The most capable controller software?

[etc6849]

I run a mini-itx atom based PC with windows XP pro. It uses an SSD and has been running great for years now. In fact, I've seen critical control programs run on XP Pro just fine in industry before. Typically, there is a fail-safe design to the control circuit as down time would cost lots of $$$, but my point is if its good enough for critical industry functions, why can't I use it in my home without issue?

With respect to pairing a PC with a security system, I agree a standalone security system is the better approach. However, I'm not so sure putting all of the automation into an Elk or HAI system is the way to go as this would take longer to install and your code may not be as clean as it could be (e.g. one global script for Goodnight, in one single location: your PC's hard drive) and definitely will not be as versatile as a PC install. It will also typically cost more as sometimes expansion cards with specific firmware are needed to work with whatever serial module (such as the VRC0P).

Whatever PC program should be stable enough to handle automation tasks and not freeze up as these tasks seem relatively simple, especially if I can understand them! If a PC isn't reliable enough, I'd seriously question whatever automation program's design, because I doubt windows is the problem. This is one thing Premise has going for as there are no longer updates or changes to its SDK, and all of the bugs were worked out long ago before it was bought by Lantronix and then Motorola. Premise was also started by several microsoft employees, so it works well with anything microsoft (if that's what you're into).

 

[nlaredo]

OK that's just ridiculous! Why is your company different than every other Fortune 1000 company, and even the US Government? Why is Windows more of a risk for you? And what security risks exist in your own home that would be out affecting a computer sitting in a corner? You could never back your statements up with any useful facts.

Sorry, I can't help but take your bait.

Try this experiment: Install windows xp sp2 from CD on a computer you have at work.. don't do anything with it but connect it to the internet. See how long it takes to end up with a blaster virus on it. You may have to travel back to 2004 for this to work, but just because that threat may have been fixed up in windows 7, it does not mean that there won't be a future issue discovered that won't be patched by microsoft for weeks to months to years after a live exploit is in the wild.

It's not that I don't trust myself -- I actually write win32 and x86 assembly for a living and use windows at work to do it -- I just don't trust the 65 year old with a laptop that comes to visit and babysit from time to time and gets tricked into clicking on things, and I think this has a lot to do with having careless coworkers that let things like the blaster worm loose at a former employer in the early 2000s.

For my home automation, I want to be able to reach it from work which means poking holes in firewalls -- otherwise what's the point to home automation when I can't monitor things from outside the home?

 

[kwilcox]

However if you first turn on the windows firewall and disable all programs and services in the exceptions tab then you can safely connect directly to the Internet without worries.

I set HCA server for a high port to connect on then open that up NATed through my internet router. All HCA clients are set to use that port. I also set HCA to challenge for passwords on anything but my internal network. That way internal tablets/panels connect directly while the clients on my phone/Xoom must supply a password.

Bada bing. Safe from exploits and remote control capable.

 

[tmbrown97]

Try this experiment: Install windows xp sp2 from CD on a computer you have at work.. don't do anything with it but connect it to the internet. See how long it takes to end up with a blaster virus on it. You may have to travel back to 2004 for this to work, but just because that threat may have been fixed up in windows 7, it does not mean that there won't be a future issue discovered that won't be patched by microsoft for weeks to months to years after a live exploit is in the wild.

This would be a non-issue in my house. My house has a standard firewall, and any guests in my home connect via a separate SSID with client isolation, so they're isolated from anything in my house with the exception of my printer. But that would also be irresponsible - that'd be like putting a linux box on the net with a default password of root/root - you're asking for it. But with basic due diligence, you enable firewalls and only pinhole exactly what you need. In that instance, I've seen servers directly exposed to the internet survive for a decade without any vulnerabilities.

It's not that I don't trust myself -- I actually write win32 and x86 assembly for a living and use windows at work to do it -- I just don't trust the 65 year old with a laptop that comes to visit and babysit from time to time and gets tricked into clicking on things, and I think this has a lot to do with having careless coworkers that let things like the blaster worm loose at a former employer in the early 2000s.

