they don't believe in the same
Another review (Score:5, Funny)
Now you write another review about how horribly the company treats its employees.
Re:Another review (Score:5, Insightful)
Or how it's employees lie about losing their jobs over bad reviews in order to get sympathy.
Either are likely with a shady organization like this.
The days of Chinese crap inundations (Score:4, Insightful)
are not over, yet. By far.
Re: (Score:3)
That's only the start.
The IoT hasn't even taken off yet, and I can already tell you that it is going to be ugly. It will be a data harvesting hog, and security and data protection will never be a core element of it until legislators get hit hard by it, and then we'll get laws that make the ones we have concerning the internet look sane in comparison.
This is going to get very ugly very fast.
Re: (Score:2)
The problem will be, that the legislators rather than creating laws to improve security in IoT, will instead outlaw breaking into the devices, as they do now with the internet.
Re: (Score:2)
That's a given, and just like with the internet, people who are willing to break the law won't give half a shit about it.
This just in, legislators: Criminals don't care about your laws. If I want to steal something from you, I am already committed to breaking a law. Why do you think I'd give a shit about breaking yet another one?
Re: (Score:3, Funny)
Wait, shitty IoT security is going to let me become a hawt cyborg?
In light of this, I may reconsider my position on IoT.
Re: (Score:2)
The problem with IoT is that shit programmers and shit companies are going to ensure that everybody is a hawt cyborg.
I've seen that movie. I liked it 'til I saw that the hot chick was a flabby fat guy.
Re:Yep. (Score:5, Informative)
The original Catcher in the Rye quote was about being so uninteresting/difficult to interact with that nobody would ever bother you.
Laughing Man's trick was managing to achieve that while still participating in human society.
problem: lose job for review (Score:1)
solution: plug socket into HR system and send shutdown notice
Cry me a fucking river (Score:1, Informative)
You can round up your crummy employees and dump them into an incinerator for all I care. I shit on the mass grave where their mothers have been bulldozed into. I hope they die horribly in a gutter of flesh-eating bacteria infection while their kids are sold into sex slavery to cannibals.
Re:Cry me a fucking river (Score:5, Funny)
Other than that, 5 stars. Will buy again.
Re:Cry me a fucking river (Score:5, Funny)
You should post that as an Amazon review of the product.
market rewards price, not security. (Score:4, Insightful)
The AuYou representative insisted she would be fired if the review was not updated
Sadly, that is probably true, and some poor engineer will lose their job, but that engineer probably was under severe pressure to get the thing out the door with absolutely minimal development time in the first place. She probably knew it wasn't great, but had no real choice due to pressure from above.
Maybe in the end it comes down to the fact that the market does not reward security, it rewards low price. Proper security costs money. The online marketplaces are brutal.
Re: (Score:3)
See this is problem with free trade right here though. If this thing was manufactured in the states, then the company could probably be held to account one way or another for repairing or replacing faulty products. Sure they might decided to get rid of the engineer who designed this thing, but ultimately they would have some incentive to fix their internal process and try and do some QA.
Being its a no-name Chinese made product the company will likely just rename itself and be quite beyond the reach of the
Re: (Score:2)
that engineer probably was under severe pressure to get the thing out the door with absolutely minimal development time in the first place
If you believe that I have a bridge in New York to sell you. Chinese company sells a product that opens your network to a server conveniently located in China. I have a hard time believing that was a mistake.
Re: (Score:2)
If you believe that I have a bridge in New York to sell you. Chinese company sells a product that opens your network to a server conveniently located in China. I have a hard time believing that was a mistake.
Even if it was a mistake, the potential for harm is the same.
(I also have a hard time believing that was a mistake, but either way it's got "Bad News" written all over it.)
Re: (Score:2)
Well, the potential may theoretically be the same, but the expected damages are probably much higher from an intentional security hole.
Re: (Score:2)
if it were a deliberate attempt to be sneaky one would expect it to be a little more subtle. Instead of using the same key for everything generate a random key, but embed it in the message in a recoverable way, for example.
Of course, they could be using this to make people _think_ it's too dumb to be deliberate. Hmmm....
