Friday, December 16, 2016

Even Simple things are Complicated... in IoT

So, I strive for simplicity in my design.  But I realize that simplicity in design doesn't  mean simplicity in implementation.  Even simple things are complicated when you consider IoT.

Let's take a fairly "simple" example: You want to design a water leak detector for your water heater (or the utility room/closet that hosts it).  Or maybe you are in a flood zone.

This water leak detector should notify you (via your Internet connected Smartphone -- you may not be at home) that there is water present (or rising significantly)on the floor.  Assume that this is VERY IMPORTANT to you because your house is prone to floods or leaks.  Or, you want to make sure your "pump" is doing it's job.

During rainstorms while you sit at work... your mind may wander... to your house... to that damn pump...  Okay, IoT to the rescue!

Simple? Sure. Just throw an ESP8266 or ($10-20) Raspberry Pi at it.

Fine... now let us look at what needs to be done.

  1. A water sensor.  Okay, let's assume you found one or threw together a nice one that can be securely mounted to the floor or wall just above the floor.  Basically let's punt on this one. Done.
  2. You need Wi-Fi. Chances are you aren't located near an Ethernet port and probably don't want wires everywhere.
  3. You need to be battery powered. (Assuming even if you rather plug it into AC, there are flood conditions that could occur during a power loss, right? Like your flood pump isn't working..) So, yes, you need to be battery powered. And the battery should last at least 1 year.
  4. You need a cloud server to host the relaying of messages to your Smartphone.
Okay, so you've done all of that hard work or found a nice little sketch/hackaday-device that does all that for you. Done?
Nope.

Here are some issues you need to consider:
  1. How do you get notified that the battery is dying?
  2. What if someone does an DoS attack (or you changed your Wi-Fi router and forgot to re-configure this device).
  3. Speaking of Wi-Fi... How do yo configure this device in the first place?
  4. Do you have redundant servers in the cloud. (What if your cloud server goes down?)
  5. What do you do if your ISP (or cloud) connection goes away for a few minutes?
  6. What if the water sensor is accidentally "detached" (or is damaged)?
  7. Is your connection to the cloud secure? Is it authenticated? What if some joker thinks it would be funny to fake out your server into thinking that there is a water leak?
  8. What if the device was suddenly "unpowered" (unplugged or batteries were removed). Can you handle that?
  9. How do I know, in general, that the device (and my connection to it) is working properly?
Now, you don't have much control over the "Internet" portion of this (realistically). But, at the end of the day, your device will always be blamed. It didn't notify you and your basement is now flooded.

So, let's address some of these issues.  Let's assume that this device is either very, very critical to you (you have lots of water problems and can't afford the massive damage an unattended one would cost) or you want to go to market with this device.
  1. How do you get notified that the battery is dying?  
    • You are going to have to monitor the battery voltage.  So, some ADC work. 
    • And you probably should have a local (loud) buzzer in addition to sending it over Wi-Fi
    • LEDs will be next to useless (unless you tend to hang around your utility room/closet a lot)
    • Also... Wi-Fi transmission take a lot of power. Consider that in your power budget.
  2. What if someone does an DoS attack (or you changed your Wi-Fi router and forgot to re-configure this device).
    • Once again, a buzzer. But don't make it too annoying. 
    • How (and/or when) do you shut off this buzzer?
  3. Speaking of Wi-Fi... How do yo configure this device in the first place?
    • Smartphone? Via Bluetooth? As a (temporary) Wi-Fi access point?
    • You are also going to need a "rich" app for the phone, or otherwise a nice web server for the device (a web server for a freaking water monitor, ugh)
  4. Do you have redundant servers in the cloud. (What if your cloud server goes down?)
    • Of course, your ISP can go down... but more likely it will be that $5 per month virtual instance in the cloud that you thought was a really good bargain.
    • Consider at least 2 servers (not co-located).
  5. What do you do if your ISP (or cloud) connection goes away for a few minutes?
    • You are going to need to cache this information and send it later... so you need a "retry" mechanism
    • You are probably going to want an event  "date" (or at least elapsed time from). Has it been trying to notify your for hours?
  6. What if the water sensor is accidentally "detached" (or is damaged)?
    • First you need to detect this. Your monitoring algorithm considers false positives right? Is this a measurement glitch or did the sensor get yanked?
    • The sensor (which may just be a couple of traces on a board) needs to have some means of being "detected". So.. it needs to be more than a couple of bare wires or traces on a board.
  7. Is your connection to the cloud secure? Is it authenticated? What if some joker thinks it would be funny to fake out your server into thinking that there is a water leak?
    • Encryption may not be important (this isn't critical private info), but spoofing can and will be a problem. You will need to some form of SSL/TLS, so you just went beyond your 8 bit Arduino in terms of parts count.
  8. What if the device was suddenly "unpowered" (unplugged or batteries were removed). Can you handle that?
    • Basically... ask this question if you want to use a Linux based solution (A Pi or Beaglebone). 
  9. How do I know, in general, that the device (and my connection to it) is working properly?
    • A system check... a heartbeat... an alert to your smartphone that something is amiss
    • A heartbeat will affect battery life... be careful.
So... this simple device starts to become complicated really, really fast. Doesn't it?

