2021-11-20

ESP8266 vs ESP32

When I started using the Espressif processors I started with the ESP8266 and Arduino development platform. It is all C++ based (which is not really my favourite). But it is a really good starting point for anyone wanting to play around with microcontrollers.

One of the key things here is the available hardware. A "programming" lead is just a USB serial which is available for a few pounds, The Arduino development platform is free to download. But most importantly there are thousands of very cheap ESP8266 based devices on the market, easy to use, and many easy to access programming pins. The ESP8266 is possibly the most popular basis for IoT (Internet of Things) devices like smart light switches and the like.

However, having managed to make some PCBs (milled from copper boards) for ESP8266 based modules, I eventually decided to move on to using the ESP32. It had a number of advantages as a processor itself, but also the ESP IDF which works on linux and MacOS making it easy for me to code in C, which I prefer. The ESP IDF and various libraries are still a work in progress and far from perfect, but generally work well. I have made a load of projects based on ESP32.

But being ESP32 means I lack the thousands of ready made modules that I can use. I have designed and made loads of circuit boards myself, including a complete access control and alarm system.

What is now nice to see if that there are finally some ESP32 IoT devices coming out. Manufacturers are moving to ESP32 based boards. One of the most useful I have found is the Shelly 1. What is especially nice is it has direct pins for programming access - without even taking apart. It is simple, just a switch input and a relay output, but runs of mains, or 12V DC (do not use the GPIO pins when running on mains as they are live).

Shelly have just launched the Shelly plus 1, which is basically the same as the ESP8266 based Shelly 1 device, but ESP32 based. It also has programming pins easily accessible (though smaller), a relay and switch input. In this case the 12V is a screw terminal rather than a link you have to change.

The good news though is I can load my own code, ESP IDF based, on to this. It means I can use these modules directly on, say, my access control and alarm system. I had found I needed various simple 12V single input modules for the likes of a door contact or fire alarm input and previous used boards I made. But at this low price the Shelly plus 1 is a no brainer, as they say. Using my code I can set secure boot, and encrypted communications as part of the alarm system. Even something simple like an alarm bell could use one (single output for bell and single input for tamper).

My first actual project with one of these is for a servant bell system. I have an actual bell, which I want to "ding". I am using 12V DC, but the bell really only "rings" using AC. Using DC you need a small pulse to do a clean "ding". Too short and the clanger does not hit the bell. Too long and it hits it and holds, making more of a "clunk" than a "ding. Get it right and you get a nice clean "ding".

I was using tasmota32 code for this, but that is designed to do pulses of 200ms at least and not that consistent - perfect for blinking lights and the like, but no good for what I need.

So, back to my own code, ESP IDF based, using my existing libraries, and I am now starting something a bit like my own tasmota in a way - programmable inputs and outputs. Expect the outputs (which is all I have coded so far) are configurable to the millisecond.

I have found 15ms seems to be the sweet spot to make the bell ding...

2021-11-18

No, we don't have servants

But if we did, we'd need one of these beauties.

Well, the plan is to make this work for a friend of mine.

Believe it or not, it is "electric". With bare wires nailed to a board, and coils! With a bit of cleaning up and soldering, I have all the coils working.

With a bit of experimentation I could see how to drive this. I think I can even use what remains of the original wires which go round the back where they were just cut off. Basically the coils pull the swinging indicator, and on release it is left swinging back and forth. Oddly there is no sort of sounder, so I wonder how it worked to get people's attention. I'm planning an additional bell.

So, how to drive it - well it looks like a suitable resistor will allow it to work quite easily on a 12V supply, with a back EMF diode.

Relay board

One simple solution is an off the shelf relay board. Like I used for my DEFCON lights. One small snag is that they come with 8 relays and this needs 9 (10 if you include the bell).

Definitely a possibility though.

Custom board

Another simple enough idea is I make a relay board with 10 outputs. PCBTrain can turn these around in a day, and it may be a nice useful board design. I'm in two minds whether to use a relay, a solid state relay, or a driver (that drives 0V/12V). All could handle the approx 1A needed, especially as it would be a short pulse. I need to think about the other uses of these as part of the design, obviously.

The drivers are nice in that they take a lot less space, but are not as flexible as they drive the output rather than simply being an effective relay contact.

I also have to think how I make one of these - as almost all the chips I would use are on something like a year lead time! Thankfully I have several solid state relays and several driver chips in stock, and enough power supplies.

I could, of course, take the opportunity to consider using the newer ESP32-S2 modules, which seem to be available. This would all make this more of an R&D project, which is not a bad idea.

It would all take time though, and I am quite keen to have this ready for Christmas.

Shelly

There is, of course, a simple answer, and ironically likely to be the cheapest, and that is just use a Shelly1 relay module. Even needing 10 of them is not expensive, and there is space on the back of this thing. They are available and in stock for next day.

This does feel like cheating somewhat but may be the best option. Certainly worth prototyping with one of them to start with.

Then what?

One way or another I'll end up with WiFi connected indicators. So we need a way for that to work from places around the house. Buttons, or a pull cord, etc.

For this, by far the simplest is the Shelly option, as a light switch, sending an MQTT message when pressed.

P.S. Blogger is broken again, even with clearing caches, and so I cannot actually reply to comments!

P.P.S. I went with Shelly Plus 1, but my own code...

2021-11-14

Carbon cycle

I am pretty sure I did cover this in school, but I did not quite appreciate how significant it is.

One if the things that always gets me is the EXACT amount of CO₂ pulled from the atmosphere by a plant for it to grow, that I then eat, is the exact amount of CO₂ I then breath out from burning it (unless I use some of that carbon to get fatter, then that is released when one day I am cremated or eaten by bacteria). And the O₂ that is made by the plant growing is also the EXACT amount I need to use to breath to burn that plant and consume it. OK some of that goes in to poop that is used (O₂) and released (CO₂) when that is digested by bacteria. But the CO₂ is the same. It goes around in circles. The circle is complete. It works.

The carbon cycle is all about how carbon moves around in the world. Wikipedia has this the cool image.

So how to stop climate change? - it is so so simple - stop burning old carbon (i.e. fossil fuels).

It is fine to grow trees, make wood, and burn that, the carbon goes round and round.

It is fine to grow food, eat it, and breath out, the carbon goes round and round.

AFAIK cows farting is an issue, as that carbon ends up as methane with has a bigger impact, but AFAIK for less time, and apparently the answer there is feeding the cows seaweed! But generally using carbon to grow food to feed and animal that we then eat and breath out is again OK, carbon goes round and round.

