Right now it's just a blob that you flash to your device to make it talk to a proprietary service. It is not yet "giving me complete control over my device data and settings." I can't change where it comnects to etc.
In fact - I don't even see a privacy policy on nolongerevil.com!
Hey, I can login at nolongerevil.com using my Microsoft-owned github login! And there's yet another company involved: clerk.com - yay?
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I look forward to it.
PS: Sorry for being so negative... perhaps the release should have been delayed until all of this is opened up.
I don't get the hate, it looks like they reverse-engineered the nest thermostat and wrote a firmware for it? That's super cool and the fact that an open source project doesn't have a privacy policy yet doesn't really matter at this point
> ...looks like they reverse-engineered the nest thermostat and wrote a firmware...
Not to diminish what this project has done, but they modified existing firmware to make it communicate with a different server. They've also implemented a server for the thermostat API.
It's pretty neat but, at this point, it's just a hacked firmware that talks to a different proprietary server.
Edit: It's not even a modification to the firmware binaries. They're just injecting /etc/hosts entries into the firmware[0]. If the Nest device just uses DNS to resolve these names then you wouldn't even need to modify the firmware-- just point it at a DNS server that's authoritative for the necessary names.
It’s the “no longer evil” marketing without actually proving that “no longer evil.com” is in fact … from from evil.
I was assuming that I could point the nest data stream & control UI to my own hosted thing on eg my local NAS or docker farm. That’s what I think would warrant the moniker “free from evil” in this kind of strong privacy preserving marketing.
If they really want to show that they're building something that protects user privacy, they'd open source their backend server, and make it possible and easy to self-host it and point the modified firmware[0] at your own instance.
[0] They didn't write their own firmware; they hacked the stock firmware to redirect traffic from Google's servers to their own.
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
Weather comp + low load comp + PID which means your room temperature works at the precision range supported by your temperature sensor. In my case, within 0.02 Celsius. Saves energy and makes your house more comfortable. Operated via home assistant.
I'm very interested in this— I have a fairly new Vitodens 100 boiler + Ecobee and also a heat pump system with its own thermostat, and I'm frustrated by several elements of this setup:
- The Vitodens has like ten stages, but the Ecobee has no way to command them, it's just a binary call to the Taco pump for heat / no heat, with the boiler deciding on its own how hard to push (I guess based on the outside air sensor and maybe time of day?)
- The Vitodens is monitoring the return boiler water temperature, but the Ecobee doesn't know anything about that.
- None of this is interlinked with the heat pump, so the systems can run on top of each other and end up with the wrong parts of the house overheated or left cold. The heat pump's controller is proprietary but it works with the NetHome Plus app so there is a bridge to get the units on homeassistant.
I don't have the spoons right now to try to beat this all into shape, but eventually I'd like to get HA temp monitors in multiple places in the house so that a single central system can make smarter decisions about which system to run and when. For example, in the evening I mostly care about the bedrooms, and the bedrooms are covered by zone 2 of the heat pump, so it would make sense to prioritize the heat pump then and only run the boiler if the heat pump isn't able to keep up; whereas in the daytime if heat is needed, it's probably throughout the house so the boiler should run.
There's also ems-esp which I use on an older Worcester Bosch boiler to set flow temperatures based on the outside temperature (managed by home assistant).
The "Open Source" page on the dashboard site[0] links to this firmware but nothing about the server side. Firmware for the thermostat itself is a requirement, but without a dashboard it's still not really Free.
Edit: If I read closely I would have seen:
> The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure.
Whoever made this needs to add a license right now with at least some kind of indemnity/no-warranty clause. If something goes wrong, the user can sue you, and likely win. Your nolongerevil.com website also needs a EULA w/indemnification before allowing users to register.
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I really hope this project succeeds. In some small ways I was involved with Gen 1 and Gen 2 and the teams that built those products really cared. I doubt they would have said turn them off.
For what it was worth, I really enjoyed helping everyone ramp up on NX. At that time in my career, I was ramping many similar groups up and many came from Apple and were experiencing sticker shock! (They bought the very best and it was not at all cheap!)
We talked about that and those in charge on my end were not at all happy with me showing people how geometry that normally requires a higher tier license to create, can be created with the base tier license, lol. (Mere mortals need that info because having the more expensive tool is not always on the table.)
