De-clouding IoT

There is a lot of IoT (Internet of Things) stuff these days, and it is impressive what you can do with home automation - linking sensors and devices and command speakers and phones and all sorts. It is even impressive that third party linking services like If This Then That even exist now!

A lot of these devices make use of The Cloud in one way or another, but not all, and not all to the same extent. This is both good and bad, and represents something of the age old compromise of security and convenience in a way.

Today I am playing with three devices: A Daikin air-conditioning unit (as per my blog), a Withings Sleep monitor (as per my blog), and some new SONOFF switches. All have different approaches. All work with IFTTT, so if I was happy to just use the cloud, this would all be simple.

What's wrong with the cloud?

Convenience

The first thing that is right with the cloud is the convenience - simply connect a device, load a phone app, set up and it is working. Devices that live on your home WiFi and talk to servers on The Internet do tend to just work and be easy to use. But this convenience comes at a cost...

Privacy

One of the issues is privacy - the data from these devices is going to third parties - companies you don't know, or may not even know which country they are in. Often the "service" they provide is not something you even knew was needed when buying the product and is some separate "agreement". GDPR should make your data safe, but it is a law not a technical means. They may not understand GDPR (Withings clearly don't, and have been reported to the ICO). Even if they do understand GDPR you have no real way to know if they are following it properly, or if they will ever get hacked.

The main way to ensure privacy is to keep control of your data. A cloud based service inherently takes that control away.

Reliability

If a device needs the cloud to work, that is also a problem. Even the Withings Sleep monitor, which is totally cloud might seem like it is not an issue if your WiFi or Internet is down or they are doing maintenance on their servers, etc, but when you use the real-time triggers for getting up or going to bed to work the lights and heating and so on, suddenly it matters.

With locally connected and controlled devices in your home you can remove that reliance on the Internet and The Cloud, but at the cost of a single point of failure and equipment you have to maintain.

You also have to allow for the fact that this is most likely a free service, and something they can stop by choice, or because they go bust, or even politics between countries, and suddenly your devices are useless.

Adding extra parties like IFTTT just adds to the issues.

Security

Finally security - this is a huge issue with IoT. "The S in IoT stands for Security".

The Daikin air-con have no security - simple http requests. Even if there was a password it would be easy to snoop. It means anyone on your home network / WiFi can access the air-con.

Does it matter? After all anyone with a remote can do the same in the house or even from outside through the window (stories of someone turning on neighbours air-con through the letter box whilst they are away so heat rises to their flat and saves them money). But is it a big deal? Well, remember, this is not just about you - if someone could control all air-con in a country they could make them all turn on at the same second and cause a major power blip? They could monitor when you are in and not and break in when not. It is not so simple.

But they need to be one local network / WiFI? Well, no, they just need a compromised broadband router or compromised device (a lot of IoT is very hackable) on your LAN, or even some background secret function in some popular phone app. It is not as hard as it sounds.

So security of IoT really needs to improve.

What do I mean by de-clouding?

Basically I want to have devices I control, and home automation I manage using my computers in my home without using The Cloud. I can set up any remote access I want with a secure VPN. I then control my systems, and control my data. It means I have to maintain a machine, but I do that anyway, and it is not that hard - could even be a Raspberry Pi or some such.

Daikin

As per my blog, this was simple - no authentication just local http - it has no security.

The good news is that it makes it simple for me to lock down on separate WiFi SSID and VLAN and easy for me to write my own controls.

Apart from a lack of security, the other failing is a lack of documentation. I'd prefer if the API was actually documented - why not, Daikin?

Withings Sleep

The Withings Sleep monitor was more of a challenge - the security is trying with this one.

The device does an HTTP request to fetch the public key used for HTTPS, but includes its MAC and a random challenge in the request and gets a digest in the response. Any change to the response key, or even the request MAC causes it to abort and start again (DHCP, DNS, HTTP, etc). So it seems there is likely to be a per-device key check on the response and as such I cannot simply replace the public key returned. It then checks the public key on the HTTPS.

