Weather comp + low load comp + PID which means your room temperature works at the precision range supported by your temperature sensor. In my case, within 0.02 Celsius. Saves energy and makes your house more comfortable. Operated via home assistant.
I'm very interested in this— I have a fairly new Vitodens 100 boiler + Ecobee and also a heat pump system with its own thermostat, and I'm frustrated by several elements of this setup:
- The Vitodens has like ten stages, but the Ecobee has no way to command them, it's just a binary call to the Taco pump for heat / no heat, with the boiler deciding on its own how hard to push (I guess based on the outside air sensor and maybe time of day?)
- The Vitodens is monitoring the return boiler water temperature, but the Ecobee doesn't know anything about that.
- None of this is interlinked with the heat pump, so the systems can run on top of each other and end up with the wrong parts of the house overheated or left cold. The heat pump's controller is proprietary but it works with the NetHome Plus app so there is a bridge to get the units on homeassistant.
I don't have the spoons right now to try to beat this all into shape, but eventually I'd like to get HA temp monitors in multiple places in the house so that a single central system can make smarter decisions about which system to run and when. For example, in the evening I mostly care about the bedrooms, and the bedrooms are covered by zone 2 of the heat pump, so it would make sense to prioritize the heat pump then and only run the boiler if the heat pump isn't able to keep up; whereas in the daytime if heat is needed, it's probably throughout the house so the boiler should run.
hypercube33 13 hours ago [-]
Stuff this project tackles is on my "I'll get to it after I retire" list - super awesome. Looks like this works for forced air HVAC as well?
mwpmaybe 12 hours ago [-]
In theory but the odds of you having an HVAC control board that supports OpenTherm are extremely low.
benoliver999 12 hours ago [-]
There's also ems-esp which I use on an older Worcester Bosch boiler to set flow temperatures based on the outside temperature (managed by home assistant).
Nursie 7 hours ago [-]
We replaced a boiler in our last house a few years back. We got a Vaillant, at least in part because I found that there was a Vaillant add-on board available which could do OpenTherm, and the nest controller could do that in theory too.
When it came to the install I was told in no uncertain terms that even though they produced the board and it was compatible with my boiler, any attempt at installation by myself or their approved installation engineer would immediately void the warranty.
So that was the end of my OpenTherm journey. Thanks Vaillant!
Arrath 3 hours ago [-]
How absurd, that official, first party addons would flatly void the warranty. Shouldn't be legal.
Nursie 3 hours ago [-]
'official' was the problem I think - I bought the addon from Vaillant Europe, but Vaillant UK seemed to disavow it, even though the boiler models and interfaces were the same. :sigh:
fukka42 8 hours ago [-]
Any good multi zone ones for home assistant?
kelnos 11 hours ago [-]
I'm a little confused, because this looks like you're just swapping one proprietary service (Google) for another (NoLongerEvil).
Despite their name, we have no idea if NoLongerEvil is evil or not. Why should I trust them? I don't know them at all. Why will they be immune to the regular economic pressures surrounding any connected online service? What will stop them from adding tracking or other anti-features? Even if they are a bunch of saints, what will stop them from selling the service to a company that will not respect my privacy?
Google is at least the devil we know, here.
I was expecting a fully open source firmware, with a fully open source backend service that people can host themselves if they so choose.
(I guess they didn't write their own firmware; they hacked Google's firmware so it redirects traffic from Google's servers to their own. So I guess in this model, I'd want to see an open source, self-hostable backend service, and a "build" process for the hacked firmware to set the API URL to the self-hosted backend.)
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
bastawhiz 8 hours ago [-]
> Google is at least the devil we know, here.
Google has left these devices essentially completely unusable. You're not trading up Google because Google already abandoned these devices by shutting off the lights. Even if you don't agree with how robust their service is, they're offering you the ability to turn what's effectively e-waste into an operable device.
skybrian 8 hours ago [-]
Why do you say it's unusable? Our Nest thermostat seems to be working fine as a normal (offline) thermostat. I don't see a reason to replace it.
I'm not even sure when I would want a network-enabled thermostat. We inherited it from the previous owners.
phatskat 16 minutes ago [-]
I liked mine because my home/away schedule isn’t “routine”. It was much easier to have it known when we left the house and it would automatically turn down, and I could warm the place up when we were headed home which is great when it’s below freezing out.
Edit to mention that I was out of town one winter and my thermostat gave me an alert that my apartment had reached 40F! With my cats in there and a blizzard happening while I was four states away, I was able to ask a friend to walk over and check it out. Turns out my balcony doors had blown open during the storm, thankfully my cats wanted nothing to do with the snowy outside but I can’t imagine if they had been in that situation for the 3-4 days it would be before I got home.
Aurornis 8 hours ago [-]
Google disabled cloud services, and therefore the app. The remote control features were a key reason many bought these.
Can you edit schedules directly on the thermostat? From what I recall, much of the functionality required the app. That can’t be used now.
If you’re only using it as an analog dial to set the temperature, you won’t miss anything. However the majority of functionality is now gone from the devices.
mattmaroon 6 hours ago [-]
You can edit the schedule on the device but it isn’t fun. The UI is just basically a dial that can click. And there’s no copy paste.
yummypaint 2 hours ago [-]
Yep I have this and it's total garbage. The scheduling options feel designed to troll, serious MacBook wheel vibes. No way to temporarily disable the schedule if you're going out of town. Either turn your HVAC off entirely, or delete the entire schedule and manually reenter the whole thing when you get back (who doesn't love life-wasting menu diving after a long trip?).
bastawhiz 5 hours ago [-]
It's an Internet connected device that will never receive updates and has none of the features that justify its existence above a $20 dumb thermostat. If you inherited it and don't care about the features and never used it anyway, I'm not sure why you'd care either way.