Anyhow, stay cool. Maybe it will be different one day.
Please tell the others as you may encounter them, "That NX guy from PDX says, "Hi." You all may not know it, but I learned a ton from you guys. It was in the questions you asked and the processes you set up. I am applying some of that to my own projects today. So, thanks! ( way late! )
It is pretty outrageous that a company who purports to care about the environment turned this into a pile of garbage for the average user to save on some cloud hosting or devops. Or even worse, to sell the next generation.
Marketing is marketing for lying. These companies care about nothing but their bottom line. All of the big cloud providers are complicit in what the UN has formally declared to be a genocide¹. The executives should be tried for war crimes, as should the employees who were working directly with Israeli intelligence and military. "I was just following orders" is not an excuse.
Making e-waste isn't desirable, but it's far from their most noteworthy moral atrocities and crimes against humanity.
It's reliant on a bounty iirc for the server and device side code to be open-sourced. Will be about an hour after that I reckon and I cannot wait to contribute.
I'm a little confused, because this looks like you're just swapping one proprietary service (Google) for another (NoLongerEvil).
Despite their name, we have no idea if NoLongerEvil is evil or not. Why should I trust them? I don't know them at all. Why will they be immune to the regular economic pressures surrounding any connected online service? What will stop them from adding tracking or other anti-features? Even if they are a bunch of saints, what will stop them from selling the service to a company that will not respect my privacy?
Google is at least the devil we know, here.
I was expecting a fully open source firmware, with a fully open source backend service that people can host themselves if they so choose.
(I guess they didn't write their own firmware; they hacked Google's firmware so it redirects traffic from Google's servers to their own. So I guess in this model, I'd want to see an open source, self-hostable backend service, and a "build" process for the hacked firmware to set the API URL to the self-hosted backend.)
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
I want a little blade server or SBC stack cabinet, that’s sized to fit comfortably near the broadband router, which is set up to run a bunch of home services from nest controller to Minecraft server as a lightweight kubernetes.
Every so often you swap out the slowest one for a new one and keep adding more stuff to it.
Add the ability to isolate some of the machines as bastion hosts and we could do an awful lot without having to exfiltrate our own data.
What's the go-to recommendation for smart thermostats with local control (no cloud) + Home Assistant these days? Claude suggests Ecobee + Homekit. Z-Wave seems to be another popular option. What are people using?
The original Nest thermostat and app has been abandonware since 2017, as far as I can tell. We got one in 2014, and I can only remember one change. A couple years into my use of it, the iPhone X came out, with the notch and taller screen. The Nest app eventually got updated to fill the whole screen, and that's it.
Why thge f*k did people pay for a fortune and a subscription on top of that for these pieces of junk?
What were they thinking, what was it gonna do, a single thermostat by itself? For this kind of money, they could've invested in actual energy efficiency improvements for their homes, not a device that allows Big tech to spy on them.
That doesn't really make it better, unless they had a stricter privacy policy. You know what's not evil and never was or will be, my regular thermostat.
what's so special about nest? I have bought a Venstar thermostat, that connects to HA via WiFi, with no cloud server involved. It's a plasticky square with a liquid crystal screen, but I don't know why I would a thermostat of all things (that I touch like once a month) to be a conversation piece.
Even if it wasn't evil, I'd consider buying an expensive one a waste of money, which is kinda important considering I'm looking to save money.
Very cool. Was thinking about working onthis myself after moving in a house 4 months ago with these to all of a sudden ahve to replace them for no good reason.
This is why I hate digital thermostats. With the old classic round Honeywell thermostats you could turn the dial a fraction of a degree when nobody was looking and "boil the frog" to get a reasonable temperature. With digital thermostats, you can only change the temperature in discrete steps which will be immediately noticed.
Use home assistant, and program in a second stealth thermostat controlled by the first, that allows you to 'nudge' the values.
It's what I did, not because of relationship reasons, but the hvac and furnace thermostat disagreed on what temperature 23C should be so I had to tweak it.
I have an analogue thermostat in my home, but vacations (in rental properties) with the in-laws turn into thermostat wars. I particularly don't appreciate the ones that use proximity sensors to light the thermostat display's backlight. Whoever came up with that idea was a genuine asshole.
