Fallout from the AWS outage: Smart mattresses go rogue
204 comments
·October 21, 2025drnick1
para_parolu
Any suggestions for robot vacuum?
827a
Paying $4000 and $20/month for the privilege of living a Black Mirror episode is peak 2020s.
jimmar
Gateway timeout, 504 host error. I can't access the article about an outage because of an outage. Reliability is hard, apparently.
AbstractH24
And the company that posted it describes itself as "a blockchain platform offering decentralized solutions for remote work"
gulp
teach
The original link works for me now, but here's a different site with more detail and some responses from 8Sleep:
https://www.dexerto.com/entertainment/aws-crash-causes-2000-...
fair_enough
Gateway timeout, 504 host error. My mattress is stuck foot-side up.
JKCalhoun
(Hoping someone will print it out and mail it to me.)
goda90
I feel like we need some sort of "Offline-First" or "Offline-Compatible" certification process for "smart" devices. It would require some threshold of usability and total safety without network connection, which would vary depending on the device category. Companies in compliance could put a badge on their products so wary consumers know who to trust.
jahsome
As the resident Tech Guy in a few circles (family/friends) I often get asked what I'd recommend with regard for "smart" products. Due to the widespread and apparently default lack of support for offline-friendly operation, my answer is always the same: dumb as possible.
edit: a more succinct way of expressing my thinking is to say "the less software the better" by which which normies are are often amused.
jsheard
Tech enthusiasts: My entire house is smart.
Tech workers: The only piece of technology in my house is a printer and I keep a gun next to it so I can shoot it if it makes a noise I don't recognize.
(stolen from @PPathole on Twitter)
ghaff
I recently had to get a lot of electrical stuff in my house redone because of a kitchen fire, smoke mitigation, and a lot of stuff being opened up anyway.
I told my electrician to redo lighting in a more sensible and modern way but basically nothing involving smart devices -- to which he wholeheartedly agreed. There are a couple things that aren't quite convenient related to how everything is positioned and because a couple of motion detectors weren't reconnected. And I'll deal with those with unconnected devices.
So I had an opportunity to make the house "smart" and basically passed.
(Will probably add some remote monitoring over time but nothing fancy and mostly Raspberry Pi-based.)
zerof1l
No joke, I only plug my printer into the outlet when I want to print and immediately turn it off after. Never was connected to the internet.
But I do have Zigbee sensors and switches, all of which connect to my home server and Home Assistant. None of them see the internet. But Home Assistant is accessible from the internet through a reverse proxy from whitelisted IPs.
teddyh
Do you have a link to the original?
This is the earliest version I have found: <https://imgur.com/6wbgy2L>
codeduck
Devops: The gun may only anger it so we keep a sledgehammer nearby in case
98codes
Tech worker enthusiast: my whole house is smart, and has no connection to the internet.
dougdonohoe
Feel this. I don't even use Alexa, Siri or Hey Google in my house. My fridge is a fridge and not wifi enabled.
jdwithit
I wish society still used AIM Away Messages so I could make mine this, forever.
jahsome
That's fantastic, thanks for sharing :)
tencentshill
Apple Homekit certification is a good, easy label to recommend. It requires offline/LAN-only basic operation.
baq
And it works very well with Home Assistant after the initial setup via an Apple device (needed so the device can connect to the desired wifi).
mentalgear
It's the right approach, but if only it was an open and cross-platform protocol.
reaperducer
Apple Homekit certification is a good, easy label to recommend. It requires offline/LAN-only basic operation.
One of the overlooked features of the Apple Home app is its ability to firewall your IoT devices. If you have a compatible router:
Home Settings → Wi-Fi Network & Routers → HomeKit Accessory Security
The options are:
Restrict to Home
Automatic
No Restriction
I've found that "Restrict to Home" occasionally causes problems with older devices.
bdangubic
I am same resident tech guy and I always answer the same way - never connect anything to wifi, no matter what it is. it is that simple and always works. if whatever thing you have does not work without wifi - return it.
morshu9001
This test even works on Windows versions. 11 needs internet to set up, and it's garbage.
drnick1
WiFi is acceptable, but it must be locally managed. My Midea AC came with a WiFi dongle (for some proprietary cloud/app integration) that I replaced by an ESP32 equivalent for local control through Home Assistant. HA runs on my LAN, and is remotely accessed by a VPN.
Xenoamorphous
You lose convenience/functionality though. E.g. it’s convenient for me to turn on the aircon an hour before I get home in the summer.