If you'd bought it for hundreds of dollars for the things it promised to do, you'd probably be much more excited to learn that you at least aren't stuck with a device that was made intentionally dumb by the manufacturer. They're perfectly capable of doing what they were designed to do!
hinkley 11 hours ago [-]
I want a little blade server or SBC stack cabinet, that’s sized to fit comfortably near the broadband router, which is set up to run a bunch of home services from nest controller to Minecraft server as a lightweight kubernetes.
Every so often you swap out the slowest one for a new one and keep adding more stuff to it.
Add the ability to isolate some of the machines as bastion hosts and we could do an awful lot without having to exfiltrate our own data.
Muromec 11 hours ago [-]
You can get a nice arm device with 16 or 32 gb ram for about 150 bucks and a screw 2 tb ssd to it for another 100 something.
There is even risc-v things with decent ram, nvme connector and costing about 50 bucks
EvanAnderson 14 hours ago [-]
The "Open Source" page on the dashboard site[0] links to this firmware but nothing about the server side. Firmware for the thermostat itself is a requirement, but without a dashboard it's still not really Free.
Edit: If I read closely I would have seen:
> The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure.
Right now it's just a blob that you flash to your device to make it talk to a proprietary service. It is not yet "giving me complete control over my device data and settings." I can't change where it comnects to etc.
In fact - I don't even see a privacy policy on nolongerevil.com!
Hey, I can login at nolongerevil.com using my Microsoft-owned github login! And there's yet another company involved: clerk.com - yay?
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I look forward to it.
PS: Sorry for being so negative... perhaps the release should have been delayed until all of this is opened up.
khamidou 11 hours ago [-]
I don't get the hate, it looks like they reverse-engineered the nest thermostat and wrote a firmware for it? That's super cool and the fact that an open source project doesn't have a privacy policy yet doesn't really matter at this point
EvanAnderson 11 hours ago [-]
> ...looks like they reverse-engineered the nest thermostat and wrote a firmware...
Not to diminish what this project has done, but they modified existing firmware to make it communicate with a different server. They've also implemented a server for the thermostat API.
It's pretty neat but, at this point, it's just a hacked firmware that talks to a different proprietary server.
Edit: It's not even a modification to the firmware binaries. They're just injecting /etc/hosts entries into the firmware[0]. If the Nest device just uses DNS to resolve these names then you wouldn't even need to modify the firmware-- just point it at a DNS server that's authoritative for the necessary names.
Does it not use TLS? Wouldn't the Nest have to trust a CA willing to issue certificates without proving ownership?
EvanAnderson 10 hours ago [-]
They're also injecting a CA bundle so, presumably, they're in including their own root of trust so they can sign their own certificate. I'm on mobile and can't easily look at what they're including.
Edit: Guess I've got openssl in my termux environment. They're injecting a fake Nest root CA key. Makes sense.
I'm shocked it was this easy to subvert the root of trust on these devices. I would expect a newer device would have the trust root pinned in hardware (TPM, etc) and firmware updates would be have been authenticated.
gruez 10 hours ago [-]
>I would expect a newer device would have the trust root pinned in hardware (TPM, etc) and firmware updates would be have been authenticated.
All those things cost money in hardware or development time, so companies basically never bother. You're probably also letting all the stories about DRM on phones or whatever color your experience on IOT as a whole. TPM basically makes no sense to implement on anything that's not a PC. Not even phones use it.
subscribed 9 hours ago [-]
Secure phones use it. IPhones (Secure Enclave), Pixels (Titan M2).... Yeah, that's not much....
gruez 8 hours ago [-]
"TPM" =/= Secure Enclave =/= Titan M2
You could argue TPM can work as a generic term for security coprocessors, but on a technical forum that makes as much sense as saying the pixel tablet is an "iPad".
EvanAnderson 7 hours ago [-]
To be fair, I was using TPM a little genetically (hence the "etc"). I (perhaps wrongly) assume most SoC's today have a non-volatile area for storing roots of trust and possibly a bootloader. My only embedded experience was an Android-based tablet project where DRM on the firmware was of major import because features were locked behind time/geo-limited license keys.
tracker1 10 hours ago [-]
I'm glad they didn't go that far... I wouldn't want that to get into a home device as long as it requires physical access to bypass/update the security in place. I'm really not a fan of excessively locked down hardware.
It’s the “no longer evil” marketing without actually proving that “no longer evil.com” is in fact … from from evil.
I was assuming that I could point the nest data stream & control UI to my own hosted thing on eg my local NAS or docker farm. That’s what I think would warrant the moniker “free from evil” in this kind of strong privacy preserving marketing.
kelnos 11 hours ago [-]
If they really want to show that they're building something that protects user privacy, they'd open source their backend server, and make it possible and easy to self-host it and point the modified firmware[0] at your own instance.
[0] They didn't write their own firmware; they hacked the stock firmware to redirect traffic from Google's servers to their own.
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
gnuplustoejam 10 hours ago [-]
Running open-source firmware someone's hacking on (which gets little to no testing) on a gas appliance that can burn your house down is probably not the best idea.
If you are paranoid about Nest being evil maybe stick to one of those Honeywell round hockey-puck things with the mercury inside.