Besides, would you really break off a relationship over something so petty as temperature preference? The people who find somebody who's literally perfect for them must be very rare, I think most people have to make small sacrifices and concessions.
A younger me would have had the same gusto. Age has taught me that attempting to improve the AC, in ways that my family can neither appreciate or understand, is merely going to lead to disaster.
I can't express how much damage Google has done to its reputation in my mind with how they EOL'd the online functionality of these devices. I have 3 of them. I will never buy a Google device of any kind ever again.
At this point I assume any device which can talk IP is one firmware push away from becoming a brick in the best case and taking you hostage in the worst case.
Zigbee allows firmware upgrades, but will not take you hostage. It isn’t perfect, but I’ll take it for having a user-first design instead of ARR-first.
What really surprises me is that there are people who didn't see this coming. I mean really people, you're purchasing a device which requires an internet connection to a server you don't own.
I certainly didn't see this coming in 2014 when I paid $800+ and installed them. If they'd have said hey $5/year for each to keep them going, I'd have begrudgingly paid it and carried on...but now, Google will never get a dime from me again.
Yup. Same, though I've actually decided to only buy stuff that supports home assistant. I shouldn't have to depend on a corporate server at all, and especially shouldn't have to call out to an internet site just to control something local.
So, trade the "evil" Google for the totally not evil trust-me-bro "nolongervil Corp"?
Don't get me wrong, I love to see things like this, but just go all the way and allow folks to set their own URLs (maybe to servers they own in their own home).
This person is a PHP programmer according to their LinkedIn profile. They are just using the existing OMAPLoader tool and does not seem to have embedded device programming experience. I am not hopeful they will be able to write custom firmware for the thermostats.
> I am not hopeful they will be able to write custom firmware for the thermostats.
If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.
The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.
Sounds fishy, if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting, which is somewhat disconcerting.
I agree, there's a "hammer and nail" problem here, it's impressive though that he used Ghidra to RE some of the API calls that the Nest binaries are making after having got root access - according to some of what Cody has said in the Reddit thread and on his Discord channel.
I am designing whole new PCBs that mount in the Nest so that we have 100% firmware control over the device... time will tell if we can do the same thing on the Linux OS that the Nest currently runs on, or if custom hardware will be needed because the OS has too much locked down
Right now it's just a blob that you flash to your device to make it talk to a proprietary service. It is not yet "giving me complete control over my device data and settings." I can't change where it comnects to etc.
In fact - I don't even see a privacy policy on nolongerevil.com!
Hey, I can login at nolongerevil.com using my Microsoft-owned github login! And there's yet another company involved: clerk.com - yay?
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I look forward to it.
PS: Sorry for being so negative... perhaps the release should have been delayed until all of this is opened up.
I don't get the hate, it looks like they reverse-engineered the nest thermostat and wrote a firmware for it? That's super cool and the fact that an open source project doesn't have a privacy policy yet doesn't really matter at this point
> ...looks like they reverse-engineered the nest thermostat and wrote a firmware...
Not to diminish what this project has done, but they modified existing firmware to make it communicate with a different server. They've also implemented a server for the thermostat API.
It's pretty neat but, at this point, it's just a hacked firmware that talks to a different proprietary server.
Edit: It's not even a modification to the firmware binaries. They're just injecting /etc/hosts entries into the firmware[0]. If the Nest device just uses DNS to resolve these names then you wouldn't even need to modify the firmware-- just point it at a DNS server that's authoritative for the necessary names.
[0] https://github.com/codykociemba/NoLongerEvil-Thermostat/issu...
It’s the “no longer evil” marketing without actually proving that “no longer evil.com” is in fact … from from evil.
I was assuming that I could point the nest data stream & control UI to my own hosted thing on eg my local NAS or docker farm. That’s what I think would warrant the moniker “free from evil” in this kind of strong privacy preserving marketing.
If they really want to show that they're building something that protects user privacy, they'd open source their backend server, and make it possible and easy to self-host it and point the modified firmware[0] at your own instance.
[0] They didn't write their own firmware; they hacked the stock firmware to redirect traffic from Google's servers to their own.
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
If your boiler supports OpenTherm then get this thermostat controller https://github.com/Alexwijn/SAT
Weather comp + low load comp + PID which means your room temperature works at the precision range supported by your temperature sensor. In my case, within 0.02 Celsius. Saves energy and makes your house more comfortable. Operated via home assistant.
