Friday, December 16, 2016

Even Simple things are Complicated... in IoT

So, I strive for simplicity in my design.  But I realize that simplicity in design doesn't  mean simplicity in implementation.  Even simple things are complicated when you consider IoT.

Let's take a fairly "simple" example: You want to design a water leak detector for your water heater (or the utility room/closet that hosts it).  Or maybe you are in a flood zone.

This water leak detector should notify you (via your Internet connected Smartphone -- you may not be at home) that there is water present (or rising significantly)on the floor.  Assume that this is VERY IMPORTANT to you because your house is prone to floods or leaks.  Or, you want to make sure your "pump" is doing it's job.

During rainstorms while you sit at work... your mind may wander... to your house... to that damn pump...  Okay, IoT to the rescue!

Simple? Sure. Just throw an ESP8266 or ($10-20) Raspberry Pi at it.

Fine... now let us look at what needs to be done.

  1. A water sensor.  Okay, let's assume you found one or threw together a nice one that can be securely mounted to the floor or wall just above the floor.  Basically let's punt on this one. Done.
  2. You need Wi-Fi. Chances are you aren't located near an Ethernet port and probably don't want wires everywhere.
  3. You need to be battery powered. (Assuming even if you rather plug it into AC, there are flood conditions that could occur during a power loss, right? Like your flood pump isn't working..) So, yes, you need to be battery powered. And the battery should last at least 1 year.
  4. You need a cloud server to host the relaying of messages to your Smartphone.
Okay, so you've done all of that hard work or found a nice little sketch/hackaday-device that does all that for you. Done?

Here are some issues you need to consider:
  1. How do you get notified that the battery is dying?
  2. What if someone does an DoS attack (or you changed your Wi-Fi router and forgot to re-configure this device).
  3. Speaking of Wi-Fi... How do yo configure this device in the first place?
  4. Do you have redundant servers in the cloud. (What if your cloud server goes down?)
  5. What do you do if your ISP (or cloud) connection goes away for a few minutes?
  6. What if the water sensor is accidentally "detached" (or is damaged)?
  7. Is your connection to the cloud secure? Is it authenticated? What if some joker thinks it would be funny to fake out your server into thinking that there is a water leak?
  8. What if the device was suddenly "unpowered" (unplugged or batteries were removed). Can you handle that?
  9. How do I know, in general, that the device (and my connection to it) is working properly?
Now, you don't have much control over the "Internet" portion of this (realistically). But, at the end of the day, your device will always be blamed. It didn't notify you and your basement is now flooded.

So, let's address some of these issues.  Let's assume that this device is either very, very critical to you (you have lots of water problems and can't afford the massive damage an unattended one would cost) or you want to go to market with this device.
  1. How do you get notified that the battery is dying?  
    • You are going to have to monitor the battery voltage.  So, some ADC work. 
    • And you probably should have a local (loud) buzzer in addition to sending it over Wi-Fi
    • LEDs will be next to useless (unless you tend to hang around your utility room/closet a lot)
    • Also... Wi-Fi transmission take a lot of power. Consider that in your power budget.
  2. What if someone does an DoS attack (or you changed your Wi-Fi router and forgot to re-configure this device).
    • Once again, a buzzer. But don't make it too annoying. 
    • How (and/or when) do you shut off this buzzer?
  3. Speaking of Wi-Fi... How do yo configure this device in the first place?
    • Smartphone? Via Bluetooth? As a (temporary) Wi-Fi access point?
    • You are also going to need a "rich" app for the phone, or otherwise a nice web server for the device (a web server for a freaking water monitor, ugh)
  4. Do you have redundant servers in the cloud. (What if your cloud server goes down?)
    • Of course, your ISP can go down... but more likely it will be that $5 per month virtual instance in the cloud that you thought was a really good bargain.
    • Consider at least 2 servers (not co-located).
  5. What do you do if your ISP (or cloud) connection goes away for a few minutes?
    • You are going to need to cache this information and send it later... so you need a "retry" mechanism
    • You are probably going to want an event  "date" (or at least elapsed time from). Has it been trying to notify your for hours?
  6. What if the water sensor is accidentally "detached" (or is damaged)?
    • First you need to detect this. Your monitoring algorithm considers false positives right? Is this a measurement glitch or did the sensor get yanked?
    • The sensor (which may just be a couple of traces on a board) needs to have some means of being "detected". So.. it needs to be more than a couple of bare wires or traces on a board.
  7. Is your connection to the cloud secure? Is it authenticated? What if some joker thinks it would be funny to fake out your server into thinking that there is a water leak?
    • Encryption may not be important (this isn't critical private info), but spoofing can and will be a problem. You will need to some form of SSL/TLS, so you just went beyond your 8 bit Arduino in terms of parts count.
  8. What if the device was suddenly "unpowered" (unplugged or batteries were removed). Can you handle that?
    • Basically... ask this question if you want to use a Linux based solution (A Pi or Beaglebone). 
  9. How do I know, in general, that the device (and my connection to it) is working properly?
    • A system check... a heartbeat... an alert to your smartphone that something is amiss
    • A heartbeat will affect battery life... be careful.
So... this simple device starts to become complicated really, really fast. Doesn't it?