Don't get me wrong, loads of other issues, too many cars and not enough walking and cycling, all sorts, but just looking at climate change, it is all down to the carbon. We'll improve a lot of other stuff by fixing the climate change issues as a side effect!

Almost anything we do with "recently" captured carbon then going to the atmosphere matters not a jot. Pull carbon from atmosphere and release it a year later - not problem. What matters is all that old carbon in fossil fuels being burned. Unless we want an atmosphere that was around a few million years ago, we need to stop.

Even all the "indirect" stuff, like carbon cost of manufacturing and transport, only matter when those processes use fossil fuels directly or indirectly. Make those processes use electricity or hydrogen from green supplies (not from fossil fuels) and they all end up carbon neutral.

The one thing, and this really is the one thing, that matters, is burning old carbon. Stuff pulled from the atmosphere millions of years ago and stuffed in the ground. Burning fossil fuels. That is what matters. That is what needs to stop. It really is as simple as that!

Heck, even making fossil fuels in to plastic which we don't burn, is not an issue! What matters is old carbon going to the atmosphere - STOP IT!

Blockchain is not the answer

Often people come up with some idea and think "blockchain" is the way to do it.

In pretty much all cases the answer is "NO!", or more often "Hell, NO", seriously. In a lot of cases the thing people are doing is something which can be, or already is, done by a central authority registry. Don't get me wrong, even a central registry may "sign" things digitally, and have signatures or signatures in a block chain style, but that is not what people mean when they talk of putting things on "blockchain".

Blockchain, as most people mean it, has some serious disadvantages too - and I mean using blockchain like the way crypto currencies are used - it means explicitly removing any central "authority". It means if you lose keys to your wallet you have lost what you "own" and no way to recover that ever. E.g. people have somehow suggested this should work for domain ownership, which is batshit insane IMHO - far better as a central authority (per top level domain), and allows the authority to resolve disputes even, and recover "lost" creds, and so on.

But hear my out - I have an idea - a sort of "ownership" which could maybe benefit from not having a central authority.

Buying a movie!

One of the things one can "buy" which is a tad on the intangible side is "a single copy of some copyright work". E.g. if I buy a movie. Once upon a time that meant I buy a physical media copy of it. You can still do this even. And you can give or sell that copy to someone else even. That instance of a copy of the movie is something that can be moved between owners as the physical object that it is.

The whole of copyright law is around the notion of "copying" a thing, so the physical copy is the key aspect here. That is all rather outdated now as copying is so basic and simple and free for data. The right more rightly exists for something like a movie in a right for me to watch that movie, not any sort of "copy" process.

However, we now live in a world where I "buy" a movie on something like Apple TV. Now this is a lot less tangible, and is more of a "licence" to "play out that movie" from "Apple TV" data storage via any of my many Apple devices.

That does not feel as useful as holding a DVD in my hand which I own. If Apple TV stopped, I could lose tens of thousands of pounds worth of video library that, in theory, I "own".

Obviously there could be some digitally signed licence of ownership of a copy, signed by the copyright holder's published public key, and identifying me. But identifying me is tricky in itself - email address? name? what? What if that ID changes?

I'm thinking this is where blockchain comes in. If a licence to own and instance of a copyright work can be created on the blockchain as owned by my digital wallet, and signed by copyright holder, then I can present that as proof to AppleTV or someone else, that has streaming services. That would provide proof that they are allowed to stream that copyright media to me. I'd have to use my wallet to sign in somehow to prove it is me, which adds to the complexity, but it identifies "me" in this context.

But it would also allow me to sell my copy to someone else if I wanted to.

It would allow for a provider that sold me the copies in the first place to go bust and I would still hold my digital wallet proving these copies are mine and I could take that to some other streamer service, even if for a nominal fee to load them on to their system.

Any such system would have to be wrapped in consumer friendly UI. It could even be a bit "behind the scenes", in that Apple could effectively manage my wallet of things purchased via them - as long as I can always obtain, and take over that wallet and legally I own it - maybe it could "live" in my apple devices that I own as a fallback, locked with my AppleID passphrase. But it could work

It would almost certainly be impossible as it would require co-operation of copyright holders, and streaming services, and the like, and possibly even legal backing. It may mean streaming services separately "sell" copyright works, and provide streaming of them for some ongoing subscription so if you come to them with your "owned" works they are not losing out.

But I think as a commercial and legal model it could, in theory, work.

I also think there is no chance of it happening :-)

2021-10-31

DEFCON Lights

A bit of fun for a change... 

Firstly, seeing as even some of my geeky mates did not know this, the US has a DEFCON level (defence condition). See wikipedia for more. There are images of DEFCON lights in a variety of films/shows (including War games, and Stargate). DEFCON 1 is most severe.

I saw RS did some rather nice 12V LED indicators, which I was using for a different projects, and realised they would make quite nice DEFCON lights.

So the shopping list:-

  • RS 791-8579 White
  • RS 791-8573 Red
  • RS 791-8589 Yellow
  • RS 791-8582 Green
  • RS 791-8585 Blue
  • RS 877-1836 Sounder
  • Amazon relay board
  • Amazon box
  • Some wire and Wagos, and I have a 12V supply in the house.

The relay board is simple, ESP12-F based (ESP8266), so flashed with Tasmota and configured the relays 1 to 8. Note these are not ideal boards as they have ground plane around the antenna. I may have to make a relay board some time for a different project that needs 9 relays, but this was fine for this fun project.

The LED modules are simple enough to wire up. As is the sounder.

The result all connects to an MQTT server over WiFi. The relays are set up on tasmota, but relay 8 (the sounder) has a pulse time set (1 second) so I can simply turn it on to make a beep. I did consider a flashing strobe light as well, but meh...

The next challenge was to work out how to drive it sensibly. Setting a light was simple, I did a cmnd/DEFCON/Backlog Power0 0;Power3 1;Power8 1 for example. This turns all lights off, turns on light 3, and makes the sounder beep for a second.

I use a FireBrick as the MQTT server, so I created some profiles for DEFCON 1 to 5. Each is testing if DHCP is active for some IPs on the WiFi, and if the higher levels are all off so only one at a time. They then have that backlog command as the "on" MQTT command with retain.

This means that I get a DEFCON depending on who is in the house. DEFCON 1 for presence of the those who shall not be named (anti-vax). Cool or what?

P.S. I am sure Letraset used to be a thing - finding transfer numbers was not easy...