See real time data in Grafana
https://gasboiler.grafana.net/public-dashboards/8d44381aafa9...
Or Emoncms
https://emoncms.org/app/view?name=MyBoilerIdealLogicH24Opent...
I'm very interested in this— I have a fairly new Vitodens 100 boiler + Ecobee and also a heat pump system with its own thermostat, and I'm frustrated by several elements of this setup:
- The Vitodens has like ten stages, but the Ecobee has no way to command them, it's just a binary call to the Taco pump for heat / no heat, with the boiler deciding on its own how hard to push (I guess based on the outside air sensor and maybe time of day?)
- The Vitodens is monitoring the return boiler water temperature, but the Ecobee doesn't know anything about that.
- None of this is interlinked with the heat pump, so the systems can run on top of each other and end up with the wrong parts of the house overheated or left cold. The heat pump's controller is proprietary but it works with the NetHome Plus app so there is a bridge to get the units on homeassistant.
I don't have the spoons right now to try to beat this all into shape, but eventually I'd like to get HA temp monitors in multiple places in the house so that a single central system can make smarter decisions about which system to run and when. For example, in the evening I mostly care about the bedrooms, and the bedrooms are covered by zone 2 of the heat pump, so it would make sense to prioritize the heat pump then and only run the boiler if the heat pump isn't able to keep up; whereas in the daytime if heat is needed, it's probably throughout the house so the boiler should run.
Stuff this project tackles is on my "I'll get to it after I retire" list - super awesome. Looks like this works for forced air HVAC as well?
In theory but the odds of you having an HVAC control board that supports OpenTherm are extremely low.
There's also ems-esp which I use on an older Worcester Bosch boiler to set flow temperatures based on the outside temperature (managed by home assistant).
If you're interested, I went a different route to design new PCBs for the hardware to have 100% firmware control, see for example https://sett.homes/blogs/updates/the-lcd-display-reverse-eng...
I am hopeful that Cody's exploit lets us write whole new firmware without the extra step of needing the new PCBs, but they are my next best option
The "Open Source" page on the dashboard site[0] links to this firmware but nothing about the server side. Firmware for the thermostat itself is a requirement, but without a dashboard it's still not really Free.
Edit: If I read closely I would have seen:
> The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure.
[0] https://nolongerevil.com/
This comment says he is awaiting Louis Rossman’s acceptance of this code for the bounty he raised, pretty cool if this all works out!
https://github.com/codykociemba/NoLongerEvil-Thermostat/issu...
"soon"
Trust me bro.
trust but verify
Whoever made this needs to add a license right now with at least some kind of indemnity/no-warranty clause. If something goes wrong, the user can sue you, and likely win. Your nolongerevil.com website also needs a EULA w/indemnification before allowing users to register.
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I look forward to it!
I really hope this project succeeds. In some small ways I was involved with Gen 1 and Gen 2 and the teams that built those products really cared. I doubt they would have said turn them off.
There's none of us left at Google anymore... and they didn't listen to us when we were there.
Yeah, I figured as much. Sad day :(
For what it was worth, I really enjoyed helping everyone ramp up on NX. At that time in my career, I was ramping many similar groups up and many came from Apple and were experiencing sticker shock! (They bought the very best and it was not at all cheap!)
We talked about that and those in charge on my end were not at all happy with me showing people how geometry that normally requires a higher tier license to create, can be created with the base tier license, lol. (Mere mortals need that info because having the more expensive tool is not always on the table.)
Anyhow, stay cool. Maybe it will be different one day.
Please tell the others as you may encounter them, "That NX guy from PDX says, "Hi." You all may not know it, but I learned a ton from you guys. It was in the questions you asked and the processes you set up. I am applying some of that to my own projects today. So, thanks! ( way late! )
What are your favorite smart home brands nowadays?
It is pretty outrageous that a company who purports to care about the environment turned this into a pile of garbage for the average user to save on some cloud hosting or devops. Or even worse, to sell the next generation.
Marketing is marketing for lying. These companies care about nothing but their bottom line. All of the big cloud providers are complicit in what the UN has formally declared to be a genocide¹. The executives should be tried for war crimes, as should the employees who were working directly with Israeli intelligence and military. "I was just following orders" is not an excuse.