Or use a Z-Wave/Zigbee thermostat from a reputable vendor (there aren't many) and control it from a gateway of your choice.
khamidou 10 hours ago [-]
This is for people who have already bought a nest and got burnt by the deprecation of their online services. Of course they could get another thermostat but then that'd just be more stuff for the landfills.
gnuplustoejam 10 hours ago [-]
Early generation Nest hardware was garbage, and was known for blowing FETs that failed closed, turning people's ACs into giant ice cubes. Putting it in the landfill would be doing yourself a favor.
The ex-Apple culture in the early history of Nest was evident, which ostensibly spec'd FETs over mechanical relays for superficial reasons, because clicking sounds are ugly. The results were in the spirit of other Apple engineering marvels (Titanium Powerbook, Antennagate, Bendgate).
mechanicalpulse 4 hours ago [-]
Well that's certainly a take. Solid state relays using optoisolated MOSFETs have been around for fifty years. Mechanical relays are overkill for signal switching as in HVAC thermostats, IMHO, but you do you.
Anecdotally, I have a first generation Nest and haven't had a problem. Maybe some of the earlier hardware had fewer protection against misuse (e.g., with non-24VAC systems or otherwise incorrect installation), but that's generally the case with most new things.
gnuplustoejam 49 minutes ago [-]
Sounds like something Nest engineers would have said.
It's not "signal switching", you see.
HVAC equipment is as old and varied as you can imagine, and there is higher current than you think running through those terminals, powering all sorts of nasties, oil burner relays, damper motors, crude AC contactors causing voltage spikes etc. HVAC low voltage power is as dirty as can be.
No one took this into account, they were more concerned with making the thermostat pretty.
BolexNOLA 10 hours ago [-]
It doesn’t just not have a privacy policy yet, but it’s not actually open source either. Honestly they probably fully intend on doing it, but it is important to point out that it is not yet open source.
> Open Source Commitment
>We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure
xeromal 10 hours ago [-]
> PS: Sorry for being so negative... perhaps the release should have been delayed until all of this is opened up.
This is one of the major problems with doing anything good online. People like this.
honkostani 10 hours ago [-]
Hey, this is just normal behavior in the dark forest of proprietary software- if good things happen, they are out to get you, some angler out to get you.
I am hopeful that Cody's exploit lets us write whole new firmware without the extra step of needing the new PCBs, but they are my next best option
ddingus 14 hours ago [-]
I really hope this project succeeds. In some small ways I was involved with Gen 1 and Gen 2 and the teams that built those products really cared. I doubt they would have said turn them off.
dare944 14 hours ago [-]
There's none of us left at Google anymore... and they didn't listen to us when we were there.
ddingus 13 hours ago [-]
Yeah, I figured as much. Sad day :(
For what it was worth, I really enjoyed helping everyone ramp up on NX. At that time in my career, I was ramping many similar groups up and many came from Apple and were experiencing sticker shock! (They bought the very best and it was not at all cheap!)
We talked about that and those in charge on my end were not at all happy with me showing people how geometry that normally requires a higher tier license to create, can be created with the base tier license, lol. (Mere mortals need that info because having the more expensive tool is not always on the table.)
Anyhow, stay cool. Maybe it will be different one day.
Please tell the others as you may encounter them, "That NX guy from PDX says, "Hi." You all may not know it, but I learned a ton from you guys. It was in the questions you asked and the processes you set up. I am applying some of that to my own projects today. So, thanks! ( way late! )
smt88 13 hours ago [-]
What are your favorite smart home brands nowadays?
Tepix 12 hours ago [-]
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I look forward to it!
danimal88 12 hours ago [-]
It is pretty outrageous that a company who purports to care about the environment turned this into a pile of garbage for the average user to save on some cloud hosting or devops. Or even worse, to sell the next generation.
skybrian 8 hours ago [-]
It's not e-waste unless for some reason you want to throw out a working thermostat just because it doesn't have network access.
anonym29 12 hours ago [-]
Marketing is marketing for lying. These companies care about nothing but their bottom line. All of the big cloud providers are complicit in what the UN has formally declared to be a genocide¹. The executives should be tried for war crimes, as should the employees who were working directly with Israeli intelligence and military. "I was just following orders" is not an excuse.
Making e-waste isn't desirable, but it's far from their most noteworthy moral atrocities and crimes against humanity.
Have this be an add-on supported by HomeAssistant and I'm in
buggeryorkshire 14 hours ago [-]
It's reliant on a bounty iirc for the server and device side code to be open-sourced. Will be about an hour after that I reckon and I cannot wait to contribute.
It's a boot script called /bin/nolongerevil.sh that supplies its own trust material and redirects traffic intended for frontdoor.nest.com to a hard-coded IP 15.204.110.215.
99.9% of this image is the original copyrighted Nest image.
Maybe it's enough for the bounty though? And I suppose you could change that IP to a local server. If you wanted to publish the server side Nest API discovered through WireShark . Just stand up your own http rest server.
thefroh 2 hours ago [-]
presumably it's the reverse engineered server that has most of the work put into it, and one would hope that's what is going to be released if the developer decides to
nickthegreek 13 hours ago [-]
wish this could have been released prior to the google shutoff. But I am happy with the ecobee and its HA integration.
jedberg 12 hours ago [-]
Same. My wife wouldn't let me wait. She insisted we be able to control the thermostat. :)
(The wheel on ours was broken so we could only control it via app).
johnz 12 hours ago [-]
Cool to see the recently launched FULU bounty program[0] working as intended[1].
>Do NOT use this firmware on any thermostat that is critical for your heating or cooling needs.