Re: (Score:1)
Update the review with AuYou responses (Score:5, Insightful)
Re:Update the review with AuYou responses (Score:4, Insightful)
The sad part is that this will not cost the head of the culprit but of the scapegoat. What most likely happened was that some beancounter decided that this piece of crap has to hit the market damn right now because being first trumps being good, every engineer and their dog knew that the product isn't ready for prime time by any stretch, management decided to release it anyway and the engineers will now get to take the heat for the crappy product because, well, weren't they the ones who made it?
Who should get fired are management and finances, but they will fire the ones who were actually doing the work.
Re: (Score:3)
The sad part is that this will not cost the head of the culprit but of the scapegoat. What most likely happened was that some beancounter decided that this piece of crap has to hit the market damn right now because being first trumps being good, every engineer and their dog knew that the product isn't ready for prime time by any stretch, management decided to release it anyway and the engineers will now get to take the heat for the crappy product because, well, weren't they the ones who made it?
Who should get fired are management and finances, but they will fire the ones who were actually doing the work.
This, I do agree is woefully sad, but none of it excuses a shitty product. Expose an ,i>entire product line, and even those at the top will be affected.
Common sense needs to push back against shitty time-to-market decisions, especially when it comes to IoT, which can and will affect human lives, not merely jobs.
Re: (Score:2)
Not first, just another company jumping on a product line.
They certainly paid more attention to their case molding then they did to their software.
Re: (Score:3, Insightful)
I don't believe you are correct.
People buy insecure crap all the time. Security is not a priority until they are burned by it.
The thing is, the average user probably isn't going to even know that they have been burned by an insecure IoT device. Even if they realize that they have been hacked, they will never put 2 and 2 together. As in, they will never figure out that the vector into their network was the "smart" light bulb they connected to their wifi last year...
Re:Update the review with AuYou responses (Score:4, Insightful)
How long have you been on the planet to still believe that bullshit?
People don't give a shit about security. Facebook pretty much shits on your privacy and flaunts it in your face, and people still use it. Flash is an insecure piece of rubbish that has a multi-year track record where every month at the very least one critical remote code execution flaw is found and still it's being used widely.
You can produce the most insecure, most horrible piece of crap, as long as it's cheap and easy to use, you will find people who don't know better who will buy and use it. And when the shit hits the fan they will accept it as if it was a law of nature that "this cannot be made secure".
Re: (Score:2)
Why shouldn't it cost the job of the scapegoat? Think anyone cares?
Re: (Score:2)
Emails are subject to copyright. Publishing an email thread without permissions is copyright infringement. I would not suggest doing this when the company has proven itself to be litigious.
Internet of Temerity (Score:5, Interesting)
In this case, we have a bunch of designers without a real background in and/or regard for infosec putting out products that use the "security by obscurity" model and get called out on it. To top it off, it is also the model of personally identifiable information being shipped overseas for who knows how many violations of privacy, and subject to violations of rights by governmental entities monitoring the same information. That this is now common with so many Chinese-made products (especially web cams!) is particularly galling. Even better, the "threats" against this man would normally result in automatic termination of the threatening employee in most Western countries. I suspect this company is like the uncountable numbers of cockroaches on Alibaba, Ebay and Amazon hocking their trash - they'll sell it until they can't, then they'll re-form under a different name and do it again, and think that they're right until they get called out like these idiots did.
Last year a recruiter presented me for a job at a lighting company in Eastern Pennsylvania for their IoT product efforts with my background in security and cryptography as well as electronics. They passed on me because I didn't have enough of lighting background (which is a hell of a lot easier to pick up than security). When I countered to the recruiter that security was the most important thing for them, he agreed wholeheartedly but said there was nothing he could do to convince them otherwise.
If this is the future of IoT, I want no part of it.
Re: (Score:3)
Actually, it sounds like you should start an IoT company. In a few years, everyone will wake-up and realize that the wave of cyber-attacks on poorly-defined IoT devices has to stop. And a company with products that are already secure will have a serious leg-up on the competition.
Will anyone learn? (Score:3)
Re: (Score:2)
This. Even if it's just the Streisand effect of one.
I honestly don't understand what whoever decided to send the e-mails was expecting.
