[HN Gopher] I found a backdoor into my bed
___________________________________________________________________
I found a backdoor into my bed
Author : riverdroid
Score : 498 points
Date : 2025-02-21 16:27 UTC (6 hours ago)
(HTM) web link (trufflesecurity.com)
(TXT) w3m dump (trufflesecurity.com)
| nadis wrote:
| "When I say backdoor, what am I referring to? Sure, Eight Sleep
| needs a way to push updates, provide service, and offer support.
| That's expected.
|
| What goes too far in my opinion, is allowing all of Eight Sleep's
| engineers to remotely SSH into every customer's bed and run
| arbitrary code that bypasses all forms of formal code review
| process.
|
| And yes, I found evidence that this is exactly what's happening."
|
| ^ wow, this is pretty wild. <insert joke about being careful
| about who you share a bed with>
| SeanAnderson wrote:
| Sounds like a good way to get bed bugs.
|
| .. I'll see myself out.
| Linkd wrote:
| even more so combined with the fact that these are supposedly
| being sent into the government.
| EvanAnderson wrote:
| The state of the product's security wasn't unexpected. I was,
| however, shocked by this part: > I was willing to
| overlook: > The bed costs $2,000 > It won't
| function if the internet goes down > Basic features are
| behind an additional $19/mo subscription > The bed's only
| controls are via mobile app
|
| Nothing about this bed should depend on off-site servers. Nothing
| about the product should necessitate a subscription fee.
|
| The market is clearly too stupid to vote against the rent seeking
| tech industry. It makes me so sad.
| readthenotes1 wrote:
| Conspicuous consumption drives a lot of irrational behavior
| jjice wrote:
| I've heard the sleep people get with this is excellent, but no
| way in hell am I paying a subscription and requiring an
| internet connection for my bed. The entire concept is just
| absurd. If it sells, it sells, I guess.
| megadata wrote:
| I've also heard people are having excellent sleep in their
| traditional modern beds. Me included.
| amarcheschi wrote:
| I've also heard about people finding new foam mattresses
| too hot :(
|
| like me. will buy a spring mattress next time
|
| Edit thank you for your recommendation but I'm in italy,
| European and American mattresses are quite different.
|
| Before discovering this, I once wrote to the customer
| support of the flamingo hotel, Las Vegas, because I loved
| their mattress: Hi, i do think that what i'm gonna write is
| weird, but anyway haha. On july of the summer 2019 i
| visited the fabulous las vegas. nor the nightlife neither
| the opulence of sin city could, however, reach the pinnacle
| of the human civilization, the mattress on which i slept at
| flamingo. I now have to change my own mattress at home, and
| i'm looking for the model on which i slept. the website
| only says "Simmons beautyrest", although Beautyrest is just
| a brand name used by simmons and doesn't mean a specific
| model. could you help me in this modern day divine comedy,
| be my Virgil and help me find the mattress name? Regards
| Name
|
| I got an answer: Thank you for contacting Caesars
| Entertainment. I was delighted to hear that you enjoyed our
| mattress on your visit! Currently, we are using the Simmons
| Hospitality Beautyrest Felicity Pillow Top. They can be
| purchased at https://caesarsguestpurchase.com/shop or
| 1-866-926-8233. Please feel free to write back if you have
| any further questions.
|
| Thank you for choosing Caesars for your gaming
| entertainment!
|
| Have an amazing day!
|
| Shirley
| dylan604 wrote:
| Have you tried a more firm foam mattress? I had similar
| sentiments about foam mattresses but they were all the
| type where you just feel like you're sinking into the
| foam.
| amarcheschi wrote:
| I did, but in the showrooms in the short time I tried
| them (and with jeans and clothes and so on) I didn't got
| that it was warmer than other firmer mattresses
| vl wrote:
| I use latex topper because of this. It works like foam,
| but has cold feel to it, and hypoallergenic dust mite
| resistant on top of that.
| quickgist wrote:
| How can a latex topper be hypoallergenic when tons of
| people are allergic to latex?
| craftkiller wrote:
| While going with a non-foam mattress will be colder than
| a foam mattress, if you were interested in a colder foam
| then I'd like to recommend latex mattresses. They're more
| expensive than memory foam and they feel different but I
| no longer overheat at night. Also I sleep better knowing
| my bed has proper kerning.
| cthalupa wrote:
| This all has me quite torn.
|
| The "smart" features on it are genuinely useful for me - I
| have sleep apnea, as well as an eight sleep + the electronic
| platform. It automatically changes the elevation of my head
| based on apnea events, and I see a marked reduction in them
| when using this feature.
|
| I have a cpap machine that also makes automatic adjustments
| but I still get noticeably better sleep quality with the
| eight sleep. I also really enjoy the temperature control,
| since it saves on HVAC costs vs. climate controlling the
| whole house. I've not tried an aquarium chiller for this
| purpose, though I have used one for doing temperature control
| on a beer fermenter, and I can extrapolate from there that I
| value the management of the actual eight sleep device vs.
| managing an aquarium chiller's temp control.
| EvanAnderson wrote:
| > The "smart" features on it are genuinely useful for me...
|
| All of those features could be provided by local compute,
| either nestled somewhere in the soft and fluffy gross
| profit margin of a $2,000 product, or with Bluetooth to a
| "thick" application running on a phone.
|
| The reason this product, and so many other "IoT" products,
| put their compute across the Internet is to facilitate a
| business model. The industry has the technology to put as
| much compute, storage, and reliability on-site with a high-
| margin, high-cost product like this.
| dylan604 wrote:
| Even if it were a nightstand device rather than a phone.
| The immediate loss of functionality when loss of signal
| to the mothership is an egregious design flaw. There's no
| reason the thing can't have a bit of storage so it can
| then upload the logged data when the signal returns.
|
| Of course, they'll probably claim AI running in the cloud
| is making the decisions which makes the local first
| controller not possible.
| gopher_space wrote:
| It's not a design flaw, they created a hardware loss-
| leader and then couldn't come up with any useful services
| you couldn't write yourself.
| plagiarist wrote:
| It would be nice if we could provide medical assistance to
| people who need it without jamming these devices full of
| adware garbage and forcing people to connect to the
| internet to use their own possessions.
| darksaints wrote:
| I love my device...it has profoundly changed my quality of
| sleep on the same scale that CPAP therapy has.
|
| Seeing the founder fellate Elon and his Doge employees has
| given me second thoughts. I may be looking for an aquarium
| chiller in my near future.
| balls187 wrote:
| Don't blame the market.
|
| Blame the engineers who know the risks of such foolishness that
| lack the courage and conviction to stand up to decision makers.
| dralley wrote:
| The market deserves _some_ blame here.
| balls187 wrote:
| My partner has difficulty sleep unless it is the perfect
| environment (black out curtains, noise cancellation, sound
| bath, temperature), and is more prone to the effects of a
| single bad nights sleep. For people like her, $20/mo +
| $2000 fee is a small price to pay for a solution to a very
| difficult problem.
|
| I would of course, attempt to veto unnecessary IoT devices
| and subscriptions for usage, but this would be a fight I
| would likely not win.
| squeaky-clean wrote:
| They're not complaining about the price. They're
| complaining about the high price for a bed where those
| high priced features stop working if your internet goes
| down, or there is a server outage, or you stop paying a
| monthly fee, or the original company goes bankrupt.
| binarymax wrote:
| How in the world does this necessitate a subscription?
| All of these things can work without centralization,
| setup once, and contained entirely within the home.
| balls187 wrote:
| > How in the world does this necessitate a subscription?
|
| I can only speculate.
|
| But, there is demand to improve sleep quality. The
| provider wants to charge a monthly fee for that.
|
| The market simply puts buys and sellers together. People
| making business decisions will stick with Econ 101--
| charge what the market will bare, and why shouldn't they?
| hn_acc1 wrote:
| >charge what they market will bare
|
| They want you to sleep without any clothing?
| exe34 wrote:
| She won't get any sleep if the wifi is down.
| balls187 wrote:
| Or if the power is out.
| geodel wrote:
| I think there is some naming convention gap here. I would
| call it Sleep Equipment as we have exercise equipments.
| Then folks will find pricing more reasonable. There is
| further opportunity to differentiate market with Sleep,
| Sleep Pro and Sleep Enterprise products.