Monday, December 12, 2016

Brutal High Availability vs Simplicity

I've been toying with the idea of using an ESP8266 Wi-Fi SoC (running NodeMCU) as the basis for my kitchen/stove monitor.  It's cheap ($3), it has the sensor inputs (and libraries) I need and gets my device on the Internet (IoT!)

However, I have some serious questions regarding the stability of the platform (mostly the software -- and yeah I know I can punt NodeMCU and go with C, but I am still using frameworks and libraries I don't trust yet).   Can I run this SoC for years without a glitch?  My device can't afford to "fail".  It needs to always be working. Even if it had to "reset" due to a watchdog or long running glitch, it needs to be up and running in order to be useful.  It needs "High Availability". 

What can I do if I want to use this useful SoC?

Well...assuming that the hardware is stable, I can address software instabilities by adding another "trusted/reliable" system.

Maybe an ATmega326 running minimal firmware: Just logic.  It would be the "master".  But, it is quite an anemic master.

Since my device is AC powered (I wanted something you could enable and use without thinking about battery replacement, etc -- not play the Wi-Fi power budget problem),  I don't have to limit myself to an anemic microcontroller.  Maybe a Linux SBC?  Maybe... a Beaglebone Black?

So, here, I begin to abandon "Simplicity" (and increase my cost significantly).  But, I can do a few more things by choosing a Linux SBC:

  1. More robust protocol for Internet use:  A real messaging system (XMPP? RabittMQ client?) with caching and reconnect strategies.
  2. More security (Stronger encryption and authentication at endpoint)
  3. Leverage proven multi-year uptime of a Debian or Ubuntu distro

But, why use the ESP8266 at all?  Because getting peripherals (e.g. I2C, 1-wire, etc) to work on a Linux SBC is black magic and a waste of my time.  Plus, the ESP8266 is cheaper than any Wi-Fi USB module I can get for Linux.

The idea here is to have the Beaglebone control the ESP8266.  The Beagle will periodically either ping it for liveliness or simply reset the module before transactions or as a "daily" ritual.  It may sound kludgey but so as long as the ESP8266 is okay with periodic resets, this lends the system to higher availability than a pure MCU (bare metal or non-commercial RTOS) solution.  

Another benefit is I can do an "all Lua" implementation (Lua on the ESP8266 via NodeMCU) and LuaJIT on the Beaglebone.  This would allow me to integrate some telephony (SIP) stuff I've been working on (a completely different project) to "call" instead of just message the user about kitchen/stove activity.

Or, I could just continue developing with my current minimalistic approach of using the ATmega326p with Charley Shattuck's myforth-arduino (which is a pleasure to use -- I've already got my temperature monitor working :)

Thursday, December 01, 2016

The Mind of a (low level) Systems Programmer

I'm a systems programmer... an obsolete term, indeed.  But that is what I am.  It's not about coding in assembly (fun!) or squeezing out every drop of optimization in C (double fun!), but it is about wanting to "make" systems.

