[HN Gopher] Sol-Ark manufacturer reportedly disables all Deye in...
___________________________________________________________________
Sol-Ark manufacturer reportedly disables all Deye inverters in the
US
Author : walterbell
Score : 207 points
Date : 2024-11-30 02:51 UTC (20 hours ago)
(HTM) web link (solarboi.com)
(TXT) w3m dump (solarboi.com)
| boredatoms wrote:
| We need laws to prevent this
| jfengel wrote:
| There probably are. But it appears to be coming out of China,
| so good luck enforcing it.
| dymk wrote:
| There is a US based company that is importing and selling
| these devices. Go after them.
| Schiendelman wrote:
| For what? They didn't send the signal.
| dymk wrote:
| So? They're responsible for importing the devices. They
| have an exclusive contract. Do your due diligence before
| offloading the risk to your customers.
|
| It's like if Ford outsourced faulty brake systems, had a
| bunch of cars crash because of it, and then say "it's not
| our fault, we didn't actually make the brake system".
| jfengel wrote:
| Right. You can close down the (smallish, veteran-owned)
| American company. But the manufacturer will almost
| certainly find a new importer, who either doesn't know or
| knows and doesn't care.
|
| You can put a ban on the import but it's really hard to
| enforce. They'll just put on a different nameplate.
|
| It would be great if American companies did more due
| diligence, but that increases costs. And we've just seen
| how grumpy Americans get when prices go up.
| dymk wrote:
| > You can close down the (smallish, veteran-owned)
| American company.
|
| This is marketing fluff from the company. Who cares that
| they're vet-owned? They've been around for 10 years, they
| are not new to the solar game. They even claim to be an
| industry leader, if we're trusting their word.
|
| > It would be great if American companies did more due
| diligence, but that increases costs.
|
| How much is it going to cost to either replace all the
| inverters sold, or remedy whatever the gripe is with the
| manufacturer? How much is the outage going to cost across
| the (tens? hundreds?) of thousands of inverters sold?
| _trampeltier wrote:
| It seems they shut the inverters down because a legal dispute.
| So the reason is the law.
| Dylan16807 wrote:
| That's like saying if I punch someone because of a legal
| dispute, the law is to blame.
| perihelions wrote:
| Civil contract disputes don't empower or obligate you to
| commit crimes in the process of trying to make things right.
|
| The power inverters were *not their property*. Remotely
| accessing them, without authorization and with the intent of
| disabling them, is a textbook CFAA felony.
| HackOfAllTrades wrote:
| Their 'right' to do that was probably somewhere in
| unreadable ALL CAPS on a small piece of paper at the bottom
| of the shipping box that the end user never got.
|
| Fuck 'em. Isolate your local net from the world and only
| let through devices you trust. Plenty of ways to do that,
| even at low expense. But you will have to make the effort
| or pay someone else to do it.
| rvba wrote:
| Could USA wrap it under the terrorism laws?
| gdjskshh wrote:
| We have those laws. You return the faulty device to the entity
| you purchased it from.
|
| I bet some small-time installers that were sourcing on the grey
| market will go bankrupt because of this.
| malfist wrote:
| You return a solar inverter you already have installed? Maybe
| purchased years ago? And in the meantime you might be without
| power. That's not recourse.
| hedora wrote:
| The law needs to be updated for things with high
| installation costs.
|
| For example, we bought a built-in oven, and post-sale we
| discovered a sticker saying that by using the oven, we
| agreed to a EULA and binding arbitration, and to return it
| if we disagree.
|
| I think that, had we decided to decline the previously-
| undisclosed EULA, the manufacturer should have had to
| either provide one that works as they advertised (no EULA)
| and with identical dimensions, or they should have had to
| replace our brand-new cabinets with ones that matched a
| competitor's product (and incur a large multiple of the
| cost we paid for the oven).
| malfist wrote:
| Completely agree. Those things make even less since in
| the second hand market. What happens if the solar system
| was bought from a resaler? Or install by another company
| and you didn't choose it? What happens when you sell your
| house and you've removed the sticker?
| sam_goody wrote:
| I don't know which "this" was referred to, but I think we
| need laws to prevent a foreign company or hacker from
| shutting down our power.
|
| There was an article on HN about a month ago, that two
| companies each have the ability to overload or shut down the
| entire grid in many parts of the states, just by their remote
| control of the solar panels and batterires.
|
| They should be regulated like any other utility.
| ryao wrote:
| How would a law prevent this? Does it cause a lion to
| manifest, whenever someone is about to shut down power, to
| maul the guy to prevent the shutdown? I do not believe laws
| have such supernatural powers.
| totallykvothe wrote:
| People responsible for this kind of evil need to pay with
| personal property seizure.
| tdeck wrote:
| Can someone who has a solar inverter explain why these are
| connected to the internet?
| hrkfmud50k wrote:
| because they have remote configuration and reporting on solar
| production, consumption, battery state of charge, grid export,
| import vs time.
| HarryHirsch wrote:
| Practical Engineering had a video on the subject not too long
| ago: https://www.youtube.com/watch?v=7G4ipM2qjfw
|
| The short answer is: it's for load balancing, it can't be
| avoided.
| viraptor wrote:
| That part is independent of internet connection. Especially
| since you can't rely on the internet connection in case of
| power delivery issues. It's a completely different network.
| HarryHirsch wrote:
| The trouble is that there needs to be some way for the grid
| operator to take x % of generating capability off-line or
| bring y % more on-line, and the panels themselves can't
| decide autonomously, so there must be an external data
| connection. Maybe not through internet but cellphone data
| connection, but the grid operator has to have control about
| how much power goes into the grid.
| Dylan16807 wrote:
| That's true when there's a sufficient density of home
| solar panels.
|
| If they add up to a percent or two of the local grid,
| then control is not necessary.
|
| Also you could design a solar system to not backfeed.
| ssl-3 wrote:
| They don't _need_ that kind of control, as evidenced by
| the fact that this kind of control is largely absent
| today for residential-scale grid-tied solar
| installations.
|
| The way it works today for common residential grid-ties
| is this:
|
| 1. Is grid up? Y/N
|
| 2. If Y, then supply excess locally-generated power to
| grid. (Someone will implicitly use it.)
|
| 3. If N, then turn off connection to grid. (Nobody's home
| and we don't want to hurt anybody.)
| 10u152 wrote:
| It's a bit more sophisticated than that. On a mild sunny
| day your local network will be saturated with PV power
| and the supply voltage will creep up. It's an enforced
| regulation here (Aus) that the inverters will
| curtail/shut down based on grid over voltage. No
| networking required.