Making e-waste isn't desirable, but it's far from their most noteworthy moral atrocities and crimes against humanity.
¹ https://www.ohchr.org/en/press-releases/2025/09/israel-has-c...
Have this be an add-on supported by HomeAssistant and I'm in
It's reliant on a bounty iirc for the server and device side code to be open-sourced. Will be about an hour after that I reckon and I cannot wait to contribute.
wish this could have been released prior to the google shutoff. But I am happy with the ecobee and its HA integration.
Same. My wife wouldn't let me wait. She insisted we be able to control the thermostat. :)
(The wheel on ours was broken so we could only control it via app).
I'm a little confused, because this looks like you're just swapping one proprietary service (Google) for another (NoLongerEvil).
Despite their name, we have no idea if NoLongerEvil is evil or not. Why should I trust them? I don't know them at all. Why will they be immune to the regular economic pressures surrounding any connected online service? What will stop them from adding tracking or other anti-features? Even if they are a bunch of saints, what will stop them from selling the service to a company that will not respect my privacy?
Google is at least the devil we know, here.
I was expecting a fully open source firmware, with a fully open source backend service that people can host themselves if they so choose.
(I guess they didn't write their own firmware; they hacked Google's firmware so it redirects traffic from Google's servers to their own. So I guess in this model, I'd want to see an open source, self-hostable backend service, and a "build" process for the hacked firmware to set the API URL to the self-hosted backend.)
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
I want a little blade server or SBC stack cabinet, that’s sized to fit comfortably near the broadband router, which is set up to run a bunch of home services from nest controller to Minecraft server as a lightweight kubernetes.
Every so often you swap out the slowest one for a new one and keep adding more stuff to it.
Add the ability to isolate some of the machines as bastion hosts and we could do an awful lot without having to exfiltrate our own data.
You can get a nice arm device with 16 or 32 gb ram for about 150 bucks and a screw 2 tb ssd to it for another 100 something.
There is even risc-v things with decent ram, nvme connector and costing about 50 bucks
What's the go-to recommendation for smart thermostats with local control (no cloud) + Home Assistant these days? Claude suggests Ecobee + Homekit. Z-Wave seems to be another popular option. What are people using?
The original Nest thermostat and app has been abandonware since 2017, as far as I can tell. We got one in 2014, and I can only remember one change. A couple years into my use of it, the iPhone X came out, with the notch and taller screen. The Nest app eventually got updated to fill the whole screen, and that's it.
Why thge f*k did people pay for a fortune and a subscription on top of that for these pieces of junk?
What were they thinking, what was it gonna do, a single thermostat by itself? For this kind of money, they could've invested in actual energy efficiency improvements for their homes, not a device that allows Big tech to spy on them.
1. There is no subscription.
2. I paid less than $200 for it.
3. The device lets me control the thermostat remotely. I can turn on the heater when coming home from a trip, or turn it off if I forgot when I left.
4. I can just say "Hey Google, turn up the heat" out loud.
I don't care if Google knows about the temperature of my home. I absolutely would buy the product again.
Where did you get the idea there was a subscription?
Nest before Google (Nest Gen 1 and 2) was a small tech startup.
That doesn't really make it better, unless they had a stricter privacy policy. You know what's not evil and never was or will be, my regular thermostat.
Cool to see the recently launched FULU bounty program[0] working as intended[1].
[0] https://bounties.fulu.org/bounties/nest-learning-thermostat-...
[1] https://nolongerevil.com/about#:~:text=What,in.
They should match the acronym and call it No Evil Systems Tolerated, or No Evil, Sane Tech firmware (N.E.S.T)
I have a nest thermostat, but the strongly worded warnings are scary.
And, I would really love to wire my nest into home assistant, but getting past the Google house of horrors is even scarier.
Are there any good thermostats that can be used with home assistant? I would really like to start understanding my energy usage in a safe way.
what's so special about nest? I have bought a Venstar thermostat, that connects to HA via WiFi, with no cloud server involved. It's a plasticky square with a liquid crystal screen, but I don't know why I would a thermostat of all things (that I touch like once a month) to be a conversation piece.
Even if it wasn't evil, I'd consider buying an expensive one a waste of money, which is kinda important considering I'm looking to save money.