|
| The pro and enterprise version would allow local server
| setup for critical sleep equipment functioning and can
| manage all beds in a household or hotel etc . It can
| update the version of software or data models when its
| online and new features are available on cloud server.
|
| I surmise at 300 dollar/month for pro version could be
| really attractive proposition. Of course local server
| setup and maintenance can be charged separately.
| kevincox wrote:
| How easy is it to know what works when the network is down
| before purchasing? Do you expect everyone to take down
| their wifi after purchase to test and return if it doesn't
| work?
|
| Maybe there should be a mandatory information sheet such as
| listing all functionality that stops working without a
| network connection.
| EvanAnderson wrote:
| Consumer protection regulation with mandatory labeling
| would be a good answer but, at least in the US, we're not
| going to have anything like that anytime soon (if ever).
|
| I don't have the enthusiasm to start a competing company.
| It sounds like the barrier to entry to the market is
| fairly low, the tech isn't unproven, and there appears to
| be a ton of margin.
|
| I assume Eight Sleep has a patent moat.
| mrighele wrote:
| Both. I also blame the guy willing to spend $2,000 for a
| glorified blanket that also needs a monthly subscription to
| work properly.
| dmonitor wrote:
| The real gem of this post is the aquarium temperature
| regulator solution. I'm tempted to implement it myself to
| deal with hot summers.
| dhosek wrote:
| I used to work for match.com and we had a readout in the
| office that streamed customer feedback. 90% of it was people
| who had paid subscriptions complaining about intrusive
| advertising on the site or in the app while logged in.
|
| I raised this at a meeting and was told that they weren't
| going to change it because it made too much money.
|
| I'm sure engineers raised issues about this as well and were
| shut down by the business people who are more than happy to
| risk customer satisfaction and security if it means more
| revenue.
| balls187 wrote:
| Respectfully, raising an issue isn't the same as taking a
| stand.
| hinkley wrote:
| At the very least, many products have unpopular features
| that are easier than one might expect to disable. And
| that's quite often down to a developer who disagrees
| creating or leaving a covert channel lying around to
| circumvent the feature. Their boss didn't tell them to
| put it in, and they didn't tell anyone about it so that
| it was insubordination if they didn't agree to take it
| out. Just a little something we accidentally left in for
| debugging or PoC purposes. Whupsie!
| adamc wrote:
| Finding another job and marking them as unethical on
| glassdoor would be more like taking a stand. Raising
| awareness of management is just the polite first step.
| yubblegum wrote:
| one of the reasons wallstreet invented outsourcing of
| uppity techs.
| exe34 wrote:
| I have a mortgage so I will follow all lawful orders. I'll
| blow the whistle if illegal activities are forced upon me,
| but if there's an ethical issue bothering you, I'd suggest
| you write to your MP or if you believe they are incompetent
| or hostile, to run against them in the next election and
| change the law yourself.
| triceratops wrote:
| > Blame the engineers
|
| I actually commend them for making money off the morons who
| dreamed this up. They've hopefully put it to better use.
| AtlasBarfed wrote:
| Software is devil-is-in-the-details to the extreme, and
| maximally opaque even to programmer-capable consumers, much
| less general consumers.
|
| And all tech companies are now founded with zero regard for
| good behavior. I mean, they don't even do minimal amounts of
| customer service, which is the bare minimum of having regard
| for your customers.
|
| In general, the IoT industry has suffered and adopters get
| burned over and over and over so the market is what it deserves
| in the long run. But that doesn't mean that snooping and
| monitoring doesn't increase insidiously year after year.
|
| This is a serious problem with future technology. What person
| would do cybernetics or similar life saving products from
| companies like this? Perhaps the rigor that Medtronic and
| similar device companies are subjected to would apply, but I'm
| not sure those regulations cover information security and
| privacy.
|
| We are clearly in an age of increasing authoritarianism. China
| has become far more authoritarian under Xi, right wing fascists
| are on the rise in Europe, and extreme partisanism just leads
| to round robin authoritarianism on the path we're on, assuming
| the next election happens. Russia is trying to expand its
| reach, and disrupt democratic institutions worldwide.
|
| Undermined privacy and data collection is the tools for total
| information awareness by authoritarian states, only made far
| far far far far far far worse by the rise of functional AI.
|
| The future of humanity is bleak. The filter approaches.
| waveBidder wrote:
| > Perhaps the rigor that Medtronic and similar device
| companies are subjected to would apply, but I'm not sure
| those regulations cover information security and privacy.
|
| As someone on an insulin pump they do. Iirc they have reps
| showing up at hacker conferences looking for red teams.
|
| Definitely agree with your worries generally though.
| hinkley wrote:
| You could probably extend from medical devices to children's
| toys. And once those are entrenched, go after the rest.
| HeyLaughingBoy wrote:
| > but I'm not sure those regulations cover information
| security
|
| They most certainly do. I'm deep into a security analysis of
| a similar device rn.
| moolcool wrote:
| I wonder if there'd be a cottage industry for new control
| boards which de-shittify IOT devices but keep their
| functionality. Like buy the bed, and then buy a little pre-
| programmed ESP32 logic board to replace the factory board.
| mikepurvis wrote:
| Probably could never make that kind of thing work at scale,
| but maybe as something within the maker community, perhaps
| adjacent to the world of 3d printing, Arduino, and RPi.
| moolcool wrote:
| There'd probably be a few liability concerns at scale. Like
| if you made a replacement board for a Keurig to allow
| aftermarket k-cups, it'd likely be a matter of time before
| Keurig sued you, or someone burnt their house down.
| hinkley wrote:
| If smart devices were required to have standard pinouts that
| were arduino or raspberry Pi compatible, that would make me
| so happy.
| willglynn wrote:
| ESPHome fills much of this niche for me. It's a framework for
| turning YAML device definitions into custom microcontroller
| firmware, with myriad supporting tools. The official device
| database at https://devices.esphome.io lists 554 devices but
| that's nowhere near the end of it.
|
| Most manufacturers bolt on IOT functions by dropping an off-
| the-shelf module onto their device-specific board. It's
| sometimes possible to replace the factory firmware with
| ESPHome, sometimes even using over-the-air updates. For
| example, AirGradient air quality sensors:
| https://github.com/MallocArray/airgradient_esphome
|
| Even when it isn't possible to commandeer the factory IOT
| module, the fact that it _is_ a module is still useful,
| because it's almost always possible to inhibit or remove the
| factory module and connect your own instead. The factory IOT
| module controls and senses the device, so your replacement
| module can too, using the same pins. For example, an IOT air
| filter: https://github.com/mill1000/esphome-winix-c545#final-
| assembl...
|
| Some devices are designed around multidrop communication
| busses. These are usually even easier, since the ability to
| join the bus is an intended design feature, even if the
| device you're using is not intended. For example, many
| Samsung residential HVAC systems:
| https://github.com/omerfaruk-
| aran/esphome_samsung_hvac_bus/d...
| haliskerbas wrote:
| I feel like websites like https://www.tindie.com could
| definitely fill that gap. It's like an Etsy + Hackaday where
| people sell different levels of hardware etc.
| LeifCarrotson wrote:
| As an EE, there's a healthy amount of this in some industries
| with very high costs, equipment use beyond manufacturer
| obsolescence, and in hobby circles with technical
| enthusiasts. But not generic devices for the general
| population.
|
| At my day job, we've replaced and re-engineered controllers
| in industrial laser cutters, CNCs, welders, robots, and
| similar equipment. There are replacement control boards for
| hobbyist stuff like pinball machines, motorcycles, retro
| computers, and retro game consoles.
|
| But as evidenced by the fact that people are buying shitty
| cloud-only IoT devices, neither the interest nor the capacity
| to do this is common.
| HeyLaughingBoy wrote:
| Likewise, I've looked into this after being asked to build
| retrofit electronics for both expensive machine tools and
| consumer goods (I had a client who was adding bill
| acceptors to massage chairs and other items). I was never
| able to find a niche with a consistent need. They do exist
| but are hard to find.
| Rebelgecko wrote:
| These do exist for a number of devices. There's actually a
| number of options for things like alarm systems
| boogieup wrote:
| I wonder if we could just make this kind of thing illegal so
| companies can't get away with it anymore.
| nicoburns wrote:
| I think this would need to be enabled by regulation that
| forced the original manufacturers to make their products
| open. Hopefully we'll get that eventually.