So yes, I am stuck. The good news is that it does do IFTTT and that can be linked by creating an applet to a webhook to poke my own server for triggers. Sadly this is not direct from the device, but via Withings, so no chance to intercept / hack that either. It has all the disadvantages of cloud and local servers combined, but does mean I can then control the actions I take directly - such as changing air-con settings, turning lights on/off, etc.

SONOFF

I was inspired by a blog post (here). It seems SONOFF are very cheap and very popular, even with alternative code that people flash in to the units. However, the security is poor in the first place meaning one can control them off-the-shelf. This is bad for security but good for de-clouding them.

First off, the simple in-line power switch (e.g. for lighting circuits) - which I have connected to a table lamp (purchases especially for this test, and obviously pixar style).

It was incredibly difficult to see the AP mode SSID pop up and connect to it, and I wonder if you just have to try several times. You long hold the button and it shows up if you are lucky (ITEAD-1000xxxxxx with password 12345678) But then the /device and /ap http commands work as explained in that blog. It seems serverName can be a host name.

As expected it then connects https. Unfortunately, even where the server has proper https and the name matches, it is just closing the connection after getting server certificate details. Arrrg.

Reading some of the comments, it seems I am not alone - even with a valid (LE) cert, the sonoff is not happy with the https negotiation. Grrr.

This sort of leaves me either using IFTTT and cloud, again, or re-flashing the code. Not amused.

What I think would help...

Firstly I think all IoT needs better security - maybe there needs to be a testing standard as part of compliance for CE marking (scary).

But also I really think the APIs should be published. This would allow devices to work directly with IFTTT or competing home automation systems or local controllers.

At the end of the day the closed approach, and forcing all data via the cloud maybe made commercial sense when companies could collect and use all that lovely personal data. GDPR kills that business model, and even makes having that data a potential liability! So please, let's open the APIs (securely) to allow more competition in the home automation market.

Oh, and don't forget support of the current IP protocol (IPv6).

Update: Current plan is to re-flash SONOFF. I'll blog more on that soon.

What are N26 bank up to?

N26 (www.n26.com) are a new/challenger bank much like Starling or Monzo (both of which are great).

So I got an account, mainly because of the cool see-through card. They have a Master Card and a UK sort code and account number which is great.

But they are a bit odd as they handle Fast Payments but not BACS which is very strange having allocated a proper account number.

What was a problem is that they were unable to change my email address, and failed to do so in one month even when I made a formal request as per GDPR to correct my personal information. However, after some months, they finally fixed their system and change the email address. Well done.

The other issue I have is their support are terrible. When I had a longer email address they were frequently unable to "validate" me at all, and would just hang up the chat. Indeed, hanging up the chat in a style of "slamming the phone down" seems to be "their thing". Very annoying!

I was waiting to see how they would do - maybe get BACS working, and what else. It has been interesting seeing how Monzo and Starling have progressed and I was hoping for good things from N26. But they are pretty quiet to be honest.

Anyway, out of the blue today I get an email saying my account is being terminated in May. No explanation whatsoever. Really? Would be nice to say why, at the least. I could understand if because I have not used it for a couple of months, etc, and indeed, if that is the case I may start using it. But nothing, and it says their support people won't be able to tell me why - cryptic.

So first off, simple things, I asked support if the email was genuine. A reasonable question as it could have been scammy. It is not like they PGP sign their emails or email to say check the on-line banking for a message, or anything sane like that - just a plain text (well text and html) email. Again, not very good for a bank/

Once again, not impressed by support, it seems that "if I have received such email, that must be the case".

That is unbelievably bad advice from a bank. I am shocked!

It gets worse, I asked if he could actually confirm it was the case, and went though "validation" (which now works) and then I get hung up on with a most unhelpful message to check the email. The email says nothing but the termination date!

I already replied to the email and had nothing back. So, I tried again, and got the same!