| moepstar wrote:
| > but the grid operator has to have control about how
| much power goes into the grid
|
| Here in Germany this works by specialised devices called
| "Funkrundsteuerempfanger" (rough translation: radio
| controlled receiver, according to Wikipedia[0] it's
| "radio teleswitch")
|
| [0] https://en.wikipedia.org/wiki/Radio_teleswitch
| viraptor wrote:
| Usually you want some way of monitoring how much energy your
| panels are producing. This helps to realise you need to clean
| the panels or do some maintenance if panels start failing. Or
| it may be useful for scheduling home appliance usage.
|
| But in practice this almost always means connecting to the
| internet, because the simplest interface is wifi and data
| collection/display at the producer's servers. So any extra
| features == internet connection.
| lcnPylGDnU4H9OF wrote:
| What would be a good method for keeping the IoT Thing from
| talking to a machine beyond my locally administered network?
| wmf wrote:
| A firewall.
| viraptor wrote:
| Never connect it to the WiFi/Ethernet? Or if you do, filter
| the traffic. Unfortunately that's often not possible on
| consumer class modems.
| lazide wrote:
| Often the equipment won't actually work either if you try
| to filter it meaningfully. I've had IoT cameras (in
| particular) that would brick themselves if you didn't
| allow 443 to all Amazon IP blocks. :s
| sedro wrote:
| A separate VLAN, if your router is capable
| ndriscoll wrote:
| Don't plug it in unless you have the expertise to already
| know the answer to that question. That should also be your
| advice to any friends/family. Plugging something like this
| into a network is a horrifically bad idea.
|
| This is like asking people on the Internet how to safely
| mix random household cleaning chemicals. If you don't have
| the background to answer that yourself, you should not be
| doing household chemistry.
| pavon wrote:
| I found out after our solar system was installed that the
| enphase inverter came with a cell modem for monitoring
| and remote management. Our installers didn't know how or
| even if it was possible to configure the system without
| one.
| pilingual wrote:
| Enphase required the cell connection when I checked a
| couple years ago. Sol-Ark makes a solid hybrid inverter
| and allows offline operation.
| ndriscoll wrote:
| Now you know to advise people to look into that question
| before the install/find an installer that can guarantee
| it. If the thing can't easily have cell function disabled
| (e.g. by pulling a readily accessible card), then advise
| people to stay away from enphase.
| classichasclass wrote:
| After I bought out our panels, I found the Enphase modem
| and disconnected it. It was a USB box connected to the
| monitoring unit, the monitoring unit has other networking
| options, and it's mine anyway.
| bokkies wrote:
| I have a sunsynk inverter which is the same hardware as
| deye but apparently different software. I have it hooked up
| to a Pi4b running home assistant using this
| https://github.com/kellerza/sunsynk and it has no direct
| internet access. I can connect to my home network using
| tailscale to monitor power usage and generation through the
| HA app if I'm not at home
| breeskee wrote:
| I stuck IOT stuff on a cheap linksys WRT router with
| ExpressVPN firmware. It forces all clients out over that so
| Nest, Amazon et al can't snitch or sell my demographics or
| billing address to people. Not tying it to my home IP
| anyway.
|
| but this require a DMZ or a second external IP address (I
| have both with centurylink) because if it's double nat on
| your home network. Thee devices can access your home
| network.
| breeskee wrote:
| (If you don't want IOT talking to the internet at all, set
| up an internal dhcp server and give the devices a bunk
| router address .
|
| If my gateway were 192.168.1.1 , I just set that clients
| gateway as 192.168.1.254)
|
| Misread your question. Sorry. Most of my devices I do want
| talking to the internet. Just not on my home IP.
| ssl-3 wrote:
| VLANs. One for you, one for the Chinese shit.
|
| Keep your [phone/PC/whatever] on one VLAN, with a NAT
| gateway, and they'll work just as they do now.
|
| Keep the IoT Things inside of their own VLAN, without a
| gateway to the Internet.
|
| And if a device like Home Assistant or whatever needs to
| exist on both VLANs in order to be useful, then: Make sure
| it isn't forwarding/routing/NATing packets.
|
| ---
|
| The implementation details vary, but they needn't be
| particularly expensive.
|
| What I do at home is run OpenWRT on a Pi 4 for my home
| routing purposes. It's fast enough for my needs and it's
| got simple GUI configuration options for VLAN. (Why
| OpenWRT? Because it's easy for me to puzzle out when I need
| to adjust something after a few months or a year -- I don't
| deal with routing every day, nor do I wish to. (Also SQM is
| a built-in, which always keeps WAN latency tolerable.))
|
| From there, I've got cheap managed switches that
| enforce/insert VLAN tags where that is useful to me, so I
| can decide which physical ports are capable of talking to
| whichever VLANs.
|
| And from there, I've got relatively inexpensive Mikrotik
| access points that are configured to provide different
| SSIDs for different VLANs.
|
| It all works OK, though more enterprisey folks will almost
| certainly choose a very different path.
| stavros wrote:
| > One for you, one for the Chinese shit.
|
| Can you give an example of tech devices that aren't
| manufactured in China?
| ssl-3 wrote:
| No, not specifically.
|
| (To bring this to the logical conclusion: So much for
| Internet access.) ;)
| stavros wrote:
| So much for internet access even for you! Your router is
| also made in China.
| ssl-3 wrote:
| Good point. It was made in England, actually.
|
| (From Chinese parts.)
| stavros wrote:
| Well, that's probably fine though.
| snakeyjake wrote:
| There are many tech devices not made in china.
|
| That all tech devices are made in china is a myth
| propagated by the ignorant (or malicious).
|
| From the raspberry pi (UK) to Samsung Galaxy (South
| Korea) it is trivial to find a product not made in China
| once you leave the low end of the market.
|
| And now even the low end has alternatives if you spend
| some time and effort.
|
| Name any category of product whatsoever and I will
| personally find you a non-Chinese alternative.
|
| Even many things "made" in China are only really
| assembled in China. A computer that's "made" in China is
| often just slapped together like a lego kit from pieces
| made in Thailand, South Korea, Germany, the US, Singapore
| and Taiwan (which isn't a part of China).
| freddie_mercury wrote:
| I'm pretty sure any Samsung Galaxy in the US was made in
| Vietnam in the Thai Binh factory, which I used to live
| close to.
|
| The South Koreanan manufactured units are generally only
| sold in South Korea.
| swores wrote:
| > _" From the raspberry pi (UK)"_
|
| Without having put any specific thought into it, I always
| assumed that while designed in the UK they would be
| manufacturing them in Asia, so it's a pleasant surprise
| to find out that you're mostly right - the majority have
| been made in Wales (part of the UK)!
|
| However some are made in Asia, including China. Quoting
| Wikipedia (plus the citation links):
|
| > _" Most Raspberry Pis are made in a Sony factory in
| Pencoed, Wales,[19] while others are made in China and
| Japan.[20][21]"
|
| > [19] https://www.sonypencoed.co.uk/about/
|
| > [20] https://www.zdnet.com/article/14-million-
| raspberry-pis-sold-... _
|
| The second link (20) is from 2017, with headline _"
| Raspberry Pi: 14 million sold, 10 million made in the
| UK"_
| ryao wrote:
| I thought that the Raspberry Pi was considered the low
| end of the market. What is the low end if not the
| Raspberry Pi?