| xg15 wrote:
| In addition to everything else, also love how a bed with the
| express purpose to increase sleep quality requires you to open
| your phone every time you want to adjust a setting.
| cthalupa wrote:
| The newer models have a touch control panel on the side.
| Different taps to adjust settings.
|
| Not that this ameliorates all the other issues here.
| hinkley wrote:
| I'm still fairly upset that ambient devices never really took
| off. Nanoleaf at least made a remote like this. It's a
| dodecahedron with an accelerometer, so you can program each
| face with a different setting. The simplest being to program
| opposing faces for two different light levels. You want to
| take a nap, turn the controller upside down.
| kevindamm wrote:
| I like this idea, now I want to make one of those. Even a
| two- or six-sided one would be useful, and I can print
| different enclosures and reprogram the feather or ESP if I
| want to add sides.
| hinkley wrote:
| I don't think they sell it anymore, but I forgot it's
| actually a HomeKit controller, so you could (try) to use
| it to control several devices at once. Since only one
| face is up at a time you would have to gang the
| behaviors, such as turning off several lights or turning
| them on.
|
| Old CNet article: https://www.cnet.com/reviews/nanoleaf-
| remote-review/
| kolektiv wrote:
| See my comment to a sibling:
| https://news.ycombinator.com/item?id=43132279 - there's a
| few simple little functional objects out there which make
| this kind of process quite easy.
| HeyLaughingBoy wrote:
| Wow. I love that UI concept!
| mrWiz wrote:
| I've got a cube that's hooked into my Home Assistant setup
| that works similarly. Flipping the cube upside down turns
| my bedside light on or off, rotating it clockwise increases
| the brightness, and counterclockwise decreases it.
| lblume wrote:
| How exactly does it communicate these changes, if I might
| ask?
| Tyr42 wrote:
| Check out the zigbee2mqtt page for the cube
|
| https://www.zigbee2mqtt.io/devices/MFKZQ01LM.html
| kolektiv wrote:
| I did something similar using these:
| https://eu.aqara.com/products/aqara-cube-t1-pro (or
| rather, an earlier iteration). Just Zigbee, nothing too
| complex, and then you hook it into something which knows
| how to interpret the events it sends (or events + current
| state if you want it to be a little more contextually
| smart). I generally tried to centralise the smarts, dumb
| devices and a smart interpreter always worked out more
| robust than clever devices. It's amazing how many
| combinations of actions you can indicate just by
| shaking/tapping/turning/flipping - more than enough to do
| the things you commonly do with one actuator (a light or
| set of lights for example).
| hinkley wrote:
| One that comes to mind is: flip over to turn on/off, flip
| over and back again to randomize (like a snow globe).
| TheSpiceIsLife wrote:
| And if a guest comes round and messes it, the lights dim,
| blood runs down the walls, nails come out of your head,
| and the furniture starts moving.
| Freak_NL wrote:
| Sounds good until you come home to a house flashing like a
| Christmas tree because your kid needed another D12 for
| their table-top role-playing game.
| burnished wrote:
| You see a bug, I see a feature
| stavros wrote:
| There are a bunch of Zigbee switches, rockers, etc
| (including the Aqara cube people mentioned) that you can
| use as rich controls.
| KPGv2 wrote:
| There was a cool device I saw once, used for timing your
| work. You'd program the faces for different tasks (bug
| fixes, new features, etc.) and whatever you worked on,
| you'd have that face up, and when you changed tasks, you'd
| turn it to something else, and it would track how you spent
| your time.
| BobaFloutist wrote:
| That sounds cool, but I'm a little resistant to being asked
| to remember to charge my lightswitch.
| gpm wrote:
| Could maybe be made low enough power that it can power
| itself via ambient light (like an old school calculator)
| or radio waves.
| BobaFloutist wrote:
| That would be cool, but I haven't actually seen it in
| anything other than an old school calculator so I assume
| the limitations are pretty significant.
| connicpu wrote:
| I agree with this so much. Opening an app is the last thing I
| want to do to adjust something while I'm in bed. I have a
| zigbee lightswitch so I can turn the light off from bed, and
| sure I could open an app to do that, but it's so much better
| to get a zigbee button and stick it to the wall above my head
| and program it to control the lightswitch.
|
| Unlike all the cloud garbage, my zigbee devices continue to
| function even when the internet is down. I have my zigbee hub
| (Home Assistant Yellow) on a battery backup, so all the
| zigbee devices with a battery keep functioning even when the
| power is out (like my automatic cat feeders)
| mvanbaak wrote:
| Totally agree. I got a philips hue dimmer switch for next
| to the bed. One of the best things I got for the home
| automation. Just click it and everything in the house goes
| into night mode. no phone needed.
| westmeal wrote:
| My room mate had one of these and I found out there was a
| script online someone put together on github I think to
| control it over a shell. Was hilarious because I kept
| turning off their light at weird times.
| lostlogin wrote:
| I'm doing this with some Tapo buttons.
|
| And double tap turns on a fan.
|
| Tapo is likely a security nightmare.
| palmotea wrote:
| > In addition to everything else, also love how a bed with
| the express purpose to increase sleep quality requires you to
| open your phone every time you want to adjust a setting.
|
| Don't worry, they'll repeat over and over how their product
| was thoughtfully designed with exquisite craftsmanship by the
| re-animated corpse of Johnny Ive [1] until people believe
| it's true.
|
| [1] I know he's not dead.
|
| Also...
|
| > ... Essentially all you need to do is unplug the rubber
| tubing from the Eight Sleep cover, which is available on eBay
| for a few hundred bucks, and plug it into a $150 aquarium
| chiller.
|
| > That's it. Aquarium chillers are somewhat of a misnomer, as
| they can also provide heat. They use thermoelectric devices
| to regulate temperature, either cooling or warming the liquid
| that flows through them, which is the same technology found
| in eight sleep.
|
| How much do you want to bet the Eight Sleep is _literally_ an
| off-the-shelf Chinese Aquarium chiller in a custom case
| marked up 15x, with a shitily-programmed computer bolted on
| to enable a $20 /month subscription?
| geodel wrote:
| I mean this comment is slightly disconcerting to next
| generation of brilliant hackers sleeping on this bed and
| dreaming big of a _Cloud controlled Toilet Paper Dispenser_
| , Effececy(r). It will always give right amount of paper
| based of amount and moisture content of just delivered
| product.
| 0_____0 wrote:
| I rolled my own solution to this using a Boston Dynamics
| Spot (2nd gen). With the structured light scanner, YOLO
| v5 for classification, and a custom IK solver (BD's is
| too hard for me), I can just lay back like a baby once
| I'm finished and Spot takes care of everything.
| collingreen wrote:
| This is a super funny idea if it works (in theory; I get
| it's a joke) and a SUPER funny idea if it malfunctions in
| particular ways.
| florbo wrote:
| I'm sure they do use a prefab thermoelectric assembly model
| that they designed their case around. It's usually cheaper.
| mohaine wrote:
| And not true, at least for the newest version. V4 has touch
| sensors for adjusting the temps on the side of the mattress.
|
| I do own of these and while I hate the price, the
| subscription, the fact that it didn't work for an hour last
| night due to the internet being down (first time ever really)
| but there really isn't a better option. I love the temp
| control and would use anyone else if they had a valid
| competitor, but sadly there isn't one (or at least wasn't
| when I bought mine). The alternative is to not have temp
| control which is pretty amazing.
| geodel wrote:
| I mean while you are opening your phone you might as well
| check latest savings by DOGE, wouldn't it help you sleep even
| more safe and sound?
| lostlogin wrote:
| What DOGE say they have saved, what has been saved, and how
| that looks in 5-10 years time are all very different
| answers.
|
| Maybe there needs to be a red answer and a blue answer?
| knallfrosch wrote:
| You can buy the new 3249EUR Pod4: "Control without a phone"
| https://www.eightsleep.com/eu/product/pod-cover/
| hinkley wrote:
| I think one would also assume that some fraction of that $2000
| would go into a fund to keep those servers up.
|
| One thing SaaS has not learned from nonprofits with longevity:
| you do big fund raisers to get money so you can live on the
| interest payments. If you think of a new project that will
| increase your burn rate, you throw another fund raiser.