Also, carefully consider its use with propane or natural gas HVAC units. Many can reach dangerous temperatures very quickly. Many years ago we had a thermostat failure that caused our HVAC to not shut off. While it had an over-heat cut-out, it was for temps above 200F. Because the unit had an oversized blower, it caused our home to reach dangerous temps as we slept, including our kids room which was a good 20F hotter than our bedroom. Luckily we woke up and the kids were okay.
userbinator 8 hours ago [-]
That's just a disclaimer. The same could be said of the original ;-)
No "smart" thermostats for me --- I have a round Honeywell that's been working perfectly for several decades.
matthewfcarlson 10 hours ago [-]
Are they good options for cloud-freeish thermostats? I have two units (one for upstairs and one for downstairs). We have two nests but they’re so frustrating. I’ve lobotomized the “smart behavior” as much as a I can. I want a thermostat that connects to the home assistant I already have
baby_souffle 10 hours ago [-]
> Are they good options for cloud-freeish thermostats?
There are connected thermostats that do not feature a WiFi radio. I don't like zwave (I would really prefer WiFi with a HTTP or MQTT interface) but there is no thermostat that a) has a modern/working WiFi radio and b) a documented API.
Venstar is the only company that makes WiFi with an API but they seem to use the cheapest possible WiFi radios and I could never get mine to stay connected to my network for more than an hour or two. They also had a _really unusual_ firmware architecture: it was linux with a stripped down web browser; the UI was a SPA and it used some lua or js (don't recall, sorry) to communicate to the hardware driving GPIOs. They did expect firmware updates to be signed and that's where I stopped looking and moved on to a zwave thermostat.
z3ugma 7 hours ago [-]
I'm working on https://sett.homes which is in this spirit. Instead of an Atmel it's an ESP32.
It uses MQTT with Wifi as you requested :)
jsight 10 hours ago [-]
ecobee is still cloud connected, but they work nicely with homekit. AFAICT, that enables local control. I can confirm that they work nicely with homeassistant via the homekit integration.
bloodyplonker22 10 hours ago [-]
Don't even mention Ecobee. They've done the exact same thing as Google Nest by bricking their older hardware.
0xbadcafebee 11 hours ago [-]
Whoever made this needs to add a license right now with at least some kind of indemnity/no-warranty clause. If something goes wrong, the user can sue you, and likely win. Your nolongerevil.com website also needs a EULA w/indemnification before allowing users to register.
khamidou 10 hours ago [-]
The user is going to win after going out of their way to install an aftermarket binary blob on their deprecated thermostat? Seems like a stretch no?
0xbadcafebee 2 hours ago [-]
If the user was told by a smarty-pants computer person to do it, they'll assume it works and is safe. On the other hand, if something goes really wrong, and the user can convince a judge that the mystery binary blob was involved? And the author never said anything about it possibly being unsafe? Then the court can decide that the user had a valid assumption that it would be safe, and the author won't be able to prove otherwise.
They put these disclaimers into licenses because people have already won these kind of cases.
zzo38computer 8 hours ago [-]
I would want a thermostat that does not connect to the internet or any wireless communication at all (with the possible exception of an outside temperature sensor if it cannot be connected with a wire; the one that the people installed (I did not have a say) does not have an outside temperature sensor), and does not have a lighted display or a colour display. I had thought to use Atmel AVR. However, to do that, I think that, first I would need test cases so that an emulator can be written.
rconti 12 hours ago [-]
The original Nest thermostat and app has been abandonware since 2017, as far as I can tell. We got one in 2014, and I can only remember one change. A couple years into my use of it, the iPhone X came out, with the notch and taller screen. The Nest app eventually got updated to fill the whole screen, and that's it.
CivBase 6 hours ago [-]
To be fair, I can't imagine why an app for a thermostat would need regular updates - aside from what's necessary to keep the app functional on modern OS versions.
mrb 12 hours ago [-]
They should match the acronym and call it No Evil Systems Tolerated, or No Evil, Sane Tech firmware (N.E.S.T)
mmmlinux 12 hours ago [-]
Why does it need to connect to some server at all? Why cant it just work with home assistant or what ever?
dx4100 11 hours ago [-]
Are we really all so spoiled that everything has to be delivered as a shiny, perfect solution?
mattclarkdotnet 2 hours ago [-]
Missed opportunity to call it Thermostat-ForGood
ternus 11 hours ago [-]
What's the go-to recommendation for smart thermostats with local control (no cloud) + Home Assistant these days? Claude suggests Ecobee + Homekit. Z-Wave seems to be another popular option. What are people using?
dgacmu 8 hours ago [-]
I've switched 3 of my 4 nests to a z-wave thermostat and I'm really happy[1] with it so far. The Honeywell T6 pro. I got them used for about $56 each and they were in near-perfect condition.
[1] With one exception, which is really niche to me: The T6 has what looks like a PID-style control algorithm hiding in it, and instead of specifying a deadband between on/off, you can only specify a max number of cycles per hour. I already have a home-brewed PID algorithm controlling the temperature target of my boiler, so I actually _want_ a stupider thermostat that will stay on/off a little longer. But this is purely because I'm weird. The T6 is really good at keeping the temperature on target, and the homeassistant integration was fast and easy and has been totally solid. I recommend - I'm just waiting for the last one to arrive and I will have completely replaced my Nests (gen2 + gen3).
I'll also add that the local UI on the T6 is much better than the one on the nest. And the installation process was really simple -- Honeywell clearly learned from Nest on this one, and then beat them with the UI. I'm really happy with the upgrade, even though I'm totally annoyed with Google for wrecking my perfectly functional thermostat.
xrd 12 hours ago [-]
I have a nest thermostat, but the strongly worded warnings are scary.
And, I would really love to wire my nest into home assistant, but getting past the Google house of horrors is even scarier.
