[HN Gopher] NoLongerEvil-Thermostat - Nest Generation 1 and 2 Fi...
___________________________________________________________________
NoLongerEvil-Thermostat - Nest Generation 1 and 2 Firmware
Author : mukti
Score : 248 points
Date : 2025-11-04 17:10 UTC (5 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| ddingus wrote:
| I really hope this project succeeds. In some small ways I was
| involved with Gen 1 and Gen 2 and the teams that built those
| products really cared. I doubt they would have said turn them
| off.
| dare944 wrote:
| There's none of us left at Google anymore... and they didn't
| listen to us when we were there.
| ddingus wrote:
| Yeah, I figured as much. Sad day :(
|
| For what it was worth, I really enjoyed helping everyone ramp
| up on NX. At that time in my career, I was ramping many
| similar groups up and many came from Apple and were
| experiencing sticker shock! (They bought the very best and it
| was not at all cheap!)
|
| We talked about that and those in charge on my end were not
| at all happy with me showing people how geometry that
| normally requires a higher tier license to create, can be
| created with the base tier license, lol. (Mere mortals need
| that info because having the more expensive tool is not
| always on the table.)
|
| Anyhow, stay cool. Maybe it will be different one day.
|
| Please tell the others as you may encounter them, "That NX
| guy from PDX says, "Hi." You all may not know it, but I
| learned a ton from you guys. It was in the questions you
| asked and the processes you set up. I am applying some of
| that to my own projects today. So, thanks! ( way late! )
| smt88 wrote:
| What are your favorite smart home brands nowadays?
| daredoes wrote:
| Have this be an add-on supported by HomeAssistant and I'm in
| buggeryorkshire wrote:
| It's reliant on a bounty iirc for the server and device side
| code to be open-sourced. Will be about an hour after that I
| reckon and I cannot wait to contribute.
| nickthegreek wrote:
| wish this could have been released prior to the google shutoff.
| But I am happy with the ecobee and its HA integration.
| jedberg wrote:
| Same. My wife wouldn't let me wait. She insisted we be able
| to control the thermostat. :)
|
| (The wheel on ours was broken so we could only control it via
| app).
| EvanAnderson wrote:
| The "Open Source" page on the dashboard site[0] links to this
| firmware but nothing about the server side. Firmware for the
| thermostat itself is a requirement, but without a dashboard it's
| still not really Free.
|
| Edit: If I read closely I would have seen:
|
| > The firmware images and backend API server code will be open
| sourced soon, allowing the community to audit, improve, and self-
| host their own infrastructure.
|
| [0] https://nolongerevil.com/
| Krasnol wrote:
| "soon"
|
| Trust me bro.
| yrro wrote:
| trust but verify
| tehwebguy wrote:
| This comment says he is awaiting Louis Rossman's acceptance of
| this code for the bounty he raised, pretty cool if this all
| works out!
|
| https://github.com/codykociemba/NoLongerEvil-Thermostat/issu...
| LilyFrenchPants wrote:
| This person is a PHP programmer according to their LinkedIn
| profile. They are just using the existing OMAPLoader tool and
| does not seem to have embedded device programming experience. I
| am not hopeful they will be able to write custom firmware for the
| thermostats.
|
| _LFP_
| eej71 wrote:
| I see it as a great starting point.
| z3ugma wrote:
| I agree that it's a great starting point
| Aurornis wrote:
| > I am not hopeful they will be able to write custom firmware
| for the thermostats.
|
| If you read the GitHub Readme (typically a better way to judge
| a project than stalking someone on LinkedIn) you can see that
| they didn't write a custom firmware. They modified the Nest
| firmware to contact different back end servers.
|
| The firmware is the same (they claim) except for modifications
| to change which server is contacted. They then built a back end
| to mimic the original Google serves.
| l9o wrote:
| Personally, I think this might be an even better approach.
| The Nest Gen1/2 UI was pretty slick. It would be a shame to
| have to use a custom firmware.
| torginus wrote:
| Sounds fishy, if the device allows this sort of fakery, that
| means the traffic is vulnerable to some sort of MITM attack
| by DNS poisoning/packet rerouting, which is somewhat
| disconcerting.