TBH, while I feel sorry for this employee on a personal level if they are indeed begging for their job and they're trying to make ends meet and this is the only job they can get that supports them adequately, whoever decided to send these e-mails really needs to use their head. If the poster feels they're benevolently warning unsuspecting people away from buying a poor qual
I'd be worried about my network security (Score:3)
I don't care if someone in China can flip my light on and off. Some people are excited excited [youtu.be] when that happens.
I'd be more concerned about a device on my network creating a persistent connection to a server in China... who knows what packets it's capturing or what it's relaying to that server - maybe it's giving them a full TCP tunnel back into my network?
Re: (Score:2)
I don't care if someone in China can flip my light on and off.
I have a switch in my apartment. It doesn't do anything. Every once in a while, I turn it on and off. One day I got a call. It was from a woman in France. She said "Cut it out."
(Steven Wright quote)
Dealing with threats and deception (Score:5, Insightful)
I recently posted a similar review on Amazon, although mine was regarding a burglar alarm which connects to a server in China and has no encryption. To their credit, the manufacturer has not challenged the review.
First, it's entirely possible that the management did not realize that the device was not encrypted or that they specified encryption and that the programmer involved provided something very lame like exclusive-OR with a byte. This, however, indicates a failure of due diligence on the part of the management.
Globally, the quality of employees performing embedded-systems programming for consumer products is dismal. This doesn't mean just China, it's also really bad in the U.S. and South Korea in my personal experience. The employees can not be expected to have any concept of proper security. I have seen lame attempts at encryption, stripping the executable as an anti-reverse-engineering strategy (!), and many other things a competent systems programmer would face-palm upon encountering.
Firing the employee as a condition of your not removing the review is deceptive. If the employee actually did something wrong (which we can't tell from here) that is the cause of their firing and it should be independent of whether your review stays up or not.
It's clearly just an attempt to lay guilt upon you for doing the right thing. But the people you should be protecting first are the consumers who could buy this device and rely on it having more security than it actually does. Go on and do the right thing by making this review available wherever people would purchase the device.
Re: (Score:2)
I recently posted a similar review on Amazon, although mine was regarding a burglar alarm which connects to a server in China and has no encryption. To their credit, the manufacturer has not challenged the review.
I'm not sure the manufacturer should get credit for being complacent.
Re: Dealing with threats and deception (Score:3)
Re: (Score:3)
You do not get credit for not doing the wrong thing. You get credit for doing this right thing. In your case, that would be addressing the flaws you uncovered, or at the very least thank you for uncovering them.
Re: (Score:3)
Globally, the quality of employees performing embedded-systems programming for consumer products is dismal.
It's kind of scary, really. My dad spent decades as an electrical engineer designing ASICs. He lamented that almost the entire last 10 years of his career, he spent following the new generation of EEs around fixing all of their stupid mistakes. And this was for "important" stuff; stuff that he was never able to provide any more detail to me about than "I'm designing a DSP chip" because of classifications; stuff that if my speculation is correct, might get our soldiers killed if it goes awry.
I'm sure some of
Probably false (Score:2)
So, did this guy actually receive threats? (Score:5, Informative)
Re: (Score:3)
And if you read the Techcrunch article, you'll see what the brouhaha is about, and some pretty amazing statements by the product reviewer. He claims that all you need to know is the MAC address. "If anybody knows the MAC address
Perhaps it was intentional? (Score:3)
Perhaps, this was not a mistake, but a "feature" they just never thought anyone would notice.
Years ago, a friend of mine used Radio Shack plug-n-power AKA X10 modules to control things in his house. The nice ones even had a wireless option where you didn't have to plug-in to a wall socket. One day I went over to his house and, rather than knocking on the door, I toggled the lights in his bedroom repeatedly. Security holes are priceless :-)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
An easy-to-find security hole is still a security hole.
And we used to live in a world where people didn't try to be assholes to people they call their friends. It used to be that "security holes" were evaluated based on the risks and hazards involved instead of every security hole being "OMFG it's a SECURITY HOLE and the product and developers are crap because there is one."
I know, times have changed. Today, if you can visit a "friend's" house and get the house and device code for his bedroom lamp and set a wireless X10 remote to the same house, it's a "securi
Re: (Score:2)
Nope.
let nature take it's course (Score:2)
Sounds like the employee needs firing. They're not being blamed for the bad PR so much as for their screw-up. The boss is just throwing the "get it taken down or you're fired!" as a punishment for not doing his job. Damage control is the first step in the response, "stop the heavy bleeding". Which isn't the security, it's the bad PR. So that's his first job. If he succeeds at that, his second job will be to fix the problem.