|
| Figure out how many of those beds you expect to be junked for
| breakage or obsolescence each year and set your margins to keep
| the long tail running for 10-15 years.
| EvanAnderson wrote:
| > One thing SaaS has not learned from nonprofits with
| longevity...
|
| I think SaaS has eschewed strategies for longevitiy because
| it's contrary to the market's "wisdom" that for-profit
| companies must have sustained high-rate growth.
| hinkley wrote:
| So they can get more rounds of VC money or get bought out,
| yes.
|
| Sometimes it's clearly the founders who go extractive, but
| others it's clearly the new owners or partial owners.
| chpatrick wrote:
| If they sell one a month for $2000 that would be enough to
| keep the lights on with a sensible backend setup.
| cyberax wrote:
| > It won't function if the internet goes down
|
| Come on. We can improve that! The next version of the bed will
| go into carnivorous mode if the subscription lapses:
| https://www.youtube.com/watch?v=vXrAK6sUZ_0
| EvanAnderson wrote:
| I'm thinking a Thomas Midgley, Jr.[0] mode.
|
| [0] https://en.wikipedia.org/wiki/Thomas_Midgley_Jr.#Death
| hinkley wrote:
| Thomas has three different inventions with a massive body
| count. The last one had a fatality rate of 100%.
| smitelli wrote:
| Wikipedia seldom disappoints on this kind of thing: https:/
| /en.wikipedia.org/wiki/List_of_inventors_killed_by_th...
| hinkley wrote:
| Well, you remember that total eclipse of the sun about a week
| ago?
| api wrote:
| This product would be hard to believe if it showed up in an
| episode of Black Mirror.
| janpot wrote:
| step one is to stop pretending the market is a democracy
| kibwen wrote:
| Step two is to stop pretending the market isn't a
| kakistocracy.
| sweeter wrote:
| There is no amount of consumer choices and consumer "activism"
| that can fix these issues. They are ineffective by design.
| from-nibly wrote:
| And if we try to parent them by fixing it for them, they will
| stay that way.
| autoexec wrote:
| > The market is clearly too stupid to vote against the rent
| seeking tech industry. It makes me so sad.
|
| A lot of this bullshit only happens long after the sale has
| been made and consumers are blindsided when things advertised
| as free are suddenly paywalled off behind a subscription
| following a ToS update.
|
| "The market" is never going to solve this. What we need are
| consumer protections in the form of laws and regulations with
| real teeth and consistent enforcement.
| robertlagrant wrote:
| It's not rent-seeking if you don't have to buy the bed. The
| market mostly does not buy this bed.
| asdff wrote:
| >The market is clearly too stupid to vote against the rent
| seeking tech industry. It makes me so sad.
|
| It is a $2000 dollar internet connected bed. The market in this
| case is probably people who could wipe their ass with that $20
| every day and not miss it. I don't think they are stupid. This
| class of Americans has always been about paying for ongoing
| service instead of being pragmatic or doing things themselves.
| "Let the help over in bangladesh fiddle with the connectivity
| and updating the mobile app for me, while I merely rest my head
| and make plenty of money," they probably figure, at least
| subconsciously.
| EvanAnderson wrote:
| I don't think the people buying the bed are stupid.
|
| The collective mass of people who buy these "IoT" devices
| that (1) don't actually need to use Internet-hosted services
| to function, (2) don't actually need a subscription for their
| business model to work _except_ for having been unnecessarily
| tied to an Internet-hosted service, and (3) will fail to
| function when the Internet-hosted service is gone do not
| understand the ramifications of the buying decisions they're
| making.
|
| They're enabling these awful companies and business models.
| They're making the world worse by buying this soon-to-be
| e-waste garbage.
|
| Stupid is a bad word. Let's say ignorant, instead. They don't
| even know what they don't even know. Our asinine industry
| normalizes these practices because profit.
|
| I think computers have tremendous power to make life better
| for humanity. I think that can happen without being
| contingent on this kind of business model.
|
| The bed is an egregious example. There are certainly other
| lower-priced products that still have this kind of stupid
| unnecessary "tie" to Internet-hosted services and
| subscriptions.
| nicoburns wrote:
| One might argue that the market itself becomes "stupid"
| (stops accurately indicating value) when people have so much
| money that they stop caring about how they spend it.
| uoaei wrote:
| Exactly, it indicates profoundly inefficient dynamics. That
| money could be put to use far more productively.
| thatfrenchguy wrote:
| Anyone who has risen through social classes knows that
| poorer people use their money much more wisely than richer
| people :)
| chiph wrote:
| This is the sort of thing I would have expected to see during
| the dot-com era, if they had had the idea to charge a
| subscription for things back then.
|
| I mean, it's the :CueCat. But comfy.
|
| https://en.wikipedia.org/wiki/CueCat
| dsalzman wrote:
| Using the aquarium chillers is really smart! Just need someone to
| mfg the mattress membrane covers.
| hangonhn wrote:
| I didn't realize they've come down so much in price. Another
| really useful application would be to hook it up to pads used
| to ice joints post joint surgery. I was sold a $100+ dollar
| medical device which was basically a water pump in a cooler
| chest (like one of those Polar ones) that circulated water
| through some pads. I had to refill it every hour or so with
| ice. This is right after a knee surgery so caring the cooler
| around was literally painful. Having it connected to the
| aquarium chiller would have been great.
| LoganDark wrote:
| you know those "VR backpacks"? imagine... knee chiller
| backpack
| beala wrote:
| I'd love to be wrong about this, but I'm very skeptical that
| the aquarium chiller pictured in the post can move enough heat
| to cool a human. As mentioned in the article, it uses
| thermoelectric coolers which are extremely inefficient.
|
| I see at least one aquarium chiller on amazon that uses a
| compressor, but then you have to wonder if it's quiet enough to
| sleep next to.
| zemvpferreira wrote:
| Same, though I've seen thermoelectric chillers of that size
| moving ~200 Watt and a human produces less than 100 Watt at
| rest. The ones I saw on Amazon for $150 claimed to move
| around 70 Watt which is ballpark useful. You wouldn't want to
| cool down to a very low temperature anyway, just remove the
| heat you produce yourself.
| beala wrote:
| Good point. That does sound plausible then. Here's my
| napkin math after some quick googling:
|
| - A human produces about 40 watts of heat while sleeping.
|
| - Thermoelectric coolers have a coefficient of performance
| (CoP) between 0.3-0.6. So for every watt consumed, they can
| move 0.3-0.6 watts of heat.
|
| - The wattage consumed and moved all needs to be
| dissipated.
|
| This random chiller [0] on amazon consumes 100 watts, so
| perhaps this could move 60 watts max. CoP drops as the
| temperature difference increases. And it's unclear if the
| unit can dissipate 160 watts steady state.
|
| But it could plausibly keep you from heating up on a warm
| night. It doesn't seem like there's much margin for
| actually cooling you down tho. If someone wanted to
| experiment with this, I'd definitely read that post.
|
| [0] https://www.amazon.com/MOQNISE-Aquarium-Circulation-
| Function...
| AtlasBarfed wrote:
| Um, is that Bezos or the AWS account of the company?
|
| Alas, our hope to recover whatever social benefit was in SpaceX
| and Tesla is with Bezos's companies, although at least the EV
| space is more diverse. SpaceX cannot be wrested from Musk and
| TSLA and its board is preferred-stock controlled by Musk.
| lotsofpulp wrote:
| > TSLA and its board is preferred-stock controlled by Musk.
|
| Any source for this? I can't find anything that says the Musk
| has enough voting power in Tesla to not need others' votes:
|
| https://www.techopedia.com/largest-tesla-shareholders
|
| This is a pretty in depth analysis that shows that Musk needed
| retail votes for last year's compensation and re-domiciling
| votes:
|
| https://clsbluesky.law.columbia.edu/2024/07/01/how-tesla-pum...
| rtkwe wrote:
| Tesla actually has a 1 share 1 vote right now but it also has
| super majority voting rules which means Musk's ~22% stake is
| nearly a veto unless the entire rest of the stockholders vote
| for a measure he's against.
|
| https://www.thestreet.com/investing/stocks/how-elon-musk-
| con...
| lotsofpulp wrote:
| That is an Apr 2018 article. Elon has a substantially
| smaller share now. From first link in above post:
|
| > Elon Musk is the largest individual Tesla shareholder,
| with 410.79 million shares, representing 12.8% of Tesla
| ownership as of December 2024.
