My parents gave me a smart weather station for Christmas a few years ago. I never even took it out of the box. I know it exposes a web server so I can view a fancy UI in my browser...
I should take it out of the box and run a pentest on it. I imagine it's pretty insecure. The developers of these types of things often don't consider security.
Every time someone does a project like this, it exposes how trivial “IoT” really is once you strip away vendor lock in and buzzwords. A $3 sensor, a 10 line script, and a 40 year old ham protocol outperform half the commercial weather APIs out there.
To be generous, this solution 'outperforms' commercial weather APIs for exactly one hyperlocal geographic location, and underperforms on 99.999999% of the remaining locations that may also be experiencing weather of some sort.
There's a magical world out there where Tuya leave us with the ability to OTA flash custom firmware of we have physical access, and then we can all just run ESPHome on private wifi networks.
you can have 2 identical partitions on the ESP, the OTA flashes the inactive partition and signals to bootloader to attempt to boot it from there.
the device is restarted, if the new firmware is working correctly you signal the update process that everything is all right and it sets the new partition as default.
if the device doesn't boot correctly, or your sanity checks don't pass, either you or the watchdog restarts the device and it boot from the known-working partition.
I didn't ask what can you have. We could have whatever safety processes we wanted with multiple levels of redundancy. However, that's not what's available on COTS IoT devices though, so speculation does not help.
Flashing the firmware of a cheap IoT device remotely OTA is not without risk.
With respect, this misses some important constraints. Scale it to thousands of locations and target 99% SLA. Now you have a maintenance problem in remote physical places, requirements for hardware reliability, subcontractors to manage, need a reliable network connectivity, etc. You also need to collect and redistribute the data (API or whatever) - while this is a trivial problem today, still you incur costs for hosting, network, etc. While I actually agree with the sentiment, it is not just a $3 sensor either.
I had a station for a few years. The receiver had a usb interface so no software radio required. I used weewx to import the data. I even had a water temperature sensor off the end of my dock so I could see if the lake was warm enough to swim in.
Slightly tangential, my hope is that the Blitzortung project picks up momentum.
> Blitzortung.org and Lightningmaps.org are world-wide non-commercial low-cost community-based lightning detection and lightning location networks. They provide free real time lightning maps for a lot of count
Been meaning to DIY a weather solution too...just need to figure out how to power it on balcony (no power). Thinking perhaps via the new sodium batteries & explore that too while at it.
If you live in a moderately dense area or know a neighbor who also has a weather station, you might try the command line utility rtl_433[0] mentioned in the article with an SDR dongle to pick up existing broadcasts in your area. I pick up three different stations consistently!
I want to do the reverse: I have a DIY esp32 "weather" station (temp/humidity but more importantly particle sensor) and I would love to share it via radio!
my winter project is to create a container pod at home that remixes media, maybe adds in some old or joke tv commercials between shows, and most importantly, shows the weather and the route to work at 7am. i think everything exists to do this, but it might take a few weeks to cobble together.
The very first cable weather "channel" was a large circular base at least 4' diameter (don't remember exact size, but big) that had various full size gauges on it. A camera was positioned to look down on the gauge under it. The whole table top rotated so that each gauge would continuously cycle under the camera. When you viewed the channel, you'd have to wait until the gauge you wanted to see rotated back around.
I get the sense from the article that part of the fun was doing this via radio frequencies rather than having to deal with a network.
> At this point, we've connected the Temu weather station to the Internet and the ham radio network. Anyone with an APRS-enabled radio, digipeater, receiver, or just a web browser can see what the temperature and humidity are at my house.
Nearly all off the shelf weather station parts use 433Mhz or similar bands. It’s likely that if you have any preexisting wireless temp sensors, etc that transmit to an indoor display, you can use those with a system like this. I also think that range and battery life is better for these simpler sensors.
I expected "putting something on the internet" to mean being to talk to a device directly, not taking its data and publishing it somewhere. Is it just me?
This reminds me...
My parents gave me a smart weather station for Christmas a few years ago. I never even took it out of the box. I know it exposes a web server so I can view a fancy UI in my browser...
I should take it out of the box and run a pentest on it. I imagine it's pretty insecure. The developers of these types of things often don't consider security.
Every time someone does a project like this, it exposes how trivial “IoT” really is once you strip away vendor lock in and buzzwords. A $3 sensor, a 10 line script, and a 40 year old ham protocol outperform half the commercial weather APIs out there.
To be generous, this solution 'outperforms' commercial weather APIs for exactly one hyperlocal geographic location, and underperforms on 99.999999% of the remaining locations that may also be experiencing weather of some sort.