| z3ugma wrote:
| I agree, there's a "hammer and nail" problem here, it's
| impressive though that he used Ghidra to RE some of the API
| calls that the Nest binaries are making after having got root
| access - according to some of what Cody has said in the Reddit
| thread and on his Discord channel.
|
| I have been working on REing the hardware itself to write
| drivers directly - for example at
| https://sett.homes/blogs/updates/the-lcd-display-reverse-
| eng....
|
| I am designing whole new PCBs that mount in the Nest so that we
| have 100% firmware control over the device... time will tell if
| we can do the same thing on the Linux OS that the Nest
| currently runs on, or if custom hardware will be needed because
| the OS has too much locked down
| GiorgioG wrote:
| I can't express how much damage Google has done to its reputation
| in my mind with how they EOL'd the online functionality of these
| devices. I have 3 of them. I will never buy a Google device of
| any kind ever again.
| tensor wrote:
| Yup. Same, though I've actually decided to only buy stuff that
| supports home assistant. I shouldn't have to depend on a
| corporate server at all, and especially shouldn't have to call
| out to an internet site just to control something local.
| baq wrote:
| At this point I assume any device which can talk IP is one
| firmware push away from becoming a brick in the best case and
| taking you hostage in the worst case.
|
| Zigbee allows firmware upgrades, but will not take you hostage.
| It isn't perfect, but I'll take it for having a user-first
| design instead of ARR-first.
| thesuitonym wrote:
| What really surprises me is that there are people who didn't
| see this coming. I mean really people, you're purchasing a
| device which requires an internet connection to a server you
| don't own.
| GiorgioG wrote:
| I certainly didn't see this coming in 2014 when I paid $800+
| and installed them. If they'd have said hey $5/year for each
| to keep them going, I'd have begrudgingly paid it and carried
| on...but now, Google will never get a dime from me again.
| iamjackg wrote:
| Yeah I immediately switched to a Honeywell Z-Wave thermostat as
| soon as I got the email that they were discontinuing them.
| pandora-health wrote:
| If your boiler supports OpenTherm then get this thermostat
| controller https://github.com/Alexwijn/SAT
|
| Weather comp + low load comp + PID which means your room
| temperature works at the precision range supported by your
| temperature sensor. In my case, within 0.02 Celsius. Saves energy
| and makes your house more comfortable. Operated via home
| assistant.
|
| See real time data in Grafana
|
| https://gasboiler.grafana.net/public-dashboards/8d44381aafa9...
|
| Or Emoncms
|
| https://emoncms.org/app/view?name=MyBoilerIdealLogicH24Opent...
| hypercube33 wrote:
| Stuff this project tackles is on my "I'll get to it after I
| retire" list - super awesome. Looks like this works for forced
| air HVAC as well?
| mwpmaybe wrote:
| In theory but the odds of you having an HVAC control board
| that supports OpenTherm are extremely low.
| benoliver999 wrote:
| There's also ems-esp which I use on an older Worcester Bosch
| boiler to set flow temperatures based on the outside
| temperature (managed by home assistant).
| mikepurvis wrote:
| I'm very interested in this-- I have a fairly new Vitodens 100
| boiler + Ecobee and also a heat pump system with its own
| thermostat, and I'm frustrated by several elements of this
| setup:
|
| - The Vitodens has like ten stages, but the Ecobee has no way
| to command them, it's just a binary call to the Taco pump for
| heat / no heat, with the boiler deciding on its own how hard to
| push (I guess based on the outside air sensor and maybe time of
| day?)
|
| - The Vitodens is monitoring the return boiler water
| temperature, but the Ecobee doesn't know anything about that.
|
| - None of this is interlinked with the heat pump, so the
| systems can run on top of each other and end up with the wrong
| parts of the house overheated or left cold. The heat pump's
| controller is proprietary but it works with the NetHome Plus
| app so there is a bridge to get the units on homeassistant.
|
| I don't have the spoons right now to try to beat this all into
| shape, but eventually I'd like to get HA temp monitors in
| multiple places in the house so that a single central system
| can make smarter decisions about which system to run and when.
| For example, in the evening I mostly care about the bedrooms,
| and the bedrooms are covered by zone 2 of the heat pump, so it
| would make sense to prioritize the heat pump then and only run
| the boiler if the heat pump isn't able to keep up; whereas in
| the daytime if heat is needed, it's probably throughout the
| house so the boiler should run.