2021-10-26

The COVID experience (vaccinated)

Sorry to say that COVID has managed to finally hit many of our family, in spite of (almost) all of us being very careful in lots of ways, and (almost) all of us having vaccines.

My wife has also been unwell, but we are both starting to get over it now.

I have spent the last 10 days or so feeling like shit - started like a nasty cold, and LFTs every day negative, but finally on day 4 it was +ve LFT, and then +ve PCR.

It was not until around day 8 that I lost my sense of smell, which is just weird - my nose is clear now, but I simply cannot smell, not even my ground coffee. I can still taste but it is a bit off.

Someone else described this, and I am inclined to agree - it felt like it was trying to get on my chest, but thankfully did not manage it. Even so, my blood oxygen levels dipped quite a lot. I can only imagine how bad it would have been if I had not been vaccinated.

It has been ups and downs a bit - on day 7 I really thought things were getting a lot better, I felt mostly fine with a bit of a blocked nose. I then spent days 8 and 9 in bed!

Sadly, at least one person that has now got it was unable to have a vaccine, and it looks like a newborn has it too. These are worrying times for all of us. We can only hope they recover quickly.

And those that have not got it have had to run around shopping and getting medicines for those that have - and we really do all appreciate that.

Remember, you are only as strong as the weakest link - make sure you all have your vaccines please! Don't be put off nagging people to get their vaccine, as I was. Personal choices are important, and make good sense right up until those choices impact others around you - then they are no longer just personal choices. Vaccines don't just help reduce the risk to yourself, and your family, but help reduce the spread and mutations. Getting a vaccine is being part of a community.

I do now have some IgG and IgM antibodies though. These did not show after the vaccines, which I believe is to be expected as they are different.

But everyone, stay safe.

P.S. Whilst the isolation is over, there are some symptoms lingering - a simple walk to the shops made me tired and out of breath, and I still have an annoying cough, even if no longer infectious. It will be interesting to see how long this lasts. Day 12 - can just about smell the coffee again.

P.P.S. The lingering cough is not fun - just spending an hour on a phone call really kicked it off and felt grotty for rest of the day. No idea how long this will go on for. ... Weeks later and still up and down with this.

P.P.P.S. It has lasted over a month, on and off, but finally feeling at lot more normal now.

2021-10-17

Tasmota thermostat

The tasmota code has a proper thermostat mode, but it is not in the pre-built code, so I wanted to work out a way to do this with simple rules.

There are examples, yay... But I was struggling to make sense of these.

A simple example, say I want on at 25C and off at 29C...

The obvious rules are something like this :-

ON DS18B20-1#temperature>29 DO Power 0 ENDON

ON DS18B20-1#temperature<25 DO Power 1 ENDON

This works, but every second or so it is doing Power 1 or Power 0 constantly, and reporting that on MQTT, which is a tad annoying. It is worse if you have triggers on power setting to send publish commands to other things, etc.

The other examples I have seen seem to have a similar problem, I think. Some seem to have a timer that reduces the chatter but still, I just wanted something simple that only actually logged something and only actually changed power setting, when the temperature threshold is crossed.

What I came up with is not complicated, and seems to work:-

ON DS18B20-1#temperature>%var1% do backlog var1 999;var2 25;power 0 ENDON

ON DS18B20-1#temperature<%var2% do backlog var2 -999;var1 29;power 1 ENDON

The trick is the this sets the var1/var2 meaning that the temperature is no longer triggering an event all the time once it has changed.

Bingo, it works, and is a pretty simple pair of rules. Probably worth using mem1/mem2 as the 25/29 values here to be tidier, but still. Not complicated, and reacts immediately when the temperature passes the relevant threshold.

It also means the sensor can be a separate Shelly from the relay easily, only sending the publish to change the relay on change, which is also a big improvement.

P.S. For those that do not know, a Shelly 1 is a small ESP8266 based relay/switch that can switch mains power (16A) and typically about £8 (the blue round box). It has good firmware anyway, but Tasmota is an alternative firmware (open source) which can run on most ESP8266 and ESP32 based smart devices, so can run on a Shelly 1. DS18B20 is a common temperature sensor, and more than one can be connected in parallel even (the black wire and metal tube). Shelly do an adaptor (needed for DS18B20 as they would otherwise be mains voltage) to connect to temperature sensors (the black round thing on the Shelly 1).

2021-10-15

Mitsubishi Lossnay+GUG aircon (not actually working)

We have a bit of a mystery here - the brand new, expensive, ducted air-con in the house does not work!

So what does not work exactly?

Not actually able to cool a room!

The biggest issue is it cannot cool a room - not even close. (It can't heat one much either)

This is a temperature plot for my study, 3m x 3m, you don't get a lot smaller than that in terms of a room to air-con. A=Portable unit on, B=Portable unit off, C=Start two hour cool only full fan test.

The test was with the other room vent closed so the unit was only cooling one room, in to a closed empty room, no heating on anywhere in the house, and outside temp of 19C. Not a challenge for any air-con really, and as you can see, the cheap portable unit managed with no problem (even with the door open most of the day). And yes, the fan speed control does work, and was on full.

I expected at point C the room to cool at least as fast as the cheap portable unit. What happened is it just about managed 0.8C in two hours! It was blowing cold air (measured at 9C) but not as lot...

The fix - well, the unit only has a 100mm vent in to the room. This seems small I must admit, and at full fan like this it is noisy. So they are changing to a 150mm vents today...

Did it work? In short, no. The bigger vents are quieter, which is nice, but the same tests showed maybe 1.5C drop and bottoming out just below 21C after more than an hour. Compare these big 3.5kW systems to a much cheaper 1.5kW portable unit which is able to drop my study (and hall way as door was open) from 23C to 18C in 15 minutes. With the door open the new air-con cannot cool my room at all!

This is now waiting on Mitsubishi to explain and fix. I won't say who the installers yet as they have been pretty good. Let's give them the chance to get Mitsubishi to fix it all.

But how is this even possible?

The issue for me here is that they sell this system, even with the smaller 2x 100mm outflow vents. So forgetting, for a moment, whether the suppliers got it wrong for the rooms we are trying to cool (two rooms each unit, one of which is much bigger than this 3m x 3m study), we have the issue that this whole unit running at full cooling and full fan cannot cool a 3m x 3m room.

So what the hell is the this unit for - what size room are they expecting it to be used with, ever?

The change to 150mm vents actually meant them cutting out the larger holes as the cowl as it is only supplied with the 100mm outlets.

This leads me to think something else is wrong, but we have no idea what. How could this ever work anywhere?

