Matthew Garrett "bought some awful light bulbs so you don't have to." And you really, really shouldn't buy the iRainbow light bulb set: the controller box runs all sorts of insecure services, including an open WiFi hotspot that lets anyone into your home network.
The devices all have a hardcoded SSID of "iRainbow", although they don't broadcast it. There's no security – anybody can associate. It'll then hand out an IP address. It's running telnetd on that interface as well. You can bounce through there to the owner's internal network.
So, in summary: it's a device that infringes my copyright, gives you root access in response to trivial credentials, has access control that depends entirely on nobody ever looking at the packets, is sufficiently poorly implemented that you can crash both it and the bulbs, has a cloud access protocol that has no security whatsoever and also acts as an easy mechanism for people to circumvent your network security. This may be the single worst device I've ever bought.
Imagine that. Light bulbs on the internet. Insecure light bulbs you can hack into and crash over the internet!
And the bulbs are shitty anyway.