If he can't kill the bad PR, he's out immediately, someone else will come in to
And I care why, exactly?? (Score:2)
"The AuYou representative insisted she would be fired if the review was not updated."
Why would I care, as long as my review was factual and accurate?
It's not my problem that her company is run by pieces of shit that fire people for events outside of her control, or that they're making a shitty product, or for the fact that they got caught doing so.
Seriously, it's too bad but I'm not going to lie just because someone somewhere might get fired. Here's a tip: don't make a shitty product and you won't get shitt
He'll quit me! (Score:5, Funny)
he will quit me
I wish I knew how to quit you.
Fucking true, read it on the EU website (Score:3)
Bizarrely, if you write "AuYou Wi-Fi Switch" in Han Chinese it's only two little ticks different from "Streisand Effect".
Comment removed (Score:4, Interesting)
These things are neat though (Score:2)
These wifi power switches are actually pretty cool and useful, just don't buy this one. I recommend the Orvibo S20. It has better security and can be controlled by an open source python script that runs on Linux. Linux warms up my towel for me in the morning as I wake up :)
If you don't give a good review we shoot this dog (Score:2)
what kind of monster are you?
Only Slightly Off-Topic (Score:2)
This is exactly why I don't have a Wifi powerpoint (Score:2)
I looked into these a couple of years back and I couldn't find a single one which didn't wantto dial home to a server, which could be shutdown at any time.
I want something with a web interface and I can just remap a port on my router to present that (secure) web interface, then I can control it myself.
Perhaps some kind of secure access would be nice, so you could build a basic server which can control all the power points, monitor usage, set timers etc.
It's 2016 (!!) and most of us still have very little co
Re: (Score:2)
I want something with a web interface and I can just remap a port on my router to present that (secure) web interface, then I can control it myself.
Here. [3gstore.com] It, too, wants to phone home for some reason, but blocking the device at the router stops that.
It's 2016 (!!) and most of us still have very little control or monitoring over the power sockets around our homes,
I'd suggest X10, but apparently it is an incredible "security hole" that people can actually control outlets around the house. The specific comment was about wireless X10 and how much fun it is to screw your friend by toggling his lights, but if you're standing on the front step of your friend's house you can plug in your wired X10 controller to an outside outlet and do the same thing with no need for wirel
Re: (Score:2)
I genuinely don't understand why I can't get a power reading from every single light AND socket in the house
Current utilisation, total utilisation this month / week etc
Ability to turn off and on, timing
Total house usage
I understand it should cost more to do and it's more complicated but again, 2016! It's madness. I'm actually kind of glad I'm not well off enough to afford a house, because it would frustrate me to own my own place or build my own place and not be able to easily do that yet.
Re: (Score:2)
I genuinely don't understand why I can't get a power reading from every single light AND socket in the house ... I understand it should cost more to do and it's more complicated but again, 2016!
There is nothing magic about 2016. Yes, I understand, "it's a modern world". But it will cost a lot more to do that, and it will require a lot of smarts to configure this all. How do you manage four things plugged into a power strip? Does each thing report its data, does each socket on the strip report, or do you just monitor the socket in the wall and say that's good enough? How do you tell how much that cable set-top-box is using vs. the TV plugged into the same strip? And then you turn on the lamp plugge
I see this all the time from China on Ebay (Score:2)
Competence, office politics, tact, English, etc. (Score:2)
Gawwwd, such a dumb-ass on many levels. I hope the bastard does get fired.
Re: (Score:2)
Has anyone considered that the representative is merely trying to guilt the reviewer into changing his review? I mean really? They're going to fire this person for something they have zero control over? Not likely...
Doubt all you want. It is very likely. Let's not pretend the word "scapegoat" magically does not exist in business.
Re: (Score:2)
The TechCrunch article mentions one slight threat to the reviewer:
The representative then said that she would report Garrett to Amazon if he didn’t take down the review
Re: (Score:2)
We can't have that, bad reviews hurt sales, and must be exterminated with prejudice.