In October there will the Hacktoberfest. To celebrate and support Open Source, DigitalOcean, Twilio and GitHub are again organizing this event. Home Assistant will be part of it like in the last two years.
We would like to focus on those repositories. Browse through the bugs and fix one. This will get you started with contributing to an Open Source project in an easy way:
If you submit five (5) Pull Requests during October, you will have earned yourself a limited edition Hacktoberfest T-shirt and a place on our credits list if you submit your Pull Requests for Home Assistant! Don’t worry you will be listed there no matter how many Pull Requests you’ve made.
We want to focus on new contributors and people who want to get started on working on an Open Source project.
It’s time for another great release and we’re introducing a brand new feature: device registry. Thanks to @Kane610 for driving this effort. This allows integrations to tell Home Assistant not only about entities, but also which devices the entities represent. It also allows integrations to tell Home Assistant how a device is connected to Home Assistant. For example, a Hue light bulb is connected to Home Assistant via the Hue hub.
Screenshot showing several configured integrations in the configuration panel.
Adding devices to the mix allows us to do a lot of cool things. It allows us to group entities and show how they relate to one another. It will also allow us to inform the user if data leaves the home network and shows the firmware version that the device is running on.
Screenshot showing the devices of the iOS integration.
Devices can only be added by integrations that are configured via the integrations panel in the config panel. So we’ve also been expanding the integrations that support that. This release brings support to iOS, MQTT and Tradfri.
Screenshot showing how to configure MQTT via UI
And this is not all! There is so much more. In an effort to make the quality of an integration more clear, we’ve added an Integration Quality Scale. With this scale we’ll be able to clearly communicate to the user how good an integration is and it gives developers a list on how to improve it. Expect these levels to pop up in the integration list soon.
And did you think we forgot about auth? We did not. @awarecan has added a new multi-factor auth module that will send you a one-time authentication code to finish your login, with a notification service of your choice. PushBullet, Hangouts, iOS app, some obscure custom notification service using a shell script? It’s possible.
Oh, and yes, there is also some cool new integrations. Support has been added for Logi Circle camera’s, GeoJSON events and even a bank. More below 👇
Today marks the 5th anniversary of Home Assistant. I want to spend this post not only reflecting on the last 5 years, but also look at what is ahead of us, where we want to go, what we want Home Assistant to be.
Home Assistant wasn’t born out of ideology. I built it because I got some smart lights and wanted to script them. I made that script open source and it went from there. As Home Assistant has grown, so has the world around us, and so have I.
A lot of IoT products have been introduced since Home Assistant started. Sadly, the trend in these products is to send all data to the cloud and manage your house from there. I’ve come to realize that it’s not in the big corporations interest to make a product that focuses on privacy and local control. Our data is too useful for them.
I don’t like this trend. I don’t like seeing more and more of our data being hoarded by a few giant companies, centralizing it in a few systems and using it to influence how we’ll be treated online. It’s our lives, our data, and we should be in control. Not some algorithm optimized for engagement.
And so I want to introduce a goal for Home Assistant. A goal that will shape how the platform will evolve in the upcoming years.
It’s time for a new release and oh boy, what a time to be alive! Today marks our 5th (!!!) anniversary. That’s 5 years we’ve been bringing privacy focused and locally controlled home automation to your home. Happy birthday to us.
This release includes two new features for the auth system. The first one is long-lived access tokens. These are tokens that don’t expire and can be used in your scripts instead of API password. Instructions on how to create and use them can be found on your profile.
Also on your profile page is a new list of existing refresh tokens. These are all the tokens that are currently active for your account. If you ran into issues that the remember login dialog didn’t show, you might have a lot. Don’t worry, you can delete them all.
It’s time for a great new release and it includes a big change: the new authentication system has been activated! We’ve worked very hard on this for the last couple of months to make the transition as smooth as possible. Updating to this release is a non-breaking change (unless you had no API password configured). As can be seen in the video above, when you start Home Assistant after the update, you will be presented with our new onboarding flow. This will ask you to create a new account after which you will be able to log in to Home Assistant.