Compare this with an "application programmer" (another archaic term).  They love the domain.  I love the innards, the thing that runs the application.  My work should be silent and never seen. My stuff needs to just "work".

I like watching my front loading washing machine run. It is a complete system, but no fancy UI or IoT interface to be seen. It has sensors, it has actuators, it spins.... that's it.
Most of the time it works (it's getting old so there are a few faults here and there).  But it is successful because no one thinks about it. It lies in the background of our lives, silently do its job.

A year ago I had to replace the logic board in my HVAC. It was expensive ($700 list -- but I got mine new from ebay for around $400).  The complexity (and wonder) of that board is that it has to be as solid as NASA system.

My HVAC uses natural gas.  A lot of the components on that board (and the logic / program) are there to make sure my house doesn't blow up.  No fancy interface. No operating system. No complex 32-bit floating point math (I assume... I mean, my house shouldn't blow up do to a rounding error, right?).

I installed the Hunter ceiling fan, in my bedroom, over 15 years ago. It runs every night and mostly through the day. It has never failed. It is still silent. I wonder what kind of motor it has built in and how it is commutated (must be AC since brushless DC wasn't widely available back then -- I think).

That was a good design... a systems design.

Sunday, November 27, 2016

Excessive Portability and Embedded Development

Which is better?

/* Read the angle register (ANGLECOM) */
angle = spi_write(0xFFFF);


/* Read the angle register */
angle = spi_write(A_READ | A_PARITY_1 | A_ANGLECOMREG);

Now, you don't have to understand exactly what's going on here (and the actual process of reading an angle from the AS5147 rotary position sensor is a little bit more complicated), but I am trying to make a point.

I would argue that the second code snippet is a waste of time. (Some presumptions here: You had to define A_READ, A_PARITY_1 and A_ANGLECOMREG).

But, why would I advocate the hard coded version?

  1. The chip (AS5147) isn't going to change SPI command structure anytime during its production cycle.
  2. If you choose a new chip, you are going to have to study it and figure out the hard coded values anyway.
  3. The abstraction in the 2nd code snippet is going to only work for this exact chip.
  4. You have to work out the bit twiddling anyway (to come up with A_READBIT, etc)
  5. 0xFFFF is what you will see in your debugger
  6. It is *always* 0xFFFF 
  7. Ease of modification doesn't work here. If you go "oh, that should be A_PARITY_0" and change it (without verifying the actual resulting write value, it is going to cause a lot of debugging woes).
This is sort of an argument between "ease of writing" vs "ease of debugging" and in embedded development, "ease of debugging" is what you are really shooting for (or maybe call it "ease of validation").

I see the same thing happening with STM32's HAL or StdPeriph.  There is a focus on making it easier to load up registers (often taking 1 line of register loading code and stretching it into multiple lines of structure loading using verbose enums/types you have to look up).

To be honest, when I work in Forth on the STM32, I don't have such luxuries and my program is full of well documented hex and binary register banging.

Monday, November 14, 2016

Attack At Dawn

This is a painting on display at The Walters Museum in Baltimore Maryland. (   It is by "Attack At Dawn" by Alphonse de Neuville.  

I am not particularly a fan of military battle scenes, but there is something about this painting that I can't get the image out of my head. 
This photo does it no justice.  The somber, winter setting, the lighting, the mastery of painting techniques. It is not a famous painting, but it does so many things that resonate with me: The distant foggy morning sky, the snow, the dim light sources (e.g. dawn, the lamp post, the doorway on the left, the rifle fire), the sparse brush strokes, the sense of desolation.
Go see it, if you can.

Literate Programming... A Revisit

For someone reason (nostalgia?) I've been re-visiting Donald Knuth's concept of Literate Programming.