Why does it need to connect to some server at all? Why cant it just work with home assistant or what ever?
Are we really all so spoiled that everything has to be delivered as a shiny, perfect solution?
Very cool. Was thinking about working onthis myself after moving in a house 4 months ago with these to all of a sudden ahve to replace them for no good reason.
I have two Nest E thermostats which I purchased years ago. I wonder how long it will be until they're bricked too.
Living in a cold room with an evil presence is better than roasting in hell with an angry wife.
This is why I hate digital thermostats. With the old classic round Honeywell thermostats you could turn the dial a fraction of a degree when nobody was looking and "boil the frog" to get a reasonable temperature. With digital thermostats, you can only change the temperature in discrete steps which will be immediately noticed.
>Why does it say 74?? I had it set to 75!!1!
Use home assistant, and program in a second stealth thermostat controlled by the first, that allows you to 'nudge' the values.
It's what I did, not because of relationship reasons, but the hvac and furnace thermostat disagreed on what temperature 23C should be so I had to tweak it.
Have you considered just not living with people you think so little of?
I have an analogue thermostat in my home, but vacations (in rental properties) with the in-laws turn into thermostat wars. I particularly don't appreciate the ones that use proximity sensors to light the thermostat display's backlight. Whoever came up with that idea was a genuine asshole.
Besides, would you really break off a relationship over something so petty as temperature preference? The people who find somebody who's literally perfect for them must be very rare, I think most people have to make small sacrifices and concessions.
You can still spin the damn encoder.
A younger me would have had the same gusto. Age has taught me that attempting to improve the AC, in ways that my family can neither appreciate or understand, is merely going to lead to disaster.
I have a Gen 1 Nest. Is it common for them to brick if you connect them to the internet?
Let's buy a second hand Nest Gen1/2 before people know about this!
I can't express how much damage Google has done to its reputation in my mind with how they EOL'd the online functionality of these devices. I have 3 of them. I will never buy a Google device of any kind ever again.
At this point I assume any device which can talk IP is one firmware push away from becoming a brick in the best case and taking you hostage in the worst case.
Zigbee allows firmware upgrades, but will not take you hostage. It isn’t perfect, but I’ll take it for having a user-first design instead of ARR-first.
Yeah I immediately switched to a Honeywell Z-Wave thermostat as soon as I got the email that they were discontinuing them.
What really surprises me is that there are people who didn't see this coming. I mean really people, you're purchasing a device which requires an internet connection to a server you don't own.
I certainly didn't see this coming in 2014 when I paid $800+ and installed them. If they'd have said hey $5/year for each to keep them going, I'd have begrudgingly paid it and carried on...but now, Google will never get a dime from me again.
Yup. Same, though I've actually decided to only buy stuff that supports home assistant. I shouldn't have to depend on a corporate server at all, and especially shouldn't have to call out to an internet site just to control something local.
So, trade the "evil" Google for the totally not evil trust-me-bro "nolongervil Corp"?
Don't get me wrong, I love to see things like this, but just go all the way and allow folks to set their own URLs (maybe to servers they own in their own home).
Or buy one of the dozens that work via Matter/Wifi/Thread/Zigbee and make sure the data never leaves your home.
This person is a PHP programmer according to their LinkedIn profile. They are just using the existing OMAPLoader tool and does not seem to have embedded device programming experience. I am not hopeful they will be able to write custom firmware for the thermostats.
LFP
> I am not hopeful they will be able to write custom firmware for the thermostats.
If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.
The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.
Sounds fishy, if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting, which is somewhat disconcerting.
Personally, I think this might be an even better approach. The Nest Gen1/2 UI was pretty slick. It would be a shame to have to use a custom firmware.
I agree, there's a "hammer and nail" problem here, it's impressive though that he used Ghidra to RE some of the API calls that the Nest binaries are making after having got root access - according to some of what Cody has said in the Reddit thread and on his Discord channel.
I have been working on REing the hardware itself to write drivers directly - for example at https://sett.homes/blogs/updates/the-lcd-display-reverse-eng....
I am designing whole new PCBs that mount in the Nest so that we have 100% firmware control over the device... time will tell if we can do the same thing on the Linux OS that the Nest currently runs on, or if custom hardware will be needed because the OS has too much locked down
I see it as a great starting point.
I agree that it's a great starting point