There's a magical world out there where Tuya leave us with the ability to OTA flash custom firmware of we have physical access, and then we can all just run ESPHome on private wifi networks.
And what recovery mechanisms do you have in place when the OTA flash goes wrong?
you can have 2 identical partitions on the ESP, the OTA flashes the inactive partition and signals to bootloader to attempt to boot it from there.
the device is restarted, if the new firmware is working correctly you signal the update process that everything is all right and it sets the new partition as default.
if the device doesn't boot correctly, or your sanity checks don't pass, either you or the watchdog restarts the device and it boot from the known-working partition.
I didn't ask what can you have. We could have whatever safety processes we wanted with multiple levels of redundancy. However, that's not what's available on COTS IoT devices though, so speculation does not help.
Flashing the firmware of a cheap IoT device remotely OTA is not without risk.
same recovery mechanism as when the Crowdstrike OTA goes wrong
With respect, this misses some important constraints. Scale it to thousands of locations and target 99% SLA. Now you have a maintenance problem in remote physical places, requirements for hardware reliability, subcontractors to manage, need a reliable network connectivity, etc. You also need to collect and redistribute the data (API or whatever) - while this is a trivial problem today, still you incur costs for hosting, network, etc. While I actually agree with the sentiment, it is not just a $3 sensor either.
"If you want to support me, send me AA batteries" in the bot account profile made me chuckle.
You might consider joining the Citizen Weather Observer Program. It's a great way to share your data with other station owners.
http://www.wxqa.com/
I had a station for a few years. The receiver had a usb interface so no software radio required. I used weewx to import the data. I even had a water temperature sensor off the end of my dock so I could see if the lake was warm enough to swim in.
Uk weather office has a similar effort apparently - select registered sites and disable the official ones here:
https://wow.metoffice.gov.uk/
Interesting to see that it gets many submissions from outside UK too
Slightly tangential, my hope is that the Blitzortung project picks up momentum.
> Blitzortung.org and Lightningmaps.org are world-wide non-commercial low-cost community-based lightning detection and lightning location networks. They provide free real time lightning maps for a lot of count
[docs of the projects](https://docs.lightningmaps.org)
[real-time lightening map](https://map.blitzortung.org)
Been meaning to DIY a weather solution too...just need to figure out how to power it on balcony (no power). Thinking perhaps via the new sodium batteries & explore that too while at it.
If you live in a moderately dense area or know a neighbor who also has a weather station, you might try the command line utility rtl_433[0] mentioned in the article with an SDR dongle to pick up existing broadcasts in your area. I pick up three different stations consistently!
[0]https://github.com/merbanan/rtl_433
I want to do the reverse: I have a DIY esp32 "weather" station (temp/humidity but more importantly particle sensor) and I would love to share it via radio!
I was very grateful to the author for `aprs-weather-submit` while building cwop.rest. Great post.
Holy cow, cheap weather stations are encoding and decoding JSON? What a century.
No, the tool rtl_433 repackages payload data in json for easier downstream consumption.
my winter project is to create a container pod at home that remixes media, maybe adds in some old or joke tv commercials between shows, and most importantly, shows the weather and the route to work at 7am. i think everything exists to do this, but it might take a few weeks to cobble together.
For even more retro points, have the UI presented by WeatherStar! https://weatherstar.netbymatt.com/
I was kinda expecting analogue tech and computer vision here. :D Nice work.
The very first cable weather "channel" was a large circular base at least 4' diameter (don't remember exact size, but big) that had various full size gauges on it. A camera was positioned to look down on the gauge under it. The whole table top rotated so that each gauge would continuously cycle under the camera. When you viewed the channel, you'd have to wait until the gauge you wanted to see rotated back around.
Cool project but I would just have used a zigbee/wifi weather station, they are just as cheap.
I get the sense from the article that part of the fun was doing this via radio frequencies rather than having to deal with a network.
> At this point, we've connected the Temu weather station to the Internet and the ham radio network. Anyone with an APRS-enabled radio, digipeater, receiver, or just a web browser can see what the temperature and humidity are at my house.
Nearly all off the shelf weather station parts use 433Mhz or similar bands. It’s likely that if you have any preexisting wireless temp sensors, etc that transmit to an indoor display, you can use those with a system like this. I also think that range and battery life is better for these simpler sensors.
links? the closest thing is 10x the price, some are more like $80, some $180
this is one of the most fascinating and funniest articles i've read in a while
I expected "putting something on the internet" to mean being to talk to a device directly, not taking its data and publishing it somewhere. Is it just me?
All this device ever does is publish results, so it’s not clear what interacting directly would mean
Yes.
[dead]