2023.12: Welcome home!

Home Assistant Core 2023.12! 🎄

The last release of 2023 is here, and we are going out with a bang! 🎉

2023 has been the Year of the Voice, and please stay tuned, as we will host a final 5th chapter live stream on our YouTube channel on 13 December 2023, at 12:00 PST / 21:00 CET! But that is not the end of the voice journey… Be sure to tune in!

This release has some nice quality-of-life improvements, making it feel like Christmas already! The thermostat card has been redesigned to match the gorgeous new entity dialog introduced, a new feature for the ever-improving tile card, re-importing blueprints, and much more!

I’m most excited about the new login page that this release brings. It is beautiful, modern, and literally welcomes you into your own home! 🏡 Home is where Home Assistant is, right? 😃

This is it for 2023! What a year it has been! I just got one last thing to say this year:

Thank you for using Home Assistant! ❤️

Happy holidays & enjoy the release!

../Frenck

Read on →

Nabu Casa at the Matter Member Meeting

TL;DR: We represented Home Assistant, our community, and the Open Home vision at the Matter member meeting in Geneva. We’re hosting a live stream to talk Matter in January to update you about our progress and answer your questions. Leave your questions in the comments below!

Two weeks ago me, Marcel van der Veldt, and Stefan Agner, traveled to Geneva to represent Home Assistant, our community and the Open Home Vision at the Member Meeting of the Connectivity Standards Alliance (CSA). This is an important meeting where companies from all over the world meet to talk and decide about the Matter standard and how to implement it.

(Matter is the new smart home standard that promises to make everyone’s smart home devices work with each other across platforms and ecosystems, locally and privately. It’s being developed by the CSA, which is also responsible for Zigbee).

Stefan and Marcel

We were able to attend because Nabu Casa is a member of the CSA. We pay for this with the revenue from your Home Assistant Cloud subscriptions (thank you!). CSA membership ensures that we have access to official technical documentation and support to build Matter into Home Assistant. It also gives us a voice inside the CSA, which we use to advocate for the interests of Home Assistant users and our Open Home vision.

Read on →


Removal of MyQ integration

TL;DR: The MyQ integration will be removed from Home Assistant in release 2023.12 on December 6, 2023. Chamberlain Group, the owners of MyQ, have released a public statement saying they will continue blocking access to third-party apps, like the MyQ integration. For current MyQ users we recommend ratgdo, a device that physically connects to your MyQ garage door opener and allows you to control it locally.

If you own a garage door opener from Chamberlain or Liftmaster, you are probably familiar with MyQ. It’s a cloud-based smart home brand owned by Chamberlain Group, best known for its smart garage devices. MyQ is also currently one of the most problematic integrations for Home Assistant users. The MyQ garage door opener integration has, for the past months, been in a state of constant repair as the integration breaks, is fixed, and then breaks again. This is a direct result of actions taken by MyQ to block access from third parties.

Read on →

2023.11 To-do: Add release title

Home Assistant 2023.11! 🎃

It seems like I forgot to come up with a release title for this release and left a placeholder in the title. If I only could have it on a to-do list somewhere… 🤔

Before we dive into this pretty massive release, I want to quickly look back at two amazing things that happened in the past month.

First, we presented chapter 4 of the Year of the Voice, which introduced the new wake word feature in Home Assistant. This really brings the voice assistant experience to the next level, and we are super excited about it! Like have you seen the R5-based voice assistant droid? 😍

Second, we had a security audit performed on Home Assistant by one of the top security auditors in the world! You can read all about it in the blog post. A big shout out to everybody subscribed to Home Assistant Cloud, as you enable us to do these things! 🥰

Alright, about this release! It is huge! I love the tile card, and the ability to easily customize the information it shows now is just. 🤩 But mostly, I’m super stoked about the new to-do lists, which will probably become a very central part of my household.

Enjoy the release!

../Frenck

Read on →

Security audits of Home Assistant

Summary: Home Assistant had two security audits done as part of our regular security assessments. You are safe. No authentication bypasses have been found. We did fix issues related to attackers potentially tricking users to take over their instance. All fixes are included in Home Assistant 2023.9 (released on September 6, 2023) and the latest Home Assistant apps for iOS and Android. Please make sure you’re up-to-date.

