Bluetooth Low Energy DEFCON

I have been meaning to get my head around Bluetooth for some time, and I think I have finally come up with a project idea which is a bit whacky, but I think should work.

I have discovered that Bluetooth Low Energy (BLE) is different from full bluetooth, something I had not realised, but that BLE should do what I want. The little ESP32 chips with which I am very familiar can do BLE, so this should be simple (LOL).

So here is the idea - DEFCON box. I have one of these at home :-

The way this works is that it shows a DEFCON level depending on who is in the house, so each of the kids has a level, and the lowest level shows. It beeps and the lights click as the go off and on to change levels. All good fun. We know who is about to open the door just before they do...

However, the way it actually works is quite complex. It works on WiFi and MQTT and is told by an MQTT command what level to show. The command comes from a FireBrick, which uses its profiles to decide what level applies. It does that based on the DHCP leases for people's phones on the WiFi. It is really quick to pick up people arriving, but takes the DHCP lease timeout to realise they have gone. But in spite of this complexity it works.

I did think it would make a fun present for someone, but the complexity of WiFi, MQTT, FireBrick and so on makes it really not simple to set up at all.

So this is where BLE comes in...

The idea is that it would scan for BLE devices and pick up phones being present directly. Of course BLE is designed to not allow you to track people, so needs a bit more, and it needs a simple way to tell it which phones are which DEFCON level.

The idea is a button, you press it, and press it repeatedly to pick a level that will flash. The device would be BLE discoverable so show on a phone, and the phone then connects and bonds with the DEFCON device. It then remembers the phone and the level. Because (I hope) the bonding will have an identity resolution key for the phone, it should be possible to passively scan and work out when each phone is present or not.

This makes for a really simple user interface - one button and bond from a phone.

Of course I may face issues with the libraries. A passive scan to find a device you know may not be possible as normally when found you connect to confirm the device is not a fluke random match (which, for this application I am not really too worried about). I'm also assuming a phone will tell my device a key for this - it may not, or may only if it thinks the device is something it expects to want to request a connection. But even so, I can try, and this should cover quite a lot of BLE learning.

So, watch this space :-)

Update1: Demo code works - but I need to advertise only when adding a phone, and as something an iPhone would want to connect to, this was pair using a BLE app not the main settings menu. And I need to work out scanning. Much to do.

Beware of the word "hub"

Some time ago I posted about Internet Connection Records, here, and how they could result in records you may find hard to explain, especially as they were host name and not full URL.

By way of an example I included an image link in the post to the orange/black graphic word "hub" on a well known web site, nothing rude, but as 1x1 pixel so not even something you would see. By doing so your browser would access said web site.

Irony of irony, now, 7 years late, blogger have put a content warning on that post!

I have edited to bold/underline that it is nothing rude, to see if they review and remove it. What is even more ironic is the link I used is no longer even valid, so definitely not rude, but I have updated it now.

But it shows the problems with automated checking of such things, something that is likely to be an issue not just for Internet Connection Records, but for the current Online Safety Bill.

P.S. Another post was "unpublished" as it showed the domain (not as a link) to a PayPal phishing attempt, a domain that is no longer valid - it was a post about it, not itself malware, d'uh.

Legacy

I think I mentioned, having written a bit about my family and growing up, after my dad died, I wondered if I should write an autobiography.

It is not a simple task, and to be frank I am not a writer, so this will be new. But as someone once said: The saying "you only live once" is a lie, you live as many lives as you want and can spend years learning something totally new if you want, over and over again in the years that we all (well, many of us) get.

So I have started, in fact I have a first draft at 100 pages, and over 36,000 words. My approach has not been strictly chronological, as I am crap at dates anyway. Many bits are in order, but some are by topic.

I am not expecting to publish it as such, but you never know. The main audience is my kids. But it needs review and editing - a few close friends to comment on it first and tell me where it is crap (or the few places it is not). It will also need some new bits, I am sure.

Maybe when it is all tidied up I'll release it, I'll see.

For now, here is a snippet.

Dave

So it seems, from what I can tell, under UK GDPR...

✓ Banning someone from your service called "Dave"

Yep, it seems GDPR does not have any issue with your refusing someone "joining a service" based on some aspect of their personal information as long as it it not some discrimination related protected characteristic. So if you designed your system to not allow anyone called "Dave" you can do that.

✓ Banning someone changing their name to "Dave"

Surprisingly, despite the UK GDPR "right to rectification", a company, it seems, according to the ICO and even the parliamentary ombudsman, a company can refuse your changing personal information in any way they like as long as it is a "technical issue". I.e. if you designed a system that cannot handle some specific personal information for some arbitrary reason (such as a short email address, or a name of "Dave") then that is a valid excuse, even though nothing in UK GDPR seems to say it is a valid excuse, and you can refuse to allow the change.