|
| https://www.secform4.com/insider-trading/1494730.htm
| kaonwarb wrote:
| Interesting article; clickbait title. There's very little about
| Amazon in here, never mind its chairman.
| martinsnow wrote:
| It drives clicks! I don't understand why someone would buy a
| bed chiller. But perhaps the US is a unique market.
| skizm wrote:
| I'm in the market for one. I want a cool sleep in the summer
| with fresh air (not recycled AC air). I haven't found one
| with good reviews and also no required spyware unfortunately.
| So AC plus humidifier is needed, but I still sweat on the
| parts of my body in contact with the mattress no matter how
| much I crank the AC in the middle of Aug.
| martinsnow wrote:
| What's the difference between recycled air thats been
| cooled and then blown into your bed and the air from your
| air conditioner?
| BobaFloutist wrote:
| I can't speak to the person you're replying to, but it's
| like the difference between an electric blanket and a
| space heater. It's energetically cheaper to cool just the
| bed than the whole room, and it won't dry out the air as
| much.
| skizm wrote:
| The air from my air conditioner sits on top of me like a
| blanket, not touching the parts of me in contact with the
| mattress. If the mattress itself is actually cool, it
| will stop me from sweating. The recycled air thing is
| just personal preference, breathing fresh air feels
| subjectively better than recycled air so I keep my window
| open as much as possible. If the weather is hot, but my
| mattress is cold, then I can keep the window open and
| still be cool on hot days.
| geodel wrote:
| I mean when someone says they are chilling in bed, they don't
| want to be lying.
| bobsmooth wrote:
| You don't prefer a cool bed?
| j2kun wrote:
| > While the Eight Sleep CEO Matteo seems focused on providing
| DOGE with great sleep
|
| More sycophants coming out of the woodwork.
| LordShredda wrote:
| It's him and that mattress guy, and the whole stereotype of
| mattress stores being money laundering fronts. What's up with
| the bed industry in general?
| bloopernova wrote:
| Could you please let me know who the "mattress guy" is?
| duskwuff wrote:
| Possibly thinking of Mike Lindell? He sold pillows, not
| mattresses, but I'll count that as close enough.
|
| https://en.wikipedia.org/wiki/Mike_Lindell
| ta1243 wrote:
| "We may not have that many outright Nazis in America, but we
| have plenty of cowards and bootlickers, and once those fleshy
| dominoes start tumbling into the Trump camp, the game is up"
|
| That's the health secretary's words.
| dangoodmanUT wrote:
| Title is bad, but the piece is good
| dang wrote:
| Ok, we've replaced the article title with a more representative
| sentence from the article.
| sxp wrote:
| I have an EightSleep from before their enshittification into a
| subscription model. It is a good piece of hardware, but I can no
| longer recommend it because the software is so crappy. I checked
| the logs on my router and found that it was streaming tons of
| data to servers even when I wasn't using it. I have no idea why
| it would stream that much data since the trivial sensors it has
| shouldn't be producing that much data even if it had multi Hz
| sampling. I can't tell if this is incompetence or some sort of
| malfeasance where they are secretly recording audio data via
| motion sensors and streaming that.
| wedn3sday wrote:
| Maybe this guy isnt the first person to discover the backdoor
| and your mattress has been mining crypto. This whole thing is
| straight out of a Cory Doctorow novel.
| micromacrofoot wrote:
| > I have no idea why it would stream that much data
|
| I think the blog post uncovered that here... the CEO is a total
| creep
| throwway120385 wrote:
| Because they want to know what you're doing in bed and when.
| j2kun wrote:
| > but the eight sleep sure does harvest people's bed data, and
| occasionally tweet about how they're watching you sleep
|
| [Followed by a screenshot of the EightSleep CEO publicly tweeting
| about SF sleep data in Nov 2023.]
|
| This is reason enough to not patronize this business. What a
| creep.
| hackernewds wrote:
| The company itself is also run by a race car driver and has
| typical Miami hype. Not sure why they are often tagged as tech
| companies, besides making a black version of Casper. Could be
| the heavy Elon association.
| xyst wrote:
| This brand was heavily advertised on social media (TT, YT ads)
| as well.
|
| I remember because I signed up for e-mail updates. Glad I never
| signed up though. IIRC, I was turned off by the same issues the
| author "overlooked".
|
| A subscription for a bed? Fuck off
| WalterBright wrote:
| I've bought several internet radio streaming devices over the
| years, and they all eventually brick when the server goes out of
| business.
| neogodless wrote:
| I was so pleasantly surprised when my Microsoft / Harman Kardon
| "smart" speaker (Invoke) issued a firmware update upgrading it
| to act as a simple Bluetooth speaker. It's wildly more useful
| now!
|
| A rare exception to the usual.
| modeless wrote:
| Google has done this with the Stadia controller, and also
| recently open sourced the firmware for the Pebble smartwatch.
| They may discontinue a lot of stuff but their track record
| for discontinued hardware is pretty decent IMO.
| NotYourLawyer wrote:
| ROI!
| optymizer wrote:
| Offtopic: I grew up in a tiny post-soviet third world country.
| Aside from the usual daily struggles, one lesser known aspect
| of that life is that we did not have access to primary sources
| of information or the people who invented the things we were
| using.
|
| We only had a book in my native language on Pascal. I had heard
| of C from a magazine that had a CD with a C compiler on it, and
| I walked into a library wanting to learn C but all they had was
| a dusty book on COBOL in Russian. Later I bought a book on x86
| assembly, also in Russian, because that's all I could find, and
| it just felt like I'm living inside a leaky bucket whereas I
| was hungry for the firehose of knowledge.
|
| When we got dial-up Internet, I did not sleep for days. The
| floodgates were open. I had access to tons of information
| online, in original English, from primary sources. People I've
| only had heard about, like Torvalds, would just share
| information directly on the Internet, like it's another
| Tuesday. To me it felt like I went to Disneyland and I was
| meeting all my heroes. You can just... learn about any topic
| and see the people who invented those topics. You could even
| send them messages.
|
| 25 years later, I still feel like that kid sometimes. I'm
| thankful for HN. Alan Kay replied to me once, and it made my
| year! Alan M-Fing Kay. I met rms once in the flesh and could
| not believe my eyes. I regularly see messages from Walter
| Bright on HN like he's a real human being and I have to remind
| myself that yes, he's alive, real and I exist in the same world
| as him and can actually interact.
|
| I and kids around the world these days are lucky to not be
| stuck in a world where you cannot learn more than they let you.
| rahimnathwani wrote:
| A lot of them didn't use their own server, but relied on
| Reciva, which was shut down a few years ago:
|
| https://www.radioworld.com/news-and-business/headlines/reciv...
| blackeyeblitzar wrote:
| Clickbait title.
| dang wrote:
| Ok, we've replaced the article title with a more representative
| sentence from the article.
| nrki wrote:
| Love the part about the CEO being a Musk sycophant. Right down to
| the similar language in tweets: "Some of SF got poor sleep. We
| must fix this."
| duxup wrote:
| I remember when mimicking Steve Jobs dress and etc was a thing
| and how it was kinda cringey. Man I could go for some of that
| these days.
| amarcheschi wrote:
| here a related discussion about a guy who did a similar thing
| with an aquarium cooler to cool his bed
| https://news.ycombinator.com/item?id=41824138
| modeless wrote:
| > the Eight Sleep cover, which is available on eBay for a few
| hundred
|
| Uh, I don't think I want to buy a used mattress cover on eBay,
| thanks.
| pimlottc wrote:
| While we're all here, what are some good alternatives to Eight
| Sleep? The idea seems to have merit but the required IoT
| subscription is a dealbraker.
| 0x2a wrote:
| I use one of their competitors (Sleepme Ooler) but they're not
| great either. Did not know about aquarium chillers, that seems
| like a better option. Could probably pair it with Home
| Assistant too if you wanted to more easily set the temperature.
| WalterBright wrote:
| I always knew that internet-connected thermostat was a bad idea.
| whatshisface wrote:
| You would have to be insane to buy a computer that remains
| someone else's computer...
| wedn3sday wrote:
| A $20/month bed subscription is objectively hilarious. I cant
| imagine how this company attracts a non-zero number of clients.