Cannot set temperature!

The controller has options - either "return air" temperature measured at the lossnay unit, or the room temperature at the controller. The controller has a sensor in it. Given that we have two rooms per unit, we are using the temperature at the controller (which is not in the room with the return in it). This is all as per the manual.

Only it does not work! Cooling the room down to 19C (using the portable unit, obviously), it showed 24C. Indeed, it even went up from 23C while we did this. Using freezer spray actually on its sensor does nothing, still 24C. No clue where it is measuring but it is not in the room - we even tried putting hot air in the room that has the return air flow but that did not make it go up at all.

The fix: Well, again, waiting on Mitsubishi.

Watch this space.

2021-10-08

New Mitsubishi Ducted Air-con with Lossnay (bad user interface)

As some of you will know, I have moved to sunny Wales. My new home did not have air-con so I am finally having that installed. I have gone for a ducted system this time (yes, more expensive) as it allows simple vents in the ceiling rather than a large indoor unit in the rooms, and it should be quieter. However, the main reason is that we now live on a main road, so cannot really open windows to any of the bedrooms - the ducted system I have gone for has a "lossnay" which provides fresh air as well, and saves us having to open windows. More on the actual aircon later, this post is just about the quite unbelievably bad user interface.

For a start this is an "industrial" air-con, which sadly means it is a simple wired controller and not WiFi, or anything useful like that - do not be surprised to find a "reverse engineering Mitsubishi air-con controllers" in a future blog post :-)

The air-con is three parts, an outdoor unit, and indoor unit (GUG) which does the cooling/heating, and a lossnay which does the fresh air (filtering and heat exchange). This is in the loft...

The lossnay is on the left and the GUG is on the right. To be clear, the GUG is designed to work with a lossnay, it cannot work without one as it has no fans of its own. I think the lossnay could be used for fresh air without a GUG though.

Controller

The controller is not too bad, it has a dot matrix LCD and buttons. It is newer than some where they have fixed icons on LCD. It has the obvious controls: mode, temperature, and fan speed. Good.

But, no. The fan speed says "unsupported function" if you try and change it. You need to have a separate "lossnay controller", which basically just lets you set the fan speed.

But there is a 4 wire link cable between the lossnay and GUG, what the hell is that used for? Well, all I can see is that it means is it turns off the lossnay when turning off the GUG. Remember the GUG can only be used with a lossnay attached, this is not some obscure optional extra.

We (myself and the installer) found the setting to tell the GUG it has a lossnay connected (but this unit cannot work without one so why is there even a setting?!), and it shows a nice icon indicating it has a lossnay. But still does not let you control the lossnay from it. Why? Also, the icon looks like it shows the "mode" the lossnay is in (yes, it seems to have a non heat exchange mode, which is pointless) and fan speed, but in fact the icon does not change to actually show the mode or fan speed. How shit is the UI?

Apparently you can run the lossnay without a controller, and the GUG will turn on/off at full fan speed, which is not that useful.

Of course, this also means you cannot run the fan in an auto mode as the lossnay does not know what the GUG is doing. So you cannot have full fan to get to temperature and quiet fan to maintain temperature.

Oh, and crossed zeros. A pet hate of mine. This is not a hand written COBOL coding sheet in the '70s, it is a temperature display. Why make it look like 28℃ not 20℃ to anyone with poor eyesight?

Another gem is that you can turn the temperature down to 12℃, nice, but then it snaps back to 19℃. Why 19℃, that is way higher than I have seen on other air-cons - it will probably do as I would rarely want it that cold. But still, why? And why allow setting below that if it cannot be set lower? Just stupid UI again!

Another thing that seems odd is that the controllers are identical. Same display, and buttons. Looks like identical hardware. The lossnay controller even has a thermometer in it even though it does not need it. But they must have different firmware as they cannot be swapped around. I would have made one controller and made it generic to work anything, but no, they are different!

2021-09-23

A use for the keypad

The Solar System alarm that I have created does work with a standard Honeywell Galaxy Mk7 keypad/display module.

However, until now, I have not really managed to work out a good use for how the keypad can be part of the system. But I have been working on that.

We now have clear display of inputs that trigger alarm, or inhibit setting, or faults, or tampers. We have setting the alarm, and unsetting using a PIN. Yay!

The way it all works is down to a small PCB, designed to fit inside the case of the display. It works off the same 12V supply, and provides RS485 to the keypad/display.








2021-09-04

Shelly1 on 12V

I have used Shelly1 for a while, and have loads of them in use.

One of the nice features is they can run from 12V. Well, actually, they can run from mains, 24V-60V DC, 12V DC, or (via connector pins) 3.3V DC. You move a link for 12V working. Pretty versatile.

I have used them in the house here on my door bell circuit which runs from a standard alarm system 12V battery box. All fine.

I planned to use with an alarm system as well, running from the 12V battery box. First two were fine, but then the next did not work. I tried another and it also did not work.

I did some googling and people report that the 12V is meant to be exactly 12V. I must ask Shelly to confirm really, but the comments were 12V and not a battery (which is 13.8V). My example use was actually 14V. It would be a pain if it could not run from a standard 12V battery box.

Well, pushed for time, I found some 12V LDO linear regulators and got for next day. Oddly when installing these to give an exact 12V clean DC for the Shelly, the ones that were not working still did not work?!? I tried yet more, and they did work.

What is even weirder is one that was working off 14V did not work off 12V, so I had to find another. It is a good job I had 20 of them.

So it seems the 12V working, is, err, fussy, and inconsistent.

Anyone else seen this?

What a week!

This has been a hell of a week, and far more actual hard work than I am used too, and after it all (averaging over 15k steps a day) I have not even lost any weight!

The plan was simple, replace existing 7 door system, and PIRs and exit contacts, and so on. 28 modules in total. I have carefully made and tested all the modules and spares. All ready to go.

But I ended up making work for myself by tidying the wiring. The new system just needs power, so ended up with 6 battery boxes, and removing the old power and bus wiring. Much neater. I also needed to change the exits from rangers (that were unreliable) to new exit buttons, and hence also needed to change the break-glass boxes as they were integral. And I wanted to move the break-glasses further from the letter box (for obvious reasons). This meant running wires down the aluminium door frames on the front doors (to be tidy), which is easier said than door. I probably wasted a day on that (and I had some help). I can recommend NYLON CABLE & FLEX DRAW TAPE 30M (98FT) (screwfix 75807) for the job :-)

Finding the cable runs to bell boxes was also fun, and I gave up chasing wires to original PIR and door sensors and just ran new cables. Ceiling tiles for the win.