Are there any good thermostats that can be used with home assistant? I would really like to start understanding my energy usage in a safe way.
torginus 12 hours ago [-]
what's so special about nest? I have bought a Venstar thermostat, that connects to HA via WiFi, with no cloud server involved. It's a plasticky square with a liquid crystal screen, but I don't know why I would a thermostat of all things (that I touch like once a month) to be a conversation piece.
Even if it wasn't evil, I'd consider buying an expensive one a waste of money, which is kinda important considering I'm looking to save money.
kevin_thibedeau 6 hours ago [-]
That logo is a trademark violation. Should be sanitized out of the repo.
OptionOfT 10 hours ago [-]
This reminds me of Ecobee killing their developer portal. Very sad. I hope one day we can flash a custom firmware to those.
jjallen 12 hours ago [-]
Very cool. Was thinking about working onthis myself after moving in a house 4 months ago with these to all of a sudden ahve to replace them for no good reason.
baggachipz 12 hours ago [-]
I have two Nest E thermostats which I purchased years ago. I wonder how long it will be until they're bricked too.
StephenHerlihyy 12 hours ago [-]
Living in a cold room with an evil presence is better than roasting in hell with an angry wife.
mikkupikku 12 hours ago [-]
This is why I hate digital thermostats. With the old classic round Honeywell thermostats you could turn the dial a fraction of a degree when nobody was looking and "boil the frog" to get a reasonable temperature. With digital thermostats, you can only change the temperature in discrete steps which will be immediately noticed.
>Why does it say 74?? I had it set to 75!!1!
torginus 11 hours ago [-]
Use home assistant, and program in a second stealth thermostat controlled by the first, that allows you to 'nudge' the values.
It's what I did, not because of relationship reasons, but the hvac and furnace thermostat disagreed on what temperature 23C should be so I had to tweak it.
adrianmonk 10 hours ago [-]
The flip side is that, if you do hammer out an agreement on what the thermostat should be set to, with an analog thermostat, you can have arguments about whether it is actually set to that.
"We agreed it would be set to 74!"
"It IS set to 74!"
"No, it's set to like 74.2 or 74.3 or something! The little pointer is not pointing directly at 74, and you know it!"
quickthrowman 9 hours ago [-]
>Why does it say 74?? I had it set to 75!!1!
This is where you start explaining what hysteresis is and wait for their eyes to glaze over before changing the subject ;)
ksenzee 11 hours ago [-]
Have you considered just not living with people you think so little of?
mikkupikku 11 hours ago [-]
I have an analogue thermostat in my home, but vacations (in rental properties) with the in-laws turn into thermostat wars. I particularly don't appreciate the ones that use proximity sensors to light the thermostat display's backlight. Whoever came up with that idea was a genuine asshole.
Besides, would you really break off a relationship over something so petty as temperature preference? The people who find somebody who's literally perfect for them must be very rare, I think most people have to make small sacrifices and concessions.
ksenzee 10 hours ago [-]
I agree, everyone makes small sacrifices and concessions to the people they live with, and I would never break up with someone over such a small issue as temperature preference. But trying to trick your partner or housemate into thinking you haven’t changed the temperature? That’s the kind of strategy you use when you’re stuck with someone you can’t communicate with, or don’t respect enough to want to communicate with, or have given up on communicating with. At that point I’d be packing my things.
mwpmaybe 12 hours ago [-]
You can still spin the damn encoder.
StephenHerlihyy 12 hours ago [-]
A younger me would have had the same gusto. Age has taught me that attempting to improve the AC, in ways that my family can neither appreciate or understand, is merely going to lead to disaster.
jcpst 12 hours ago [-]
I have a Gen 1 Nest. Is it common for them to brick if you connect them to the internet?
darkwater 12 hours ago [-]
Let's buy a second hand Nest Gen1/2 before people know about this!
adrianmonk 10 hours ago [-]
Buy a bunch of them and engage in cloud thermostat firmware arbitrage! You could make a big profit! (Or you could put in significant time and effort but lose money.)
snvzz 10 hours ago [-]
Seems a good step towards a whole replacement firmware.
No real reason to keep running google's code on these things.
z3ugma 7 hours ago [-]
I'm reasonably excited about the prospect of this authorship of replacement firmware
I think that putting MQTT on this would be an important step toward local control and connecting it to Home Assistant
GiorgioG 14 hours ago [-]
I can't express how much damage Google has done to its reputation in my mind with how they EOL'd the online functionality of these devices. I have 3 of them. I will never buy a Google device of any kind ever again.
baq 12 hours ago [-]
At this point I assume any device which can talk IP is one firmware push away from becoming a brick in the best case and taking you hostage in the worst case.
Zigbee allows firmware upgrades, but will not take you hostage. It isn’t perfect, but I’ll take it for having a user-first design instead of ARR-first.
tensor 13 hours ago [-]
Yup. Same, though I've actually decided to only buy stuff that supports home assistant. I shouldn't have to depend on a corporate server at all, and especially shouldn't have to call out to an internet site just to control something local.
thesuitonym 12 hours ago [-]
What really surprises me is that there are people who didn't see this coming. I mean really people, you're purchasing a device which requires an internet connection to a server you don't own.
GiorgioG 11 hours ago [-]
I certainly didn't see this coming in 2014 when I paid $800+ and installed them. If they'd have said hey $5/year for each to keep them going, I'd have begrudgingly paid it and carried on...but now, Google will never get a dime from me again.
iamjackg 12 hours ago [-]
Yeah I immediately switched to a Honeywell Z-Wave thermostat as soon as I got the email that they were discontinuing them.
gigel82 12 hours ago [-]
So, trade the "evil" Google for the totally not evil trust-me-bro "nolongervil Corp"?