| lijok wrote:
| *subjectively.
|
| Once you realize just how important quality sleep is, and how
| much this can help, $20/month bed subscription becomes a
| laughably small price to pay.
| JTyQZSnP3cQGa8B wrote:
| Do you have the same reasoning with cigarettes? $10 every day
| is a small price to pay to avoid having to stop smoking.
| lijok wrote:
| I don't follow, sorry
| low_tech_love wrote:
| How much can this help?
| lijok wrote:
| Depends person to person. For me it's the difference
| between waking up 6-8 times throughout the night, and
| sleeping for a sound 8 hours without interruption. For my
| wife, not much difference, other than we are able to sleep
| together, where as before our wildly different temperature
| tolerances meant separate rooms. I've seen a few people in
| this thread state it negatively impacted their sleep.
| aucisson_masque wrote:
| in a way, yes. 20$/month to marginally improve sleep
| efficiency can be worth it, especially when you have high
| energy expenditure and need to be able to keep up.
|
| on the other hand, paying 20$/month for the right to use the
| bed, that your purchased at 2000$ cost is a ripoff.
|
| sleeping isn't costly, has never been, yet a company is
| trying to enforce it and i can see how it doesn't go well
| with most people.
| JTyQZSnP3cQGa8B wrote:
| I also wonder what kind of bed costs $2000. Is it a bed made of
| gold and caviar? This article is confusing.
| lifeinthevoid wrote:
| A $2000 bed (incl. mattress) is not that extraordinarily
| expensive.
| kevingadd wrote:
| The baseline for mattresses in the US is upwards of $500
| according to Costco. If you want a bigger, higher quality
| regular mattress you get into the neighborhood of $1000. If
| you want one made with more exotic materials or you want to
| throw in something like a boxspring or a frame for a bed that
| sleeps two, you can approach $2000.
| lilyball wrote:
| It's not actually a bed, it's a mattress cover. They are
| willing to sell you a mattress with it if you want, but the
| product itself is designed to go over your existing mattress.
| That said, good-quality beds cost money!
| hn_acc1 wrote:
| Wait - it's $2000 just for a mattress cover? You still need
| to spend $1k+ for frame + mattress?
| ok_computer wrote:
| If I could afford it, I'd certainly get a >$2000 queen size
| mattress in a few years. Nice firm mattresses are expensive.
| Internet connection and temperature control are not something
| I'm remotely interested in. A subscription doubly so. This is
| hilarious and illustrates how naive and reliant people are for
| technology to solve every problem in their lives.
| pedalpete wrote:
| I think that's just the price for the cover. You still need
| to supply your expensive mattress.
| avalys wrote:
| This is a bunch of nonsense, assumption and leaping to
| conclusions without evidence.
|
| "In the second screenshot, we have the public key that's
| authorized to access the device. The email address attached to
| the public key, eng@eightsleep.com, to me suggests the private
| key is likely accessible to the entire engineering team."
|
| He has no evidence for this whatsoever and not really any good
| reason to assume it either.
|
| "In the first image, we see evidence SSH is being exposed
| remotely, to a far away host, remote-connectivity-api.8slp.net.
| Typically SSH would only be accessible to the local area network,
| but the variables in production.json would seem to imply this
| access was opened up to a remote host."
|
| This isn't how SSH works and he doesn't seem to have enough
| information, or enough knowledge of SSH, to understand what's
| being done with the "far away" hostname.
|
| This article is just clickbait nonsense, which should have been
| obvious from the title. It is clearly intended to draw traffic to
| their company website, which is some kind of venture-backed
| security startup. Based on the fact that the founders seem to
| have a superficial understanding of technology but a well-
| developed understanding of hype and bullshit, I am not interested
| in exploring their business further.
| ta1243 wrote:
| Are you denying the existence of an authorised ssh key on each
| of these beds allowing the holder of the key?
|
| Are you denying there is a config file pointing to a target
| called remote-connectivity-api.8slp.net?
|
| No there's not enough evidence to prove in a court of law who
| has access to the private key, or that the config file is
| enabling a return ssh connection, but it's pretty damning.
|
| The only thing that's not newsworthy about this is that large
| amounts of IOT shit does this.
| duskwuff wrote:
| > Are you denying there is a config file pointing to a target
| called remote-connectivity-api.8slp.net?
|
| Under the path ".ssh.endpoint", too. It's not like it's just
| a mystery hostname; it clearly has something to do with SSH.
|
| > The only thing that's not newsworthy about this is that
| large amounts of IOT shit does this.
|
| And - just to be clear - that doesn't mean it shouldn't be
| reported on! Talking about this stuff, and having concrete,
| specific examples, is _good_.
| avalys wrote:
| "I downloaded the firmware and I found an SSH key and a
| configuration file that mentions an SSH endpoint;
| therefore, I know that all of Eight Sleep's engineers are
| allowed to remotely SSH into every customer's bed and run
| arbitrary code!"
|
| Do you not see a problem with this line of reasoning?
| That's literally what he says in the article, and he
| presents it as a near-certainty, not the wild leap of
| unsupported reasoning that it is.
| paldepind2 wrote:
| I don't really understand the take here. The post makes it very
| clear what is concrete evidence, what is speculation based on
| that, and the reasoning is much better than what you give it
| credit for. For instance, what would you suggest the "remote-
| connectivity-api" SSH endpoint URL and the authorized public
| SSH key is for if not for remotely SSHing into the bed's
| computer?
| avalys wrote:
| This is a Linux image that is, somehow, remotely flashed onto
| the bed. He found the SSH key on the filesystem.
|
| 1. He didn't even bother to check and see if the bed is
| running an SSH server - ten seconds with nmap could have told
| him this!
|
| 2. Essentially every one of these beds would be behind a NAT
| and thus the SSH server which he didn't even bother to look
| for would not be accessible to the internet or to the
| nefarious engineers he imagines have access to the key - he
| ignores this fact.
|
| 3. The fact that the firmware includes the URL of a specific
| external endpoint, suggests that the bed connects _to_ that
| endpoint, not that this is somehow used to screen incoming
| requests by reverse DNS lookup or anything like that. The
| architecture he is supposing exists (all remote access
| requests must come from a host whose reverse DNS resolves to
| this host?) makes no sense.
|
| 4. The fact that the public key exists on the filesystem
| means nothing if no SSH server is running, or accessible. It
| might be used, for instance, as part of the manufacturing
| test process or a maintenance procedure, and then disabled.
| The SSH public key on the filesystem isn't necessarily
| related to the JSON config file for their own application
| which he found!
|
| 5. SSH keys don't have "email addresses" associated with
| them, they have a plaintext field which is used merely for
| identification purposes, and this is commonly used for the
| _user account_ that created the key. But it's not an email
| address and even if it were, it doesn't mean that that email
| address, much less every engineer at the company, somehow has
| access to the key!
|
| The sloppiness and level of jumping to conclusions here, for
| a supposed security company, is ridiculous.
| perching_aix wrote:
| > He has no evidence for this whatsoever and not really any
| good reason to assume it either.
|
| I'm not sure what kind of evidence or reason you're looking
| for, I think their assumption is pretty sensible.
|
| > This isn't how SSH works
|
| Maybe I'm just naive, but the wording of it to me seems
| nontechnical enough that I think the author is skipping over
| things on purpose. For example, how exactly that "far way" host
| he thinks is involved.
|
| I'd personally imagine it's a reverse shell type deal going on,
| although why SSH needed to be involved in that I'm not sure.
| Could be just a hacky implementation. But it's really not that
| far removed from sensibility, vendors popping reverse shells
| without authorization really wouldn't be new.
|
| > It is clearly intended to draw traffic to their company
| website, which is some kind of venture-backed security startup.
|
| Didn't even notice that. Can't imagine too many other people
| did either. So maybe not so clearly?
| avalys wrote:
| Please see my reply to another person in this same thread. He
| didn't even verify that the bed is running an SSH server in
| the first place!
| perching_aix wrote:
| I saw it. It's not necessary if the process that maintains
| the reverse connection can just start it as needed.
|
| That said, some actual investigation of that supposed
| binary would have been a strong support for this whole
| thing, and indeed an evidence for this theory, so I will
| give you that.