We actually have a mystery - the original alarm when we moved in was removed something like a decade ago, but the PIRs were still in place. When the new galaxy alarm was installed new PIRs were put in. I have actually put in new PIRs this time with integral ESP32 WiFi modules in the PIR. Part of the work was removing the galaxy system which replaced have already replaced what was there before, and removing all the old battery boxes. The original PIRs still have power and blink when people move? But there are *NO* battery boxes nor alarm panels in the building at all. I have literally removed them all, and the new battery boxes only go to my new kit. So WTAF. If I had time I'd have investigated further, but it is a mystery!

The result is it took a whole week, and I have to admit I was losing my enthusiasm somewhat during the week.

What did not help is finding some bugs and issues. I expected some, and a couple of small snags were simple, but the biggest issue was the wifi mesh being unstable. It was fine at the start but got worse during the week. I found issues with multiple wifi channels (2.4GHz) which I fixed with config changes on the APs. But I would find the mesh unstable. Reseting the wifi could fix, but not always, and changes to wifi config helped, but not in a concrete way. I wasted a lot of time on that. But ploughed on with the installed.

But Friday it was clear the problem was now intractable - the modules were all resetting every 30 seconds or so. The nice thing is the system was still usable. People in the office could come and go, as it resets very quickly and works autonomously. But it cannot work as an alarm if the mesh is not working.

It seems (and I have to do a lot more bench test and investigation to be sure) that the modules may be running out of memory when the mesh gets beyond around 12 units. This is very disappointing as I I can't see why the mesh would need much memory at all - each routing entry is a 6 byte MAC and very little else. It will be interesting to investigate.

Thankfully the site is two distinct adjacent units, so the fix was to make it two sites. That is a pain, as it means provisioning fobs for two sites, and if someone had not mistakenly ordered only 2k DESFire fobs, that would be easy, so new fobs were programmed, again! Just means slightly more admin. I cut down the sites slightly and ended with both sides with 12 units. When one had 13 it was not quite stable, but 12 seems fine. So we have a work around.

It may be that in longer term we need some modules using ESPs with extra RAM to act as root nodes, something to consider if I cannot track down the memory footprint problem.

Even so, the end result seems really good. Time will tell.

P.S. I have improved stability a lot with some tweaks to the way we work the mesh, but not solved the underlying issue. I suspect big step will be waiting for mesh code in ESP IDF to mature a little. Like cheese.

2021-08-29

Solar System goes live

As I have said, I have been working on a number of boards as part of a project that provides access control and alarm functions in a modular way: https://github.com/revk/SolarSystem

I have test systems on my bench, and I now have a small system at home. It is all working well and has helped me iron out some of the bugs.

But this week is the first proper system with 28 live WiFi nodes, meshed, and linked to the back-end cloud control. Scary stuff. It has bell boxes, keypads, PIRs, reed switches on doors, fire alarm inputs, even a panic button in a disabled toilet. Importantly it has a lot of doors. The design is pretty robust, and the whole project is all open source.

My case is packed, and boxes of tools and parts are all ready. It was a lot of work making all the modules. A lot of time with a steady hand with tweezers. I even have half a dozen spares, just in case.

So the night before I head off to start the install, I have imposter syndrome kicking in. How did I think I could possibly design and make a complete access control and alarm system from scratch (PCBs and s/w)? Well, seriously, I need to give myself a kick - I have been doing this shit long enough to know this is bullshit. It will be fine.

Assuming all is well (and I know there will be teething problems, bugs, and features, all of which will need addressing), my next big challenge is whether I can progress this in to a proper product to sell. At the very least, to make the modules (as pictured above) something we can legally sell.

In the mean time, other hackspaces that are interested, do get in touch, and I can help you set up such a system.

2021-08-28

NHS covid pass

I decided to check how I get an NHS COVID19 pass / QR code.

Update: Thanks to all that pointed out the couple of subtle clues on how to get an NHS login, which I missed initially.

I googled, and it seems you can ask for a letter or get it digitally, cool. But you need an "NHS login".

Well, I don't know what an NHS login is, but there is this helpful site, https://help.login.nhs.uk which tells you all about it. Nice.

This looks comprehensive. But I don't have an "NHS login", so let's try the "How to set up [an] NHS login"... https://help.login.nhs.uk/setupnhslogin/


OK, we have "What is NHS login" and "What you need to set up an NHS login" (yes, an "an" this time). There are other pages with more information on how to prove who you are, etc. There is the "Where can you use NHS login". OK, good.

Update: For those saying "just use the NHS app", I'm in Wales now, and it does not work!

Update: Oooh, it says clicking the button lets you create a login there, missed that the first time, but the the actual login page does not say that.

But call me thick, and maybe I am being blind here, but where is the "Register for an NHS login" or "Create an NHS login" link or "how to" on that? I looked around and cannot find it. It does not seem to actually tell you "How to set up NHS login" at all, missing that one crucial step of how you start the process!

I kept looking and I found the NHS COVID pass page, https://covid-status.service.nhsx.nhs.uk which has a login link.

Nothing about registering or creating an NHS login on there either. What am I missing.

Well, on a whim, I clicked on the "Continue with NHS login" link, even though I don't have one. Is continuing with NHS login when I don't have one "hacking"? A breach of The Computer Misuse Act 1990 maybe? You then get a login page...

Well, I don't have an "NHS login". What I did not spot initially was the "If you do not have an NHS login" bit. This seems to be the first clue that maybe I can make one if I enter my email address anyway. Why is this hidden away behind a "Continue with NHS login" link?

So now I get the option to "Set up a new NHS login". This is what I had been looking for all along. How the hell is this not on the the help site, or, well, anywhere before you actually try and "login"?

Update: One page for COVID19 Pass does say "You will need an NHS login to use these services. You'll be asked to create one if you do not have an NHS login already" but the page you then go to does not say that, just "continue with NHS login".

Anyway, I continued to create an NHS login. You go on through a few info pages, and create a password, and then this error...

Well, that is helpful. Giving that the previous page was password selection, and I used the browsers password manager to make a "secure" password, I naturally assume it is as password issue. So I try entering a password manually. I tried several passwords, simpler and simpler, and no joy. It simply would not work.

Then, on a whim, I tried a different email address. Just to be clear, that first page does do some validation on email addresses, e.g. ...

So I really had no reason to expect that it was unhappy with my valid email address. But indeed, using a different email address, it actually allowed me to proceed beyond the password set up. I have emailed them asking that they correct my email address, obviously.