Edit: I'm not talking on a day to day basis, but when I go on a trip. And I don't have a porch nor I like beer.
Amazing that some people downvote for stating the obvious, which is that you can lose some convenience. There's trade offs when you connect something to the Internet? That's also obvious.
When I get back home in the summer from a short trip away, with a toddler and a million bags it is definitely convenient for me to have a cool home and not a 40+ degrees celsius one.
bunderbunder
When people ask me about Internet connected door locks, I tell them about the coworking space I used to be a member of.
More than once I got stuck standing outside in the rain waiting for the smart door lock to come back online after a squirrel jiggled the cable drop by running down it or some k8s pod in the cloud service got knocked over by a chaos gremlin or someone was using a vacuum cleaner that generated too much noise in the wifi spectrum or who even knows what.
pseudosavant
I have a rule that I don't put in any smart devices that aren't at least as smart as a dumb device. They must do everything a dumb device can do when there is no internet.
I've had good luck with the TP-Link/Kasa/Tapo wall switches and bulbs.
coldpie
I just use my hands to turn light switches on and off. Worked for 200 years so far and I see no sign of that ever changing.
FuriouslyAdrift
I don't even like icemakers in my refrigerators. Meanwhile, my parent's Samsung refrigerator keeps annoying them with ads on it's uselessly huge screen.
anonymars
Relevant xkcd: https://m.xkcd.com/2030/
julianlam
We could even go more basic... safe defaults when disconnected should be mandatory.
For example, if I pull the thermostat off my wall, the furnace should drop into a fallback mode that keeps the heat above freezing (I'm in Canada where this is a concern.)
I moved into a new house and did not set up the lawn irrigation system. Despite being disconnected from the cloud service, the system kept running its schedule, when I would have expected it turn off in order to conserve water.
kgermino
Well that brings up two immediate issues
A standard furnace and thermostat won’t even know if you pull the thermostat off the wall, much less have any way to handle it beyond “full blast heat 24/7”
More challenging: you expected the sprinkler setup to do the opposite. Instead of following its last-known plan (the schedule) it should stop doing anything (possibly killing the plants it’s watering)
Good off-line only mode in a reasonable plan for what to do without the Internet makes a lot of sense, but at some point, there’s a control system and you need to change it (or even just have one in the thermostat example)
julianlam
The way I see it is... I'd rather my lawn be yellow, plants dead, than a burst pipe underground causing significantly more expensive remediation.
I agree it's not likely (especially if the system is running as-scheduled), but it was a surprise is all. What if I didn't set up the service at all, and it dropped below 0 C? I would be in for a nasty surprise in the spring.
thewebguyd
> there’s a control system and you need to change it
Why does the control system have to live on someone else's server in "the cloud"?
There's no reason for smart home devices to require an internet connection to the producer's service. Companies could just as easily put compute on device, or sell some sort of "bridge" (aka a home server appliance) that runs the compute and the accessories connect to.
Fully offline, local network only.
Save the online stuff just for analytics or other value-add features, but core functionality shouldn't require a web service.
The only reason it's 100% internet connection required all the time is to sell subscriptions, aka consumer hostile behavior.
morshu9001
Yeah both my furnace and sprinklers require a local controller to do anything, and that just maintains my settings. Idk what an internet connected version of those things looks like, but would hope it's the same except local settings can be read/written remotely.
sokoloff
> Despite being disconnected from the cloud service, the system kept running its schedule, when I would have expected it turn off in order to conserve water.
I'd have expected (and strongly prefer) that it keep running with whatever the last settings were. That's almost surely going to be healthier for the lawn, ornamentals, and vegetable garden than shutting off.
I would wager that most people with automated irrigation systems prefer plant growth/protection over water conservation.
I'm not sure how you'd program a furnace to run to keep a house above freezing without any temperature feedback from the house. You could potentially run it until the area immediately surrounding the furnace itself was above freezing, but that would be nowhere near enough in some cases and way, way more than needed in other cases. You might able to use outdoor weather compensation (easier/more effective/comfortable with hydronic heat distribution than with ducted air heating) if programmed correctly, but my experience is that most are either not installed or are configured to be far too hot [because call-backs are expensive and paid by the HVAC company usually].
andylei
your furnace doesn't know what temperature your house is if the furnace isn't connected to a thermostat
kenhwang
The connection between the furnace and the thermostat probably shouldn't go through the internet.