So this time I started with a GDPR request and then went though validation... Minor typos, grr.

I went through validation and the guy takes a long time but tells me to email them. I pointed out that (as far as I know) GDPR does not allow them to mandate a specific form for such a request, but he hangs up on me! So I have emailed anyway.

This is appalling customer service. It is not just because they are terminating the account for some reason, they are appalling at the best of times from my experience, but this is just special, and not very GDPR compliant.

So, hopefully they will comply, and that should mean I find out why they are terminating my account. We'll see.

It is certainly something to think about if you are considering N26 as your main bank account. At this point I would not take them seriously at all.

Update: May be related https://www.finextra.com/newsarticle/29004/number26-closed-accounts-because-customers-made-too-many-atm-withdrawals

Understanding CO₂ air quality better

I have had my new CO₂ meter for a couple of days now, and using it actually requires a bit more understanding than I expected. So here is what I have worked out so far...

First off, what the levels mean!

The tweet I posted listed 1000 ppm as an "acceptable" maximum, and 1400 ppm as "impaired decision making". The 1000 ppm comes from a recommendation of a heating/aircon organisation (ASHRAE), but it seems that was a maximum for comfort and is not in their later specifications at all.

There are other places that talk of 1000 ppm as a target for comfort, and that 600 ppm over the outside level is an "acceptable" maximum (outside typically 400 ppm). I don't understand why the reference to outside matters - one comment is we get acclimatised, but if that is the case then my spending all my time inside (well I used to) would acclimatise me to a much higher level.

Interestingly, the hand-held meter I have has a "calibration zero" feature which involves it being outside for half an hour but what it does is set that as 400 ppm exactly. This makes no sense to me, as calibration needs a known reference and I have measured outside from 430 ppm to 560 ppm at different times and places, so not a reliable reference.

Whilst 1000 ppm may just be for "comfort", I see no reason that I (or my staff) should not be comfortable, and indeed with the prospect of higher levels causing tiredness and impaired judgement, it seems like a perfectly sane target for me to use.

I have obtained a couple of different CO₂ meters that I can leave plugged in for me office (I had a simple temp/humidity one before). It has an interesting view on levels :-

Interestingly it has an automatic baseline calibration that sets 400 ppm as the lowest it sees over the last week. I don't understand why the meter is not accurate rather than relying on measuring my local outside CO₂ levels!

The two meters are pretty consistent, but a bit higher than the hand-held meter - none have been "calibrated" though.

Levels accumulate!

This is what really fooled me. I expected that levels would reach an equilibrium with people breathing and air flow to/from the room quite quickly, so one could measure and see what say "one person working in this 5m x 5m room" gets to. I was wrong.

It my home office today the level started shortly after 9am at 430 ppm, but with just me in here (even coming and going a bit) the level has steadily increased throughout the day reaching 1000 shortly after 2pm. It kept going! It has dips when I was out of office for a walk, and when the outside door was open for a while for a delivery, etc, but it has shown no sign of stopping yet!

This means, for example, when I checked the office and saw 1200, that could have been the result of a reasonably ventilated office with a lot of people and be like that all day, or could just be where it has got to in a poorly ventilated room at that time of day (getting way higher as the day goes on). I'll have to do a trace for the whole day to know.

Ventilation

What I have concluded is my office at home needs some validation. The small vents over the windows (with windows closed) are clearly not enough. My plan is getting some whole day graphs before and after to confirm how well it works, and I'll post more details.

The same is true for my bedroom - not wanting a window open to fight the air-con. I saw that the levels similarly just keep going up when in there awake. Once asleep they do slowly go down, but that was tested with only one person in the room.

I'll post more once I have more data and comparison with the fans installed.

P.S. Nice thing about my man-cave is it has two doors - open both for a minute and you remove all the excess CO₂ and back down below 500 ppm ready to start again.

Air quality and CO₂ levels

I saw an interesting report that a few people in a conference room can quickly result in CO₂ levels such that there is impaired decision making. Wow.