(For a quick intro, critique and discussion on this approach see this blog entry and the responses.)

I first discovered Literate Programming via looking at TeX sources in the 1980s.  Then I became somewhat obsessed with the approach around 1992 with the publication of Literate Programming by Knuth. This is still one of my favorite books on programming.

I still like to thumb through TeX: The Program (likely the largest Literate Program ever written).

Perhaps I am starting to revisit Literate Programming because of my full-time-deep-dive into embedded programming (again).  Still stuck with C and code that is supposed to work (I deal more with "firmware" than software these days -- code that can't just be frequently updated, is hard to unit test and must be very, very reliable).

Literate Programming doesn't fit well in today's rapid development, big team, fastest-time-to-market culture.  But, when I am writing control systems with little instructional software/literature available (e.g. learning how to spin a BLDC motor using sinusoidal waves), I start thinking about approaching it in a literate style.

Shhh... don't tell my partners, but I am definitely thinking about using cweb  or perhaps cwebx for this ;)

Tuesday, November 08, 2016

SPLAT Logic Analyzer

Found: A Logic Analyzer written in Tachyon Forth on a Parallax Propeller chip.
This is insane.  I love it.

Somewhere, in a box, at my last job, is an "over the air" (GSM/SMS) remote control device that I developed using the Propeller chip and Tachyon Forth.  It was a prototype I  put together in less than 2 months and "field tested".  It was an interesting (and fun) experience. I would have love to have used this logic analyzer during development.

Tuesday, October 04, 2016

Spinning a motor is hard

I'm trying to spin a 3 phase motor really, really slow.   For this I have chosen Sinusoidal Commutation.  Just a few sine calculations and I'm good, right?


Sinusoidal commutation of BLDC motors is hard.  Even so-called "open loop" commutation (which still expects feedback -- is it still really "open"?) is difficult.

You can find a google load of papers on how to perform (6 step) trapezoidal commutation and then some that kind of talk about sinusoidal.

It's all maddening and the reason why motors are its own field of study.  Lots of physics. Lots of math. Lots of stuff you can't shortcut.  Jerk, torque ripple, back EMF.  Don't get me started on rotors and pole count.  How about Phase finding?  Know how to do that?

To spin, you must have feedback!  Don't Hall effect sensors? How about with angular magnetic encoders? If you are man (or woman) enough, you venture into FOC.

I'm spending weekends and some weeknights learning how to spin a motor so me and my partners can build a killer robotic application. (Killer may be a bad choice of words....)

I'm really learning how much I don't really know.

Spinning a motor is hard...

Tuesday, May 24, 2016

Taking a SIP from the VoIP fountain....

Bad metaphorical post title aside (ouch),  I am currently investigating "cutting the Vonage cord" (another bad metaphorical allusion).

I haven't had a proper land line in 10 or so years. Vonage has served me well.  But, I find that with everyone in my family owning a smartphone, we rarely use our home phone line.  As anyone who has called us will know, sometimes we can't find our "wireless" phone(s) -- is it buried in the couch cushions again?  We are also horrible about retrieving voice mail (even though we have Vonage forward transcripts to our smartphones).

Really, outside of having a number "for our house", we don't use it much.  But our monthly bill for this convenience is over $30 per month!  I know, I know... why don't we just find a lower cost VoIP provider?  But that still requires us having to swim in someone else's pool (sorry about that, there I go again).

But, hey... wait a minute!  I am a software engineer who specializes in communication.  There must be something I can do here.  All I need is some way of getting my home phone number to forward to a PBX under my own control.  Think of the things I could do!

I could...

  • Have the call ring to any smartphone that is registered on my Wi-Fi (i.e. mine and my wife's phones when we are home)
  • Forward the call to voice mail immediately if we aren't home.
  • Register another "business" phone number that does something similar... basically track me down (e.g. smartphone or home number or voicemail)
..and so much more!

So, I start looking at FreeSWITCH and Asterisk.  Wow!  I need a book, or two, and a lot of time.
(Another variation of swimming in someone else's pool).