So it's perfectly reasonable for the furnace to turn off when it is disconnected, because disconnection would be a very strong signal for an error state instead of regular intermittent network/service issues.
luxuryballs
yeah the default in this case has to be “off” to prevent damage from running blind, on that note other things in the house should be certified to be able to handle being frozen perhaps
baq
> Despite being disconnected from the cloud service, the system kept running its schedule
I'd consider this a very important feature
null
shreddit
Only two examples and you are already contradicting yourself. One service should keep running and the other should turn off in the event of loosing the connection to the “outside world”.
What we need is a “in the event of X - keep doing Y”.
stevejb
It isn't clear that 'conserve water' is a reasonable default position. Perhaps 'keep doing what it was programmed to be doing' would be a better position?
julianlam
Depends... the focus here isn't on convenience or utility, but on safety.
The furnace defaults to on to save the water pipes. The sprinkler defaults to off to conserve water as the system is potentially unmonitored and a burst pipe could cause issues.
JadeNB
> I moved into a new house and did not set up the lawn irrigation system. Despite being disconnected from the cloud service, the system kept running its schedule, when I would have expected it turn off in order to conserve water.
Not running when disconnected is definitely a safe default, but I'm not sure it's automatically desired. If I found out I couldn't use my sprinkler system unless it was connected to the internet, I'd be annoyed at the unnecessary gating of such functionality.
ncallaway
This is the biggest reason why I look for Matter-compatible smart home devices. It means I can put them on a locked down network, with no internet access, and I know at least the Matter supported compatibility will function offline.
I think it would be smart for Matter to lean into the "offline local control" aspect of their branding and certification requirements.
amluto
How easy is it to commission a Matter device onto a specific WiFi network? And how easy is it to set up a Thread network without Internet access?
I haven't actually tried this, but:
- The Home Assistant Matter commissioning tool doesn't have any documentation at all about how the network is selected AFAICS.
- The Thread organization seems extremely proud of how Thread devices can access the Internet. Apple TV doesn't seem friendly at all to preventing its Thread Border Router from forwarding to the Internet. Home Assistant's OTBR add-on has no useful configuration whatsoever AFAICS. The easiest way to get it right would seem to be to buy something like a Sonoff POE-capable Thread dongle and sticking it on a VLAN, except that those, for some reason, seem to support Thread RCP but not being a Border Router themselves, and then you're back to managing your own OTBR installation.
WaitWaitWha
Thread as i see it currently is a locked ecosystem that cannot be breached. so far, all the Thread devices I have been interested in will only accept their own manufacturers' thread border router.
JaggedJax
This is one of two things I require when looking at a smart device:
1. Must work offline on my local network (like Matter through Home Assistant)
2. Must have a physical button for operation when there is no network available or someone doesn't want/have a phone.
prmoustache
I rather feel that we don't need most so called smart devices because:
1) they aren't smart
2) they are answers to questions/need that don't exist in the first place
IAmBroom
While I 100% agree... that's just our opinions. The gadgets are selling. We have to deal with that.
bdangubic
same thing was said about "smart phones" but here we are... :)
mvanbaak
This. Also, not only offline-compatible but any anomaly from the api should result in the product simply ignoring the response. A simple check for 'does not connect' only handles totally offline mode, error in responses is a lot more common.
mentalgear
Couldn't agree more. The main issue is the data-greed mentality that has arisen over the last 20 years or so (basically every company trying to copy Big Tech). They all want to harvest user data and make the users as dependent as possible (which also opens up the door for subscription services later on, and their walled garden won't allow users to easily move).
WaitWaitWha
This is the way.
My rule #1 in home automation is making sure none of the technology fails its original function without connection.
I implement Home Assistant to assist in homes for non-technologist. Every single thing i implement must function independently, without the vendor or any internet connection. i.e., z-Wave locks must function with or without connectivity. Switches must switch on/off with or without zigbee, and valves must be able to close/open without that wifi.
Larrikin
Home Assistant has basically built this system already with their platinum level certification.
It's a huge project but only the smaller IoT companies are taking it seriously
B-Con
I want to see the postmortem, although I'm sure we never will.
> Eight Sleep's system, which relies on backend servers for everything from real-time adjustments to data syncing, had no fallback. "It's unacceptable," fumed one early complainant on X, echoing the frustration of many who shelled out for "seamless" smart sleep only to face analog purgatory.
I'm guessing that this is a typical "smart" device setup where the cloud is essentially a tunnel between the app and the device that also saves a copy of all transmitted state for backup and data mining. The simplest design from the company's POV, but the worst design for resilience.