Security is very important to us at Home Assistant and Nabu Casa. Being open source makes it easy to let anyone audit our code—and based on reported issues—people do. However, you also need to hire people to do an actual security audit to ensure that all the important code has been covered.

Subscribing to Home Assistant Cloud provides funding for the ongoing development and maintenance of Home Assistant, including external security audits. To ensure that our security is top-notch, Nabu Casa hired Cure53 to perform a security audit of critical parts of Home Assistant. Cure53 is a well-known cybersecurity firm that in the past found vulnerabilities in Mastodon and Ring products.

Cure53 found issues in Home Assistant, 3 of which were marked as “critical” severity. The critical issues would allow an attacker to trick users and steal login credentials. All reported issues have been addressed as part of Home Assistant 2023.9, released on September 6, 2023. No authentication bypass issues have been found. According to Cure53’s report:

The quality of the codebase was impressive on the whole, whilst the architecture and frameworks deployed in all relevant application areas resilient design paradigms in general. Frontend security in particular exhibited ample opportunities for hardening, as compounded by the Critical associated risks identified. Nonetheless, once these have been mitigated, an exemplary security posture will certainly be attainable.

In August, the GitHub Security Lab also audited Home Assistant. They found six non-critical issues across Home Assistant Core and our iOS and Android apps. Two of the issues overlapped with Cure53. All reported issues have been fixed and released.

We want to thank both teams for their audits, reported issues, and keeping our users safe 🙏

All found issues have been added to our security page. This page has been updated to include an ongoing timeline of reported issues, who disclosed it, and a link to the issue report on GitHub.

If you think you have found a security issue, check out our security page on how to report this to Home Assistant.


Expected support for Home Assistant OS on the Raspberry Pi 5

On September 28, Raspberry Pi surprised the world (and, truthfully, us) by announcing the Raspberry Pi 5. This new board promises more than twice the speed of the Raspberry Pi 4 and is already available for pre-order. Raspberry Pi expects to ship them to customers by the end of October.

According to our analytics, a third of all Home Assistant users currently use the Raspberry Pi 4 as their dedicated Home Assistant system. In fact, Home Assistant OS is the third-most installed OS on Raspberry Pi boards in general. So, we suspect many of you eagerly await the new Raspberry Pi 5 to upgrade your Home Assistant installation. We’re just as excited about this new release as you are, and we will start development for it as soon as we receive our pre-release boards from Raspberry Pi!

As we have not been part of Raspberry Pi’s beta program, adding support for the Raspberry Pi 5 to Home Assistant OS has not started yet. At this point, it is still hard to estimate how much work it will be, but we want to stress that this is a major task that we want to get right. While beta versions will be released early, we currently do not expect a stable release to come out until the end of this year or early 2024.

That means you cannot run Home Assistant OS on the Raspberry Pi 5 at launch. Alternative installation methods that do not use Home Assistant OS are available, but we only recommend those for advanced users. If you currently use Home Assistant OS and have pre-ordered a Raspberry Pi 5, we recommend waiting for a stable release for the Raspberry Pi 5 to come out before moving your installation.

For owners of Home Assistant Yellow, Raspberry Pi has yet to make any statement about a potential Compute Module 5 based on the Raspberry Pi 5. We can only indicate compatibility with Home Assistant Yellow once they provide information about a new Compute Module and its specifications. We also want to point out that there were 16 months between the release of the Raspberry Pi 4 and the release of the Compute Module 4. For those currently looking for Compute Module 4 to complete their Home Assistant Yellow kits, we are happy to report that Compute Module 4 has become more widely available again, as seen on rpilocator.

Update (Oct 19th): We received Raspberry Pi 5 boards earlier this week and are investigating support options for Home Assistant OS now. Thank you to the folks at Raspberry Pi! For those interested in technical discussions about Raspberry Pi 5 support or just would like to follow the progress, we’ve started a Raspberry Pi 5 specific thread on GitHub Discussions.


