WTH why is HACS not standard part of HA

You go outside the windows store to install all the time. Most people have chrome if nothing else, and the norm is installing of the internet. I don’t have to dig around and disable anything to do that, you can do it out of the box in windows, and the risk is higher.

1 Like

How would that be different than the current situation. I mean HA allows you to install custom components manually? Shouldn’t that be a user responsibility? It is now anyway, I don’t see any difference. There are warnings in the logs and there could also be a disclaimer:

“You are installing at you own risk. This is a security risk, etc.”

This might be ok for our current technical user base but won’t be suitable for the future less technical users. The argument about don’t install them if you don’t want doesn’t work in countries outside of the USA and Europe as many of the components for these areas take a long time if ever to become part of the core. See my previous post.

This thread has actually prompted me to think about custom components a lot more in depth and I am now think that HA probably needs to do more than just have something in the logs. This is a place only technical people will look and the risk is non-technical people.
As HA become more widely used it will become harder to separate a security incident caused by a supported vs custom component.

the hypothetical example I think of is a non technical user follows a random online guide ( one of thousands there are now) that installs a custom component with malicious code. This user will unlikely even understand what they have done. This would likely be viewed as a HA problem by the user and could share their bad experience as a HA problem.

HACS actually resolves some of that in a way as the repositories are usually on GitHub and there is a small hurdle for them to add a file with meta data. If someone reported malicious code in one of these it could be reported through GitHub etc. possibly even a future HACS feature of blacklisting or something. I am not familiar with the inner workings of HACS to know how possible this is.

As HA has a strong security focused and open source it make a conflicting challenge for make it the product more general user friendly.
On one extreme the most secure would be not to allow custom component (I don’t want that).
On the other end is open source philosophy and being able to review code, add, fork etc. this can be secure for technical people who can review the code of the custom component. This is not a general user. I think we need something in between, HACS kind of fills that spot right now.

In summary. I think HA may need as part of the core a community store that has some standards to be met and possibly reporting and blacklisting. Appropriate warning and notifications can be part of it. This would be for the intermediate users of those who need a custom component but are not technical enough to read code.

You can leave the existing method for advanced users and developers etc.

3 Likes

I should clarify that by this I mean the same approach as HACS now applies it with a metadata file etc. It is 100% up to the custom component developer to comply or it doesn’t show up in the store. Possibly with community reporting for non compliance issues etc.

I do not see a sustainable solution where HA/Nabu casa do the checking of custom components. Just managing the portal to them.

3 Likes

I imagine a part of this can be implemented as an automated process. E.g. static code analysis tools could be used. Automated tests. It would make the hurdle to get your extension in the “store” a bit higher, but I don’t think that is a problem.

1 Like

Hello,
(at the beginning on this way my thanks to all voluntarily contributing to HA)

This topic is interesting from my point of view. Here two worlds collide which unfortunately understand too little of the other. Therefore here a definition from me (completely value-free).
Home Assistant (HA) is a software from nerds for nerds (N2N) - not for users. It is a modern version of model railroaders and stamp collectors who put a significant part of their lives into the software and detail aspects. The wonderful thing here is the consequent use of the modern possibilities of sharing the results and the willingness to support others.

In my definition, the Nabu Casa group is a control and coordination entity. The target group is still nerds.

In its current version, HA is not a product for users. Not even in the version without HACS. The fast (monthly) updates and the fixes needed afterwards are too unstable. (Insert: I would like to clearly say here that these lead to many great functionalities that I find extremely helpful). HA is a playground for enthusiasts. No more and no less.

Another clear characteristic is the lack of stability (e.g. backward compatibility) and the associated impossibility to provide a meaningful overall documentation (No Book for HA). (I know that this is written very hard, but the view from outside does not allow a more friendly description).

The discussion that has now been concluded here only cemented the two perspectives from my point of view. That is a great pity. From my point of view, discussions like the one above make a lot of sense because, if they take place without insults etc., they make some participants think. Let’s see what develops from this.

Finally, my thanks to the initiators of the WTH time. It encourages cross-thinking and recapitulation.

Frank

3 Likes

This is not correct.

The Home Assistant development team want it to be as inclusive as possible. It is one of their main aims.

Is it there yet?

No, not really, but significant progress is being made. Look how far automation writing has come, from YAML only to a very capable GUI.

Not sure what is wrong with your system but I’ve been running beta version for years without much issue. Many run the dev version.

There are feedback links at the bottom of every page if you have suggested improvements.

3 Likes

My two cents after being negatively surprised by some of the statements I read:

  • MIT does not mean that others have no moral responsibility to respect the creator’s wishes. By even suggesting to go against that dev’s explicit wish means that you do not understand the spirit of open source projects. If the dev decides to no longer maintain it, go commercial or similar, you are free to fork the open project and host it for free also.
    If anything, build your own version of auch a repository collector. Don’t just steal it.
  • The UX of Home Assistant is fine without HACS. I actually think that there is too much focus on it with all the moves away from yaml.
  • HACS is a cool and simple way of installing third party components. That would for sure be nice to have in HA core. But it is absolutely no work at all to install HACS yourself.
  • You cannot just merge everything out there into core. It makes no sense. The whole way HA is built is for maximum flexibility and versatility. Let people decide what to install. I would even argue that some other components are not needed in HA core, but the devs wanted it in and are maintaining it. So that is also a respectable choice.

