The OpenSprinkler controller

Posted Aug 30, 2023 14:21 UTC (Wed) by mb (subscriber, #50428)
In reply to: The OpenSprinkler controller by Wol
Parent article: The OpenSprinkler controller

This device can't connect to any network without the user entering credentials.
It's the users responsibility to not do stupid things.

The OpenSprinkler controller

Posted Aug 30, 2023 15:00 UTC (Wed) by Wol (subscriber, #4433) [Link] (1 responses)

You're assuming users are intelligent. Not a wise move ...

Cheers,
Wol

The OpenSprinkler controller

Posted Aug 30, 2023 15:17 UTC (Wed) by mb (subscriber, #50428) [Link]

>You're assuming users are intelligent.

No, I'm not. Quite contrary.
Users do stupid things all the time.

And while I agree that things should be secure by default in an ideal world, I don't think "insecure" things are bad per se.
If I don't expose this to the internet, I don't see why I would strictly need authentication or anything like that. Plain old unencrypted and unauthenticated HTTP is just fine for many use cases. I do actually run such things (not this one, but similar things) inside of my secured network. And I really don't see the problem.

If a user connects something to the internet, it's their responsibility to check if it's safe and secure. Just like it's their responsibility to check if it's safe and secure to leave the car doors open.
But that doesn't affect all other use cases and doesn't make the product any worse.