This is crazy. Study shoes three people in a conference room over 2 hours can result in a Co2 level that can impair cognitive functioning. Ie. If you’re making decisions at the end of the meeting, you’re mentally less qualified to do so. pic.twitter.com/yGdufCWoVF

— Chris Young 🇨🇦 (@netmanchris) 16 March 2019

So I thought, I wonder what CO₂ levels I work in normally.

Of course a good start is understanding what CO₂ levels are sensible. Wikipedia has some answers. It seems below 1000 ppm is acceptable, but there safety levels set way higher than that.

I went and got a meter off Amazon (where else!). It seems to be easy to use, and gives two particulate values and a CO₂ value as well as temperature and humidity.

So, first off, my man-cave where I work...

This is a small room, under 5m x 5m, with windows (that I keep closed), two doors (also closed most of the time) and no air vents as such. It has air-con which seems to filter quite well, so the day starts with this - very low particulates and sensible CO₂ well under 1000 ppm. It is only myself in the room normally though.

Once I am in here a while, CO₂ gets to over 900, but it depends what I am doing.

I have a treadmill - if I use that then the CO₂ gets over 1000 in a few minutes.

So maybe I don't need extra ventilation in here - if I open a window when using treadmill perhaps. This time of year a window is not problem but in summer or winter it is not ideal, obviously.

For reference, outside this morning varied between 520 to 560 as I walked through town to Tesco for my Costa breakfast. At Costa it was 700 ppm, and particulate levels of 3. Impressive.

Where next - well, my bedroom. I have air-conditioning in there as well, and as such do not normally have a window open. The bathroom has a window slightly open but the door to bedroom is normally closed. I was quite surprised that during the night the levels were over 1300. I suspect I do need some ventilation! I tried a window but it is behind curtains and did not result in much in the way of extra air circulation or a noticeable drop in CO₂!

I also checked the office, which was around 1200. They have a fan but normally off, so I think we can improve working conditions there. I also wonder what a plant or two would do.

Do I really need to do anything? I am thinking a bit more ventilation perhaps in some cases, maybe. In practice, I am planning to install some almost silent low power alternating external air vent/fans with heat exchangers. I'll report back on how well they work in due course.

Assuming I improve the CO₂ levels I won't be able to say if that makes any difference as no real objective way to tell without huge biases creeping in, I don't think.

However, for one final bit of fun - I went in to the kitchen while there was much cooking (so much that shortly afterwards the smoke alarm went off), even with a couple of windows open...

That was impressive - particulate meters literally off the scale (100 is a level that is bad), and CO₂ at silly levels.

If you can't stand the heat, etc, etc...

And yes, I do like my gadgets.

Serious WiFi case study (a house in Wales)

Two of my staff work from their home in Wales some of the time. Working for an ISP you expect that they have good Internet, and perhaps even good WiFi. Well, they have good Internet with our standard dual bonded FTTC offering, but WiFi posed more of a challenge.

The problem is the house! Whilst old buildings with thick walls are not an issue unique to Wales, they are a problem for WiFi. The outside walls are around a metre thick, and the middle of the house has huge fire places and chimney breast making an even thicker wall. Whilst the basic layout is two rooms per floor (one front, one back), it has three stories and high ceilings.

What this means is one WiFi access point in the front room does not working the back (kitchen). Similarly WiFi on the ground floor struggles on the 2nd floor, if at all. Basically, there is no one place to put a WiFi access point (AP) that will work sensibly for the whole house, or even most of it.

This is a big problem for the traditional arrangement of ISP provided combined router and WiFi AP. Even solutions using WiFi repeaters would struggle, so the best bet is to have multiple wired in APs.

The solution, for some time, was to have several Apple Airport Express APs, around 4 of them. This is very much "on the cheap". For some reason this was not a good solution. Much of the house was not well covered, and even in the same room as an AP a speed test would rarely show more than 1Mb/s and usually the WiFi was unusable - so much so that they took to turning off WiFi on phones and tablets and using mobile data instead, in there own house!

