Swim at your own risk: How botched IoT can sink your precious first-world life | ZDNet
Boo-hoo. A bungled Internet of Things (IoT) update means you can’t switch your swimming pool to spa mode. Laugh all you want: When the HVAC or your home security system fails, the implications are serious.
As some of you may know, I moved to Florida from the New York metropolitan area in late 2012. One of the reasons my wife and I decided to move was because we wanted to live in a warm climate and enjoy all the things it had to offer — including having a swimming pool and a spa.
I love my swimming pool. And I love my spa. They help me wind down after a long day. I’ve come to depend on them. During the winter months, when it’s in the 50s (degree Fahrenheit) outside during the evening, soaking in a 102-degree spa will fix practically anything.
So, when I lost the ability to turn on my spa or adjust my pool temperature for four days last week, I almost lost my you know what.
This all started when Zodiac, the pool equipment giant, sent an email on April 2 about a planned series of upgrades to its cloud service — which controls its iAqualink devices — that would result in three hours of downtime on April 3 during the hours of 8am to 11am EST.
It didn’t sound particularly disruptive, so I didn’t give it much thought. It had sent a similar email on March 27, and I had no issues.
Zodiac’s iAqualink is composed of a small, outdoor Wi-Fi-enabled device that interfaces with your Zodiac/Jandy pool equipment and controls the pumps, chlorinator, heaters, and lighting. The device connects to a cloud service over the internet, which allows you to use a mobile device or a web browser to remotely access those functions including altering schedules.
For four days, I could not log in to turn my spa, pool cleaning/filter cycles, or the pumps on or off.
I had to go outside, in the 90-degree heat and Florida humidity (yes, I realize I should stop complaining when the rest of you are dealing with snowstorms and frigid weather in the early spring) and operate the controls inside the main logic box installed on the side of my house, because the original remote I had for the thing when I put the pool in five years ago no longer works.
So, this is a first-world inconvenience, at best. But it could have very well been worse if this was a critical infrastructure control device, such as for IoT-enabled environmental controls in a multi-dwelling building in a city experiencing frigid cold weather.
Or in a place like Florida, during the summertime, when air conditioning is absoutely essential.
Or, it could have disabled security devices such as video-monitoring systems like cloud-enabled doorbells/sconces or garage door openers.
Regardless of the minor inconvenience to pool owners like me, this is a huge black eye for Zodiac, because this cloud service screw-up demonstrates the company has no idea what the hell it is doing regarding its technology products and services, and it doesn’t know how to follow modern software development processes for IoT and the cloud.
I cannot fault this to IoT technology or even cloud technology. All this is a process fail. The cloud hosting was fine and its infrastructure provider did not go down. (It does not matter whether it uses major public providers — like AWS, Azure, or Google — or a private hoster.)
This is all on the humans. It just failed to do proper A/B testing, and clearly, it lacked proper internal processes to roll out changes in a manner that minimized the possibility of downtime or even rolling back the mistake quickly from an untarnished backup when it was recognized. Period. Full stop.
I am not sure about the nature of what Zodiac did and why the fix took so long, because my inquiries were not responded to other than, “We’re sorry, we’re working on it.” In this day and age, customers deserve better.
The problem is Zodiac is something of a monopoly in the pool equipment business, and customers don’t have a lot of other alternatives, and there are no third-party add-ons to control Zodiac pools. The Jandy iAqualink is it. Its main logic box is proprietary, and nobody but an authorized technician is allowed to even touch one.
I can only speculate what the scheduled maintenance was for — perhaps to support new device versions and features, to increase scalability, to move hosting providers, to increase security, to add bugfixes, what have you.
This is a lesson to any company that develops IoT products and services for mass consumer applications: You need to get your development and processes straight.
And it is essential you hire people — not just skilled in programming and cloud technology infrastructure — who understand the testing methodology and configuration management and the software development lifecycle of cloud-based systems. Read more…