True. Installing dealers have variously claimed that keeping product documentation and software tools away from end users "preserves the integrity" of their systems, protects them from liability and all sorts of other nonsense. The reality is most alarm dealers don't want clients to know how to change service providers. The rest is 100% smoke screen. I get a lot of flak from the ASAIB because I speak up against some of the practices in the industry.
the op was wanting info from the manufacturer and you turn it into a flame on dealers and the ASA neither of which have anything to do with manufacturers supplying proprietary information to end users that they didn't sell the equipment to. No wonder you are a known dip shit who almost receives as much abuse as you deserve. your friend
They might have a realistic claim in that the more people know about the internals of an alarm system, the easier it will be for them to defeat it.
-- Bobby G.
No one gets "nervous". Some of the ASAIB post trash when I mention any of the problems within the industry. Backing away from a valid discussion for fear of them amounts to accepting intimidation. I don't do that.
It's a simple question. The user either does or does not want monitoring. If you want the service, order it from someone who is willing to do business without a multi-year contract. NEVER allow the monitoring firm to program your system for you. Some of them will change the programming access code to lock you out of your own system. The excuse is this protects them from liability. Reality is it's done to protect their recurring monthly revenue stream.
True indeed. There was one firm in Denver that at one time had the lion's share of the alarm market. Since I was located in Connecticut my brother went with them for service to a system I installed for him. They tampered with the programming of his system, refused to give him the code and conned him on the terms of the agreement. He exercised his right of rescission within the 3-day period. They at first refused to refund his payment, claiming they were entitle to a year's monitoring fee for having sent a salesman to the house to get his signature and check and to program in their central station phone number (a five-minute operation).
That company has not only lost my brother's business. They've lost business from everyone he tells about their dishonest practices. Over the years they've managed to earn the worst reputation in the Denver area for doing the same sort of thing.
Most are but I cater to those who want to go it alone. Some of my DIY customers buy online because the local dealers' proposals were over-priced or the protection offered was inadequate. Others simply don't want monitoring and most dealers won't sell a system without a multi-year contract. Either way, the issue is choice.
Oh and now it's the "security through obscurity" excuse? Even more pathetic!
I don't think it's unreasonable, as a security panel customer, to expect my manufacturer to restrict operational details as they see fit. It's my choice as a customer to patronize them or not. If I don't like the fact that they don't hand out operational details at will, I can choose another vendor. As soon as you show some certain types of bright people a security plan, they'll figure out a way to game it.
Here's a test. Call up Ft. Knox and ask for the alarm protocols for the gold vaults. I'm betting they might even come in person to answer your questions. :-) Obscurity is plenty good for plenty of situations and not so good for others. OS's should not depend on the obscurity factor, but alarm panel makers products different: They are not connected to the internet 24x7 - yet.
There's been a mass exodus of engineering plans of all kinds from the net after 9/11 because those in charge decided it gave terrorists too much of a leg up on doing bad things. I'm loathe to admit I agree. YMMV.
I would have preferred if we had kept learning how to fly a jet a little my obscure than it was. After WWII the Russians didn't want the physical atom bomb nearly as much as they wanted the bomb *plans.*
-- Bobby G.
Name one such "dealer". Read the documentation that comes with the alarm equipment you sell (as well as the dealer software). What does it say?? "For use by trained service personnel" (or words to that effect). I suppose you'd advocate DIY'ing elevators if you could manage to sell the parts required... Do you do your own brake jobs?? Lot's of places sell brake pads and parts online... some even provide "training over the phone"... Some of us may be qualified enough to do so, but those individuals are few and far between.
Most clients have a contractual arrangement that they can cancel anytime they wish (providing they provide the requisite notice). There may be penalties associated with early cancellation or cancelling in the middle of a contract term. It's a lot like the insurance contract. You pay a premium and if you decide to cancel half way through, there is a certain amount of that premium that the insurer will retain (depending on when in the policy term you've decided to cancel). Clients can change service providers whenever they want. It's not rocket science.
If they want a UL (or ULC) listed monitoring station to receive the signals from their alarm equipment and respond in the appropriate manner, they're going to have to go through a dealer (much the same as when you were flogging monitoring for Alarm Central, remember??)