| snakeyjake wrote:
| There are numerous "X-pi" clones that you can get which
| represent, to me, the real low end.
| sangnoir wrote:
| Tbf, they meant stuff where the firmware updates and/or
| control-plane are controlled by Chinese servers. I'll go
| further: _all_ Internet of shiT gadgets shouldn 't be
| allowed to phone home: Chinese, Korean, American, doesn't
| matter. One day, the manufacturer/operator will use. That
| internet connection in ways contrary to customers best
| interests.
| stavros wrote:
| I agree, I use Zigbee and anything that uses wifi is on
| its own VLAN (wherever it's made, it's not like I trust
| Meta more, for example).
| Loughla wrote:
| Our setup looks exactly like yours I think. One
| connection for humans, one for machines. The two shall
| never meet.
|
| It takes a little bit of setup, and less than $200.
| Anyone techy should do this; it's essentially maintenance
| free once running.
| nickphx wrote:
| Yeah that works great until the partitioned device
| decides it requires Internet access and ceases operation.
| I recently had a Bose soundbar refuse to play sound until
| it was connected to the internet.. it promptly downloaded
| some massive 2gb update, then bricked itself while
| updating.
| anonymousiam wrote:
| VLANs are great. Unfortunately, I've got an unmanaged
| 12-port PoE+ switch that doesn't support them. My
| workaround is to put two subnets on the same physical
| LAN, and my DHCP server (pihole) has an IP address on
| each subnet.
|
| My (openWRT) router also has IPs on both subnets, and
| routes both LANs to the WAN. Restricting/throttling WAN
| bandwidth is easily managed in OpenWRT. Preventing WAN
| access is easily done by not providing a gateway in the
| DHCP assignment (pihole).
|
| Obviously the big difference between this and a VLAN is
| that an ill-behaved device could still access the other
| subnet, and could still discover the gateway and route to
| the WAN. So far, none of the IoT crap on my restricted
| subnet has misbehaved.
| drdaeman wrote:
| The issue is that a lot of IoT things won't even work
| unless they have Internet connection and a registered
| account.
|
| The careful approach to IoT is to never connect a device to
| anything, dump the firmware, analyze it, reflash the EEPROM
| with patched TLS certificates (if necessary), write your
| own server implementation, let the IoT device join a
| dedicated IoT WiFi network, on that network run everything
| through a gateway pretending to be "the Internet", where
| the emulated server is running. Yep, it's this bad.
|
| Of course, if the device or its malfunction cannot cause
| sufficient harm (e.g. it's a light, usually it's not worth
| to reverse engineer it) then just run it on a separate SSID
| and VLAN, with least access necessary to get it running
| (starting from blocking everything and allowing network by
| network until it works).
|
| And, uh, if the device has a LTE or can use something like
| Amazon Sidewalk, it gets even trickier to keep it tame.
|
| I don't have any solar power stuff, but I did this with my
| old cat feeder machine. In the process I discovered a
| service/backdoor SSH account, a system that does not
| encrypt p-frames at all before uploading data to the cloud,
| and a bunch of other things that made me happy I did not
| connect it to any public networks. Short conclusion:
| consider against with a camera or a microphone that runs on
| Tuya-developed firmware. Generalized conclusion: consider
| against IoT from any manufacturers you don't trust to fully
| respect your best interests, or aren't willing to audit
| first.
|
| The downside is obvious, of course. And with every year
| more and more manufacturers tighten up their hardware, but
| I'm certain the crappy programming and service backdoors
| are all there, only ways to mess with the network traffic
| or firmware are clamped down.
| wolrah wrote:
| > The issue is that a lot of IoT things won't even work
| unless they have Internet connection and a registered
| account.
|
| To a significant extent I see this as a "buyer beware"
| situation. Now, a lot of people aren't even really aware
| of the problem nor knowledgeable enough to know what to
| look for, but I'd expect the majority of the HN audience
| is both aware of and able to understand the problem
| enough to be capable of looking out for and avoiding it.
|
| I personally don't mind if a device uses internet
| connectivity to provide a useful service, but I refuse to
| buy anything that requires internet connectivity
| arbitrarily for functionality that could easily be
| performed locally. The first thing I do when I think a
| new IoT device might be neat is google "<product> Home
| Assistant" and see what comes up. If there's no
| integration or the integration is cloud based instead of
| local I probably won't buy it.
|
| IoT devices are not necessities, most of them are either
| luxury items or disposable novelties. You can always just
| not buy them. There are certainly some categories,
| particularly in the residential market, where it may be
| harder to find an option you find agreeable but its far
| from impossible. If every major offering in a category is
| bad in this way, you almost certainly don't actually need
| that thing.
| drdaeman wrote:
| > IoT devices are not necessities
|
| I wouldn't go that far.
|
| To best of my awareness, there are no good automatic cat
| feeders on the market - just crappy ones and tolerable
| ones.
|
| This doesn't mean they're a some novelty gimmick I don't
| really need. I've got two cats, one had developed a
| health condition that requires special diet - and I'd say
| that a feeders that track consumption and can recognize
| between two furry assholes and unlock only for the
| appropriate one, are basically a necessity for me here.
| Without those I would have to force unnatural feeding
| schedules on my cats, so I can watch them eating from
| their own bowls.
|
| Even basic stuff like smart lights isn't totally a
| gimmick. It's not just a light with phone for a remote
| control, after all. Being smart enough to e.g. not blast
| at full brightness in my eyes if I need something at
| nighttime is not just a fancy thing, but good for
| sleeping hygiene.
| ericd wrote:
| Highly recommend using solarassistant for this, instead -
| local server software that install on a raspi, and you hook a
| usb on the raspi to the WiFi dongle port on your inverter
| with a serial cable. Don't provide the inverter itself with
| any wifi credentials.
|
| Solar assistant has the bonus of interfacing your inverter
| with homeassistant, and letting it control the inverter/get
| signals from it (so you can do things like, if grid voltage
| drops to zero, do xyz)
| tguvot wrote:
| anything similar that works with solaredge ?
| layoric wrote:
| Mainly data collection (previous lead dev at solar forecasting
| startup). All the web UIs to view usage are also collecting
| useful information that can be used in forecasting models. One
| of the researches I worked with wrote some papers on using
| distributed home solar output measurements to assist with
| generating higher resolution irradiance forecasts and estimated
| actuals/observations. You have to do a lot of data cleaning to
| get this reliable though. Anyway, this data from memory was
| bought/sold for various research/commercial weather modeling.