Okay, so do I really need a full blown PBX to do this?  Nope. I can do most of this with a cheap DID (Direct Inward Dialing) provider that could forward to a SIP proxy (of my own configuration or design).  (I won't go into details about SIP here... just know that it is the standard Internet way of locating and setting up calls. It is pretty complex too, but it is fundamentally a protocol specification.)

So, I start looking at OpenSIPS and over SIP server solutions.  It looks like all the pieces are there to do what I need. I just need to write a script....

Okay. My engineer senses start pulsing again (sort of like Spiderman's senses but rather than danger it warns me that I am about to use a complex system to do what seems so simple in my head).  I don't want to solve my problem with a simple OpenSIPS configuration... I want to intimately understand what is going on inside of SIP and implement just enough to do what I want.  How better to learn a system than to dive right in and try to build one yourself?

By learning OpenSIPS, I'll become an OpenSIPS expert but I won't really know how SIP works.   Sure, they take care of the plumbing, but I am interested in the plumbing.

So, I start with the SIP RFC .  Well that's over 200 pages!  Okay, Todd.. slow down. What do I minimally need to let two VoIP user agents (i.e. phones or smartphone apps) talk to each other?

I start from there.... and here I am today.  I've got some primordial code handling SIP registrations over UDP.  I have a long way to go, but I am going to have fun with it and I am going to learn a lot. 

Maybe I'll finish enough of it to put it out there as open source. Not an OpenSIP competitor, but a super simple, super hacky way of creating your own lightweight home VoIP system.

Note: Currently using LuaJIT and Copas socket server to play around with SIP and I as I mentioned above, I've got Registration working.  Ooooh... so much fun!

Saturday, April 09, 2016

Hackable (Software) Things

I like hackable things. I'll keep that vague, because I am in a vague mood.
See if you can spot the common theme:

  1. Emacs
  2. TeX / LaTeX
  3. Forth (interactive on an MCU)
  4. Snabb Switch
  5. Smalltalk  (Squeak)
  6. Unix command line (awk, sed, kornshell, bourne shell, maybe bash, etc)

Okay... why?

They are worlds at my fingertips.
They don't use XML.
They are extensible.
I can make them do useful things.
With the exception of #3 (Forth), none really manipulate the "physical world".

Speaking of Forth... having shipped a few professional devices built with Forth, I still haven't found anything nearly as useful or fun for MCU work.

Something I would love to have for embedded MCU work:

A nice REPL / Editor environment (host side, please) for manipulating/deploying eLua on MCUs. 
eLua has poor interactivity support, but I wonder if remotely instrumenting it is a better approach... maybe via ZeroBrane or Emacs?

Monday, February 22, 2016

Premature Optimization during Design

As I design my embedded software, I am always looking for the most efficient tools and design. We have limited resources and must therefore constrain our designs.  Or do we?

I remember struggling to get Donald Knuth's TeX typesetting system to compile and run on the big DEC2060 timesharing system back in 1984. It was a beast of an application and not written to run on anemic platforms. It was Knuth's idea to solve the typesetting problem, not write an application that would run on limited hardware.

Now, TeX (same sources pretty much) can run on your Android phone.

Back in 1986 I was trying to get Richard Stallman's Emacs to compile and run under Unix. It was a big, bloated and slow beast  (but worth it for all the power it gave me -- I was already an Emacs addict for a couple of years).

Now, I install it on every Linux/BSD laptop I use and fire it up as needed.

These systems (and others) were not designed to work on minimal hardware, but over the years hardware caught up with them.

I am not advocating that IoT devices use big bloated tools, but as far as "basestations" go... why are we constraining ourselves to RasPis and Beaglebones?

Tuesday, February 16, 2016

Mutter... Adventures in VOIP/messaging systems

Over the past couple of years I've been playing around with a "toy" Mumble server I developed.
Mumble, if you don't know, is a popular gamer VOIP and messaging system.  It is open sourced and has clients running on Windows, Linux, iOS (iPhone) and Android (I prefer Plumble).   It has a published spec for communication so it is relatively easy to build a minimal server.  I've built one in the past in Erlang and have recently started one in Lua(JIT).