Once logged in, you will have access to the following new features:
Change your password
Configure multifactor authentication (TOTP)
Manage other users (limited to account created during onboarding)
Although it’s possible to configure authentication, we strongly recommend to stick with the default authentication configuration. If you had auth providers configured in a previous Home Assistant release, we recommend to remove the configuration and start using the default.
It will take some time before all of the Home Assistant ecosystem has been migrated over to the new auth system. Home Assistant will print a warning whenever an application connects to Home Assistant with the legacy authentication. This will help users notify the application developers to transition to use the new OAuth2 authentication. For non-interactive scripts or other applications that are unable to update, we are planning to introduce a migration path for components to adopt url specific auth tokens and also introduce long lived access tokens to replace API passwords. A list of impacted components can be found here.
Our iOS app will soon be updated to work with the new auth. It’s already in testing. The old app will continue to work with the legacy API password support. It will however require a second login when using the webview.
If you are using a proxy server (NGINX etc) in front of Home Assistant to provide authentication, check this blogpost by @DubhAd how to make it work.
I want to say a biiiig thank you to all the people that have been involved in the development and testing of the new authentication system. It’s been a big project and it’s been great to see how we, as a community, have rallied together to tackle it. Especially a big shout out to @awarecan who has done an amazing job on this.
And that’s not it ! @hobbypunk90 has contributed a new integration for Google Hangouts. You can send messages but can also configure intents to handle incoming messages from specific people. Very cool!
You didn’t think we would forget about Lovelace, did you? This release include a new notification drawer thanks to @jeradM. It will collect all persistent notifications and configurator entities and shows it in a new sidebar toggleable from the toolbar.
This release has a migration, initial startup can take ~20 minutes (depends on size DB)
This release includes a database migration to allow us to store context in the database. This will make it possible in the future to introduce attribution. For example, we’ll be able to say which user opened the garage door or which automation triggered the party mode at 3am.
The auth system is entering release candidate status 🎉. If nothing major is found, it will be enabled by default starting the next release (0.77) with backwards compatibility modus turned on. If you want to get ahead of the pack, you can already easily enable it now:
# add this part
- type: homeassistant
# uncomment this to enable backwards compatible API password support
# - type: legacy_api_password
For iOS users, your frontend should be a lot faster. We had an issue that forced us to serve the frontend in compatibility mode, which is slower. We haven’t been able to solve the issue, but found a workaround. Race on 🏎.
Warning. If you are using the internal MQTT broker, we’ve had to make a change how the password is set. In the past it would automatically start the broker with the user homeassistant and a password equal to the API password. This is no longer the case and you need to configure it yourself now:
And just like that, it’s August. Time is flying by. People all over the world have been busy to create this release for you. This release again a ton of cool new stuff.
First, let’s talk entity IDs. Entity IDs are how we identify entities in automations and scripts. They start with the domain and end with an object id, for example: light.kitchen. Or, if you’re unlucky light.node_2_2_abc. With this release, it will now be possible to manage entity IDs of entities via the UI! Just as with changing the name, it requires that the integration is able to supply a unique ID for each entity.
Screenshot of the new user interface to change entity IDs.
This release also includes a bunch more Tuya integrations thanks to @huangyupeng. And thanks to @peternijssen we’re now also able to talk with Spider thermostats and plugs.
This week we heard that Guido van Rossum, the founder of Python, is taking a permanent vacation as the leader of Python after being at the helm for almost 30 years. Guido has not been directly involved with Home Assistant. However he created Python and was part of the team that built asyncio, technologies that power the foundation of Home Assistant and what makes us so fast and robust. Under Guido’s guidance, the Python community has grown out to be very friendly and open. A great inspiration for us and other tech communities out there. Thanks for all you have done Guido!
Paulus & Guido at PyCon US 2018
All right, back to Home Assistant. The last release introduced a tech preview of the new user system. The initial preview still required creating users via the command line. In the last two weeks, we’ve worked hard on adding support for an onboarding wizard and a user management interface. A walkthrough of the new features can be found below. Thanks to @awarecan and @jeradM for all their work!
To try it out today, read these instructions. The user system is still in tech preview. We’ve moved fast to get where we are today. The next step is that we need to take a step back and look at the system as a whole to make sure it’s robust and ready for prime time.