We recently added a new package to our order forms at A&A, a "Serious WiFi" package which includes two WiFi-5 APs, a PoE switch and selection of cables and couplers. The idea is that this gives you the kit to deploy two WiFi APs in such a premises. It is far from cheap.

They finally asked me to come and sort the WiFi, and I thought this was a great chance to test this new "package" which we have started selling in a typical situation. I took the two APs, a PoE switch, and cables. The APs are Aruba IAP-305s which are "WiFi-5" (802.11ac).

The first step was to work out where to put the APs for good coverage. This was a combination of looking at the rooms and the thick walls, and also considering where the mobile devices will most commonly be used. We decided high on the wall on the ground floor at the front facing in to the house, and high on the wall in a back room, on the 1st floor facing in to the house. There are a number of other places we could have set up the APs I am sure.

We unplugged the old APs, as the new ones do a frequency scan to decide on best channels anyway, and we used a double sided sticky pad to stick the new APs to the walls in the selected locations with a loose trailing network lead. This allowed us to test the positioning easily.

We looked at mobile signal strength and speed tests in each room, the results were good. Having decided on the position, this meant a masonry drill to fix the access points properly and cable clip the cable in place. Yes, I am not a decorator, I was only there to "make it work" - there are plans for some white trunking in the near future I gather :-)

We were quite pleased that the solution worked and did not need a third access point, which was always a possibility.

Once done, more testing, and they are over the moon with the result. Phones can seamlessly roam between the two access points. And the speed tests are somewhat better than the 1Mb/s they could manage before.

To be honest I was surprised how much difference this has made. The Apple Airports may be a bit dated, but they should basically work. Obviously the new access points have 2.4GHz, and 5GHz, and multiple radios and antenna, and newer (faster protocols), so this clearly makes a difference.

It does rather prove the worth of the new "Serious WiFi" package though, and I am pleased with the result. Expensive, but compared to "unusable" WiFi before, I suspect it was worth it - and would be well worth it for a business premises.

P.S. We had a bit of fun as well...

Daikin Air-con WiFi control

One of my air-con units was sufficiently ill that we gave up and changed it, and now I have a nice new Daikin one with WiFi control via a phone App.

The WiFi sticker that came with it had a QR code which was oddly not the WiFi login, even though iPhones understand such things, but I got it on to my WiFi (only 2.4GHz by the look of it) and all working with the app on the phone - nice.

What is nicer is poking it using curl. It has a noddy TCP stack and http interface (not https) which makes it very easy to script stuff. Several people have done this, but I have not found quite what I was looking for, so some poking around.

So, here goes, what I have found so far (subject to updates).

Sensor info

A simple get of /aircon/get_sensor_info gets :-

ret=OK,htemp=20.0,hhum=40,otemp=9.0,err=0,cmpfreq=26,mompow=2

Which is nice as it has room temp and humidity and external temp to 0.1C precision.

• ret: A return status, with OK being good, it seems
• htemp: Inside temp in C
• hhum: Inside humidity, I assume in %
• otemp: outside temp in 
• err: I assume an error setting
• cmpfreq: I am guessing compressor or fan frequency
• mompow: Not sure, was 1 when idle and when heating, 2 now we are cooling

Control info

This is where it gets useful, a simple get of /aircon/get_control_info gives

ret=OK,pow=1,mode=4,adv=,stemp=30.0,shum=0,dt1=21.0,dt2=M,dt3=18.0,dt4=30.0,dt5=30.0,dt7=21.0,dh1=0,dh2=50,dh3=0,dh4=0,dh5=0,dh7=0,dhh=50,b_mode=4,b_stemp=30.0,b_shum=0,alert=255,f_rate=A,f_dir=0,b_f_rate=A,b_f_dir=0,dfr1=B,dfr2=5,dfr3=B,dfr4=A,dfr5=A,dfr6=A,dfr7=B,dfrh=5,dfd1=0,dfd2=0,dfd3=0,dfd4=0,dfd5=0,dfd6=0,dfd7=0,dfdh=0,dmnd_run=0,en_demand=0

