Feature Request: Firmware update with local file- please


I would like to be able to update Vera with a file that I have downloaded an is locally on my PC/network. Unfortunately Vera only allows updates from weblinks.
So I have to set up a webserver/ftp to be able to update locally.
As I always have all my installed firmware at hand it would be very convenient if we could just update from a local file.
Maybe this can be implemented in on of the next releases? Please?


We implement this feature to be available only with internet because when the upgrade is started, your Vera uploads critical settings and config files for Vera’s network to our servers and when the upgrade has finished with success, Vera get’s them from the server and restore them. This will not be available on your local computer/network and this is why we would like to keep it that way.

Well I have my vera isolated from the internet. What would be the difference to store the settings files locally and restore it from there?
Now that I know, that files are uploaded without my consent, I even want the local feature more.


It works like this:

  1. You start the upgrade, we pack the files and send them to our server.
  2. If the upgrade is finished, with success, Vera downloads the files back and restore them
  3. After the download of the configuration files is completed, they are deleted from the server.

Why do you find this an issue? Can you propose another solution? Describe how will you store the pack on your computer and then restore them after the upgrade is finished? You don’t want that, then just select, during the upgrade process, to restore Vera to factory default and this way, no file is uploaded to the server. Save a backup of your configuration files and then restore it. When you upgrade the firmware, you are doing basically a flash of the firmware.

I am really surprised - no let me better say shocked - that I have to explain my problems with this.

You sell a device, that sits in peoples homes and is able to controll every appliance, motion sensor, even door locks and you are asking me what my concern is with sending internal configuration files arround over the internet?
A server to which no one I personally know has control over is storing this data? Doing that even without anybody knowing (up to now)? Keep in mind that I explicitly forbid vera to contact findvera.com!

I am glad that I configured my firewall to block every packet that vera is trying to send. I wonder what an insurance company would say when they found out after a breakin when they where aware of the security leaks in this device and if they would pay the bill!

Now my only demand is, that you deliver a product that is able to run without problems in such an environment that has no internet access.

I believe no one of your customers is aware of how much control he is giving you by using vera as a control point and how naive you are handling his personal data.


while I might not feel as passionate on the subject he is quite right, any and all personal info sent over the net should be made clear and optional, it should not be the only way the unit is made functional


We will make this optional and it will be at the users choice if he wants to send backup data or anything else to our servers or not. We take very seriously the security concerns of our customers and this is why everything is done through a secure layer with a certified SSL certificate and every password is also md5 encrypted. We have absolutely no control on a Vera unless the user opens a backdoor (by enabling remote assistance, which is auto-disabled after 72 hrs) for the technical staff to debug or help that customer.

As you know, the security concerns are well detailed by Aaron in this post: http://forum.micasaverde.com/index.php?topic=3210.0

Wow, I’m on MCV’s side. umtauscherare is bit paranoid to say the least. More like over the top paranoid. Time to deal with those the world is coming to an end issues. They even told you how not to send the data if it matters to you so much. I’m not saying that it is a bad idea to be able to download a file. I think it’s a good idea for people that don’t and can’t hook up vera to the internet. Although that’s the whole point of owning one is to have remote access to it. It’s just that your reasoning is wack. Sorry if that’s a bit harsh but that’s how you painted the picture of yourself to me.

I agree with reiserx…or is this micasaverde’s evel plan for world dominance?
seems like they are working to make this easy for us which, along with web access is why I purchased vera.

so I assume “on MCV’s side” means you think it’s a bad idea that a company who handles the remote control of your home should make you aware of what personal info they store and make it optional? What’s the downside of that? One doesn’t have to be wearing a tin foil hat to have legitimate privacy concerns especially re: internet connected assets. As previously stated I don’t get riled up about it but your replies say as much about you as you seem to think you know about umtauscher

Thanks pgrover516,

people still are so naive when using online services…



I don’t think it’s a matter of people being “naive” (your words). They’re probably more interested in getting Vera more functional and more stable, before adding additional security functionality.

It’s likely not that they don’t want it, but more that they’d like other things first. For many, that part of the existing solution is “good enough” (for now)

ie. people likely would prioritize getting a working UI3, or declarative “AND” in Scene logic, (etc) above this extra feature.

A perfectly secure box, that’s not easy to use or doesn’t work correctly, likely won’t go far in the marketplace either :wink:

[quote=“umtauscher, post:11, topic:165603”]Thanks pgrover516,

people still are so naive when using online services…



My concern isn’t so much security, but what happens when findvera is down. I would like the option to log in remotely similar to an IP camera. Or will findvera be a future pay service when they build up a nice customer base. Talk about reoccurring revenue.

I let my Vera’s do the online backup of all my info and I know if someone wants to take that info they could come get into my place if they want to fly out and do it, but in all likely hood someone is much more likely to just give the door a good kick and break it down, and come right on in. Have you ever watched To Catch a Theif. Criminals will get in if they want to and you arn’t going to stop them. I’m just not living my life being worried about it. That’s why I have insurance. How about if you buy your unit from someone besides MCV then they wouldn’t know your address in the first place.

I’m so naive I think I’m going post my social security number in the forum. :stuck_out_tongue: Anyway MCV told you how to prevent the info from being uploaded if you’re a worry wart. So just do that and put your foil hat back on.

So who’s worried?
guessed: I appreciate what sounds to me like a conciliatory tone in your reply, my response had nothing to do with technical merit but rather, what seemed to me, an unneeded personal affront, Cheers 8)

By the way Umtauscher, if you’re ever in the neighborhood you’re welcome to stop by my underground bunker for a beer, Cheers Back Atcha!