Home Assistant OS 11: Low-latency scheduler and VM snapshot improvements

With Home Assistant OS 11, there is no big or flashy feature to highlight. Rather, there are a lot of small improvements and little gems. The increased use of Bluetooth has uncovered quite some issues on Home Assistant OS; some of which we are still working on. One of the main issues in Home Assistant OS 10 was caused by a bug in the processing of Bluetooth advertisements in the Linux kernel’s Bluetooth stack itself. With the help of our community, we managed to reproduce, pinpoint, and provide the necessary hints to the Bluetooth developers. This led to a fix in the Bluetooth stack not only for Home Assistant OS and Supervised users but for the Linux community in general 🎉 (see issue https://github.com/home-assistant/operating-system/issues/2535 for details).

We’ve also worked on the landing page which is bundled with Home Assistant OS 11. The landing page is visible to the user when starting a fresh installation of Home Assistant OS for the first time. It features the same new look as the Home Assistant Core onboarding flow, and tracks issues during the bootstrapping phase, automatically displaying errors if they occur during that critical setup phase.

Screenshot of the new Home Assistant landing page

The new landing page shipped with Home Assistant OS 11

This month we at Nabu Casa got a new addition to the Home Assistant OS team: With Jan Čermák joining, we will have more bandwidth to implement new features as well as to tackle issues reported by our community. Welcome Jan!

And finally: Home Assistant OS 11 will be pre-installed in the next batch of Home Assistant Green 🎉

Enjoy the latest version of Home Assistant OS!

Stefan

Read on →

Removal of Mazda Connected Services integration

On October 11, 2023, we were informed that an open-source contributor received a cease and desist letter from Mazda North American Operations (Mazda) regarding his library to connect with Mazda services. This library was used by the Home Assistant integration Mazda Connected Services, which he also maintained. A DMCA notice was sent to GitHub requesting the removal of all code and forked repositories as well.

The contributor has complied with the cease and desist letter. The library is no longer available, and the Mazda Connected Services integration has been removed from Home Assistant in the 2023.10.2 patch release of Home Assistant released on October 12, 2023.

Home Assistant is disappointed that Mazda has decided to take this position. We’re also sad that Mazda’s first recourse was not to reach out to us and the maintainer but to send a cease and desist letter instead.

We invite Mazda to speak with us about this topic. We would love to have an open and constructive discussion about the potential that a Home Assistant integration has for them and their customers. We genuinely believe there is a common ground between us and Mazda when it comes to enabling the owners of their cars to explore the possibilities of their own data.

After all, other car manufacturers do see this potential. For example, Tesla has recently released official API documentation to support third-party apps. Volkswagen Group’s Audi brand has launched an app store in their cars that features the Home Assistant app. We hope Mazda will see this potential, as well.


Year of the Voice - Chapter 4: Wake words

This year is Home Assistant’s Year of the Voice. It is our goal for 2023 to let users control Home Assistant by speaking in their own language.

We’ve got great news: wake words are finally here! After 4 chapters, we now have the final building block for voice in Home Assistant.

In Chapter 1, we started with text commands such as “turn on the kitchen light” and “open garage door”. We now support 56 languages and have 188 contributors helping to translate common smart home commands for everyone.

Chapter 2 introduced audio for voice commands: both speech-to-text and text-to-speech. This included local options for maximum privacy as well as support for Home Assistant Cloud for incredible speed and language coverage. Lastly in Chapter 3, we added the ability to set Home Assistant as your default assistant on Android phones and watches.

For Chapter 4, we’ve now added wake word processing inside Home Assistant. Wake words are special words or phrases that tell a voice assistant that a command is about to be spoken. Examples are: Hey Google, Hey Siri or Alexa.

Home Assistant’s wake words are leveraging a new project called openWakeWord by David Scripka. This project has real-world accuracy, runs on commodity hardware and anyone can train a basic model of their own wake word in an hour, for free.

To try wake words today, follow our updated guide to the $13 voice assistant.

To watch the video presentation of this blog post, including live demos, check the recording of our live stream.

Read on →