What I have worked out so far :- 

• pow: Power 1=on 0=off
• mode: 1=auto, 2=dry, 3=cool, 4=heat, 5=?, 6=fan, 7=auto
• adv: blank normal, 2=powerful, 13=streamer, 2/13=both
• stemp: Set temperature
• shum: Set humidity
• dt1/2/3/4/5/7: Target temp for each mode
• dh1/2/3/4/5/7/h: Target humidity for each mode (and h?)
• alert: ?
• f_rate: Fan rate A=Auto, B=Quiet, 3 to 7=speeds, 
• f_dir: Fan direction 0=fixed, 1=vertical, 2=horizontal, 3=both
• dfr1/2/3/4/5/7/h: Per mode something, not sure
• dfd1/2/3/4/5/7/h: Per mode something, not sure
• dmnd_run: Not sure
• en_demand: Not sure
• b_setting: Not sure

Control setting

Setting is a simple get /aircon/set_control_info?pow=1&mode=4&stemp=29&shum=0&f_rate=A which just responds with ret and adv.

The settings are as above.

So a simple cron to turn off at 06:35 is :-

35 6 * * * curl --silent 'http://x.x.x.x/aircon/set_control_info?pow=0&mode=7&stemp=21&shum=0&f_rate=B' | grep -v OK

Bleeding time and motion

I have a blood test every year, sometimes more often, and that means going to Heatherwood phlebotomy clinic.

They open at 08:30, and at that point there are typically 30 or more people waiting already (which is about capacity for the waiting room). They have numbered cards you take, and they call a number. If you are lucky then there are two of them taking blood.

First off, they really should have a second set of cards (maybe just for the first hour of the day), perhaps in red or something, for fasting blood tests. I was feeling hypo as it was, but had to wait over an hour to be seen. Luckily my test was not a fasting one, but had it been I could well have been collapsing. Normally a fasting test is not a problem for someone, but I have daily insulin, and that can mean some times I have to eat - such as when I have not eaten for 12 to 14 hours for a fasting test. Even though, in my case, it would have put people ahead of me in the queue - a priority queue for fasting would make sense. The blood test form says if fasting or not, so not like people could game the system and take the wrong card.

They are pretty efficient, check your name and DoB, strap arm, clean, find vein, take blood, tape dressing over it, and then spend about 50% of the overall time, or more, writing your name, and details (about 4 lines of text) on each of the blood sample containers (in my case, two).

It strikes me that the system could be massively better with a simple barcode readers and label printer. Even with nothing needing to be on-line, just a QR code on the blood form the doctor sends that when read provides the lines of text to print on the sample label, just that. Such a device would not be expensive (well, not compared to staff time over its operational life) and could mean processing at roughly twice the rate, by my estimate. A simple fall back to writing means not building in a dependancy on technology.

Of course the printed label could also have a QR code which probably then saves time when the samples are processed later, as well as reducing transcription errors.

Don't the NHS have people whose job it is to think of things like this?

P.S. I am surprised someone does not make a small label printer with QR reader that literally just prints the QR label content on a label on each scan. Must have loads of applications just like this!

Over kill?

A friend of mind dropped dead of a heart attach recently, and he was a year younger than me. He was at home, but so easily could have been at work.

It makes you think.

Well, more, it makes you shit scared!

As usual one's assessment of risk is skewed by the most recent experience.

Even so, I do think that the potential life saving benefit of a defibrillator way out weights the cost. More to the point, I can afford the cost. I can't afford to drop dead (IMHO).

We took advice from Red Cross, and we now have one at the office, and I have one at home too. I am surprised more offices do not have one. Our first aiders at work are trained on it as well (thanks to Red Cross), but it is pretty idiot proof.

