Privacy IoT with Candlestick 2.0, Raspberry Pi, and Zigbee

Most mornings start with the question, “what’s the temperature?” I am a privacy minded technologist who has casually researched home automation for decades. Yesterday, I achieved a private, controllable Internet of Things (IoT) setup that is flexible, inexpensive, and hackable. This beach head is the convergence of embedded devices running Linux (Raspberry Pi 4b), weather sensors communicating over Zigbee, and Candlestick 2.0 built on

What’s the Temperature?

One change the way my family household differs from my nuclear family is that we consume news on-demand from multiple personal and communal devices. I grew up consuming the evening news from one of the three major networks in New York and WNET PBS during or immediately after dinner. (Some nostalgia: we would also watch a lot of 60 Minutes, PBS Nature, NOVA, Frontline, The Muppet Show, Star Trek, Space 1999, Cosmos, and Solid Gold together). Because we had a regular, daily news update, we’d also know the weather outlook for the next seven days. Every morning, we had an idea of what to expect and how to dress.

Not so much these days; we stream algorithmic news segments and news program subscriptions on Youtube when we feel like it (honestly, when we can muster the strength to deal with the US and world culture wars). My family has personal, mobile devices as well as portable computers, so they have a variety of news sources via web and application with their own notifications if preferred. I keep data off on my device most of the time because built in, undefeatable services constantly try to provide weather and news, so I minimize interruptions outside of calendar reminders, phone calls, and text messages.

Because Austin can be relatively dry and cool for a few months, then pretty hot and humid for an extended summer, it is helpful to know the web-bulb effect on temperature. I got a simple humidistat (also known as a hygrostat) and thermometer display to monitor our bedroom. After adding a humidifier, it has made an improvement on our night sleep during those dryer months. So most mornings start with the question, “what’s the temperature today?” Of course, consulting the phone is what normally happens after waking up enough, but that’s not sufficient for dressing while waking up. Weather in Texas can change quickly (and violently) when storms come in, so the real question is usually “how hot and humid will it get today?”

I interviewed at Nest before Google found them. So while I admired the company a lot, a learning thermostat wasn’t an option because our household is anti-cloud surveillance at this time (inside our devices, portable computers, doorbells, televisions, and more). Our indoor hygrostat also instantly answers the temperature question for our bedroom, but not for outside. I found many remote, outdoor combination temperature and hygrostats that network to an interior display station, but they were proprietary and limited to a fixed number of sensors. I wanted sensors that could create a data stream for logging and display (owing to my operations background) over a network I could manage. So I searched for an Internet of Things solution that could overlap with consumer Home Automation.

Home Automation

WiFi and Bluetooth changed the world because we expect wireless solutions for everything, including power.

Back in the late 1990’s, I needed to remotely control power to a Quest DSL router which had an unpatchable remote network exploit (HTTPD worm) for my consulting business. Controllable power strips in the data center existed, but were expensive and controlled by a serial network, IIRC. I found a simple solution, a X-10 wireless transceiver power module, which has a radio frequency (RF) signal network with simple, handheld remote controllers and a FireCracker RF computer serial port transceiver. Now I could probe from a server if the network was down and power cycle the router via X-10; I was using an early form of Home Automation! Eventually, the router got a firmware upgrade and the NSP blocked exploits, so when I switched to a new DSL provider (Megapath with Covad) my equipment changed and my need for X-10 subsided.

I kept an eye on Home Automation, from home theater over RS-232-C serial links like Creston and watched them evolve to Ethernet and WiFi over time. I purchased a number of infrared line-of-site remote controls for our TV+media players+AVR, such as OneForAll and Harmony, which controlled multiple devices and had macros, but they didn’t pass the wife acceptance factor (pointing the remote at the TV often missed triggering devices below it) and this was ultimately resolved in the last 2-3 years with interoperable multi-vendor HDMI CEC and eARC, but we still regularly leverage multiple remote controls. I observed Home Automation and Home Security begin to converge over the years into the “Smart Home.” I also watched self-hosted computer Home Automation projects, but didn’t find much compelling outside of MisterHouse, Asterix, etc.

Embedded Linux, Tablets, and Phones

I dabbled with a SIP phone (TuxPhone? which exposed me to embedded Linux), Philips amBX, and Philips HUE light bulbs, but eventually, these projects stagnated at our home. I’d crowdfunded the Ubuntu Edge Phone in 2013, the largest fund on the platform to date of US$12M, but it failed to reach its goal.