| lxgr wrote:
| Besides the reasons others have already mentioned, load
| management comes to mind:
|
| Getting rid of excess energy in the grid can be just as hard a
| problem to solve as to deal with excess load, and being able to
| simply and very quickly remove some supply from the grid is
| very useful for that.
| bartvk wrote:
| It's just a bad idea. I got caught up in a situation where one
| company sold me a solar installation, then a subcontractor
| installed and configured it. Apparently they got into a spat
| about money, because the subcontractor told me to pay the bill
| straight to them.
|
| Otherwise they'd shut down the newly installed solar
| installation. I said, can you do that? Of course while talking,
| I changed the WiFi password.
| bennettnate5 wrote:
| Solar installations are expensive enough that some
| manufacturers can probably afford to integrate a cellular
| modem into the product (similar to how all new cars do it
| today). Good luck changing the Wi-Fi password on that!
| bartvk wrote:
| That's a very good point, and I don't like it.
| Loughla wrote:
| I'm not sure any company does that though. They're
| operating on pretty slim margins from what I understand,
| unless I'm wrong.
|
| Adding completely unused features just for fun isn't really
| a common business practice?
| Schiendelman wrote:
| Enphase does, as noted elsewhere in the dicussion on this
| post!
| LorenPechtel wrote:
| That's why you get lien releases from subcontractors before
| you pay the main contractor.
| plagiarist wrote:
| Too many idiots have bought internet-connected devices so now
| the inertia is in favor of the corporations to continue selling
| that.
| nunez wrote:
| Hi, idiot here. I badly wanted a US-made robot vacuum that
| uses LiDAR for mapping and a camera for object
| classification. This does not exist. Your only options are
| Chinese-owned-and-operated.
|
| I could flash them with Valetudo and wire them up to Home
| Assistant, but doing so requires me to solder shit to the
| JTAG circuit and buy some niche hardware, which requires me
| to open up the vac and potentially brick it. I'm not risking
| that on a $1200 device.
| greenthrow wrote:
| It's really nice to be able to check whether the state of your
| power is at home before you go there if there's a question.
| whitehexagon wrote:
| I have a Axpert MAX E. It has a WiFi AP constantly advertised.
| The only way to configure/disable that is via a .cn app! The
| app also allows remote control and monitoring of the inverter,
| via some unknown cloud server. I run everything local-only, so
| that is never going to happen.
| gruez wrote:
| > The only way to configure/disable that is via a .cn app!
|
| What does it even mean for an app to be ".cn"? Apps typically
| aren't identified by DNS names. Did you have to download it
| from a .cn domain? Is it just a roundabout way of saying the
| app was Chinese?
| sangnoir wrote:
| Its not roundabout at all
| toast0 wrote:
| > Apps typically aren't identified by DNS names.
|
| Aren't they, at least on Android?
|
| The gmail app is com.google.android.gm [1], and so on. The
| app ids are Java style reverse ordered dns names.
|
| [1] https://play.google.com/store/apps/details?id=com.googl
| e.and...
| gruez wrote:
| According to this definition, is there any meaningful
| difference between a ".cn app" and a ".com app" like
| com.zhiliaoapp.musically?
| danans wrote:
| It's not the solar inverters themselves that are usually
| internet connected, but rather the controller box (some kind of
| embedded system) that is internet connected to allow monitoring
| and control. Perhaps this manufacturer decided to economize and
| make both of them part of the same "box", with the result that
| an error condition in the controller would result in the non-
| operation of the inverter part.
|
| Some systems like mine (Enphase) do a good job of letting the
| inverters operate independently of the monitoring/control
| software. But to do this, I believe they need to add data
| storage to the inverters themselves in order to log data during
| a controller "outage".
| tguvot wrote:
| nice dashboards for information about generation. but most
| importantly remote troubleshooting/diagnostics. as example i
| have system made from multiple inverters, batteries, car
| charger and backup interface. after installation some stuff
| slightly misbehaved. manufacturer support were able to look at
| system logs and configuration and identify that system is
| slightly incorrectly wired/configured, after what installer was
| able to fix it. same thing goes for malfunctioning parts of
| system. support can take a glance at it and issue rma on spot
| Aeolun wrote:
| Where is the government when you need it...
| shrubble wrote:
| It's not clear how the device was bricked. Could it be reset to
| not be bricked by disconnecting it from the Internet and
| rebooting or reflashing?
| bagels wrote:
| This time, it's a malicious manufacturer, next time it's a
| malicious hacker. Doesn't seem like connecting these to the
| internet is worth it.
| 4ntiq wrote:
| I love the narrative of a Chinese manufacturer selling
| electronics to the West only to one day shut everything off for
| no reason at all than to fuck with people and disappear and for
| people to find out the supposedly registered company never
| existed. It's like a trashy, second-rate William Gibson knock
| off novel but there's something awfully amusing about it.
| lazide wrote:
| Frankly it doesn't even require (special) maliciousness (per-
| se) - spinning up random 'brands' to sell to rubes on Amazon
| while obfuscating beneficial owners is essentially standard
| operating procedure.
|
| The only surprising thing here is they took an action to
| brick something instead of just abandoning it.
| 4ntiq wrote:
| >The only surprising thing here is they took an action to
| brick something instead of just abandoning it.
|
| You're right, but I wouldn't say surprising. I do wonder
| what would happen if the units just stopped working
| outright one day and they're all intended to be gridded and
| nothing works properly anymore and the distributors are
| stumped and can't get ahold of anyone.
| lazide wrote:
| Fair point - it would be trivial frankly to embed a 'bug'
| which causes them to all brick at some arbitrary point in
| the future too. Considering the level the firmware works
| at, probably even catch on fire.
| profsummergig wrote:
| > and for people to find out the supposedly registered
| company never existed
|
| This already happened to me. Sort of.
|
| Saw an advt for Air Jordans for $7. With a pic of actual Air
| Jordans. Thought to myself, "it's only $7, let's see what
| happens".
|
| A very sorry looking pair of shoes arrived a couple weeks
| later. With "Air Jordan" printed on them. They weren't actual
| Air Jordans.
|
| There was no way, absolutely no way, to get in touch with the
| Chinese company that did this.
| 4ntiq wrote:
| .. y-you wouldn't happen to still have them or are by any
| chance selling them would you? Strictly asking for a
| friend.
|
| (one year later: "Auction sells rare early Air Jordan
| prototype for $3 million")
| wmf wrote:
| This is why it's worth paying a few dollars more for
| certified superfakes instead of the regular fakes.
| t-3 wrote:
| Probably wrong to classify the manufacturer as malicious rather
| than the importer. Sounds like these units were brought to the
| US in violation of contractual agreements and thus were
| disabled when the manufacturer decided to enforce it.
| yuliyp wrote:
| But regardless, they're clearly not owned by Deye any longer.