| avalys wrote:
| If the bed requires going through some kind of production
| endpoint interaction in order to set up the remote
| connection (as is most likely the case), then his claim
| that any engineer can connect to any bed is simply false,
| and this is no more of a security hole than the idea of
| having a cloud-connected bed which is updated OTA in the
| first place.
| bloopernova wrote:
| My wife uses a Bedjet which has both a remote and app. Thankfully
| it works without an active Internet connection.
|
| It uses a bag-like sheet that it blows air into, to adjust
| temperature. For women suffering* through menopause, being able
| to adjust around hot/cold flushes is sanity-preserving!
|
| * Some women don't suffer much during perimenopause or menopause,
| but it's a process that seriously fucks with one's hormones. A
| word of advice to any partner of a woman going through
| perimenopause: believe them when they tell you what they're going
| through! So many partners don't realize just how much this can
| mess up someone, they deserve every sympathy possible.
| zemvpferreira wrote:
| My friend Sara had a rare form of breast cancer at 34.
| Thankfully she survived, but to improve her odds of staying
| alive she's been essentially put into permanent menopause for
| the next decade. Constant hot flashes.
|
| Is the Bedjet really that good? Would your wife recommend it
| without reservations? Are there any other product that have
| made a difference for her?
|
| Apologies if that's intrusive but improving Sara's sleep would
| be life-changing for her.
| bloopernova wrote:
| Yes, my wife would recommend it without reservations.
|
| There's also a cold water circulator, useful for icing a
| painful limb etc. https://www.amazon.com/gp/aw/d/B09VRJ153X
|
| Not intrusive at all, I hope your friend can find some
| relief. I hope she can find strength and joy in life.
| zemvpferreira wrote:
| Thank you both very much for your kind words and advice,
| ordering one now. No doubt it will make a dramatic
| difference.
| hn_acc1 wrote:
| I may suggest this to my wife.. She's going through the hot
| flash stage..
| mitjam wrote:
| Can recommend hot water bottles and a hairdryer for occasional on
| demand bed warming.
| electroly wrote:
| I'm a two-time Eight Sleep customer and the CEO could post my
| sleep history specifically with my full name and I'd still use
| it. It's really comfortable. I think most of the detractors were
| never remotely in the market for such a product. Everything
| negative said about the product and the company is true, and they
| should do better, but it's not enough to scare me away thanks to
| how good the base product is.
| mimischi wrote:
| But is it more comfortable, then say, an old school analog
| expensive mattress? I can't shake the feeling these companies
| are selling snake oil (that is not to say that old school
| analog mattresses aren't overpriced either)
| electroly wrote:
| You may be misunderstanding the product--it's a topper that
| goes on top of your existing mattress. It doesn't replace the
| mattress. I do indeed have it on top of an old school analog
| expensive mattress. It cools/warms to the desired temperature
| without impacting the comfort from the mattress. I don't
| think there's much room for snake oil here: it pumps cooled
| or heated water through the mattress topper. There's no
| mystery.
| shermantanktop wrote:
| So it's a fancy mattress topper with a water pump for $2k.
| LoganDark wrote:
| How does it feel? I have a nice foam mattress and I'd hate
| to buy one of these and have it feel like I'm sleeping on a
| bunch of tubes and plastic rather than foam.
| electroly wrote:
| I can't feel the tubes at all. It does have some
| electronics stuff on the sides that you can feel through
| the topper, but nothing on the top where you sleep. It
| maybe feels slightly firmer than the mattress feels
| without it.
| matwood wrote:
| > But is it more comfortable, then say, an old school analog
| expensive mattress?
|
| Mattresses wear out, and people end up keeping them too long.
| Somewhere like walmart.com sells great mattresses for
| inexpensive prices. They are not related at all to what they
| sell in stores. Because they are inexpensive, as soon as they
| start to wear out, buy a new one.
| yuvalr1 wrote:
| If there was a similar product that does not upload any of your
| extremely personal data, like whether you're now in your bed,
| to some server on the internet, would you prefer it?
| electroly wrote:
| Sure, there are lots of ways it can be improved. I'd like it
| to be cheaper too. I'd be happy to switch to an alternative
| that is just as good but without the Internet nonsense, but
| SleepMe isn't it. I've got my eyes open for viable
| competitors for the next time I need to outfit a mattress or
| when this one dies. For now, Eight Sleep is the best one I've
| found.
| roldie wrote:
| I also have an eight sleep mattress topper. I was unaware of
| the privacy issues here, but I feel the same as parent that I
| won't give it up. Having the ability to always have a cool bed
| has improved my sleep substantially. And the heating is great
| when you're sick.
|
| Now if a competitor crops up that has better privacy and a
| better CEO, I'll swap in a heartbeat.
|
| Note: I don't pay for the subscription, just the mattress
| topper
| yuvalr1 wrote:
| Are there any consumer products offered that provide similar
| functions (heating, controlling with an app etc.), but which
| never try to connect to a remote server, other than looking for
| the control app in the local LAN?
| TheGRS wrote:
| > In the end, I got enough of the cyber ick, I decided to seek a
| simpler, less internet-connected solution to my temperature-
| controlled bed needs.
|
| Great line. And my eyes bugged out a little at this part as I
| also realized what the implications were:
|
| > - They can know when you sleep
|
| > - They can detect when there are 2 people sleeping in the bed
| instead of 1
|
| > - They can know when it's night, and no people are in the bed
|
| I have a more pragmatic question. Do any consumer publications do
| security reviews for products? I'm thinking like consumer reports
| and how they should probably publish if a product is a security
| nightmare or not. At the end of the day you still need people
| publish this stuff out and for social media to spread to
| consumers to beware, but maybe a magazine type of publication
| could take on part of that responsibility.
| bovinegambler wrote:
| Mozilla does something like that, privacy reviews of consumer
| products: https://foundation.mozilla.org/en/privacynotincluded/
| knallfrosch wrote:
| The people who care about security don't buy cloud-connected
| bed heaters - or run their own software on their IoT devices.
| You'll have exactly zero ad revenue because there is no overlap
| between prospective buyers and people who care about security.
| keysersoze33 wrote:
| I bought an Eight Sleep Pod 3, as I'm light sleeper who wakes up
| often at 3 or 4am, and struggles to get the final hours of sleep.
|
| I have to say it made my sleep significantly worse - I was
| shocked at how bad the temperature setting was - shifting 1
| degree warmer or colder was often too much. I also noticed quite
| a bit of manipulation of reviews & comments on Reddit / subtle
| sponsorship on YouTube. (=> fake comments, upvoting/downvoting,
| and unofficial sponsorship).
|
| Maybe it really does improve some people's sleep, but just the
| noise itself from the Pod meant I needed earplugs to not be
| disturbed by it. My suggestion is to avoid buying at all costs...
| the_plus_one wrote:
| - They can know when you sleep - They can detect when
| there are 2 people sleeping in the bed instead of 1 -
| They can know when it's night, and no people are in the bed
|
| I'm probably naive, but I'm failing to see how any of this is
| exclusive to having remote SSH access to the bed. Who's to say
| this isn't already happening with other binaries in the firmware?
| Maybe they're already phoning home? [...]that
| bypasses all forms of formal code review process.
|
| How does the author know if anything else in the firmware goes
| under any kind of code review process?
|
| It's not a bad article, but it does seem to make a lot of
| assumptions, and you already agreed to let arbitrary code run on
| your network when you added an IoT device to it.
| lilyball wrote:
| It is in fact already sending this data to their servers,
| because it doubles as a sleep tracker and everything goes
| through their servers. I really wish there was an option to do
| local-only connectivity, but very few internet-enabled products
| these days actually care about supporting a local-only mode,
| and I suspect the number of products that do would be even
| smaller if HomeKit didn't mandate it (sadly, temperature-
| controlled beds are not a HomeKit product category).
| zemvpferreira wrote:
| I think what he's trying to emphasise is the idea that anyone
| who's part of the engineering team could spy on you, without
| anyone else knowing. It's bad enough that the company has this
| data, sure, but there's at least an assumption that it will be
| secured and penalties can be enforced if not. Some random
| engineering being able to look into your life intimately by
| themselves is a completely different level of violation.
| zamalek wrote:
| I'm not sure about the latest models, but my early-revision
| BedJet has no smart features at all: it was all bluetooth. It
| solves much the same problem as the product here: warm/cool the
| bed, not the house.