Monday, December 12, 2016

Brutal High Availability vs Simplicity

I've been toying with the idea of using an ESP8266 Wi-Fi SoC (running NodeMCU) as the basis for my kitchen/stove monitor.  It's cheap ($3), it has the sensor inputs (and libraries) I need and gets my device on the Internet (IoT!)

However, I have some serious questions regarding the stability of the platform (mostly the software -- and yeah I know I can punt NodeMCU and go with C, but I am still using frameworks and libraries I don't trust yet).   Can I run this SoC for years without a glitch?  My device can't afford to "fail".  It needs to always be working. Even if it had to "reset" due to a watchdog or long running glitch, it needs to be up and running in order to be useful.  It needs "High Availability". 

What can I do if I want to use this useful SoC?

Well...assuming that the hardware is stable, I can address software instabilities by adding another "trusted/reliable" system.

Maybe an ATmega326 running minimal firmware: Just logic.  It would be the "master".  But, it is quite an anemic master.

Since my device is AC powered (I wanted something you could enable and use without thinking about battery replacement, etc -- not play the Wi-Fi power budget problem),  I don't have to limit myself to an anemic microcontroller.  Maybe a Linux SBC?  Maybe... a Beaglebone Black?

So, here, I begin to abandon "Simplicity" (and increase my cost significantly).  But, I can do a few more things by choosing a Linux SBC:

  1. More robust protocol for Internet use:  A real messaging system (XMPP? RabittMQ client?) with caching and reconnect strategies.
  2. More security (Stronger encryption and authentication at endpoint)
  3. Leverage proven multi-year uptime of a Debian or Ubuntu distro

But, why use the ESP8266 at all?  Because getting peripherals (e.g. I2C, 1-wire, etc) to work on a Linux SBC is black magic and a waste of my time.  Plus, the ESP8266 is cheaper than any Wi-Fi USB module I can get for Linux.

The idea here is to have the Beaglebone control the ESP8266.  The Beagle will periodically either ping it for liveliness or simply reset the module before transactions or as a "daily" ritual.  It may sound kludgey but so as long as the ESP8266 is okay with periodic resets, this lends the system to higher availability than a pure MCU (bare metal or non-commercial RTOS) solution.  

Another benefit is I can do an "all Lua" implementation (Lua on the ESP8266 via NodeMCU) and LuaJIT on the Beaglebone.  This would allow me to integrate some telephony (SIP) stuff I've been working on (a completely different project) to "call" instead of just message the user about kitchen/stove activity.

Or, I could just continue developing with my current minimalistic approach of using the ATmega326p with Charley Shattuck's myforth-arduino (which is a pleasure to use -- I've already got my temperature monitor working :)


Thursday, December 01, 2016

The Mind of a (low level) Systems Programmer

I'm a systems programmer... an obsolete term, indeed.  But that is what I am.  It's not about coding in assembly (fun!) or squeezing out every drop of optimization in C (double fun!), but it is about wanting to "make" systems.

Compare this with an "application programmer" (another archaic term).  They love the domain.  I love the innards, the thing that runs the application.  My work should be silent and never seen. My stuff needs to just "work".

I like watching my front loading washing machine run. It is a complete system, but no fancy UI or IoT interface to be seen. It has sensors, it has actuators, it spins.... that's it.
Most of the time it works (it's getting old so there are a few faults here and there).  But it is successful because no one thinks about it. It lies in the background of our lives, silently do its job.

A year ago I had to replace the logic board in my HVAC. It was expensive ($700 list -- but I got mine new from ebay for around $400).  The complexity (and wonder) of that board is that it has to be as solid as NASA system.

My HVAC uses natural gas.  A lot of the components on that board (and the logic / program) are there to make sure my house doesn't blow up.  No fancy interface. No operating system. No complex 32-bit floating point math (I assume... I mean, my house shouldn't blow up do to a rounding error, right?).

I installed the Hunter ceiling fan, in my bedroom, over 15 years ago. It runs every night and mostly through the day. It has never failed. It is still silent. I wonder what kind of motor it has built in and how it is commutated (must be AC since brushless DC wasn't widely available back then -- I think).

That was a good design... a systems design.