qqq

As someone who has worked outside of the US on an "immigrant visa", I was paid normal wages and treated like a normal employee. I also could quit and look for any job I wanted. I don't know anything about H1B, but substandard treatment definitely shouldn't be expected just because you're an immigrant.

Ah sorry yea agreed, at least for the units I know about

That is the simplest possible thermostat and works great for setting a temperature, but that's not the ideal thermostat. The temperature your house "feels like" also depends on humidity. You may also care about the temperature more in a spot further from the thermostat and getting accurate measurements in that location can save you money and waste less gas. There is also the decision of how long you should run a furnace and, in the case of multiple stages, which stage you should run, although some furnaces control the stages themselves. Then there is air flow. Controlling the fan separately is useful if the house doesn't evenly heat. Sometimes you can just have the fan turn on more often and use the actual furnace less, saving gas again.

Also sometimes it makes sense to heat your house slightly more during high demand hours to save money. I dunno there is just a lot that could be done with an intelligent thermostat, it's one of the few things that makes sense to make smart to me.

Programmers love to oversimplify things; "do easily with an RPi and some simple Python" is kinda meaningless. Like, yes, an RPi is a general purpose computer and Python is turing complete, thanks.

For one, UI/UX is actually hugely important for a consumer device and definitely nontrivial, but on top of that, there is way more that goes into creating custom hardware than a bill of materials (which isn't just saying "Raspberry Pi") and choosing a programming language...

A thermostat is controlling a very expensive device that runs on a highly flammable gas that costs me real money to use. I want 0 serious bugs. I also want 100% uptime. A poorly made "smart thermostat" is way worse then the old school analog metallic ones imo. I also want my partner to be able to control the temperature in the house. These devices are actually not simple at all and I assume that's the reason there isn't a good open source/open hardware solution.

Embedded systems aren't some mystical impossible thing - contrary to the previous commenter I actually find working with them easier then designing GUIs - but the commercially available devices are definitely nontrivial to recreate

Smart thermostats do way more than just set the temperature: that's just table stakes and of course easy. Off the top of my head the ecobee will:

• Set the temperature also taking the room's humidity into account

• Communicate with sensors throughout your house

• Can change things via the Internet in case you accidentally forget to set it to a better temperature when you'll be gone for a few days

• Tweak your schedule based on demand

I'm probably missing things, but they're actually pretty useful, and I'm someone who thinks most IoT is shit.

A smart thermostat is the only "smart device" I have in my home (ecobee). I figure it actually is better than something I could design in a week so it seemed worth it. Do you know of an actually competitive open hardware/open source solution?

Yea, but there are also some things AppArmor just can't do. Although in my experience most aren't as big of a deal. Things like saying "only processes of this type can bind to port X" for example and much more fine grained control of file or directory actions. Does AppArmor provide kernel module controls?

They both have really bad documentation though :(

AppArmor is great but it isn't nearly as powerful as SELinux. Way more user friendly though.

I haven't looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn't everything.

I don't know if it ships with a firewall, but that's definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.

One of the few with SELinux by default

I hate this take. That is not how security should look on consumer devices at all and it's one of the ways the security industry is being co-opted to ruin consumer devices. The user is not the attacker on a consumer device. Consumer devices should provide tools to enable strict protections and allow the user to choose. It should be easy to put the device into the fully locked down state at instal/initial provisioning, likely even the default, but it should also be easy to deviate from that during provisioning. After provisioning it should, of course, be incredibly hard or impossible to go from the locked-down state to the nonlocked-down state without wiping data.