| chinathrow wrote:
| That CEO tweet to Elon is peak cringe.
| kylecazar wrote:
| Bed as a service? Hell no. What an awful idea.
| leftcenterright wrote:
| > exceeding $300 million dollars in annual revenue
|
| I would be interested in knowing who the buyers for this stuff
| are ..
| DarmokJalad1701 wrote:
| I have one of these bed covers. I bought it before the
| subscription crap started and I am very satisfied with the
| product. The dual-zone cooling/heating is super good and has been
| a big improvement to my quality of life/sleep. Especially
| considering that my wife has different ideas than me about
| temperature and what constitutes hot/cold. Yes, it would be nice
| if I had local control but I am willing to ignore that as long as
| I don't have to pay more.
|
| But I wouldn't recommend anyone buy it now because of the
| subscription.
|
| It is good to know that there is an option to continue using it
| if the company decided to no longer grandfather in people who
| bought before the subscription crap started.
| jmuguy wrote:
| In case anyone is wondering why someone would pay so much to
| control their bed temp - I have a similar product the
| "Chillipad". Essentially I'm a furnace when I sleep and wake up
| covered in sweet. This thing keeping my bed cool was the biggest
| single thing I've done to improve sleep quality. Its not quite as
| stupid as Eight Sleep in terms of initial cost and there's no
| ongoing subscription but it was still expensive. I've also had to
| open it up and replace a faulty check valve, and it occasionally
| floods so I have it sitting in a tray. But damn... it works.
|
| However now I want to try this aquarium chiller...
| userbinator wrote:
| If I'm reading this correctly, the product is just a temperature-
| controlled mattress?
|
| _Well, each bed contains a full Linux-based computer. If my
| estimations above are correct, all of Eight Sleep engineering can
| take full control of that computer any time they want._
|
| I think that was already a given once you agree to silent
| automatic updates.
| lilyball wrote:
| Nothing here is particularly surprising. The worries about
| engineers ssh'ing into the machine to see if anyone is sleeping
| seems rather overblown though. The product itself doubles as a
| sleep tracker and all data goes through their servers (as is
| sadly the norm for smart home appliances these days) so they have
| that data anyway. I have to take it on faith that they anonymize
| and aggregate the data before doing any analysis on it, but the
| very nature of the product means they have the data.
| r1b wrote:
| re: the kinesis key - curious, what is the right way to configure
| log delivery for remotely deployed appliances?
| r1b wrote:
| in this situation, is it just like, you should front kinesis
| with a service that can apply appropriate quotas / limits?
| pshirshov wrote:
| > (the bed...) won't function if the internet goes down
|
| Who in the sane mind buys that.
| rmason wrote:
| I looked really hard at buying an 8 Sleep. I have techie friends
| who swear by them. But one of the big reasons I didn't go forward
| I don't see mentioned here and that is noise. I need a dark and
| quiet room to sleep.
|
| Someone told me they returned their 8 sleep because of the
| constant fan noise of the computer running the thing. He told me
| it was like having a server in your bedroom.
|
| I am also not keen at all needing to have my phone in my bedroom
| either. At the end of his life my father had some health
| challenges and it wasn't uncommon for a nurse to call me in the
| middle of the night. It was all the other calls, people tweeting
| or slacking at me that made it really challenging to get any
| sleep.
|
| Still looking for something where I can collect sleep data if any
| entrepreneurs can solve these problems.
| I_Write_It wrote:
| If your goal is just collect sleep data, I personally use my
| Withings Scanwatch with a leather bracelet,
|
| But if you're not willing to keep a watch while you're sleeping
| they have "Sleep analyzer" that you put under your bed to
| collect Sleeping data, but I never tried it !
|
| The link : https://www.withings.com/eu/en/sleep-analyzer
| pedalpete wrote:
| I have a friend who felt the cover was really uncomfortable as
| well. He had a really expensive mattress, but said he could
| feel the cooling tubes in the cover.
|
| I'll do you one better on "collecting sleep data". I've been in
| the neurotech/sleeptech space for the last 5 years developing
| https://affectablesleep.com
|
| After getting an Oura ring years ago, and it telling me "you
| didn't get enough sleep[deep, REM]" I was left thinking "so
| what?? don't tell me I didn't do it, help me to do it!"
|
| From what I've seen in the market, possibly with the exception
| of 8Sleep or CPAP (for those who need it), is that everyone is
| focused on counting minutes, and adding a few minutes to sleep.
| Particularly "fall asleep faster" where they promote "fall
| asleep x% faster" where x% in minutes is like 7 or 8 minutes.
|
| What is really valuable in sleep, and particularly deep sleep,
| is not really the time, it's the restorative brain functions,
| and at the moment, we are focused on one metric slow-wave delta
| power. It's not how many minutes you sleep, it's how much sleep
| is in each minute.
|
| Of course, there is sleep data along with that, but if your
| sleep is optimized in the time you get, do you really care
| about the daily data?
| xyst wrote:
| We give these companies hard earned fucking cash and they want
| _more_. Rapacious neoliberal capitalists will be the end of
| capitalism itself.
| sigmonsays wrote:
| This is so cringe, i am getting motivated to only use dumb
| devices.
|
| I no longer can trust that someone is looking at my TV data, Oven
| data, thermostat data, etc and tweeting about it.
| max_ wrote:
| A night mare I have is that alot of these products like 8 Sleep
| are actually scams.
|
| Not scams in the sense of swindling money, but that they are
| appendages of a private or government intelligence network.
|
| If you genuinely care about your customers, can't you simply feel
| guilty of doxing such sensitive data about them?
|
| Some evil entities what to know when you sleep, wake up or if
| there is someone else in the bed.
|
| I am not against technology, this can be done responsibly via
| offline support, self hosting options, E2E Encryption,
| Homomorphic computing, differential privacy etc.
|
| But I guess implementing those would interfere with the scam i.e
| the main objective, which is spying on you.
| kapka6700 wrote:
| How did the author find the backdoor URL in the first place?
| jimt1234 wrote:
| > For someone who suffers from insomnia this seemed worth a shot.
|
| I can relate, having suffered the same for most of my life. One
| thing that really helped me was a simple white noise machine,
| typically used to help babies sleep. Good: I sleep great with it.
| Also, it's not connected to the internet and doesn't require an
| app. Bad: I basically can't sleep without it. I have to travel
| with it (camping!). I even purchased a backup in case the primary
| fails, which has happened.
|
| The other major sleep improvement was putting effort into
| accepting that life is pretty great; all of my worries that kept
| me awake at night were overblown. This took actual work, but it
| paid off.
|
| Anyway, just thought I'd pass that along, hoping it might help
| someone else that struggles with sleep.
|
| https://www.amazon.com/Yogasleep-Portable-Soothing-Rechargea...
| adiabatty wrote:
| If you'd rather not buy another gizmo for a function your phone
| has likely gobbled up already...
|
| iOS, iPadOS, and macOS have a pretty great built-in background-
| noise generator these days. While lots of actual beaches can go
| dead silent and then have a loud wave crash in, the waves that
|
| It's available in Settings -> Accessibility -> Audio & Visual
| -> Background Sounds. You'll have to download the sounds each
| once, but after that they stay on your device.
|
| Digging this deeply in Settings isn't pleasant if you just want
| some white noise, so you may want to add a control to Control
| Center like "Background Sounds" (way down in the Hearing
| Accessibility section) to turn the ocean noise on and off.
|
| I turn this on my iPad when going to bed if I want to take
| extra steps to ensure that I don't wake up in the middle of the
| night.
| knodi123 wrote:
| :facepalm:
|
| I can't believe I had to download an app for that because the
| feature is buried in SETTINGS (!!!!). What an obtuse choice.
| Thanks for the tip though, I hate that my white noise app has
| a rotating ad banner.
| throwaway81523 wrote:
| Yuggh. There is also a bed chilling thing from sleep.me that is
| around $600. I haven't looked into it enough to tell whether it
| is internet connected. But I've been aware of it because my mom
| is very fussy about her sleeping temperature and it might be
| something I should look into when it gets warmer.
| owenversteeg wrote:
| Anyone here tried those aquarium chillers? Sounds like a great
| alternative, I would love to read more about using them in
| practice.
___________________________________________________________________
(page generated 2025-02-21 23:00 UTC)