I hope we never have to use it, either of them.

P.S. From the comments, one thing is getting one that can go outside, and so be accessible to others (e.g. others in my road) if needed. The ones we have are not for outside installation, sorry, but certainly something to consider if you are getting one installed.

Fun game!

I am getting used to the glucose monitor now, and starting to get the hang of keeping things in check a bit more.

What is driving me somewhat mad is how things can be unexpectedly inconsistent. Some nights I can be bang on normal (in the green band) all night; others droppings really low, so much so I wake up feeling ill and even have to have something to eat; but another night gradually going from too high at midnight to too low at 6am as a nice gradual drop. This is all on exactly the same insulin dosage.

Some foods have massively more impact on blood sugar than others, and the clues are on the packaging, obviously. The main peak today was eating 3 jaffa cakes, that was all, just 3.

I have pretty much decided that even if we drive to the restaurant in Bracknell, I need to make the effort to walk back afterwards even if a couple of miles, as that really does knock down my blood sugar nicely.

Though today I have had a couple of lows that I would also like to avoid.

P.S. Yes, I know crisps and jaffa cakes are a bad idea, you don't need to tell me :-)

P.P.S. Yes, it did go up a bit after that, but clearly walking made a dent!

My first Borg implant

Actually, just a Freestyle Libre glucose sensor!

As you will know I am diabetic, but I am reasonably lucky at this point that whilst I don't make enough insulin, I only have to have one long term injection a day. This is, in some ways, a mixed blessing, but I would rather not have an injection with every meal.

When I have a good routine I don't have to check my glucose levels, but I am losing weight (lost 19kg so far) and this is causing a bit of fun and games. I have been lowering my carbohydrate intake and my insulin but I do need to keep things in balance. On top of all of that, exercising is helping and means I am lowering my insulin even more to avoid hypos (low blood sugar) all the time. I was managing to have high glucose and low glucose, both of which are a problem. I was getting fed up pricking my finger to be honest.

So I got a Freestyle Libre glucose monitor. It monitors interstitial glucose levels so apparently has a lag of 10-15 minutes compared to blood sugar glucose, but it is monitoring all the time, and allows me to see how my glucose levels change during the day. It is easy to just scan from my phone by holding it to my arm. It has a memory of 8 hours (I am surprised not longer) so you need to scan at most every 8 hours to not have a gap in the readings, but that is not really an issue.

I am not really the typical user for these. They are also not cheap (over £60 for a sensor that lasts 14 days). Normally these would be used by people that need insulin with every meal. In my case I am trying to make sure my insulin levels are right for a daily dose, but also trying to work out when, and how much, exercise works well to keep my glucose levels in check. Also working out if, and when, and how much Gliclazide I need to take. Having this near instant feedback from the sensor, and the graphs, is ideal. Hopefully I will not need to keep using them as I get in to a more sensible routine.

Basically, at this point, I need to go for a walk after each meal. Doing that, and taking a tablet with my main meal, should keep my glucose sensible all day. But it is a learning exercise for me, and I have only been using this for a few days. I managed to have a level of 12 mmol/l for 9 hours after having a pizza and not going for a walk, but at least I know without having to prick my finger.

I thought it would be uncomfortable to be honest, but not had any trouble sleeping on it. I did catch my arm on a door frame at one point, but otherwise it seems pretty easy to cope with. It is waterproof. I am not sure how easy it will be to get off at the end of the 14 days, I'll see.

Losing weight is good, but definitely causing changes, not just with diabetes. I have actually had to stop taking blood pressure tablets! You do have to be careful changing things like this (and I would suggest asking your doctor/nurse). I reduced dosage slowly and monitored blood pressure carefully - but basically I was getting dizzy when I stood up. Blood pressure of 100 over 60 is a tad low. I now have sensible blood pressure with no medication, which is a side effect I did not expect!

I also did not realise that there seems to be a big market for stickers people put on the sensor! Crazy.