Anyway, HACS is cool but it is not needed in HA because of ease of installing it (same actually for the components it helps install).

I have no idea what “users” want or use. And if I am not mistaken, the analytics also would not because I assume many opt out. I turned analytics off also. So unless there is some monitoring I was not aware about, analytics won’t help either.

And personal impression: people who use home assistant probably have some willingness to do things themselves.

Plus, my two biggest fears (to be completly honest) are:

  1. that HA goes too far into UX and away from yaml and takes away the possibilities to maintain with code even more
  2. HA goes full business and makes Nabu Casa or similar mandatory

So, respect the devs wishes and have some faith in the users’ willingness to learn something. It will also make the end result so much better if they cannot just clickeldy click (if the community is strong and willing to help!).

4 Likes

Thanks for sharing that view, @tropfen! I really think it is “spot on”.

This is an excellent example about what @tropfen means with his “from nerds to nerds”. Of course HA runs totally fine. But I’ve had cases where things stopped working after an update. I was always easy to fix. But I’m a nerd too. I think “average, non-nerd users” wouldn’t find those fixes easy. If we want HA to be a product for the average user, we should more often ask ourselves: “would an average user think this is easy?”

I never wanted to suggest to do something morally irresponsible. I just wanted to say that, if the original author didn’t want to integrate HACS into HA, there are multiple possibilities:

  • It can be he simply doesn’t want to do the effort, but would be fine if someone else did it. (I think bu now it is clear that this is not the case, but I didn’t know that before.)
  • If he doesn’t want someone else to do that, it still doesn’t prevent someone else from creating something similar. I think that’s not morally wrong in any way.

This, again, is an example of “from nerds to nerds” thinking. For an average user, editing text files on a remote machine is very difficult!

Of course not. That is not what I suggested, but I noticed that multiple people interpret my message as if I’m suggesting that. I think that’s because you think too much from the current state of things and how that works. There could be ways in the future to have third party software be installed into HA in a nicer way, without the need to merge that third party software into HA Core. As stated in one of my later messages, that probably involves things like sandboxes and is probably not trivial. But it’s also certainly not impossible.

1 Like

It should not be. Visual Studio Code is part of core integrations.
And you can upload via VSC if you want to work locally. So it is basically editor and file explorer in one.

The coding part, yes, not easy (I am a newbie myself, regularly frustrated). But for installing third party components it is just copy and paste :slight_smile:

I have a couple of questions:

  • How many “average users” do have VS Code installed, do you think?
  • Did you consider that all things you install so easily, also need to be updated regularly?
  • What if you’re very busy and don’t have a laptop at hand, and you want to just quickly do something from your smartphone?
2 Likes

I have another question.

How long are you going to keep flogging this dead horse?

5 Likes

I’m not flogging a dead horse. I’m trying to make people aware of their bias. If people want HA to become a product that can be installed by “average users”, people should stop thinking as nerds.

3 Likes

re 1: many. maybe even most. Plus, your issue was that there was no easy way, but there is! And your second issue is, that HACS is not in core, but VSC is, ergo: use it!

re 2: all things core have auto-update. all things third part usually work for a long time without updates. And when you notice it stopped working: go to repo, copy & paste again

re 3: 90% of my HA is done via mobile. write on your mobile and then, you guessed it: copy&paste

But re 3 also: I too would love muuuuuch better mobile support for VSC. But the original devs don’t. So though luck :wink:

1 Like

I think you and I have very different images of the average user in mind. I know a lot of people that I’d love to see using HA. However, I don’t recommend it to them, because I know there are lots of hurdles they likely aren’t going to take. Like getting to know the concept of editing plain text files. Let alone use a tool like VS Code.

What do you mean by “VSC is in core”? I’m not aware of any text editing that’s integrated into HA that is even remotely as mature and productive as VS Code.

  • I was referring to auto-updated that broke stuff. E.g. when configuration had to be updated to work with the new version. (I admit: in recent times, this is handled much better, so it seems.)
  • “go to repo, copy & paste again” - again: the “average users” I know would not find “going to a repo” an easy thing to do.

I don’t know about you, but I find the integrated text editor of HA horrible. It’s horrible on Desktop, and even more so on mobile. Whenever I’ve to edit a text file, I wait until I can do that from the comfort of my editor of choice, via the SMB share.

1 Like

If the horse is dead, why is it stilla debate that is quite active and people apparently care a lot about?

2 Likes

No matter how many people are flogging the dead horse, it still wont make it go any faster.

3 Likes

Hello I am a new HA user, non-IT trained and an older generation. I have spent the last 18 months learning; I am blown away by the creativity of this open source project. I marvel at the width and depth of the contributions. HACS was my second integration and driven by a need to access a much wider group of contributions. Some of those contributions are emerging, some are changing, some are deleted or subsumed into other contributions. HACS provides a safe harbour for this wider non-core “ecosystem”. I was and remain grateful that the HA core team has allowed this two speed world to exist. It is richer and more interesting. I would very much oppose HACS changing …… leave it be …. It is doing a great job. We need to nurture inspiration.

HACS provides no safety, only convenience.

4 Likes

A safe harbour for the contributor. Or at least a lower hurdle to contribute. Certainly not safer for me as a user! I wonder whether I would ever be able to contribute! Too old and too late!; but I am very grateful for all the contributors.