When it came to mobile checking, I decided to use an 07 number, rather than trying 01 number, as clearly it is a stupid web site.

The domestic (48 hour!) QR code does not need any more than name, DOB, NHS number. The other longer pass needs ID image and a video and I'm waiting for that to be confirmed now. However, having seen someone else's, I note that the document says this...

OK, so it has an expiry, but how exactly does that expiry "protect you data privacy". The barcode does not fade after 30 days. The "data" is still in the expired barcode, and can still be read. So how exactly does the expiry protection anything - how does it do any more than cause inconvenience for the user?

Indeed, I am told if you request a COVID letter, there is no expiry - so do they not care about your data privacy when sending a letter, or was that just a lie? Having an expiry actually makes "data privacy" worse - if you printed the QR code, you will have to dispose of that securely somehow every time it expires. Why not just be honest?

And finally... The Welsh site https://gov.wales/nhs-covid-pass-prove-your-vaccination-status says :-

But the "domestic" QR code it gives you says ...

So how do I get a QR code valid in Wales?

2021-08-05

Review how emergency services handle location data from the public.

I found an interesting web site which does rather highlight some of the issues with what 3 words, w3w.me.ss. Well worth a look.

Sign the petition!

Whilst it is a fun application, a novelty, I personally do not feel it has any place being promoted by emergency services. And this post is my honestly held personal opinion, as always.

If they want to "handle" w3w addresses from the public, that may make some sense, as it is popular. If the app if given to them free of charge (as seems to be the case), and if they take any w3w address with some caution, checking the location by other means if possible, then yes, fine.

But reports on social media (including from people I personally know) suggest that w3w is not just "promoted" by emergency services but actively preferred to the extent that call handles will refuse to take simple o/s grid references and insist on a w3w address. For one recent case, the police force in question confirmed that they should have taken an o/s grid reference. But in practice this seems not to be the case.

What seems worse is stories of people being talked through downloading the app on an emergency call. This is quite incomprehensible. Even if you want a w3w address for some reason, it is far quicker to send someone to the w3w web page (what3words.com) which shows your location. The only possible reason to download the app is so the user has the app on their phone. It is a purely marketing activity, as someone is more likely to use w3w if they have the app. Do we really want emergency services actively engaged in time consuming marketing activity for third party closed commercial apps, during an emergency call?

As I say, much of this is anecdotal, but social media is full of this, as highlighted by w3w.me.ss.

What is especially odd is that w3w's own terms and conditions are not consistent with use in an emergency. They expect you to read, understand, and agree many thousands of words before use, and expect you to check the terms before every use. This is not sensible for the caller, and the emergency call handling staff, to do in an emergency situation where time is critical. Also, the terms prohibit use where it could lead to someone dying, which is often the case in an emergency. Given these clear terms, it makes no sense emergency services would even be considering w3w usage, let alone promoting it. It is almost as if they did no checks at all on how it works or even just reading the terms.

There are ways to get location from callers, not just (long standing, open standard) alternatives like o/s grid references or even simple latitude/longitude, but means that don't involve any reading out, like SARLOC or AML. These should be available to emergency services. Even if there is need for a caller to give a different location, knowing where the caller is puts that in context and helps eliminate errors, whatever format is used.

So, in order to try and address this, I have made a petition. It calls for "Review how emergency services handle location data from the public." which I think is fair.

Sign here! And do share the link to get some traction, if you agree this needs reviewing. Of course, if you feel strongly enough, it is also worth contacting your MP over this.

2021-07-31

[non] changes to Highway Code rule 170

There is a lot of talk of changes to the Highway Code that are happening, notable rule 170.

Some motorists are really cross at the "new rule". There is always some bad feeling between cyclists and motorists, but this is especially odd, as the "change" is not really a change at all. So the only people cross over it are those that clearly have no clue the rule already exists.

How is it not a change?

The existing rule says "watch out for cyclists, motorcyclists, powered wheelchairs/mobility scooters and pedestrians as they are not always easy to see" so motorists already have to be on the look out for pedestrians when at side roads.

It also says "watch out for pedestrians crossing a road into which you are turning. If they have started to cross they have priority, so give way". It makes it very clear a pedestrian crossing a side road has priority.

The "new rule" only makes a very tiny change to this, as it requires motorists to give way to pedestrians "about to cross the road".

But it is hard to see how that is not, in effect, already the rule. Motorists already have to watch out for pedestrians, and a pedestrian can change from "about to cross the road" to "crossing the road" in a tiny fraction of a second by putting their foot out. I mean, this can happen far quicker than a car getting to the pedestrian, so the motorist (watching out for pedestrians) has to allow for that happening and be prepared to give way to the pedestrian crossing the road at a moments notice. It is hard to see how this is different to the new rule. So in that respect the rule has not really changed. The only other aspect of this change is from the pedestrian point of view where they may feel empowered to cross a side road rather than wait for a car - but, as always, pedestrians have to be on the look out for motorists unaware of, or ignoring, the rules.

All of the back-lash I have seen on this ignores the fact that pedestrians crossing a side road ALREADY HAVE PRIORITY over vehicles turning in to the side road.

The Highway code even has an image showing a pedestrian that would not see the car is planning to turn (even if they looked a moment before), which is, I am sure, why the rule exists.

Publicity

It is obvious from the posts on social media that a lot of motorists have no clue about rule 170. I also see this every day as I cross a side road on my walk. The typical scenario is a car, STATIONARY on the main road, waiting for traffic the other way, and I start to cross the side road. The car then expects me to stop in the middle of the road to let them turn in to the side road because of a gap in the motor traffic. I don't try to get run over, but I do make it clear that, obviously (as per the Highway Code), I am not expecting to stop. This has led to enough drivers getting cross (apparently they never read the Highway Code) that I even have cards with rule 170 printed on them to hand out. I have even had one car stop (after not hitting me), and driver and passenger get out to chase me down the road - all because they don't know the rules of the road!

So this non-change to the rules makes no difference on its own. What will make a difference is all the publicity it generates. Hopefully it will make drivers aware of the rule that has always existed, and the somewhat cosmetic change to that rule, and they can start giving way to pedestrians at side roads as they always should have.

Anomalies...

I do hope they clear up the anomalies I have noticed in the rules though...