You get a lot of flak because you frequently post lies, innuendo, and misleading statements and for no other reason. You don't "advocate" for anyone but yourself and continue to flog product in ASA against the Group's FAQ. People "tolerate" your doing that here because you're "helpful", but in ASA you contribute absolutely nothing that isn't laced with some form of personal attack or invective.
You still haven't answered Mark's question about which "distributor" I work for and you can't because (once again) you don't really know and you've been caught telling another lie about someone. Tsk!!!
How about picking examples that are even close to relevant? That's certainly not.
Likewise, spare us the 9/11 hype. Sure, it was indeed a tragedy but it has nothing to do with the thread.
Which it does. I would *not* accept advice concerning the security and safety of my family from an individual that peddles parts alongside the likes of Radio Shack and Home Depot. There are many things one can do for one's self. It's highly unlikely you'll find a UL (or ULC) Listed monitoring station that won't insist you deal with a licensed (or otherwise qualified) dealer. Those that don't are not listed to any recognized standard.
Pure "horse twaddle".
What's the name of this "firm"? Is it still in business?
Robert's favourite word is "most", so let's put a little "twist" on it. Most of the Dealers I know have no problem with installing a "local" system, and yes, most will try to convince the customer that monitoring may be a good option. That doesn't mean "high pressure" sales tactics. Most of the Dealers I know have excellent ratings with the BBB. None I know of have "outstanding issues". I do agree with Robert, though... "Choice" is an issue, but only after you've been shown all the options and can make a decision based on your own research and the facts. Try and leave emotion out of the decision if you can. I know that's not always easy.
you've got an equal chance of getting either one, but maybe if you whine some more they will listen to you.
Perhaps not. Imagine for a moment that the manufacturer *did* provide you with the protocols. What would you do with them?? Design your own keypad, perhaps?? Have the system "talk" to your computer (in real time)?? What about sending "packets" to the system in return?? Perhaps design a unit that will "flood" the control or lock it up?? How easy would it be for someone to enter a premise and connect such a device to the keybus within the standard entry delay of say 30 seconds?? Not a "big deal" if it's
*your* home, right? After all, you have insurance. What if that individual decided to do the same thing to the CADDX system at your local museum or library?? It's doubtful they'd be able to walk away with anything of value if it was a bank after hours (unless of course they could also "crack" the vault and that employed sensors connected to the same alarm system they've just disabled). ELK's M1Gold is a rock solid security system, but it was never designed to be placed in a high security environment. It's an HA system that blows the doors of HAI and several others in a very specific market niche.Feel free to continue the "security through obscurity" rant all you wish. You don't work in the industry and Robert's primary market (even when he did) was residential. Robert now "caters" to a small group of people that happen to enjoy all the modern conveniences and have the time, knowledge, and the money to tinker (the house with "Jeanie" in it blows even me away). I have no problem helping individuals that have an interest in installing and laying out their own security system. I have no "agenda" that includes words like "I sell **** so I'm a little biased", or "I sell the **** system through my online store and here's a link (my site)". I am in the trade though (contrary to Robert's frequent misleading comments otherwise), and my clientelle includes several institutions and businesses that value the services we provide represented by the choices we've made with respect to the equipment we sell, install, and service. The manufacturers whose equipment we've chosen to represent all have a vested interest in ensuring the integrity of their systems. If I won't compromise my customer's security why should they?
The alarm would go off. If the system were well designed, that is.
Mediocre companies that design security systems are obviously taking advantage of people like you.
We'll this thread has certainly taken on a life of it's own. I asked the question and along the way I got an answer. I purchased Premise. Thanks for the info. It looks like a great product and is one of the few, if not only that directly supports my Lutron HWI, Caddx NX-8E, and Nuvo Concerto sytems. The reality is that I did find the RS232 ASCII codes for the NX-8E and have them for the Lutron Homeworks system and could do it myself....but the Premise software didn't cost that much and I can get it done much quicker.
Since most of this thread is off the topic. I suggest since I have the answer to my original question....this thread end.
In bygone, less unruly times, it was expected practice for folks posing a question in usenet to summarize the responses or otherwise provide a conclusion. You've done this nicely by explaining that you've purchased the Premise Systems (now Motorola) software and why.