| Causing damage to an unrelated party in retaliation for a
| contract dispute between two manufacturers is not OK.
| A1kmm wrote:
| It's likely they had no contractual agreement with the
| current owners of the inverters, and yet they have elected to
| wilfully damage the property of the current owners because
| they can.
|
| Wilfully damaging someone else's property without permission
| of the current owner seems pretty malicious, regardless of
| whether the importers (or maybe someone who supplied to the
| importer) were in breach of a contract.
| lxgr wrote:
| Deciding to enforce something like this after your product
| has already been sold/installed seems extremely dubious.
|
| Even just building in the capability (assuming this wasn't
| installed via a generic software update, in which case I'd
| have some follow-up questions on the security against malware
| of these things) shows significant malicious intent.
| bagels wrote:
| Manufacturer did something with intent to damage someone
| else's property. Seems to fit the definition to me.
| keyle wrote:
| Any idea what the impact is for the state grids? I wonder if they
| got a sudden drop in feed-ins and whether it affects pricing.
|
| Any idea how common this manufacturer is across the place?
|
| I'm not from the states, but I do know that if my solar would be
| bricked, it would take me weeks to find out. I don't exactly
| check up on it and it's out of sight.
| nullc wrote:
| Most of the users of these products were off grid.
|
| A number of the products used in off grid installs have
| invasive IOT remote access/administration.
|
| It's only a matter of time until it leads to loss of life--
| e.g. from people who freeze to death because they can't
| reconfigure or turn up a system without internet access which
| is out or doesn't work without power--, if it hasn't already.
| lazide wrote:
| Yeah, off grid (as in actually off grid) is a great example
| of 'simple is better' and 'physical redundancy is essential'.
|
| It's also the place where money ($$) is often the most
| constraining factor, so cheap amazon shit tends to be the
| norm.
| crooked-v wrote:
| Going by the article, it looks like the title is incorrect and it
| was Deye (the manufacturer) that did it and not Sol-Ark (the US
| distributor).
| greenthrow wrote:
| To be clear, Sol-Ark isn't only the distributor but per their
| own claims also designed and engineered the units too.
| tibbydudeza wrote:
| Deye manufactured vs the units for OEM use different
| components - they build to spec.
| echelon wrote:
| The biggest takeaway here should be that we need a _domestic_
| solar industry.
|
| We can't hold Deye or Chinese companies culpable.
|
| Moreover, this should serve as a warning shot for what could
| become a national security issue if we keep juggling
| international suppliers for critical infrastructure. They'll
| all have the capability of shutting down US electricity, which
| is unacceptable.
|
| There's no reason we should be importing this stuff.
| 10u152 wrote:
| There are US manufacturers. I have a Tesla PW3 made in the
| U.S. and it includes solar charge controllers, batteries and
| inverter.
|
| Pretty competitive too.
| AyyEye wrote:
| > The biggest takeaway here should be that we need a domestic
| solar industry. We can't hold Deye or Chinese companies
| culpable.
|
| No, the takeaway is to not allow corps to have remote access
| to end-user owned devices in the first place.
|
| This story of perfectly capable devices being bricked or
| having servers shut off has been told so many times with
| domestic (or friendly countries) companies it's laughable
| that the conclusion is 'do the same thing but onshore'.
| andix wrote:
| Im sure there is some US law, that considers this an act of
| terror against the national power grid ;)
| gdjskshh wrote:
| I agree. We should make an example out of the folks that
| financially gained from enabling this - the consumers that
| saved money by purchasing equipment from AliExpress and then
| connecting it to the grid.
|
| We lost manufacturing to China, let's not lose distribution
| too. AliExpress, Temu, Shein - None should be tolerated. You
| should either buy directly from an international manufacturer,
| or through a US-based distributor.
| hakfoo wrote:
| Aren't some of those platforms more-or-less official outlets
| of the manufacturer for some brands already?
|
| While it's entirely possible some of the storefronts are just
| flashing "official widgetco shop" as a credibility-enhancing
| gesture, it's probably also the easiest way if you're a
| Chinese firm with little understanding of global last-mile
| logistics and small-dollar payment processing to get into the
| direct-to-consumer business. I thought AliExpress was spawned
| from the B2B relationships Alibaba already had.
|
| If you put up a rule like that, I suspect those sites would
| just pivot to being "Shopify for Chinese Vendors" -- offering
| an embeddable storefront that the manufacturer can put
| directly on their page. The only losers would be the
| consumers, who would no longer get the convenience of
| centralized search, being able to put together an order from
| ten vendors in a single shopping cart, and the ability to
| efficiently combine shipping.
|
| And let's not say "we lost manufacturing." We GAVE IT AWAY.
| It's not just that foreign labour is cheaper, it's that Asia
| was industrializing later, so you get state-of-the-science
| facilities, while the American plant is 50 years old and
| nobody wants to splash the capex to rebuild it to modern
| standards.
| int_19h wrote:
| What you're saying is that American companies should be able
| to profit from the price disparity between China and US by
| reselling Chinese goods to US consumers at massively inflated
| prices, but regular Americans should not be able to do the
| same on their own.
| Firerouge wrote:
| Sol-Ark certainly seems to embody 'never let a crisis go to waste
| '.
|
| Sol-Ark may not have pulled the trigger on bricking the
| inverters, but it certainly sounds like their legal actions
| pressed Deye's hand.
|
| And then to shake down all the individuals who's inverters broke
| with a limited time opportunity to buy a brand new one from
| them....
| kstenerud wrote:
| Wait, what? So defending your rights under an exclusivity
| agreement through the courts is somehow now "forcing" their
| hand? The evil Sol-Ark by suing for compliance to their
| contract pushed the hapless Deye into bricking consumers
| hardware?
| Firerouge wrote:
| I like how you quoted forcing, but I very specifically did
| not use that term.
|
| Had there been no exclusivity agreement, I think we can agree
| that the inverters would not of been bricked for being
| located in the wrong regions.
|
| I think the malice from Sol-Ark here is that they are only
| offering a limited time deal, which may pressure people to
| pay up before the courts clear this up.
|
| Regardless of who shares the majority of the blame, Sol-Ark,
| Deye or 3rd party vendors, this could of been handled better
| by all parties involved, and should not have harmed end
| consumers in this way.
| lazide wrote:
| Blaming Sol-Ark for that is just absurd.
| mint2 wrote:
| It's unclear who caused it exactly, but sol-ark does not
| seem to be at fault unless one thinks exclusivity contracts
| are illegal or wrong.
|
| It seems deye either willfully or negligently ignore their
| contract they made with sol ark. Or their middle men in
| other countries did. Deye then punished the end users for
| deye's lapses.
|
| Where does solark get blame unless the exclusivity contract
| is what one objects to.