  • Pedestrians crossing the side road have clear priority over vehicles turning in to the side road, but I don't see anything saying they have priority over vehicles leaving the side road. So in effect they have priority over half the road. This seems like a mistake, and maybe there is some other bit of the highway code that even I have missed that says this. It would be nice to make the priority apply for the whole width of the road. My concern here is that cars may wait for a pedestrian about to cross, but the pedestrian is waiting for cards leaving the side road to stop - causing confusion, or if they cross - leaving a pedestrian stuck in the middle of the road waiting for cars to stop leaving the side road.
  • The priority is over vehicles "turning" in to the side road - but what of a cross roads or a side road on a bend where no "turning" is needed. As written, the rule does not apply in that case. I hope the new rule makes that clearer, maybe using "entering" the side road, or "entering or exiting" (as I say above).
  • It is not entirely clear if the rule covers things that may not really be a "side road", such as an entrance to a private car park, etc. I assume they are a "side road", but are they? I am not sure, so maybe the new rules could make that clear too.

2021-07-26

Fun with DHCP

We have had a slight issue at the house here, we have some Apple HomePod things. My son decided to put several in the house when staying here and now my wife is using one.

The snag is that they keep falling off the internet! A power cycle fixes, but it is very frustrating.

I have found the solution though, and I think it points a finger at the cause.

And it is all down to DHCP. Yep, not DNS this time. Not IPv6 even. DHCP!

So what's the problem?

First off, what's the kit?

  • FireBrick doing DHCP and Internet gateway
  • Aruba APs
  • Apple HomePods

The failure did not seem to be all the time, but could be. Sandra has almost given up using them as they never work. But it seems it can usually renew its DHCP without problems, but sometimes it gets stuck. The logs on the FireBrick showed we kept sending a DHCP "Offer" to the HomePo, but it keeps asking.

I added lots of debug, and confirmed that the request being sent, the DHCP "Discover", does not request a broadcast reply, which is fine, so we send the reply to the MAC of the HomePod and its "new" IP address. This is normal.

On a whim, I decided to try fudging the code to treat the discovery as if it has asked for a broadcast reply. This then meant a Discover, Offer, Request, and Ack - but the HomePod did not see the Ack and so kept asking. I then forced the broadcast on the Ack as well, and bingo, it worked. So the issue is the broadcast used for Offer and Ack.

This is a massive clue.

So more investigating.

The RFC says the broadcast request is in the left most bit of a 16 bit flag field.

PLEASE DO NOT DO SPECIFICATIONS LIKE THIS!

I fully understand that bits in a byte may be sent "on the wire" low or high bit first, or high to low bit first. I fully understand that bytes in a word may be ordered big endian or little endian. The above diagram is for a 16 bit "network byte order" value (i.e. big endian).

They number the bits from 0 to 15. Actually they number the gaps between the bits 0 to 15.

In my view there is only one way you should number bits - by their binary power of two value. I would always write that in the way we write numbers, most significant first, so would write that as bits 15 to 0, and it is bit 15 that is the B flag. I don't mind if showing as bits 15 to 8, and 7 to 0 (big endian) or even as 7 to 0, 15 to 8 (little endian), but number each bit by its power of two value, please!

Some people number as order on the wire, starting from 1. So 1 to 8 may be 0 to 7 or 7 to 0, who knows! Please do not do that. But at least if numbering bits 1 to 8, you have some clue that something is wrong.

So, to be quite frank, I actually do not know if this is bit 0 or 15 in a network byte order (big endian) 2 byte (16 bit) value. We assumed it is bit 15, i.e. bit 7 in the first byte. But seriously, from bits numbered 0 to 15 and a reference to "left most bit" I don't actually know for sure. I started to doubt we had read the RFC correctly!

Thankfully empirical testing shows the flags as 0x8000 from other devices, so either it is bit 7 of first byte, or other devices have the same fun reading the RFC. 

So who is at fault here?

Well, my son has the same FireBrick and the same HomePods, but different APs. That all works. That is another clue.

My Aruba APs are set up to inject data in the DHCP, which is good. I get details of the AP and SSID, and can even tell the FireBrick to allocate based on SSID even if different SSIDs on the same physical network. All good.

It may be that it is stripping the broadcast bit, bit that does not explain why it works after a power cycle. Interestingly the working DHCP renewals did not have the injected AP details, it seems. This points further to the AP being "special"

My son does have different network switches as well, so it is just remotely possible that it is a switch level issue, but that seems unlikely - the DHCP discovers are from the right MAC so all switch learning should be fine.

P.S. Yes, I had changed the filtering to disabled already.

The work around...

FireBricks now have an option to force broadcast reply. And it works. Alpha out soon.

2021-07-11

Freestyle Libre vs Dexcom

I have used freestyle libre CGMs for a long time.

Yes, obviously, I’m diabetic, but I have always felt like a sort of amateur diabetic! I take one injection of slow acting insulin a day, not like real diabetics that have match a dose to what they eat every meal. I did not know imposter syndrome was a thing with diseases :-) However, having seen the CGM readings for a couple of non diabetics now I can see that my blood glucose is very different to “normal” and feel a tad more “legit”…

But not having to match insulin to every meal (I take tablets with meals to help) I’m not the normal target for a CGM. However, if you can afford them, I would recommend them for anyone who is diabetic even if like me it is more “mild”. Indeed, perhaps even more so where I cannot easily compensate for eating the wrong thing, the CGM has helped me get my diet right (on most days). My reaction to carbohydrates is far from obvious as some simple things can send my sugar spiking but others are no problem. The CGM helps me learn the problem foods and drinks, and what is not a problem. Even so, that is not always consistent, and can have surprises...

For example:-


  • The small hump on the left last night was an evening meal with loads of rice and vegetables.
  • The big spike in the middle was breakfast, which was a single sandwich (i.e. one slice of bread cut in two) and bacon, with a tablet even. No idea why so high!
  • The small hump on the right was a large roast beef dinner, vegetables, and even a nice cherry cheese cake with syrup - which I expected to be a "problem"...

Not an ideal day for sensible diet, but the effect is not anything like obvious from the meals!

However, one issue with the freestyle is they occasionally screw up and don't work. Yes, in theory, I could send them back, but it got so annoying I decided to try a Dexcom instead.

Freestyle libre

  • Each sensor lasts 14 days - means changing on same say of week.
  • Takes one hour to warm up at start.
  • Has to be scanned regularly, and only holds last 8 hours. Any older data lost if not scanned.
  • Works out around £25 a week.
  • The newest model has alerts for low/high but still needs scanning for readings.
  • Occasionally screws up and you waste a £50 sensor. Yes, could send it back.