Thank you.
Do consider starting a new thread as time permits to let us know how the software worked out for you. Several of us would be interested especially in knowing whether the less expensive user/owner version was satisfactory.
... Marc Marc_F_Hult
Engineers who deal with network security (lots of them read this newsgroup) would tend to disagree. The fact is that "security through obscurity" is a phantom.
That "yet" is getting smaller by the minute. The largest manufacturer of security systems in the US and probably the world is Honeywell. Their popular Ademco Vista line just got a new addition which will shortly* become standard on all their panels. The Vista-20PI ("I" as in "Internet) will support programming and reporting over the 'Net. Every other manufacturer that wants to remain competitive is or soon will be developing panels with the same capabilities.
This is the way things are going -- not something that "might happen some day".
I doubt Bin Laden is going to try to hack your home alarm system any time soon. If he wants you he'll send some idiot kid with 20 pounds of C4 strapped to his chest.
Anyone can fly a jet. Mr. Olson claims to have snap-rolled a 737 at 5000 feet. It's easy to take off in a jet airliner. They're not hard to fly at all. The landing is where it gets tricky but terrorists don't seem to mind.
Plans for construction of a nuclear device are readily available online -- further proof that security through obscurity is a myth. You find ways to detect and locate those who are building one and then make a loud noise in their immediate vicinity. :^)
Aside from the fact that one enters a *premises* the idea of someone doing all that to defeat your home alarm / HA system is ludicrous. That said, anyone with the skill to build such a device could easily obtain the necessary information without reading the manuals. Besides, the manuals in question don't even include keypad communication protocols.
Hmm. Do you now claim to have installed one? You're not an ELK dealer. I agree it's a great system but you should limit your proclamations to systems you've worked on.
True, but I've also sold more commercial fire and security alarm systems than most dealers in my region.
Not so small a group as you might like to think. :^)
Uh-huh.
Google the word "liability" in the security newsgroup where you flame me roughly 20 times a day (speaking of "agenda").
Naah. Too heavy to offer free shipping.
Nope, but that's because I'm not an auto mechanic and brake work requires expensive tools which most DIYers don't own. I have a cousin who is a network communications engineer. He's also a knowledgeable mechanic who fixes his own cars. If I were expert on things automotive I might sell auto repair parts online. Since my expertise is in alarms and systems integration, I sell alarm and HA systems online instead.
Exactly! Monitoring revenue is the prime reason dealers want to keep end users from learning how to service their own systems.
No, it's not but that is irrelavent to the discussion at hand.
Bullshit! Each central station makes its own decision whether to offer services to DIYers. Some do. Some don't.
Flogging? I offered their services for several years. I don't make enough profit on it for the time required to maintain the service so now I just refer people to online vendors who offer services direct to DIYers. However, Alarm Central is UL listed and they do monitor DIY systems.
How about even *giving* us an example before finding fault with mine? And remember, just because you don't understand the relevance doesn't make it irrelevant. :-) I'll try again.
Alarm makers are trying to protect their assets. Is there some reason they are not entitled to try to protect the integrity of their intellectual property? Or is their some reason you *have* to buy from a manufacturer who refuses to cross-license their IP to you for nothing in return? Or is there something you're offering that panel maker for access to his protocol that I didn't catch? They're stupid if they give away something for nothing, aren't they? I don't believe in patronizing stupid vendors.
You claimed that "security through obscurity" was "pathetic", IIRC. My Fort Knox *analogy* is therefore quite relevant. Anyone charged with protecting something REALLY valuable doesn't go about revealing the details of that protection to any Joe on the internet who asks. They usually don't reveal it to anyone who doesn't have a "need to know."
Why do they call the men who protect the president "The Secret Service?" Wouldn't your theory of "non-obscure security" dictate that they call it the "Public Service" and copiously publish where the President will be at all times and how many people will be guarding him and what weapons they will carry? You should be starting to see why your comment has provoked my rather incredulous response.