Don't get me wrong, I love to see things like this, but just go all the way and allow folks to set their own URLs (maybe to servers they own in their own home).
torginus 11 hours ago [-]
Or buy one of the dozens that work via Matter/Wifi/Thread/Zigbee and make sure the data never leaves your home.
CivBase 6 hours ago [-]
They've announced an intent to open source it after they collect the bounty. So you could probably do just that.
huflungdung 9 hours ago [-]
[dead]
14 hours ago [-]
LilyFrenchPants 14 hours ago [-]
This person is a PHP programmer according to their LinkedIn profile. They are just using the existing OMAPLoader tool and does not seem to have embedded device programming experience. I am not hopeful they will be able to write custom firmware for the thermostats.
LFP
Aurornis 12 hours ago [-]
> I am not hopeful they will be able to write custom firmware for the thermostats.
If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.
The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.
torginus 11 hours ago [-]
Sounds fishy, if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting, which is somewhat disconcerting.
gruez 10 hours ago [-]
>that means the traffic is vulnerable to some sort of MITM attack by DNS poisoning/packet rerouting
Because it uses https? OP gets around this by manually injecting his certificate, but if you have physical access to a device it's generally considered to be game over in most threat models.
sedatk 10 hours ago [-]
> if the device allows this sort of fakery, that means the traffic is vulnerable to some sort of MITM attack
No. This is a thermostat at your home. It forwards its DNS requests to your router. Feel free to establish whatever security protocols you need there. Or, even better, host your own server.
l9o 12 hours ago [-]
Personally, I think this might be an even better approach. The Nest Gen1/2 UI was pretty slick. It would be a shame to have to use a custom firmware.
z3ugma 12 hours ago [-]
I agree, there's a "hammer and nail" problem here, it's impressive though that he used Ghidra to RE some of the API calls that the Nest binaries are making after having got root access - according to some of what Cody has said in the Reddit thread and on his Discord channel.
I am designing whole new PCBs that mount in the Nest so that we have 100% firmware control over the device... time will tell if we can do the same thing on the Linux OS that the Nest currently runs on, or if custom hardware will be needed because the OS has too much locked down
eej71 13 hours ago [-]
I see it as a great starting point.
z3ugma 12 hours ago [-]
I agree that it's a great starting point
torginus 12 hours ago [-]
[flagged]
stickfigure 11 hours ago [-]
1. There is no subscription.
2. I paid less than $200 for it.
3. The device lets me control the thermostat remotely. I can turn on the heater when coming home from a trip, or turn it off if I forgot when I left.
4. I can just say "Hey Google, turn up the heat" out loud.
I don't care if Google knows about the temperature of my home. I absolutely would buy the product again.
1970-01-01 11 hours ago [-]
Nest before Google (Nest Gen 1 and 2) was a small tech startup.
morshu9001 11 hours ago [-]
That doesn't really make it better, unless they had a stricter privacy policy.
Please don't fulminate on HN. You can make these points without the rage; the guidelines require that if we're going to participate here. They also ask us to avoid generic tangents. This post is about an open-source firmware to run on devices, not people's motivation to buy the devices in the first place.
Weather comp + low load comp + PID which means your room temperature works at the precision range supported by your temperature sensor. In my case, within 0.02 Celsius. Saves energy and makes your house more comfortable. Operated via home assistant.
See real time data in Grafana
https://gasboiler.grafana.net/public-dashboards/8d44381aafa9...
Or Emoncms
https://emoncms.org/app/view?name=MyBoilerIdealLogicH24Opent...
- The Vitodens has like ten stages, but the Ecobee has no way to command them, it's just a binary call to the Taco pump for heat / no heat, with the boiler deciding on its own how hard to push (I guess based on the outside air sensor and maybe time of day?)
- The Vitodens is monitoring the return boiler water temperature, but the Ecobee doesn't know anything about that.
- None of this is interlinked with the heat pump, so the systems can run on top of each other and end up with the wrong parts of the house overheated or left cold. The heat pump's controller is proprietary but it works with the NetHome Plus app so there is a bridge to get the units on homeassistant.
I don't have the spoons right now to try to beat this all into shape, but eventually I'd like to get HA temp monitors in multiple places in the house so that a single central system can make smarter decisions about which system to run and when. For example, in the evening I mostly care about the bedrooms, and the bedrooms are covered by zone 2 of the heat pump, so it would make sense to prioritize the heat pump then and only run the boiler if the heat pump isn't able to keep up; whereas in the daytime if heat is needed, it's probably throughout the house so the boiler should run.
When it came to the install I was told in no uncertain terms that even though they produced the board and it was compatible with my boiler, any attempt at installation by myself or their approved installation engineer would immediately void the warranty.
So that was the end of my OpenTherm journey. Thanks Vaillant!
Despite their name, we have no idea if NoLongerEvil is evil or not. Why should I trust them? I don't know them at all. Why will they be immune to the regular economic pressures surrounding any connected online service? What will stop them from adding tracking or other anti-features? Even if they are a bunch of saints, what will stop them from selling the service to a company that will not respect my privacy?
Google is at least the devil we know, here.
I was expecting a fully open source firmware, with a fully open source backend service that people can host themselves if they so choose.
(I guess they didn't write their own firmware; they hacked Google's firmware so it redirects traffic from Google's servers to their own. So I guess in this model, I'd want to see an open source, self-hostable backend service, and a "build" process for the hacked firmware to set the API URL to the self-hosted backend.)