As I watched Linux solutions scale up and down in hardware resources and form-factors, I evaluated WiFi routers and firewalls and eventually, I found success with DD-WRT project in 2015. I watched the TV, mobile, and wearable spaces for Android and other mobile OSs, which resurrected my Linux phone itch in late 2020 by crowdfunding the Pro1 X Smartphone. My research into AlpineLinux in 2021 refreshed my embedded Linux understanding (from the TuxPhone and DD-WRT devices), particularly around BusyBox, dash, and POSIX.

I researched Linux tablets and found the non-profit UBPorts Foundation had continued the Ubuntu Edge software project and maintained Ubuntu Touch. I purchased some older Lenovo X605 tablets to experiment (used and new off Ebay) having learned that you should never have a single point of failure (yes, I’ve dropped and broken the tablet glass screen already) when experimenting and that charging ports and case buttons can wear out (which is the reason why I had to replace my last Android phone). During this time, it was ironic that these older Android tablets cost less than an Apple Pencil my son asked for, but the iPad ecosystem is the well deserved state of the art. I deepened my understanding of Android, unlocked the boot-loader versus rooting my device, and installed Ubuntu Touch. I was unhappy with Ubuntu Touch apps on ARMv8 (older versions, no modern web browser), the stand-by battery capacity of the Lenovo tablets, and the supply chain challenges for other Linux tablet options.

The Intranet of Things

I like subverting the normative “IoT” expectation by substituting Intranet. For some, it is easier to say: private cloud.

My unhappiness changed when I stumbled onto Candlestick while researching privacy controllable doorbells (instead of the surveillance enabled Ring) and liked what I saw for values! I have since learned that the project is based on project spun out from Mozilla.

Candlestick is based on the Raspberry Pi and I really liked what I learned about the Raspberry Pi project on it’s ten-year anniversary!

Despite supply chain issues, I bought a new US$85 Raspberry Pi 4B kit: 2GB RAM, plastic chassis with heat sinks for passive cooling, microHDMI adapter, 32GB SD card with USB adapter, and a power supply. I tried out Raspian 64-bit desktop and was semi-impressed at UHD output, despite barely scaling Youtube 360p to full screen over WiFi. It ran an older version of KeepassXC and current version of Firefox, so I was happy with this out of the box experience versus Ubuntu Touch! Note: 2GB RAM is barely enough for more than a single challenging web page on the Desktop.

Late last year, the convergence of Amazon, Apple, Google, Samsung, and Zigbee on Matter got my attention. When I reached out to the Candlestick team with feedback on broken links, they told me Candlestick 2.0 beta was coming soon and it would be focused on Zigbee devices. I now think of Zigbee much like Bluetooth, but operating over WiFi bands. Note that newer Zigbee devices can communicate over WiFi (I have yet to see one that combines Zigbee and WiFi options, usually they are different models) and I pragmatically wanted to avoid WiFi in my devices (for potential leakage, contention, power consumption, and control), so be sure to choose appropriately. On my third install attempt, after a hard reboot, the Candlestick finally worked with a web console on a DHCP address.

  • The boot up display shows nothing over HDMI, there is no WiFi network, and it doesn’t show up on the .local network. This makes it hard to troubleshoot, but I’ve since found out that this was by design. Update 2022-08 This has been fixed in Candlestick 2.0-RC2.
  • My second install attempt did show up in DHCP as host candlestick and responded to ping, but I couldn’t connect via DHCP over ethernet even after waiting for 10 minutes before connecting. I have since found success by waiting ten minutes and then power cycling the Pi. Update 2022-08 This has been fixed in Candlestick 2.0-RC2.

It was very simple to pair two TuYa temperature and humidity sensors with a display over Zigbee with a USB Sonoff adapter in Candlestick, then create graphs for some of their metrics, making me very happy within ten minutes of first touching the web console!


I’m exploring the SSH and MQTT interfaces, chatting with the maintainers, and submitting project issues now.


I’m very excited by this recipe of ingredients:

  • Hardware: Raspberry Pi 4b - 2GB RAM
    • Sonoff USB Zigbee adapter
      • Tuya Temperature and Humidity Zigbee-enabled sensors
      • a few power switches to replace my X-10 experiments (working towards power monitoring switches next so I can replace my Kill-A-Watt)
  • Software: Candlestick 2.x distro, which repackages:
    • distro, which repackages:
      • Raspbian (Linux Debian variant for ARM+Pi)

There are so many next steps on this private cloud IoT to make it grow from a bespoke pet to a maintainable, reproducable, and cattle-like system. I’m recasting this Candlestick experimental work into a homelab git repo that I will share, refactored from Learning,, and

But most importantly, my goal is to make this project easily consumable in an unobtrusive manner to answer the age-old morning question, “What’s the Temperature?” One possible answer may be, but of course Candlestick already has a web interface on our intranet.