Perhaps you can explain to me why you, or me or any Joe Websurfer, would be entitled to design details about a HA or alarm panel? You should have known what level of tech support they offered when you bought it, right? It shouldn't be surprising that I and others feel the less a panel maker reveals about the innards, the more secure a product they make. Sure there are scoundrels that use secrecy to conceal shoddy design, but you can't just cover every situation with a blanket indictment of obscurity's value to security the way you did.
Do you *honestly* believe that an alarm manufacturer would make their customers any safer by providing anyone who asks all the details of their hardware? If so, then YOU buy from them. Let me buy from the people that don't think that's such a good idea for their customers. (-:
The casinos don't publish the numerous ways they check for cheats or their "cheat books" (faces of cheaters and dossiers of their preferred techniques) because they know that the more thieves know, the more they'll be cheated.
Jeez. You must see red a lot. Please pardon my unsolicited headshrinking Bill, but when something seems to light up your hot button LED, your ability to make logical connections appears to suffer. I'm pretty sure if we had you hooked up to a polygraph or an EEG we could see some pretty big spikes as you heard the words "9/11" or "security by obscurity" or "Group Moderator" or "WiFi is totally safe" being spoken. :-)
Slow down, get a cup of coffee, sit down at the PC and I'll go over this again, because it's clear you didn't make the connection. Perhaps my writing was too obscure. :-)
The Feds are spending BILLIONS on "security through obscurity." They are removing thousands of previously public documents about the national infrastructure from the WWW. Why do you think they are doing that? Because security often comes through obscurity.
The best minds they could find decided that granting access to building plans and infrastructure to someone in (insert terrorist symp nation here) via the WWW may help them plan their attack. I'm sorry if this seems some sort of cheap sentimental shot at 9/11 to you, but to me it's a very real indication that experts believe in limiting critical infrastructure information to those with a need to know. It's proof that's occurring all around us that with total openness comes a certain amount of risk.
So, seeing information being limited all around them at a national and local level, isn't it reasonable for an alarm panel maker to at least *assume* that less is safer? Watching what their own government is doing to become more secure, aren't they right in believing the less details they give out about system internals, the less likely they will be hacked? This is just the way of the world.
Now I will readily agree it's NOT the way to design a worldwide internet, but it may well be appropriate to most other things that need protection. Obscurity figures prominently not only in protecting national infrastructure, but in the protection of almost all valuable assets, whether it's gold in Ft. Knox or casino chips or plutonium or my frikkin' household goods!
Why do you think the NSA is the most obscure branch of the federal government? Because "Security" is its middle name. I mean, c'mon, Bill, it hits you like a mackerel in the face everywhere you look. Now if you had said something less general like "some vendors hope that obscurity will hide the shoddy underlying nature of their goods" and given an example of the perpetual buffer overflow exploits that infest MS Windows, I would have had to agree with you. But the further you move away from the one example, the more heartburn I have with your contention's global assertion.
Are you familiar with US secrecy protocols like CONFIDENTIAL, SECRET, TOP SECRET, SCI or SAP? I am, and it grates me to read a sweeping generalization about "security through obscurity" being "pathetic." A TS violation (revealing information or material which reasonably could be expected to cause exceptionally grave damage to the national security) can get you put to death. Killed. Dead.
When you get as TS clearance, they make you sign a paper saying that you understand the penalties for making TS data "unobscure." People have been so spooked by what those penalties are that some have opted out.
Someone other than me clearly believes in obscurity being a good thing for security purposes.
Decisive victories like Midway were possible because neither the Japanese nor the Germans built an obscure enough code nor kept it secret enough. All we needed to break those codes were the design documents and some Polish and English geniuses. We had the advantage of one of the most obscure languages on the planet, Navajo. The Axis couldn't break it. Obscurity is good.
In fact, it's a really, really good adjunct to security in almost everything BUT the internet and that's because the internet is so unique in its interconnectivity. Please don't assume that one oddball case where obscurity is a hindrance sets the mark.
< Click! (MY hot button thermal breaker just reset) > :-)-- Bobby G.
If they're in then that alarm's not worth much now is it?
What if that box was so poorly designed and the protocol so fragile as to be competely breakable with only the slightest of effort? More often than not something claming security through obscurity won't hold up to anyone actually investigating it's details.
And given how poorly those that claim to be behave online I'm glad not to be associated with it.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.