| int_19h wrote:
| When the purpose of the exclusivity contract is to sell
| something at 5x the price it is sold for in other
| markets, I think most people would reasonably describe
| this as price gouging.
| jrflowers wrote:
| > I like how you quoted forcing, but I very specifically
| did not use that term.
|
| I like that you substituted a similar word while
| paraphrasing a common phrase and then used the opportunity
| to say "I didn't mean what you thought I did. I meant
| something else but will not describe what that is exactly"
| greenthrow wrote:
| Why are you blaming Sol-Ark when Deye is the one in breach of
| contract taking illegal actions the entire time? Seems very
| disingenuous. They also did not force Deye's hand in this
| action and seem surprised by it.
| jeroenhd wrote:
| > in breach of contract
|
| I can't really figure out what they did that was in breach of
| contract. As far as I understand it, they don't do business
| inside the areas affected, so there is no contract to speak
| of. Instead, their authorized resellers seem to be the ones
| installing for their hardware; I don't even think it's legal
| to sell their hardware if it doesn't comply with FCC/etc
| guidelines.
|
| Is geo-blocking illegal? Am I entitled to a refund if I
| import American hardware that refuses to operate in my
| country?
|
| I think people were risking a broken setup for a big
| discount, and now it's come back to bite them in the ass. If
| the units affected were official installations done by their
| American reseller, their reseller wouldn't be so ready to
| offer up free replacements.
| SoftTalker wrote:
| Reason #42 that I don't want to own my electric supply equipment.
| I'm happy to pay a utility to provide AC power to my service
| panel.
| knappe wrote:
| The same utilities that are already turning off power at even
| the chance there are red flag warnings? Surely you're joking.
| SoftTalker wrote:
| I have never had my utility power cut for any cause other
| than storm/ice damage. And it's generally back on within a
| day, without any involvement on my part. If a hailstorm
| destroys my rooftop panels or a misbehaving vendor remotely
| shuts off my inverter, these are problems I now have to solve
| for myself. No thanks.
| knappe wrote:
| Your panels are covered by your home insurance, just like
| your roof. So you'd already be talking to your insurance
| agent if you had any hailstorm damage to your home. I'm
| really sure I see the point.
| triceratops wrote:
| Not a very productive comment...
| t-3 wrote:
| Can the firmware still be flashed? I found cloud-free custom
| firmware exists for these inverters with a quick search, so if
| the units can still be flashed many may be salvageable.
| lxgr wrote:
| I'm almost grateful to the manufacturer for demonstrating the
| terrifying kind of cyberattack enabled by such remote
| update/lockout functionality.
|
| Just imagine this kind of thing happening in a (probably not so
| distant) future in which a significant fraction of all
| electricity is being generated in a decentralized way, using
| devices such as this...
| _trampeltier wrote:
| There was already a case (many years ago), where something was
| wrong with an update. All inverters from a country did not
| start anymore. (You have to set the country or grid code in
| each inverter, so they know the grid limits).
| joe_the_user wrote:
| I'm not sure about this.
|
| I know various hackers, back in the day, were congratulated for
| their "public service" of showing vulnerabilities. The problem
| is that we've to a network infrastructure that is only secure
| by piecemeal bug fixes and ad-hoc filtering and moved to
| situation where hacking is a (maximally shady) business.
|
| Will things be different with power grid and other
| infrastructure because lives depend on it? I don't see any
| indications.
|
| " _The society at the stage of the integrated spectacle is
| characterized by five principal features: incessant
| technological renewal; fusion of State and economy; generalized
| secrecy, unanswerable lies; a perpetual present._ " Guy Debord,
| Commentaries on Society Of The Spectacle
| rootusrootus wrote:
| That is sort of a silver lining. We can use PR disasters as
| levers to make regulation happen which will hopefully add some
| protection in the future.
| tw04 wrote:
| Not sure why sol-ark is getting blamed.
|
| People were buying Chinese inverters meant for the Chinese market
| off aliexpress on the gray market and shipping them to other
| countries. Deye decided to crack down on the behavior.
|
| There's nothing indicating this has anything to do with sol-Ark
| at this point other than them being the approved distributor of
| rebranded deye inverters in the US.
| stavros wrote:
| What harm was it to Deye that these were being sold elsewhere,
| that they couldn't fix by saying "sorry, we only support
| China"?
| quintushoratius wrote:
| Two possibilities come to mind:
|
| 1. They're not properly licensed for other markets. Something
| equivalent to selling a radio transmitter in the US that's
| not registered with the FCC.
|
| 2. They price units outside of Asian markets much higher and
| don't want to allow/encourage arbitrage that they don't
| control.
|
| This is definitely a case of "porque no los dos" (or more).
| KANahas wrote:
| From a link in the article:
|
| > The contracts we sign with all dealers clearly stipulate
| that products that are not UL certified and listed by local
| power grid companies may not be sold or used in the United
| States, because the products do not meet US UL standards.
| If used in violation of this policy, the devices may pose
| significant-safety risks. To address this, Deye has built a
| verification mechanism into the devices. The pop-up alert
| is automatically triggered by the device's authorization
| verification mechanism, rather than by any human
| intervention.
| myself248 wrote:
| Yeah, which is garbage. UL is a certification body, not a
| legal requirement. Your insurance might want it, your
| utility might want it.
|
| But there's plenty of ways to use solar inverters where
| neither of those factors applies.
|
| And furthermore, you can buy tons of non-UL-certified
| junk at Harbor Freight and plug it in yourself. It's not
| like there's a magic forcefield at the border that these
| Deye units somehow slipped through. Using that as an
| explanation for disabling their hardware is so
| insubstantial as to be just this side of an outright lie.
|
| And I'm astonished that the linked article isn't calling
| them out on it.
| stefan_ wrote:
| Different countries have different laws and requirements
| around grid-connected inverters, mostly so people working on
| the grid don't get electrocuted when a stray inverter keeps
| feeding in power.
| CyanLite2 wrote:
| Sol-Ark's markup is like 5x the list price just for the
| official rebadged version. Sol-Arks ("US veteran owned
| company") still have the firmware made in China, and are
| susceptible to Chinese hackers, and had to be bought through a
| distributor. So naturally people went with off-listed Deye
| inverters because of the scheningans from Sol-Ark.
|
| Now, people are without power and they have to go to Sol-Ark to
| get power restored, likely by paying through the nose.
| greenthrow wrote:
| That's one way to frame it. Another is Sol-ark incurs costs
| of developing, marketing and supporting their official
| devices and the contract manufacturer is able to sell their
| own version in the Chinese market. Greedy people who don't
| want to pay Sol-ark for all the costs they incurred bought
| grey market devices that Sol-ark has repeatedly warned are in
| contract violation in this market. The manufacturer, not Sol-
| ark, has now bricked those devices, and people are blaming
| Sol-ark anyway because they want to continue to justify their
| actions.
