Posts: 3,716
Threads: 196
Joined: Aug 2006
Dean, do you have a list of the public API sites that the shipped drivers use to call into?
Nest, for example, has to talk to the Nest servers - so somewhere there is a list of what servers at Nest it uses.
I am severely limiting the amount of outgoing traffic on my network and will be forcing all of my users through WebRIVA.  Part of this is to make 1:1 ACL for various services, so our example of Nest would have *only* my CQC IP able to speak to the Nest servers.  Basically anything that hits a public set of servers will get this sort of limit.
It would be great if you could put that information into the driver itself, so when we install a driver we can immediately see where it goes.
do the needful ...
Hue | Sonos | Harmony | Elk M1G // Netatmo / Brultech
Posts: 40,483
Threads: 491
Joined: Aug 2002
That wouldn't necessarily help you. The target server may just be a connection point which subsequently forwards us to another server or something like that. But generally you could just limit it to *.company.com I would think. So are you doing a blanket denial and then just setting specific exceptions for specific programs? If so, then giving CQCServer.exe access to company.com should be OK. I don't think any of them try to redirect to another domain. If they did, you would know because it would get blocked if you are doing the above type of thing.
Dean Roddey
Explorans limites defectum
Posts: 3,716
Threads: 196
Joined: Aug 2006
(03-23-2018, 10:04 AM)Dean Roddey Wrote: That wouldn't necessarily help you. The target server may just be a connection point which subsequently forwards us to another server or something like that. But generally you could just limit it to *.company.com I would think. So are you doing a blanket denial and then just setting specific exceptions for specific programs? If so, then giving CQCServer.exe access to company.com should be OK. I don't think any of them try to redirect to another domain. If they did, you would know because it would get blocked if you are doing the above type of thing.
Yeah, that's what I was getting at.  But Harmony, for example, sends out to pubnub.com and not logitech.com.  I'm not sure how many things use third party stuff, but Logitech isn't necessarily a small company.  And others may not use DNS at all, so I figured I would ask.  I also tend to forget when CQC uses a local connection vs public API.
do the needful ...
Hue | Sonos | Harmony | Elk M1G // Netatmo / Brultech
Posts: 226
Threads: 27
Joined: Apr 2012
With the news being constantly filled with a hacking here or there, it is beyond me why companies doing it.
Or rather it is clear why they are doing it: to get the data they want on you! If your Nest would talk to Harmony directly, than neither of those companies would get any data, but when both of those phone home, they inform their respective rulers on everything on your network.  But I assume you know this, and that is why you are asking.
Just FYI, once you programmed your Harmony, you can cut them completely from the network and they work fine. I deny internet access to both of my hubs, and it has been like that for about six months and they still work. the CQC driver disconnects randomly, but it does that even when there is unrestricted access to internet, and could not figure it out why. Since the protocol is not open, I do not bother.
I would replace my 2 remotes in a heart beat if would have access to an alternative. These are my only remaining could-based devices.
Note to self: need to start hashtag  #no_cloudy_all_sunny_here
Posts: 40,483
Threads: 491
Joined: Aug 2002
http://cocoontech.com/forums/topic/25437...ntry203285
RTI has pro level alternatives, but you'll have to find a dealer who will sell it to you, since it's dealer only. But it's much nicer in that you can define what text strings each button sends so you can set up parameterized commands and save a lot of effort in some cases.
Dean Roddey
Explorans limites defectum
Posts: 226
Threads: 27
Joined: Apr 2012
(03-27-2018, 08:43 AM)Dean Roddey Wrote: http://cocoontech.com/forums/topic/25437...ntry203285
RTI has pro level alternatives, but you'll have to find a dealer who will sell it to you, since it's dealer only. But it's much nicer in that you can define what text strings each button sends so you can set up parameterized commands and save a lot of effort in some cases.
LOL it has been a while I read that from you, well I guess 5 years on, we all were wrong on that the could(y) approach will fail... I guess we were all right that nobody (with few exceptions) cares about the monitoring and data harvesting. Will wait and see how the scandal with FB will pan out.
I know about RTI, but have yet to find a dealer friendly enough to give me access