| darkwater wrote:
| Let's buy a second hand Nest Gen1/2 before people know about
| this!
| jjallen wrote:
| Very cool. Was thinking about working onthis myself after moving
| in a house 4 months ago with these to all of a sudden ahve to
| replace them for no good reason.
| danimal88 wrote:
| It is pretty outrageous that a company who purports to care about
| the environment turned this into a pile of garbage for the
| average user to save on some cloud hosting or devops. Or even
| worse, to sell the next generation.
| anonym29 wrote:
| Marketing is marketing for lying. These companies care about
| nothing but their bottom line. All of the big cloud providers
| are complicit in what the UN has formally declared to be a
| genocide1. The executives should be tried for war crimes, as
| should the employees who were working directly with Israeli
| intelligence and military. "I was just following orders" is not
| an excuse.
|
| Making e-waste isn't desirable, but it's far from their most
| noteworthy moral atrocities and crimes against humanity.
|
| 1 https://www.ohchr.org/en/press-releases/2025/09/israel-
| has-c...
| rconti wrote:
| The original Nest thermostat and app has been abandonware since
| 2017, as far as I can tell. We got one in 2014, and I can only
| remember one change. A couple years into my use of it, the iPhone
| X came out, with the notch and taller screen. The Nest app
| eventually got updated to fill the whole screen, and that's it.
| z3ugma wrote:
| If you're interested, I went a different route to design new PCBs
| for the hardware to have 100% firmware control, see for example
| https://sett.homes/blogs/updates/the-lcd-display-reverse-eng...
|
| I am hopeful that Cody's exploit lets us write whole new firmware
| without the extra step of needing the new PCBs, but they are my
| next best option
| jcpst wrote:
| I have a Gen 1 Nest. Is it common for them to brick if you
| connect them to the internet?
| baggachipz wrote:
| I have two Nest E thermostats which I purchased years ago. I
| wonder how long it will be until they're bricked too.
| Tepix wrote:
| "We are committed to transparency and the right-to-repair
| movement. The firmware images and backend API server code will be
| open sourced soon, allowing the community to audit, improve, and
| self-host their own infrastructure."
|
| I look forward to it!
| StephenHerlihyy wrote:
| Living in a cold room with an evil presence is better than
| roasting in hell with an angry wife.
| mwpmaybe wrote:
| You can still spin the damn encoder.
| StephenHerlihyy wrote:
| A younger me would have had the same gusto. Age has taught me
| that attempting to improve the AC, in ways that my family can
| neither appreciate or understand, is merely going to lead to
| disaster.
| mikkupikku wrote:
| This is why I hate digital thermostats. With the old classic
| round Honeywell thermostats you could turn the dial a fraction
| of a degree when nobody was looking and "boil the frog" to get
| a reasonable temperature. With digital thermostats, you can
| only change the temperature in discrete steps which will be
| immediately noticed.
|
| > _Why does it say 74?? I had it set to 75!!1!_
| torginus wrote:
| Use home assistant, and program in a second stealth
| thermostat controlled by the first, that allows you to
| 'nudge' the values.
|
| It's what I did, not because of relationship reasons, but the
| hvac and furnace thermostat disagreed on what temperature 23C
| should be so I had to tweak it.
| ksenzee wrote:
| Have you considered just not living with people you think so
| little of?
| mikkupikku wrote:
| I have an analogue thermostat in my home, but vacations (in
| rental properties) with the in-laws turn into thermostat
| wars. I particularly don't appreciate the ones that use
| proximity sensors to light the thermostat display's
| backlight. Whoever came up with that idea was a genuine
| asshole.
|
| Besides, would you really break off a relationship over
| something so petty as temperature preference? The people
| who find somebody who's literally perfect for them must be
| very rare, I think most people have to make small
| sacrifices and concessions.
| ksenzee wrote:
| I agree, everyone makes small sacrifices and concessions
| to the people they live with, and I would never break up
| with someone over such a small issue as temperature
| preference. But trying to trick your partner or housemate
| into thinking you haven't changed the temperature? That's
| the kind of strategy you use when you're stuck with
| someone you can't communicate with, or don't respect
| enough to want to communicate with, or have given up on
| communicating with. At that point I'd be packing my
| things.