| int_19h wrote:
| If the people are buying directly from manufacturer, why
| should any costs that Sol-ark has incurred be their
| concern? They aren't using the official devices, so they
| aren't enjoying any advantages of that, either.
| RHSeeger wrote:
| Because those costs were incurred with the plan to recoup
| the cost from sales in the US, and (presumably) those
| people are bypassing the licensed sale/use; which ruins
| that plan.
|
| Your question is really no different than asking why it's
| not legal for me photocopy books and ignore copyright.
| MortyWaves wrote:
| Actions like this should forever ban an organisation and its
| executives from operating in anyway in the countries affected.
| metalman wrote:
| off grid here,off and on since the early 90's current iteration
| uses US made charge controller and inverter, midn9ght and magnum
| both capable of firmware updates, but continue to function after
| 10 years without coms.The midnight controller did pop up a cheeky
| message of "got coms?" for years, but for some reason , gave up.
| The thing with both of these pieces of equpiment is that they are
| designed by bad ass electrical engineers to survive and continue
| to function under the worst conditions..... and then some, which
| I have personaly tested. I believe that a firware update could be
| done with any old laptop, and that while as a new owner I did go
| all ocd watching all of the data(did learn a lot), now I
| sometimes forget that the system exists, ......its that reliable
| Schiendelman wrote:
| What products would you recommend today?
| Filligree wrote:
| Not GP, but Victron makes some serious beasts. Their whole
| system is modular, so easy to expand, and it's local-only by
| default.
| Schiendelman wrote:
| Thank you for the excellent Saturday investigation topic!
| cenamus wrote:
| Interesting to see China do the same thing as the US did to China
| so many times. Only now it's wrong
| Cheer2171 wrote:
| Export controls =! Remotely disabling already-purchased
| hardware
| _trampeltier wrote:
| As far I know, software like CADs also just stopped in russia
| after the war started.
| zrail wrote:
| As a consumer and homeowner I try my hardest to buy "smart"
| things that only have local control, especially for important
| systems like power and HVAC. Our standby generator has a
| manufacturer supplied wifi pod that I never set up. Instead I use
| an RS485-to-USB dongle and monitor it myself with open source
| software. Our HVAC is the same to the greatest extent possible.
| When shopping for a new robot vacuum Valetudo[1] compatibility is
| an overriding concern.
|
| If/when we have solar installed it will not be connected to the
| manufacturer or distributor's cloud systems.
|
| [1]: https://valetudo.cloud
| nunez wrote:
| I love the idea of Valetudo but flashing devices with it is a
| hell of a lot of work (if you can at all) and projects like
| these aren't entirely safe from takeovers from malicious actors
| either.
| greenthrow wrote:
| Title is a bit misleading and makes it sound like Sol-Ark did
| this. They did not. Title should be "Deye manufacturer reportedly
| disables all Deye inverters in the US". They are the same entity
| but this wording avoids confusion about Sol-Ark being
| responsible.
| api wrote:
| If it depends on the cloud to operate it's not yours.
| greenthrow wrote:
| These devices do not depend on the cloud. If I want to take my
| Sol-Ark inverter offline I can just take the wifi dongle off
| it. Dunno about the bootleg Deye one.
| tibbydudeza wrote:
| I presume they locked out the solar recharging of the battery and
| home supply but do not stop mains grid power to the home ???.
| jchw wrote:
| It is extremely frustrating to watch "connected" "smart" devices
| repeatedly do exactly what we knew they would do, and yet nobody
| ever learns a damn thing. People will keep on buying Internet-
| connected devices, manufacturers will keep making them, this sort
| of thing will keep happening, and the rest of us will struggle to
| even find mass-manufactured things that are not Internet-
| connected and "smart".
|
| Even devices that are pretty much for "self-hosting" are
| increasingly trying to sneak in cloud-connected back doors, like
| Synology DSM trying to sneak in cloud authentication to your
| local NAS. Stop trying to make the devices I _bought_ for the
| purposes of having locally-managed devices depend on cloud
| services! My local network is not just a fucking gateway to cloud
| services!
| gdjskshh wrote:
| I gave up on Ubiquiti because of the cloud nonsense. Altium is
| pushing cloud hard (and pushing me to KiCAD). I'm a weirdo for
| using a mac w/ only a local account (no apple id). I can't buy
| any new or electric vehicles because they're all 'smart'.
|
| The cloud is artificial, so it must be chemtrails, which
| explains why modern software feels like its giving me cancer.
| Wake up sheeple. /s
| Matheus28 wrote:
| Can't you use ubiquiti fully locally? I haven't tested my
| setup but I can access the web ui directly through the device
| ip
| correnos wrote:
| Iirc they've got a one-year timeout for updates, after
| which they'll make you sign in with a unifi web account in
| order to update. Deeply frustrating.
| jacoblambda wrote:
| If you want an electric truck (or potentially an SUV),
| consider looking at an Edison Motors pickup truck retrofit.
| They are technically Diesel Electric instead of pure electric
| but you can customize the battery load if you want to run
| full electric. They don't do all the stupid cloud connected
| software stuff and they are all about repairability/self
| maintenance.
|
| Probably the only electric vehicle manufacturer that isn't
| egregiously tech-bro-y and dripping in dark patterns.
| rootusrootus wrote:
| Maybe the solution is not to abstain from the latest tech, but
| to regulate companies that make these devices so the
| shenanigans are actually illegal. It is not a problem that
| should only be solved by ideologically driven people who are
| willing to tinker and suffer, but rather a protection all
| citizens enjoy.
| pixl97 wrote:
| As long as companies can buy politicians in the US don't
| expect it to take off.
| jchw wrote:
| I'm not fully convinced that legislation alone can fix all of
| our problems, but for what it's worth, I'm all for it.
|
| That said, regulation probably won't solve _my_ problem,
| because what _I_ want are devices that are specifically not
| designed to just be cloud-connected thin-client devices. I
| doubt regulation is going to entirely prevent this class of
| device from existing. And it 's only going to get worse: look
| at what Microsoft is doing, they're literally trying to shift
| Windows into being a fucking cloud service.
| binary132 wrote:
| If anything regulators will prefer to abolish NON-connected
| devices.
| isodev wrote:
| The very iPhone I'm reading this on is one trade war/sanction
| away from becoming a useless brick of electronics that probably
| can't even show the time without calling to Apple every now and
| then.
| nunez wrote:
| I feel for customers impacted by this but hate that the only real
| choices customers have are local, but expensive, equipment or
| affordable, but outsourced equipment.
|
| This is endemic in the home automation space. Nearly everything
| is made and operated on Chinese soil. Like security cameras, or,
| in my case, our LiDAR and camera augmented robot vacuums.
|
| Some components, like lights and switches, have (very) expensive
| American alternatives. Some support ZigBee or Matter and can be
| controlled locally. Many many others require cloud infrastructure
| operated outside of the US and become bricks without it.