We keep seeing great examples of UIs built with Lovelace. Follow us on social media (FB, Twitter) where we will keep sharing great examples.
For the Lovelace changes in this release, check out the changelog. To help our development and design teams, we’ve also introduced a Lovelace card gallery.
I’m happy to announce that this release introduces support for Tuya thanks to @huangyupeng. Tuya produces cheap cloud-enabled devices that are sold under a wide variety of brand names across the globe, and now they work with Home Assistant too!
Today we are releasing 0.73.2 to fix a security incident. We’ve discovered that 9 months ago, with the release of Home Assistant 0.56, we misconfigured the SSL context that aiohttp used (PR). By trying to do the right thing (use an up to date cert store instead of relying on the system certs), we ended up doing the complete opposite: SSL verification was disabled for outgoing requests that were done using the shared aiohttp session. This is our fault, and not aiohttp’s faults. The impact of this is that certain integrations in Home Assistant have been susceptible to man in the middle attacks.
A man in the middle attack is when an attacker is able to inject itself between you and the server you’re communicating with, allowing it to read and alter the communication. The odds of this happening at home is very rare, yet we wanted to be transparent about this incident.
After research, the following integrations have been impacted. Although the odds are extremely small, we still suggest that if you use any of these integrations, to create new API keys or change your password.
If you are running Home Assistant on a system with Python 3.4, we’ve created a new release 0.64.4b0 with the patch applied. We have made it available as a beta. To install the pre-release run python3 -m pip install homeassistant==0.64.4b0.
After 4 months of hard work, we are happy to announce our new images for Hass.io, based on HassOS. HassOS is a brand new operating system that we have created specifically for the purpose of running Hass.io. And yes, this supports the Raspberry Pi 3 B+!
What is new
We have built HassOS on top of the [Buildroot] framework. The focus of the system is to be a very small and highly efficient operating system to run Docker like a hypervisor. It has just enough software installed, to run a supervisor. We have also focused on security, there are, for example, no default passwords and we use [AppArmor] to protect the applications and containers on HassOS.
Safe and secure updating with [Rauc] over USB or internet (OTA)
Uses an LZ4 compressed root filesystem and parts of the memory
Read-only root filesystem, designed to run on embedded systems
Dbus connected hosts services
Latest LT Linux kernel
Latest Docker-ce version
Fully supported NetworkManager
Bluetooth support using Bluez
Supports lot different hardware
The design of HassOS is different from ResinOS. Because of this, we can’t provide an OTA update from the old ResinOS system to the new HassOS based system.
You need to perform the following steps to upgrade:
If you have installed the Bluetooth add-on, please remove it, since it is no longer required.
Make a Hass.io snapshot of your current system and download it to your computer.
Download the latest [Hass.io stable][installation] version.
Flash the downloaded Hass.io image with [balenaEtcher] to your SD card.
Raspberry Pi: In case you have modified the config.txt (in the boot partition), you will also need to apply these changes to HassOS. Do NOT simply copy the file from your old setup into HassOS! Apply those changes manually!
If you use a custom network configuration or have configured SSH development access, you need to create a configuration [USB stick]. Copy the resin-sample into the network folder on a USB stick and insert it into your device.
Take the freshly flashed SD card with HassOS and place it into your device, and boot it by turning it on.
Copy the snapshot into the host with the SSH or Samba add-on.
Restore your snapshot via the Hass.io panel.
HassOS is a wonderful base system and allows us to start working on integrating all kinds of amazing features into Hass.io (and bring them to the UI as well). For example, we are planning on bringing network and Bluetooth configuration possibilities into the UI. The goal is a full featured hub system that allows anybody to use Home Assistant.
The Hass.io API is extensive, and we are going to adopt more of its features into Home Assistant as well. For example, sensors that allows you to monitor the system usage of an add-on or even Home Assistant itself.
A big shout out to all people who donated money for us to buy hardware! Thank you! We have already started on making HassOS compatible with all kinds of hardware and are currently aiming to release support for new devices every 7-14 days and keeping this up until we support all major IoT boards.
Feel free to jump into the project and help us to improve the documentation or other tasks that are going to help us moving forward.