This goes both for the malicious bricking of normal consumer devices, and attacks on critical infrastructure like this, except of course the punishment for the latter should be correspondingly more severe.

People were buying Chinese inverters meant for the Chinese market off aliexpress on the gray market and shipping them to other countries. Deye decided to crack down on the behavior.

There’s nothing indicating this has anything to do with sol-Ark at this point other than them being the approved distributor of rebranded deye inverters in the US.

Calling this trade war invokes issues which may exist, but ignores more present dangers. Selling unlicensed radio equipment (--for example) into different economies has massive financial risks.

Any idea how common this manufacturer is across the place?

I'm not from the states, but I do know that if my solar would be bricked, it would take me weeks to find out. I don't exactly check up on it and it's out of sight.

Sol-Ark may not have pulled the trigger on bricking the inverters, but it certainly sounds like their legal actions pressed Deye's hand.

And then to shake down all the individuals who's inverters broke with a limited time opportunity to buy a brand new one from them....

The web telemetry panel had multiple gaps throughout the day where energy generation dropped to 0, but having datapoints logged every 10 minutes didn't give out enough information to determine why that was happening.

It also had a current status endpoint which updated every 10 seconds. I wrote a python script to log those updates into a file, and eventually discovered the inverter was shutting down itself and waiting 5 minutes every time it found its grid voltage to be greater than 241V.

Installer wanted utility to lower the house's grid transformer tap, but needed authorization from Utility, who declined claiming it was already on the lowest tap possible. Cynically, i think they declined because lowering further would lower grid voltage at night below minimums they're contractually required to maintain.

Tried going into the manufacturer's website to see if a firmware update could solve this. Couldn't find firmware updates, but i did find a manual for their local monitoring app, including a password for installer-only settings, set to "123456".

The app doesn't include any functionality to change said password to something else, so i assume it's hardcoded. There was one change i could still legally do without violating anything - raising the grid shutdown threshold voltage from 241 to 242V. This change did get reflected in subsequent logs, so the settings panel is functional. I could technically increase that further (to a maximum of 275V), but that would expose me to liability.

Parents suggest contacting the inverter's distributor for support, and they asked for a password i was never given. Apparently the manufacturer is suppopsed to create accounts for installers/distributors buying directly from them, and i somehow bypassed that process when creating an account for myself, without even realizing it.

Some more clarification later, it turns out they can still remotely access the inverter with its serial number. After doing so, they "fixed" the issue without explaining how. Checking the installer settings interface, it turns out they just increased the grid overvoltage shutdown threshold to 275V right off the bat.

At least i got them on record saying they did that, so i'm technically in the clear. Still, having that kind of access was scary enough to want to make me disconnect the inverter from the internet.

Turns out its warranty (which only expires in 2036) has terms requiring it to stay connected to the internet. That's enough time to trigger WW3 and a resulting horus scenario (https://horusscenario.com/).

Until then, the best i can do is to throttle the inverter's internet connection to something like 10kbps, which isn't enough to prevent someone persistent enough from uploading new firmware.

Stories like this make me reconsider keeping it connected. I'm surprised we haven't seen inverter ransomware yet.

What can we do to modify capitalism so that this externality is correctly captured? I think most people, especially those who rely on these systems to do their jobs would tell you "I would gladly pay a premium to prevent outside influences from being able to brick my tractor (or whatever), if it's broken I want to be the one who has broken it." Is this something that could simply be solved by aggressive anti-trust? Surely this isn't the best future we can come up with.

Even devices that are pretty much for "self-hosting" are increasingly trying to sneak in cloud-connected back doors, like Synology DSM trying to sneak in cloud authentication to your local NAS. Stop trying to make the devices I bought for the purposes of having locally-managed devices depend on cloud services! My local network is not just a fucking gateway to cloud services!

If/when we have solar installed it will not be connected to the manufacturer or distributor's cloud systems.

[1]: https://valetudo.cloud

Just imagine this kind of thing happening in a (probably not so distant) future in which a significant fraction of all electricity is being generated in a decentralized way, using devices such as this...

This is endemic in the home automation space. Nearly everything is made and operated on Chinese soil. Like security cameras, or, in my case, our LiDAR and camera augmented robot vacuums.

Some components, like lights and switches, have (very) expensive American alternatives. Some support ZigBee or Matter and can be controlled locally. Many many others require cloud infrastructure operated outside of the US and become bricks without it.

I would love to see the US mandate ITAR for all IoT devices sold in the US. If anything, that will help prop up local alternatives like Matter since that will be way cheaper than building compliant cloud-connexted devices.