|
| I would love to see the US mandate ITAR for all IoT devices sold
| in the US. If anything, that will help prop up local alternatives
| like Matter since that will be way cheaper than building
| compliant cloud-connexted devices.
| joe_the_user wrote:
| The question is whether a customer has to actually connect
| these things to the net.
| nunez wrote:
| They do in many cases. Example: GE CYNC Wi-Fi lights require
| a connection to Savant's servers, which I believe are split
| between US and CN. They are one of few vendors that make BR30
| smart lights. Philips and LIFX aside, all of the other
| vendors require an Internet connection.
| hippich wrote:
| Regarding solark statement about using their own backend. I am
| pretty sure they transitioned to it around May 2024. Before that
| it was different site, which I am pretty sure was shared by all
| deye customers. I wonder if this event was planned well in
| advance...
| mastazi wrote:
| Here's what I want: by law, any device that is connected to the
| internet needs to have a warning on the box, similar to the one
| that's on cigarettes packaging, stating the risks of that device
| being online (bricking/loss of service, data might be compromised
| in a cyberattack, etc.)
| ronsor wrote:
| That will end up being as effective as California prop 65,
| better known as "that cancer warning everyone ignores."
| morningsam wrote:
| For it to be effective, all it needs is its complement: An
| easily recognizable green label saying "Doesn't connect to
| the internet", which is only allowed on the boxes of devices
| for which this is the case.
|
| Maybe some more levels in the middle like "only connects to
| the internet for firmware updates" (yellow) and "doesn't
| require internet access for core functionality" (orange).
| Basically Nutri-Score [1] for hardware.
|
| [1]: https://en.wikipedia.org/wiki/Nutri-Score
| echelon wrote:
| Hard to enforce those laws across international borders.
| Especially if there's an escalation of geopolitical tensions.
|
| Imagine if a country could turn off power to US homes during a
| conflict. This is critical infrastructure we should be making
| at home.
| Xelbair wrote:
| Here's what I want: by law, any device that i own should work
| perpetually until broken by me. If it requires 3rd party
| servers, let me configure alternatives. and if you sunset the
| servers completely you are mandated to release either: complete
| documentation how to create your own service to keep device
| working, or a full binary that supports ALL the features that
| were available throughout device's lifecycle. If you go
| bankrupt you are mandated to just open source your software in
| that case.
|
| and that's a minimum I'll settle on.
| RHSeeger wrote:
| > If you go bankrupt you are mandated to just open source
| your software in that case.
|
| Or insurance that covers the complete refund cost of all
| assets sold. There are cases where you may be using 3rd party
| software that you license that you cannot open source. And,
| in that case, you're on the hook for refunding the cost of
| the item.
| WJW wrote:
| What about mechanical devices that simply wear out? Even
| electronic devices can fail due to circumstances controlled
| neither by you nor by the manufacturer, like lightning
| strikes introducing violent transients in the grid supply.
|
| Also, cool beans that that is the minimum you'll settle on
| but how on earth would anyone enforce that? Open sourced
| software is not enough by far to make something work
| perpetually: the software will need to be run somewhere and
| most likely (since you are talking about some sort of net-
| connected software if this is relevant in the first place)
| will need security patching to keep up with CVEs. Who is
| going to pay for that? I don't think it will be the bankrupt
| entity that stopped existing 10 years ago.
| ryao wrote:
| I have a solar edge inverter. I never connected it to the
| Internet out of concern that this was possible. While it is a
| different company, this vindicates my concern.
| RA2lover wrote:
| I own a Guangzhou Sanjing R5-8K-S2 inverter that had issues
| shortly after installation where it was generating far less power
| than expected.
|
| The web telemetry panel had multiple gaps throughout the day
| where energy generation dropped to 0, but having datapoints
| logged every 10 minutes didn't give out enough information to
| determine why that was happening.
|
| It also had a current status endpoint which updated every 10
| seconds. I wrote a python script to log those updates into a
| file, and eventually discovered the inverter was shutting down
| itself and waiting 5 minutes every time it found its grid voltage
| to be greater than 241V.
|
| Installer wanted utility to lower the house's grid transformer
| tap, but needed authorization from Utility, who declined claiming
| it was already on the lowest tap possible. Cynically, i think
| they declined because lowering further would lower grid voltage
| at night below minimums they're contractually required to
| maintain.
|
| Tried going into the manufacturer's website to see if a firmware
| update could solve this. Couldn't find firmware updates, but i
| did find a manual for their local monitoring app, including a
| password for installer-only settings, set to "123456".
|
| The app doesn't include any functionality to change said password
| to something else, so i assume it's hardcoded. There was one
| change i could still legally do without violating anything -
| raising the grid shutdown threshold voltage from 241 to 242V.
| This change did get reflected in subsequent logs, so the settings
| panel is functional. I could technically increase that further
| (to a maximum of 275V), but that would expose me to liability.
|
| Parents suggest contacting the inverter's distributor for
| support, and they asked for a password i was never given.
| Apparently the manufacturer is suppopsed to create accounts for
| installers/distributors buying directly from them, and i somehow
| bypassed that process when creating an account for myself,
| without even realizing it.
|
| Some more clarification later, it turns out they can still
| remotely access the inverter with its serial number. After doing
| so, they "fixed" the issue without explaining how. Checking the
| installer settings interface, it turns out they just increased
| the grid overvoltage shutdown threshold to 275V right off the
| bat.
|
| At least i got them on record saying they did that, so i'm
| technically in the clear. Still, having that kind of access was
| scary enough to want to make me disconnect the inverter from the
| internet.
|
| Turns out its warranty (which only expires in 2036) has terms
| requiring it to stay connected to the internet. That's enough
| time to trigger WW3 and a resulting horus scenario
| (https://horusscenario.com/).
|
| Until then, the best i can do is to throttle the inverter's
| internet connection to something like 10kbps, which isn't enough
| to prevent someone persistent enough from uploading new firmware.
|
| Stories like this make me reconsider keeping it connected. I'm
| surprised we haven't seen inverter ransomware yet.
| thot_experiment wrote:
| To most of us HN denizens it's obvious that OTA updates and
| internet connectivity generally leads to the things we rely on
| being worse. It sucks to have something that works when you go
| bed and is broken the next morning because of some idiotic
| update.
|
| What can we do to modify capitalism so that this externality is
| correctly captured? I think most people, especially those who
| rely on these systems to do their jobs would tell you "I would
| gladly pay a premium to prevent outside influences from being
| able to brick my tractor (or whatever), if it's broken I want to
| be the one who has broken it." Is this something that could
| simply be solved by aggressive anti-trust? Surely this isn't the
| best future we can come up with.
___________________________________________________________________
(page generated 2024-11-30 23:01 UTC)