| gigel82 wrote:
| So, trade the "evil" Google for the totally not evil trust-me-bro
| "nolongervil Corp"?
|
| Don't get me wrong, I love to see things like this, but just go
| all the way and allow folks to set their own URLs (maybe to
| servers they own in their own home).
| torginus wrote:
| Or buy one of the dozens that work via
| Matter/Wifi/Thread/Zigbee and make sure the data never leaves
| your home.
| johnz wrote:
| Cool to see the recently launched FULU bounty program[0] working
| as intended[1].
|
| [0] https://bounties.fulu.org/bounties/nest-learning-
| thermostat-...
|
| [1] https://nolongerevil.com/about#:~:text=What,in.
| Tepix wrote:
| Right now it's just a blob that you flash to your device to make
| it talk to a proprietary service. It is not yet " _giving me
| complete control over my device data and settings_. " I can't
| change where it comnects to etc.
|
| In fact - I don't even see a privacy policy on nolongerevil.com!
|
| Hey, I can login at nolongerevil.com using my Microsoft-owned
| github login! And there's yet another company involved: clerk.com
| - yay?
|
| " _We are committed to transparency and the right-to-repair
| movement. The firmware images and backend API server code will be
| open sourced soon, allowing the community to audit, improve, and
| self-host their own infrastructure._ "
|
| I look forward to it.
|
| PS: Sorry for being so negative... perhaps the release should
| have been delayed until all of this is opened up.
| khamidou wrote:
| I don't get the hate, it looks like they reverse-engineered the
| nest thermostat and wrote a firmware for it? That's super cool
| and the fact that an open source project doesn't have a privacy
| policy yet doesn't really matter at this point
| pstoll wrote:
| It's the "no longer evil" marketing without actually proving
| that "no longer evil.com" is in fact ... from from evil.
|
| I was assuming that I could point the nest data stream &
| control UI to my own hosted thing on eg my local NAS or
| docker farm. That's what I think would warrant the moniker
| "free from evil" in this kind of strong privacy preserving
| marketing.
| EvanAnderson wrote:
| > ...looks like they reverse-engineered the nest thermostat
| and wrote a firmware...
|
| Not to diminish what this project has done, but they modified
| existing firmware to make it communicate with a different
| server. They've also implemented a server for the thermostat
| API.
|
| It's pretty neat but, at this point, it's just a hacked
| firmware that talks to a different proprietary server.
|
| Edit: It's not even a modification to the firmware binaries.
| They're just injecting /etc/hosts entries into the
| firmware[0]. If the Nest device just uses DNS to resolve
| these names then you wouldn't even need to modify the
| firmware-- just point it at a DNS server that's authoritative
| for the necessary names.
|
| [0] https://github.com/codykociemba/NoLongerEvil-
| Thermostat/issu...
| forgotusername6 wrote:
| Does it not use TLS? Wouldn't the Nest have to trust a CA
| willing to issue certificates without proving ownership?
| kelnos wrote:
| If they really want to show that they're building something
| that protects user privacy, they'd open source their backend
| server, and make it possible and easy to self-host it and
| point the modified firmware[0] at your own instance.
|
| [0] They didn't write their own firmware; they hacked the
| stock firmware to redirect traffic from Google's servers to
| their own.
|
| Edit: looks like they plan to open source the backend and
| enable self-hosting "soon". Hopefully that comes to pass!
| gnuplustoejam wrote:
| Running open-source firmware someone's hacking on (which gets
| little to no testing) on a gas appliance that can burn your
| house down is probably not the best idea.
|
| If you are paranoid about Nest being evil maybe stick to one
| of those Honeywell round hockey-puck things with the mercury
| inside.
|
| Or use a Z-Wave/Zigbee thermostat from a reputable vendor
| (there aren't many) and control it from a gateway of your
| choice.
| khamidou wrote:
| This is for people who have already bought a nest and got
| burnt by the deprecation of their online services. Of
| course they could get another thermostat but then that'd
| just be more stuff for the landfills.
| xrd wrote:
| I have a nest thermostat, but the strongly worded warnings are
| scary.
|
| And, I would really love to wire my nest into home assistant, but
| getting past the Google house of horrors is even scarier.
|
| Are there any good thermostats that can be used with home
| assistant? I would really like to start understanding my energy
| usage in a safe way.