The real question: Was this an explicit or implicit product decision? ie, was it an explicit PM decision that local comms didn't match product requirements, or did they outsource it to the lowest bidder and have no idea this was a ticking time bomb, or did eng have to cut features to make some deadline, etc? If Eight Sleep doesn't have an at least an internal postmortem then someone should lose their job.
As a user, I would prefer the devices communicate locally and use a cloud tunnel only as backup. But this means engineering has to support two communication stacks, which is obviously more expensive than one. And the local network option is probably harder to build since cloud-based has so much tooling available.
My baseline expectation - that I can't believe I'm actually typing out - is that an appliance should operate as expected without Internet access. My only smart device is a door lock because a PIN is easier than a house key for our lifestyle, but even that isn't connected to Wi-Fi.
cameldrv
Weirdly eightsleep apparently is sending 16GB of data per month worth of telemetry. It's been pointed out that that's about enough for a live audio stream of everything that happens in your bedroom. It can't be cheap to process that much data.
These wifi based smart home devices just fundamentally don't serve their customers.
1. You pay money for a device
2. You pay money for monthly service
3. They sell your private data on the backend, not to worry though, it's "anonymized", but of course it gets sold and then deanonymized
4. AWS goes down and your house doesn't work
5. Eventually they go out of business or get bored and you have to buy and install all new stuff.
praptak
Relevant: "I found a backdoor into my bed" https://trufflesecurity.com/blog/removing-jeff-bezos-from-my...
HN discussion https://news.ycombinator.com/item?id=43129439
_wire_
Peter Neumann's Risks Digest, since 1985!
mulakosag
Haven't read the article but sounds like the Cory doktrow's radicalized where a lady cannot go to work because her toaster is not working because the cloud provider used by the toaster company went bankrupt.
mavamaarten
Soooo you couldn't change some mattress setting on a cloud-controlled mattress. Not exactly "ruin sleep worldwide" and "go rogue". What trash journalism.
Also those images, wow, I really would have preferred no images over these soulless, generic AI-generated impressions.
alwa
Do all content-spam “journalists” use the same LLM prompt to dial up the faux drama?
> Picture this: You're tucked in, ready for a night of optimized REM cycles, when your app pings an error. No more tweaking the chill to a crisp 55°F or firing up the "cool mode" for those midnight hot flashes.
> The core temperature control? Utterly crippled without the cloud. Users reported the app freezing on loading screens, refusing to connect, and leaving them stranded in whatever thermal hell their last setting dictated.
Toothless rhetorical questions, false or confusing stakes, awkward attempts at flippant tone…
Why would they have set it to an hellacious temperature? Wtf mattress goes to 55 degrees? Why are these stakes existential? Sleep on the couch or the floor ffs…
> The hits kept coming. Smart sleep tracking? Dead in the water—no logging of phases, no biometric insights, just a void where your sleep score should be.
These stakes seem low. I guess it sells, but…
And then a roundup of internet comments like “unacceptable” with unfunny padding.
If this is what the future of “internet journalism” looks like, I’m optimistic that enough demand will remain for the real thing that they’ll find a way to fund some.
qingcharles
That's just the awful default voice of most LLMs if you ask it to write an article. I think it feels even more cringe because we can easily identify it now.
aidos
The lead character in the first image has a sort of “essence of forehead”
reaperducer
What trash journalism
It's not journalism. It's a blog post from a blockchain company.
Groxx
they're even more blatant in some other articles: https://quasa.io/media/indie-filmmaking-flees-los-angeles-cr...
I think we can just immediately write this site off as "probably complete-trash blogspam"
goopypoop
I can't be the only one who imagined mattresses folding up with people inside
purpleflame1257
A few got stuck in inclined positions,but these don't actually tilt enough to crush even under normal conditions.
MomsAVoxell
I simply don't care how it was done, the fact of rebooting mattresses is already just too much. It is both a huge kick in the pants, and hilarious at the same time. What, the heck, are we doing, I dunno ...
MomsAVoxell
The frequency by which I truly wish Douglas Adams was still alive is closing in on a very new pitch, I do have to say.
Mattresses disconnecting from the global God Computer and ruining everyones sleep, just .. I can't.
Its far, far too funny.
I'm pretty sure Mattress Software Developers are on the Golgafrinchan Ark Fleet Ship B. Or maybe, C.
And this is why all of my "smart" home devices are managed through Home Assistant without Internet access. I simply won't buy a device that can't be used that way. I shouldn't have to create an "account" or provide a name and email address to use a device that I physically own. A good way to start is to look for Zigbee devices; the protocol is local only by design and the Zigbee coordinator/router can be a simple USB dongle connected to an ordinary PC.