Is there a way to configure the Hubitat hub to automatically install new firmware updates? I have manually checked and found there were updates available. I just worry that I will have had the Hubitat working fine in my home, won't have remembered to check for updates, and there will be updates that fix important vulnerabilities that could be exploited just sitting there.
Since the hub is local, updates for vulnerabilities are not a normal part of the release cycle. You need to secure your front end. That is how you will protect devices on your local network. Anything that could be attacked in the cloud is dealt with in the cloud.
The whole idea is that Hubitat doesn't force updates down your throat when you have things working perfectly like the other vendors do. You update when you want, and roll back if you want, or find that the update is not working right on your system.
Hubitat always issue release notes for update etc.
I subscribe to these so that I receive an email when an update is available.
You can do this in your forum settings.
I understand that being local makes the hub more secure. However, in this day and age a residential grade router is not hacker proof if some decides to really make the effort. Once inside a network, IoT device vulnerabilities can be exploited for all kinds of uses; even making them part of a larger botnet. This has all been done before.
It doesn't even require a hacker to spend the time breaking through a home's router. Clicking on a link in the wrong email can install malware on a computer that provides hackers access to every device on a network.
We just don't live in a very friendly digital world right now and it will probably get worse in the future.
I understand that some hub owners may not want automatic updates enabled. But IMHO it should be an option along with the ability to easily revert to an earlier firmware version if problems with an update arise.
Thanks @bobbles. That helps
this would be a double edged issue as it's possible an automatic update might cause an issue with a system that was actually running fine.. it's much better as a manual update.
Personally, at some point in the future I don't believe this will even be a choice. In years past IoT devices came with default usernames and passwords. Consumers, for convenience, could just leave these in place. Now that has all gone away and everyone is forced to enter their own username and password when the first start using an IoT device. The Mirai botnet was the prime example of why that was such a bad idea.
I believe that with the rapid proliferation of IoT devices, and the issues that will arise with hackers making use of vulnerabilities, that automated updates will become mandatory and the choice will be removed.
I'm highly versed in the issues too. It's not something that you're going to see updated in the Platform per se. It's more the underlying OS. If that needs updating for vulnerabilities, you can be sure they will make sure everyone receives that information.
If you're not protecting your LAN against attacks, you really should be. Insecure hubs will be the least of your worries. That's my $0.02 CAD, but to you that's only $0.01 USD, so take it for what it's worth!
Subscribing to the email is a good start as @bobbles suggests.
That's 5 cents so far. We should keep this thread going and then work out a way to cash it out and share the proceeds around all contributors.
That's my £0.02 (which given Brexit and other more global issues is worth 7/10ths FA).
Nope. I want to be in control.
It is not exceptionally uncommon that something might not work quite right after an update, especially if it’s a new version and not just a minor update.
Re: the vulnerability issues - to my knowledge I have never seen an issue like this addressed in any of the release notes before.
Please, no automatic updates.
So many updates and half the time my hub doesn’t seem to be working properly until I update. I would appreciate the option to turn on automatic updates if I want. Why is having an option to do something considered a bad thing?
Alternatively, is there a way to trigger updates through an api call or something so it can be scheduled locally to be kicked off? Or bare minimum a way to have the app send a notification one is available??? Throw a bone here cmon. There has to be something other than completely forcing people to be in the dark unless they manually check in the app. Kinda of ironic if u ask me. An automation hub we can’t even automate keeping itself updated...
I would be willing someone could write an app to pull the info down from the api and send a notification. You might be able to schedule a weekly update if there is one but I don’t want to test that on my only hin
Count me in the "no automatic updates" camp. It was one of the things I key things I was looking forward do w/HE (along w/backup/restore, and being able to roll back FW). That said, if HE wants to provide a toggle to turn auto-update on/off (default to off), it's no skin off my back. Might be more complicated than it looks if there was a radio FW update that needed to follow a hub FW update.
As for worries about IoT security (and we should all be worried about that) taking steps to ensure secure networks is the most important part, including (for me, anyway) having a separate IoT VLAN to isolate IoT devices as much as possible from the main network.
Oh, and there is a feature request section here...I think this is current:
The only problem I see with this would be that if you rolled back a version or two (like I recently had to) you would get an undesired update if you forgot to uncheck auto updates. At some point, you would not be able to roll back because I think you would have written over all the previous versions with the new version.
Count me in for option to choose manual, automatic or delay update.
Yup, but that's on the "auto-update" crowd, and their ilk.
Through the forum you can receive emails when updates are available.
Do you need pointers.
Read post 3.
For stuff like this where I'm concerned about missing something important, I just create a recurring calendar reminder for myself. I know my calendar is reliable, and calendar reminders are more effective for me that emails, since I get relatvely few of those compared to the gazillion emails I get.
I want to ping this thread again. My smart home, currently, is to set it & forget it until i think of a way to improve it. Litterally everything else, my Shellies, my homebridge, my pi hole, EVERYTHING either comes with an auto update toggle or a HTTP / bash way to update it, allowing cron to schedule an update. I understand the consequences of auto updating, and i am willing to take the risks. I am not asking for a lot of dev time - all i want is for the button that says "auto update" to be clicked via an HTTP post request. In this way, techy users who understand what they are doing can configure automatic updates via another pi or computer. Converesly, i am also fine with an auto-update toggle in settings, even if it comes with a hefty disclaimer. But, currently, hubitat is the only thing which i have to manually update, and i wish it could be changed. I do not understand why the devs are so averse to programming one button to be accessed by a webhook. You have coded such a great platform already, why not make it just that 1% better and listen to your users? Clearly, if something is implemented, such as a default-off toggle switch or http request, that does not change the hub's behavior by default, then how will it effect those who don't want updates? It is not forcing updates down one's throat; it is giving your users a choice between a feeding robot & a spoon, and some of your users want that feeding robot,