| torginus wrote:
| what's so special about nest? I have bought a Venstar
| thermostat, that connects to HA via WiFi, with no cloud server
| involved. It's a plasticky square with a liquid crystal screen,
| but I don't know why I would a thermostat of all things (that I
| touch like once a month) to be a conversation piece.
|
| Even if it wasn't evil, I'd consider buying an expensive one a
| waste of money, which is kinda important considering I'm
| looking to save money.
| mrb wrote:
| They should match the acronym and call it No Evil Systems
| Tolerated, or No Evil, Sane Tech firmware (N.E.S.T)
| torginus wrote:
| Why thge f*k did people pay for a fortune and a subscription on
| top of that for these pieces of junk?
|
| What were they thinking, what was it gonna do, a single
| thermostat by itself? For this kind of money, they could've
| invested in actual energy efficiency improvements for their
| homes, not a device that allows Big tech to spy on them.
| 1970-01-01 wrote:
| Nest before Google (Nest Gen 1 and 2) was a small tech startup.
| morshu9001 wrote:
| That doesn't really make it better, unless they had a
| stricter privacy policy. You know what's not evil and never
| was or will be, my regular thermostat.
| dare944 wrote:
| Where did you get the idea there was a subscription?
| stickfigure wrote:
| 1. There is no subscription.
|
| 2. I paid less than $200 for it.
|
| 3. The device lets me control the thermostat remotely. I can
| turn on the heater when coming home from a trip, or turn it off
| if I forgot when I left.
|
| 4. I can just say "Hey Google, turn up the heat" out loud.
|
| I don't care if Google knows about the temperature of my home.
| I absolutely would buy the product again.
| mmmlinux wrote:
| Why does it need to connect to some server at all? Why cant it
| just work with home assistant or what ever?
| dx4100 wrote:
| Are we really all so spoiled that everything has to be
| delivered as a shiny, perfect solution?
| ternus wrote:
| What's the go-to recommendation for smart thermostats with local
| control (no cloud) + Home Assistant these days? Claude suggests
| Ecobee + Homekit. Z-Wave seems to be another popular option. What
| are people using?
| kelnos wrote:
| I'm a little confused, because this looks like you're just
| swapping one proprietary service (Google) for another
| (NoLongerEvil).
|
| Despite their name, we have no idea if NoLongerEvil is evil or
| not. Why should I trust them? I don't know them at all. Why will
| they be immune to the regular economic pressures surrounding any
| connected online service? What will stop them from adding
| tracking or other anti-features? Even if they _are_ a bunch of
| saints, what will stop them from selling the service to a company
| that will not respect my privacy?
|
| Google is at least the devil we know, here.
|
| I was expecting a fully open source firmware, with a fully open
| source backend service that people can host themselves if they so
| choose.
|
| (I guess they didn't write their own firmware; they hacked
| Google's firmware so it redirects traffic from Google's servers
| to their own. So I guess in this model, I'd want to see an open
| source, self-hostable backend service, and a "build" process for
| the hacked firmware to set the API URL to the self-hosted
| backend.)
|
| Edit: looks like they plan to open source the backend and enable
| self-hosting "soon". Hopefully that comes to pass!
| hinkley wrote:
| I want a little blade server or SBC stack cabinet, that's sized
| to fit comfortably near the broadband router, which is set up
| to run a bunch of home services from nest controller to
| Minecraft server as a lightweight kubernetes.
|
| Every so often you swap out the slowest one for a new one and
| keep adding more stuff to it.
|
| Add the ability to isolate some of the machines as bastion
| hosts and we could do an awful lot without having to exfiltrate
| our own data.
| Muromec wrote:
| You can get a nice arm device with 16 or 32 gb ram for about
| 150 bucks and a screw 2 tb ssd to it for another 100
| something.
|
| There is even risc-v things with decent ram, nvme connector
| and costing about 50 bucks
| 0xbadcafebee wrote:
| Whoever made this needs to add a license _right now_ with at
| least some kind of indemnity /no-warranty clause. If something
| goes wrong, the user can sue you, and likely win. Your
| nolongerevil.com website also needs a EULA w/indemnification
| before allowing users to register.
___________________________________________________________________
(page generated 2025-11-04 23:00 UTC)