Yep, it is all messed up. What a surprise!

P.S. changing your name to Dåve would probably be something you can insist on, due to case law: https://gdprhub.eu/index.php?title=Court_of_Appeal_of_Brussels_-_2019/AR/1006

Shelly Plus i4DC GPIO

As previously posted, I am quite impressed with Shelly stuff anyway, but the new "Plus" range has allowed some interesting developments - as they use ESP32, which is the processor I use for my access and alarm system.

This has meant I am able to add bits to the alarm system much more simply than using my custom boards - anywhere. As I reported before the Shelly Plus 1 is great as it can work on DC or AC, but this modules is specifically for DC usage.

The Shelly Plus i4DC, which is like the Shelly Plus i4 (which is AC), is powered from 5V to 24V DC. This is great news as it can work from 12V and 24V alarm systems, and the typical 13.8V of a battery box quite safely. You could even wire to a USB 5V supply.

It has 4 inputs which connect to GND, and this works well for connecting to fire alarms, door sensors, and so on, and can easily have spares for tamper and dummy wires. I would struggle to make something like this for the same cost, and when I factor in my time this is a total no brainer.

I have also worked out the GPIO:-

• GPIO0: Output for small LED (hard to see through case).
• GPIO12: Input for SW1 signal (external switch) but needs configuring as pull down.
• GPIO14: Input for SW2 signal (external switch) but needs configuring as pull down.
• GPIO27: Input for SW3 signal (external switch) but needs configuring as pull down.
• GPIO26: Input for SW4 signal (external switch) but needs configuring as pull down.
• GPIO25: Input for small yellow button on the case, but needs configuring as pull up.

There are also 6 external connection pins for programming which are common to most Shelly, and not mains live on this model:

• GND
• GPIO0
• EN
• 3V3
• GPIO3 RX to shelly
• GPIO1 TX from shelly
• GPIO16

These can easily be flashed with tasmota too, use the ESP32 solo build. Note I cover two extra GPIO than the usual tasmota config (GPIO0, GPIO25).

Gas & Electric

I really am at a loss as to quite how bad energy companies seem to be.

They basically have one job - charge for the gas and electricity you use. With smart meters it is really easy as they have access to the data from the meter. Without, they need meter readings, from customers or by sending someone round.

But the basic business processes seem blindingly simple. They are selling two things, gas an electricity, And there is a meter that tracks the actual usage. The bills should be simple.

OK I know there is other admin, getting meters changed, credit control, etc, but the basic billing is noddy.

Some are being a tad cleverer, like Octopus. The first time I was with them, in my previous house, was when smart meters were dumb if you changed provider, so was a bit of a mess, but this time they have the data - half hour readings, usually within a day of real time, and visible to me. They also seem to be very responsive at sorting any questions or issues. This does allow them to be a bit more innovative with tariffs. When I was a kid we had economy seven, with a timer on the meter to switch metering between the two settings. We had a storage heater on the cheap night-time electricity. These days they can do a rate per half hour even, and there is export now as well. But even so, it is really not rocket science.

So how the hell is it that some of them seem to be so incredibly bad at it? Pretty much every company I have been with (perhaps with exception of Octopus this time) has screwed up in one way or another.

The latest is So.Energy

Now, don't get me wrong, I know there can be screw ups, but at the end of the day this is such a simple thing to bill you just have to put the correct meter reading in and you can fix it. A simple job. So the really annoying screwing up is when they not only get things wrong, but totally fail to even try and fix it, and instead send "overdue account" and "final demand" emails.

Leaving So.Energy should be simple. I gave them, and Octopus, the meter reading for Gas on the day, and both used that, and the gas is right. Yay. It proves how simple this really is. The gas was not on smart meter.

But the bit that should be easier, the electricity that was on a smart meter, was not. Octopus actually used the meter reading I gave them. They also had smart meter readings from a couple of days later. Good.

But So.Energy did not, they had not billed for a couple of months. They kept asking for a meter reading to be entered on their web site, in spite of being a smart meter, but the site would not allow me to enter an import reading unless I also entered export (this was after they finally fixed their site asking for 7 separate electricity readings for the meter). The meter itself would not show export, so I could not comply. But remember, it is a smart meter, so they have the actual readings anyway.

When they finally raised bills, what should they do? Well, simple use the smart meter reading for the dates I left, for import and export, simple.

What did they actually do - they did a bill for import, using a smart meter reading for import, for the day I left. They then cancelled that bill, and raised a new one with a "closing read" (not a "smart meter read", or a "customer read", or even an "estimate") that was way higher - more than £100 higher.

What about export, albeit at a measly 5p/unit? Well, they should have just used the smart meter reading. Octopus used the smart meter reading for the day they took over (as I could not see on the meter itself) which was great, so it was available. What So.Energy did was estimate a closing meter reading, saving them around £200.