Why would I want to implement my own Mumble server (I'm calling it Mutter) when a perfectly good one exists as part of the Mumble project?  Well, I am curious how many interesting things I can do with a compliant server without touching the client software.

Some of my experiments involve creating additional levels of authentication (e.g. a query response from a server bot, additional detection of client OS/hardware stuff, etc) as well as the potential to bridge to other VOIP or messaging systems.

Other things I am curious about playing with is "adhoc" conference calls that could spawn quickly and privately in the cloud. 

Right now it is mostly for fun. I've got basic messaging and TCP voice channels working. I am not interested in building a full blown Mumble server (that already exists!) but curious as to what can be done minimally....

S.A.F.E: An IoT compatible Manifesto

My home monitoring projects/products follow a manifesto I call SAFE.  SAFE is an acronym for Set And Forget Engineered.  It follows the basic tenant that home monitoring systems should be reliable and not require lots of care and attention.  You set it and then forget it.

This manifesto doesn't exclude IoT (Internet of Things) devices, but it has some rules. Let's consider the class of devices to include: Flood monitors, Stove usage monitors, Motion detectors and Entry/Exit monitors.

  1. If you don't run off of AC, your nominal battery life should be 5 years.  Assume 2 years of worst case (power consumption-wise) performance.   Do you check/change your smoke alarm batteries religiously every year?  Maybe not.  If you can't guarantee 2 years of performance (and you are a critical monitor) then you should run off of house current (AC).
  2. If you need to run when power is loss, then you should have backup batteries that last at least a couple of days. This is particularly important for Flood monitors, etc.
  3. If you can't automatically recover from a power failure, use backup batteries to keep the system running or use persistent memory to snapshot states.
  4. Your device should have some "local" alert capability and not rely 100% on the Internet for notification.  If I am in the house, there should be an audible alarm and not reliance on my smart phone being notified via the Internet.
  5. If Internet notification is critical, don't trust Wi-Fi.  Let's use an analogy:  Your car's critical systems (engines, steering, braking, locks, etc) should, by design, run on a separate network than your Entertainment system (radio, etc).  Your IoT device probably should follow that same rule. Wi-Fi can get congested, it can have password changes, it is a common target for attack.  But what can you use instead of Wi-Fi? Consider ZigBee, XBee or other more robust protocol (no, not Bluetooth!) as the delivery transport to the home router. All home routers still feature Ethernet ports so your transport receiver can be plugged in there. You still rely on the monitor but you are not affected by all the issues with Wi-Fi.  Now, of course, you should consider encryption and authentication too when using a non-Wi-Fi protocol...
  6. Don't design for over the air software/firmware updates. This is a HUGE security hole and although you may have thoroughly thought it through -- you haven't.  Get your software as  correct as possible and consider doing updates through a computer or smartphone "directly" and "physically".  Things that can be controlled through the Internet will be a nice fat target for people who want to control your stuff through the Internet.  Don't advertise your house as hackable!
  7. No SD cards. Nope. SD cards are not designed for reliability or longevity. Use persistent memory that has at least a 10 year retention.
  8. No rechargeable batteries.  How long do you really get on a L-ion/poly?  Two years? Five years?
  9. Avoid LCD/button interfaces as much as possible. What is this, the 1990s?  If you need a way to silence an alarm or (temporarily) disable a sensor use touch or tap and a simple indicator. 
  10. No disabling or critical manipulation through the Internet.  Sorry, see #6.
  11. Know thy hardware. Don't just choose a Raspberry Pi or Arduino unless you know exactly how each critical component is rated (e.g. environmentals, write duration, etc).
  12. Know thy software. Don't just load up a Linux and go. Are there processes running you don't understand? Update software maybe? 
I try and to design to these tenets. I am surprised how many commercial IoT devices seem to ignore them.