Just spitballing here, but could a quick and dirty solution be a virtual string shared via maker api, that has some polling code (script or compiled) hitting it that when content is found, it parses out the string and sends an email?
This is obviously not an idea solution but does it fix right now?
Looking for soemthing that doesn't require addtional hardware or extra cloud services. SMTP would allow me to tie into my current mail provider (mailbox.org) and send to my mailbox. Thus limmiting the cloud connections.
I have been doing custom hacked together cloudless home automations over a decade. I have a toddler and other hobbies. Im tired of updating multiple differnt devices, os patching and everything else. Was looking for one device to provide the level of automation and privacy/secuirty that I want. Hubitat is truthfully so close to that.
If Hubitat would support https on the app connection, or I could get notifications(without major cloud or addtional services) and drop the app. I could rest a bit easier. The dashboard sessioning is high on my list but I can live without it.
Do you consider Pushover a "major cloud service"? Something has to be in the cloud to get notifications.
I do... and I know that hubitat is in AWS and probaly uses FCM just like pushover does. Which is something I would rather avoid if could.
I worked in digital forensics for a period of time. Doing cellular and cloud forensics. I might be a little scarred from all the info that I know Google Apple and AWS complie
Which makes SMTP with TLS a great option. My mail provider GPGs all incoming messages with my key as it hits the mailstore
OK. Understood.
Of course, this makes you an outlier case -- but you already know that.
On that front, I know I am an outlier. And everywhere else I have seen SMTP brought up it has been stated as low priority(again probaly by the community not hubitat directly) as there are alternatives. The app twillio and pushover.
Email would be very cool. I'd love to be able to send a weekly email of battery levels. Also, because I'm a loser and just built an integration for my Withings Smart Scale and Sleep Mat, sending an email that shows me my weekly "health trends" or something. So I may well be an outlier in this! 
One thing to consider on a business side, is that security, is like sex. It sells.
The whole IoT industry is front and center in the media and not in a good way. Article after article, of a smart home breach here, and there, and everywhere, is keeping a LOT of the public wary about taking the leap into smart tech.
People just don't trust it.
Sure, you have all of us STEM nerds lapping it up, but there is a much broader market out there.
I do CyberSecurity for Uncle Sam, and on the side, run a Smart Home Security Consulting business. By far, the biggest obstacle people have to taking the leap into Smart Home tech, is security. Rather, the lack of it.
This thread is full of looking inward, at the demands of the community, rather than outward, at expanding that community.
There is a large market out there that HA and Apple are eating up quickly, all because of security.
I completely understand that security is an investment. I also understand using ARO's and SLE's to balance the books when accepting risks. That's wise business, and really, it's responsible business. I work for the Government, so I'm spending tax payer money. I really need to make sure that the budget isn't abused. So, I get it.
You also have to consider what happens to business from a PR sense, if a few home networks are hit with HE hubs in them. Look at what happened to Ring. They took massive losses this last year over a few articles where homes were breached. It wasn't even Ring's fault! They weren't breached. The end user executed terrible security practices, and basically gave the robber the key to the door, then got mad at the door maker when he used it.
It didn't matter though. The media had a sensational, scary story, and they ran with it. Over and over and over.
This could happen here as well. Like it's been said here a lot. Security is mostly up to the end user. While that's true, that's not how it plays out in the perception of the real world. All they will see is that Hubitat got hacked and allowed access to a whole home. The poor children, and that poor single mom. Violated! Sob, cry, whine, sob.
Then the neighborhood Facebook group chats start going, "there is NO chance I'm putting any of that stuff in my house!" That, my friends, is market loss and all of IoT is feeling that right now.
The way you grab those consumers is to market security. It works for Apple. It works for HA. Security is the number one reason consumers list as why they use those ecosystems. Those are consumers that Hubitat should have. Could have!
My consulting job is mostly training tech illiterate people how to employ NIST security best practices in their home, so that they don't have to fear the use of these products, and can benefit from the real security they actually do provide.
All of that said, I love Hubitat and the community. You're not losing me any time soon, that's for sure!
(/lurk)
Talk about the pot (Farcebook users living in glass houses) calling the kettle (HA/IoT offerings) black!!!
(lurk)
How much did RIng lose last year?
If you're talking about all consumers generally, I completely agree that poor password practices are probably the biggest problem that needs to be "patched."
But Ring (the company) has also demonstrated a range of poor security practices that range from questionable to abhorrent.
I actually think that the largest share of the home IoT market is either ignorant of or disinterested in information security, but some companies like Apple (or Ring, or Amazon) have developed pretty effective marketing campaigns nonetheless that capitalize on that disinterest. Their commitment to improving and maximizing security/privacy (related, but not the same) will only be prioritized to the extent that consumers force the issue.
Oh I absolutely agree! 
That's of the existing share of the market.
I'm talking about the rest of the market. The non-IoT consumers out there. The largest reason they cite, for avoiding IoT devices, is security.
Thanks so much for this!
Having just upgraded my firmware from 2.2.8.x to 2.2.9.x, this issue suddenly became relevant to me since even locally I use most locally hosted services through reverse proxy with LE ssl because no everyone can/should trust the LAN and with browsers aiming to eliminate or at least highly restrict unencrypted communication altogether anyway it doesn't make sense why the protocol and hostname would be hardcoded in the dashboard links and source.
One thing that threw me was that it seems the substitutions are no longer valid?
Using the rest of your vhost I changed the substitutions from:
to
Substitute "s|http://hubitat||"
Substitute "s|hubURL: \"hubitat\"|hubURL: window.location.host|"
since it appears the localIp variable is no longer used and a similar protocol/host scheme has been put in place, though it doesn't account for what it thinks should be a hardcoded local http/:80 scheme when it's local (seemingly determined on the backend by subnet/local dns).
Really looking at what was in previous firmware compared to what you wrote, and what is now, just seems purposeful to force one to subscribe to the cloud service when everything is pretty much in place otherwise to work behind a reverse proxy.
The simple notion of "if local, write urls as relative and use the client request host/protocol" seems to be deliberately ignored/avoided especially with the immediate resistance (Proper reverse tunnel support? @patrick's response) and lack of fundamental understanding of how simple it can be makes the whole thing seem more purposeful to specifically stifle using your own "cloud"-y alternative considering that configuring HE in depth is already not a task for the average user to undertake since the UI is relatively clunky for a reactive style app.
Thanks again! hope this helps someone as well.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
Download the Hubitat app