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
Google has left these devices essentially completely unusable. You're not trading up Google because Google already abandoned these devices by shutting off the lights. Even if you don't agree with how robust their service is, they're offering you the ability to turn what's effectively e-waste into an operable device.
I'm not even sure when I would want a network-enabled thermostat. We inherited it from the previous owners.
Edit to mention that I was out of town one winter and my thermostat gave me an alert that my apartment had reached 40F! With my cats in there and a blizzard happening while I was four states away, I was able to ask a friend to walk over and check it out. Turns out my balcony doors had blown open during the storm, thankfully my cats wanted nothing to do with the snowy outside but I can’t imagine if they had been in that situation for the 3-4 days it would be before I got home.
Can you edit schedules directly on the thermostat? From what I recall, much of the functionality required the app. That can’t be used now.
If you’re only using it as an analog dial to set the temperature, you won’t miss anything. However the majority of functionality is now gone from the devices.
If you'd bought it for hundreds of dollars for the things it promised to do, you'd probably be much more excited to learn that you at least aren't stuck with a device that was made intentionally dumb by the manufacturer. They're perfectly capable of doing what they were designed to do!
Every so often you swap out the slowest one for a new one and keep adding more stuff to it.
Add the ability to isolate some of the machines as bastion hosts and we could do an awful lot without having to exfiltrate our own data.
There is even risc-v things with decent ram, nvme connector and costing about 50 bucks
Edit: If I read closely I would have seen:
> The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure.
[0] https://nolongerevil.com/
https://github.com/codykociemba/NoLongerEvil-Thermostat/issu...
Trust me bro.
In fact - I don't even see a privacy policy on nolongerevil.com!
Hey, I can login at nolongerevil.com using my Microsoft-owned github login! And there's yet another company involved: clerk.com - yay?
"We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure."
I look forward to it.
PS: Sorry for being so negative... perhaps the release should have been delayed until all of this is opened up.
Not to diminish what this project has done, but they modified existing firmware to make it communicate with a different server. They've also implemented a server for the thermostat API.
It's pretty neat but, at this point, it's just a hacked firmware that talks to a different proprietary server.
Edit: It's not even a modification to the firmware binaries. They're just injecting /etc/hosts entries into the firmware[0]. If the Nest device just uses DNS to resolve these names then you wouldn't even need to modify the firmware-- just point it at a DNS server that's authoritative for the necessary names.
[0] https://github.com/codykociemba/NoLongerEvil-Thermostat/issu...
Edit: Guess I've got openssl in my termux environment. They're injecting a fake Nest root CA key. Makes sense.
I'm shocked it was this easy to subvert the root of trust on these devices. I would expect a newer device would have the trust root pinned in hardware (TPM, etc) and firmware updates would be have been authenticated.
All those things cost money in hardware or development time, so companies basically never bother. You're probably also letting all the stories about DRM on phones or whatever color your experience on IOT as a whole. TPM basically makes no sense to implement on anything that's not a PC. Not even phones use it.
You could argue TPM can work as a generic term for security coprocessors, but on a technical forum that makes as much sense as saying the pixel tablet is an "iPad".
I was assuming that I could point the nest data stream & control UI to my own hosted thing on eg my local NAS or docker farm. That’s what I think would warrant the moniker “free from evil” in this kind of strong privacy preserving marketing.
[0] They didn't write their own firmware; they hacked the stock firmware to redirect traffic from Google's servers to their own.
Edit: looks like they plan to open source the backend and enable self-hosting "soon". Hopefully that comes to pass!
If you are paranoid about Nest being evil maybe stick to one of those Honeywell round hockey-puck things with the mercury inside.
Or use a Z-Wave/Zigbee thermostat from a reputable vendor (there aren't many) and control it from a gateway of your choice.
The ex-Apple culture in the early history of Nest was evident, which ostensibly spec'd FETs over mechanical relays for superficial reasons, because clicking sounds are ugly. The results were in the spirit of other Apple engineering marvels (Titanium Powerbook, Antennagate, Bendgate).
Anecdotally, I have a first generation Nest and haven't had a problem. Maybe some of the earlier hardware had fewer protection against misuse (e.g., with non-24VAC systems or otherwise incorrect installation), but that's generally the case with most new things.
It's not "signal switching", you see.
HVAC equipment is as old and varied as you can imagine, and there is higher current than you think running through those terminals, powering all sorts of nasties, oil burner relays, damper motors, crude AC contactors causing voltage spikes etc. HVAC low voltage power is as dirty as can be.
No one took this into account, they were more concerned with making the thermostat pretty.
> Open Source Commitment
>We are committed to transparency and the right-to-repair movement. The firmware images and backend API server code will be open sourced soon, allowing the community to audit, improve, and self-host their own infrastructure
This is one of the major problems with doing anything good online. People like this.
I am hopeful that Cody's exploit lets us write whole new firmware without the extra step of needing the new PCBs, but they are my next best option
For what it was worth, I really enjoyed helping everyone ramp up on NX. At that time in my career, I was ramping many similar groups up and many came from Apple and were experiencing sticker shock! (They bought the very best and it was not at all cheap!)
We talked about that and those in charge on my end were not at all happy with me showing people how geometry that normally requires a higher tier license to create, can be created with the base tier license, lol. (Mere mortals need that info because having the more expensive tool is not always on the table.)
Anyhow, stay cool. Maybe it will be different one day.
Please tell the others as you may encounter them, "That NX guy from PDX says, "Hi." You all may not know it, but I learned a ton from you guys. It was in the questions you asked and the processes you set up. I am applying some of that to my own projects today. So, thanks! ( way late! )
I look forward to it!