Using made up meter readings, especially when they demonstrate they have the actual meter reading (at least for import), seems to be to be straight forward criminal fraud, a lie for financial gain.

Fixing it?

Let's be generous for a moment, and assume it was some idiot typing something daft, OK. The first I heard was "overdue account", for a bill dated when I left even though the bill was not on their web site before, so back dated. So I let them know the error, and advised the actual meter readings for import and export.

This the point that they could perhaps have redeemed themselves by cancelling those bills and issuing a correct bill. What could be simpler. If their web site had actually allowed me to enter import without export, of the meter had showed export, they would have used the reading I provided, as they did for gas, so this is no different.

But no, more demands, and a final demand. Each time I told them the error of their ways and got no more than an automated reply.

I messaged on twitter and they said they complaints dept was dealing with it - it is over two week later and nothing - no message even to say complaints are looking in to it and no new bills. I also explained that hounding me to pay a disputed and fraudulent bill was harassment. They said it was not, just telling me what was due and what would happen if I did not pay (further action), which I explained was in fact harassment. They tried to excuse it as automated, and I pointed out that automated harassment is still harassment. Interestingly nothing heard since (a week now) so maybe they turned it off.

Evidence

There is a chance they try and "take further action", which will be interesting. But as they owe me for the export I can make that a counter claim for that, as well as filing a defence that their claim is based on a fraudulent bill. Their own original bill (that they later cancelled) proves they had the import star meter reading for the day I left, so making up a different reading really looks like fraud to me.

But what would be handy is some incontrovertible evidence of the actual usage, so I have sent a GDPR request for the meter readings to Smart DCC Ltd who managed UK smart meter data. Hopefully they can furnish me with the detailed reading. Readings that So.Energy could have gotten and have ignored. It will be interesting to confirm Smart DCC Ltd actually hold the data (they have not said they don't), and that I can get the data. I'll update if/when I get the data.

I should not have to have this hassle or harassment - it really should be simple!

In the mean time...

It gets worse! Bulb

I just got a bill from Bulb for £14k for usage from over 2 years ago. Thankfully this is pretty simple as OFGEM rules say you cannot back date billing more than a year. But still, I should not have to deal with this crap!

Save power to avoid blackouts

Article on the BBC, here... "Households will be offered discounts on their electricity bills if they cut peak-time use on a handful of days over the winter, as part of National Grid's efforts to avoid blackouts."

These sorts of things are incredibly difficult to get right.

Punished for being proactive?

Some of us have already been proactive. I am a high user, but now have solar and battery. The hot tub (a big chunk of usage) is now on a timer so largely heating in the middle of the night, and easy to avoid the 4-7pm peak. I am also on a special battery tariff, so for example, my usage 4pm-7pm is actually about -30% of my daily usage (yes MINUS 30%, i.e. I export around 30% of my net daily usage 4-7pm).

Now, this means it would be physically impossible for me to use less 4pm-7pm, whether net (i.e. allowing for export) or just import (i.e. currently 0kWh usage).

So no way I can benefit from the Octopus scheme as I see it, unless I have misunderstood, as I cannot "improve" my peak usage.

Had I *not* been proactive. Had I left the hot tub on 4-7pm. Had I not run the battery like this. I could be easily making that extra £100 on offer. I am being punished for my being considerate and proactive - or so it seems. That feels wrong, somehow.

Other approaches

My understanding is that some providers are working on getting people to make their 4-7pm usage a lower percentage of their net 24/7 usage. That would work for me, as I already do that, assuming they would even cope with a negative percentage, maybe I would get more than £100, LOL.

Encouraging bad behaviour

I need to work out the "reference" period for saving. Even on the tariff I am on, it would not be hard to make my 4-7pm usage really high. It would not be hard for anyone to do that by running the washing mashing, and tumble drier (and I know most people don't have one, a hot tub), even electric water heating as many have that as a backup for gas. And, of course, if you have one (we don't) charging your EV.

If doing that for a few days before, then during the key days you move the power usage away from 4-7pm, you can get that bonus. For a lot of people "moving" the power usage has not extra cost, so why not.

This is a problem with any system that is "relative improvement". Make it absolute, e.g. usage below X kWh for the period per hours, or even less than % of net 24/7 household usage, and that may work, no need to force a high "reference" against which you are saving.

Not in the spirit of the scheme

One criticism of anyone adjusting their usage before these saving sessions to get a better reduction is that it would not be in the spirit of the scheme. Not "the right thing to do". Even Octopus said that on twitter.

Well yes, that is true, but the whole scheme is based on people doing "what makes them money" not "what is the right thing". There would be no need for any financial reward if people would "do the right thing", so yeh, you kind of have to expect that people, as a whole, will do what makes/saves them the most money - that is how people as a whole tend to work, even if individuals do sometimes do the right thing - it's the very basis of economics (from what I remember).