Dexcom

  • Sensors lasts only 10 days.
  • Works out around £37 a week (on yearly plan).
  • Takes two hours to warm up at start.
  • Updates phone via Bluetooth so no scanning. Seems to catch up if not near phone for a bit, but no idea how much memory.
  • Has alerts for low/high, or soon to be low/high.

The actual sensors are different, the Dexcom has sensor and transmitter. It is bigger, has a bigger sticky patch, and thicker. The transmitter is silly - 3 month life limit and buy a new one (I included in above price), but seriously, in one off, it is £200! Why not 50p for a new button cell? And it is not like it is more complex that the whole freestyle sensor which is £50. Definitely some level of price gouging there, in my opinion.

Having said that, their web site makes no sense - you can buy packages, or individual sensors as it says "You can always choose to pay as you go, purchasing Dexcom products whenever you need them". However, the individual sensors say "Limit: 1 per user". So do they mean you can only buy "one at a time", or "one, ever". I assume "one at a time", but if that is the case the Starter pack (3 sensors and transmitter for £159) which says "Limit: 1 per user" would be the best deal of all, if it means "one at a time", so I have no idea!

The other thing that is interesting is the difference in the actual readings... Here is the last 24 hours on Dexcom and Freestyle.




The breakfast peak shows as 15.3mmol/l on the Dexcom, and under 13 on the Freestyle. The dips over night (that caused an alarm) shows as 3.1mmol/l on the Dexcom, and nearer 4 on the freestyle.

Scaling and overlaying you can see they are close, but not quite the same.

Problems!

The sensor lasts 10 days, well should do. I managed 5 days before it was too painful, and I removed it. The start pack has three, so I'll try one on my arm, but if that does the same I'm going to ask for a refund. Never had this with the FreeStyle Libre.

FYI, a week later this is still not healed properly - it is getting there but pretty serious reaction. I tried on my arm, and whilst the reaction was a lot less severe, I had to remove it as it was too irritating after a few days.

Dexcom are being slow to do anything. I've filed an MHRA report anyway.

2021-07-02

Is this getting boring?

I have been working for two weeks on this cloud based management for my access control system and it is going well.

There have been a couple of days of total head-bang-against-wall stupidity, but mostly going well. I ended up making a new MQTT client module for my ESP32 as part of it even. The practice in MQTT server and client code bodes well for my putting MQTT in FireBricks, by the way.

One of the things I did was send a controller to someone from a hackspace and I have to say that was a great decision. He is making helpful suggestions and finding bugs and asking sensible questions. If you want the perfect tame customer, they are the ones!

I have some shiny new boards, yay!

So yes, that is progress.

Next week I have other work to do, but I'll come back to this with feedback from the first couple of real users, including a hackspace.

2021-06-20

New door entry and alarm system

I am thinking of the next generation of my SolarSystem alarm system.

It started as RS485, a slot in replacement for a Galaxy system using the same external devices, and running on a Raspberry Pi with USB RS485 adaptors. It worked quite well.

The next generation used ESP8266, then ESP32 based WiFi connected devices. This works well.

Next generation

I am now planning to get rid of the Raspberry Pi and RS485 completely. The idea is the ESP32 modules work together over a mesh WiFi. Yes, one of them would connect to a conventional WiFi access point, but they can work without that - off 12V battery backup if needed, with no "controller" as such.

This is not that complex - devices need to know what inputs and outputs link to what areas and states in the system, and broadcast information to allow every unit to know when alarm armed, or triggered, etc. Using secure AES encrypted DESFire key fobs on door controllers the alarm can be set and unset.

There would still be a "controller" to configure the system, program fobs, record logs, and so on. But this could be a cloud based service. Some of you know my love of cloud based services (not), and as this is all open source it would allow the cloud service to be run locally. But the server is not a "live" part of the system - it allows config, and so on - via a simple web page. Obviously communications would then be secure to the server.

This makes everything simpler to set up as you just need a local WiFI internet access.

To make it work I now have designs (and several prototype boards and cases) for key components:

  • Door controller module and NFC reader (can be used as 6 input 1 output module)
  • Bell box module (also usable as a 2 input 4 output module)
  • General purpose I/O (5 GPIO with ADC if needed)
  • Keypad module (fits in galaxy keypad and talks RS485 to it locally)

The nice thing is that just one of these, eg door control, can be set up to talk to local WiFi/NAT and connect to a cloud service allowing configuration of an access system. But you can then add other modules, and set up a whole alarm system if you want. The key fobs have access controls such as which doors, and times of day and days of week that are allowed.

More serious work needed

The issue is that I need to do quite a lot to complete the design and coding for this - not just in the modules, but the controller system and database back end. This is all pure R&D work at present with no concrete customers for the system (though we have had some interest), which can make it a bit hard getting the motivation - but a real customer would also help ensure we are steering the project in the right direction.

Bootstrapping security

One of the design challenges is bootstrapping the security of key fobs and controllers. They need AES keys, and these need to be secure, and need to get in to devices and fobs.

In simple practical terms, you can just buy fobs from the likes of Amazon, and then use one one of the NFC modules - e.g. one of the doors - to program the fob. Similarly you can make ESP32 modules, or use off the shelf modules like nodemcu and flash the code.

But you have to be very sure that this is actually being done by someone authorised to program fobs. Even then, if someone wanted to, they could capture that initial config and get the AES key used. Once the AES key is know the system for a whole site can be compromised.

Once the fob is programmed, any capture of the communications does not help you, but the initial set up of a fob is inherently insecure - this is the bootstrap problem - it has to be insecure as the fob is blank and it has to get the keys - so someone can "pretend to be a blank fob" and get the keys in the same way.

You have the same issue with end devices and a cloud system - you have to be sure the device is the device you think it is. If someone can get a fake device on a system it can get keys. So the devices need a secure client identity too.

I suspect the answer is simple - design the system so that the controller will only do initial config of devices and fobs locally (e.g. USB connected). The controller then sends out the devices and fobs pre-set for the site. Of course this means for a cloud based service the service operator provides the devices and fobs - which may make it more commercially viable to operate a cloud service.

Security

Of course any system has to consider security - the AES/DESFire fobs are massively more secure than 125kHz fobs used by Galaxy Max readers. The WiFi is a bit of a trade off: It is way more secure using WIFi and TLS than RS485 (Galaxy modules can have messages inserted on the bus without it noticing!). It is possible to disrupt (just as cutting an RS485 bus is, which is exposed on outside of building if using Max readers), but like RS485 it would trigger an alarm. At the end of the day you have to be more secure than breaking a window.