Making e-waste isn't desirable, but it's far from their most noteworthy moral atrocities and crimes against humanity.
¹ https://www.ohchr.org/en/press-releases/2025/09/israel-has-c...
It's a boot script called /bin/nolongerevil.sh that supplies its own trust material and redirects traffic intended for frontdoor.nest.com to a hard-coded IP 15.204.110.215. 99.9% of this image is the original copyrighted Nest image. Maybe it's enough for the bounty though? And I suppose you could change that IP to a local server. If you wanted to publish the server side Nest API discovered through WireShark . Just stand up your own http rest server.
(The wheel on ours was broken so we could only control it via app).
[0] https://bounties.fulu.org/bounties/nest-learning-thermostat-...
[1] https://nolongerevil.com/about#:~:text=What,in.
Also, carefully consider its use with propane or natural gas HVAC units. Many can reach dangerous temperatures very quickly. Many years ago we had a thermostat failure that caused our HVAC to not shut off. While it had an over-heat cut-out, it was for temps above 200F. Because the unit had an oversized blower, it caused our home to reach dangerous temps as we slept, including our kids room which was a good 20F hotter than our bedroom. Luckily we woke up and the kids were okay.
No "smart" thermostats for me --- I have a round Honeywell that's been working perfectly for several decades.
There are connected thermostats that do not feature a WiFi radio. I don't like zwave (I would really prefer WiFi with a HTTP or MQTT interface) but there is no thermostat that a) has a modern/working WiFi radio and b) a documented API.
Venstar is the only company that makes WiFi with an API but they seem to use the cheapest possible WiFi radios and I could never get mine to stay connected to my network for more than an hour or two. They also had a _really unusual_ firmware architecture: it was linux with a stripped down web browser; the UI was a SPA and it used some lua or js (don't recall, sorry) to communicate to the hardware driving GPIOs. They did expect firmware updates to be signed and that's where I stopped looking and moved on to a zwave thermostat.
It uses MQTT with Wifi as you requested :)
They put these disclaimers into licenses because people have already won these kind of cases.
[1] With one exception, which is really niche to me: The T6 has what looks like a PID-style control algorithm hiding in it, and instead of specifying a deadband between on/off, you can only specify a max number of cycles per hour. I already have a home-brewed PID algorithm controlling the temperature target of my boiler, so I actually _want_ a stupider thermostat that will stay on/off a little longer. But this is purely because I'm weird. The T6 is really good at keeping the temperature on target, and the homeassistant integration was fast and easy and has been totally solid. I recommend - I'm just waiting for the last one to arrive and I will have completely replaced my Nests (gen2 + gen3).
I'll also add that the local UI on the T6 is much better than the one on the nest. And the installation process was really simple -- Honeywell clearly learned from Nest on this one, and then beat them with the UI. I'm really happy with the upgrade, even though I'm totally annoyed with Google for wrecking my perfectly functional thermostat.
And, I would really love to wire my nest into home assistant, but getting past the Google house of horrors is even scarier.
Are there any good thermostats that can be used with home assistant? I would really like to start understanding my energy usage in a safe way.
Even if it wasn't evil, I'd consider buying an expensive one a waste of money, which is kinda important considering I'm looking to save money.
>Why does it say 74?? I had it set to 75!!1!
It's what I did, not because of relationship reasons, but the hvac and furnace thermostat disagreed on what temperature 23C should be so I had to tweak it.
"We agreed it would be set to 74!"
"It IS set to 74!"
"No, it's set to like 74.2 or 74.3 or something! The little pointer is not pointing directly at 74, and you know it!"
This is where you start explaining what hysteresis is and wait for their eyes to glaze over before changing the subject ;)
Besides, would you really break off a relationship over something so petty as temperature preference? The people who find somebody who's literally perfect for them must be very rare, I think most people have to make small sacrifices and concessions.
No real reason to keep running google's code on these things.
I think that putting MQTT on this would be an important step toward local control and connecting it to Home Assistant
Zigbee allows firmware upgrades, but will not take you hostage. It isn’t perfect, but I’ll take it for having a user-first design instead of ARR-first.
Don't get me wrong, I love to see things like this, but just go all the way and allow folks to set their own URLs (maybe to servers they own in their own home).
LFP
If you read the GitHub Readme (typically a better way to judge a project than stalking someone on LinkedIn) you can see that they didn’t write a custom firmware. They modified the Nest firmware to contact different back end servers.
The firmware is the same (they claim) except for modifications to change which server is contacted. They then built a back end to mimic the original Google serves.
Because it uses https? OP gets around this by manually injecting his certificate, but if you have physical access to a device it's generally considered to be game over in most threat models.
No. This is a thermostat at your home. It forwards its DNS requests to your router. Feel free to establish whatever security protocols you need there. Or, even better, host your own server.
I have been working on REing the hardware itself to write drivers directly - for example at https://sett.homes/blogs/updates/the-lcd-display-reverse-eng....
I am designing whole new PCBs that mount in the Nest so that we have 100% firmware control over the device... time will tell if we can do the same thing on the Linux OS that the Nest currently runs on, or if custom hardware will be needed because the OS has too much locked down
2. I paid less than $200 for it.
3. The device lets me control the thermostat remotely. I can turn on the heater when coming home from a trip, or turn it off if I forgot when I left.
4. I can just say "Hey Google, turn up the heat" out loud.
I don't care if Google knows about the temperature of my home. I absolutely would buy the product again.
https://web.archive.org/web/20120108154346/http://www.nest.c...
https://news.ycombinator.com/newsguidelines.html