Didn't you just say that Windows isn't allowed at your work? And again, this is what client isolation (at home) and network security protocols address in a more advanced network.

For my home automation, I want to be able to reach it from work which means poking holes in firewalls -- otherwise what's the point to home automation when I can't monitor things from outside the home?

I have a few very basic things pinholed so I can access them directly from my phone; but I also have VPN set up so I can securely access my home and everything on the network. Another member here did a writeup on remotely SSH'ing into your home as an alternative security measure.

So as I stated the first time, that's a naive approach - we're not talking about putting a 10yr old un-patched computer directly onto the internet without any sort of firewall - we're talking about a competent computer administrator building a properly secured and optimized system that most of us here know would be rock solid and run for decades without us losing a second of sleep over the possibility of a security hole. As many above have stated, a hardened machine is only susceptible if someone uses it like a workstation and exposes it.

The simple reality is that the majority of HA apps run on Windows; if you limit your OS, you limit your selection. Just like people write viruses for the largest potential impact, they also write legitimate software for the largest potential customer base.

 

[video321]

Sorry, I can't help but take your bait.

Try this experiment: Install windows xp sp2 from CD on a computer you have at work.. don't do anything with it but connect it to the internet. See how long it takes to end up with a blaster virus on it. You may have to travel back to 2004 for this to work, but just because that threat may have been fixed up in windows 7, it does not mean that there won't be a future issue discovered that won't be patched by microsoft for weeks to months to years after a live exploit is in the wild.

Really... blaster!?! Even after you, yourself, said OSX is no more secure than Windows - that is your example?

It's not that I don't trust myself -- I actually write win32 and x86 assembly for a living and use windows at work to do it -- I just don't trust the 65 year old with a laptop that comes to visit and babysit from time to time and gets tricked into clicking on things, and I think this has a lot to do with having careless coworkers that let things like the blaster worm loose at a former employer in the early 2000s.

Which has nothing to do with what platform you use except for the fact Windows is more of a target because of it's wide use in corporate environments and homes. The chances of anything being passed on to the HA server is extremely slim and nothing an isolated BSSID, like I run for guests, couldn't fix.

For my home automation, I want to be able to reach it from work which means poking holes in firewalls -- otherwise what's the point to home automation when I can't monitor things from outside the home?

I use a single port - 443 for SSH. If you don't want any holes in your firewall then go with a package that will create a tunnel for you from your server to theirs which you can then access via their "secure" server.


As for HA software/server... I use a basic install of Premise (extremely easy to setup - many thanks to the members here!) running on an XP VM on my combo HTPC/server which is running a full HTPC setup, gaming, IR distribution, whole-house audio along with other basic services. I've been on the same hardware for a few years and the only time the machine needed to be rebooted was when my RAM went faulty - otherwise 24/7 without issues. Most of my core network services are running on my router - DNS, DDNS, SSH, multiple BSSIDs, VLANs, etc. I've also since incorporated a Vera2 controlling my Z-Wave devices.

 

[electron]

I'm sorry, but I have to disagree with nlaredo as well. No such thing as a 'secure' default installation without any firewall protection. That said, I would like to invite everyone to discuss that topic in a separate thread so we can stay on-topic here

Based on my own experience, almost all of the popular home automation packages will run just fine on the low-power PC's, so you really can build your own energy-efficient appliance if that's what you are after.

 

[pete_c]

I've tested Homeseer to run on a Joggler just fine using a modded XP (XPE like) OS on the device with 496 megs of memory. That said today its running on an Atom D525 with 4Gb of memory just fine. I'm into weather and other stuff such that the HW connectivity today is as follows:

Software HA server
directly connected HW = = > 1 (one) USB cable to Digi 7 port USB hub = = >
- Way to Call USB device (wish I could use two of them at the same time)
- USB 9097 device
- Digi #1 8 port USB to serial device (fully populated) - 8 serial devices
- Digi #2 8 port USB to serial device (fully populated) - 8 serial devices
indirectly connected HW==>
2 (two) 4 port Quatech serial to IP devices
1 (one) Digi USB Anywhere device

Total hardware = = > 24 serial devices and 8 or so USB devices.

My last add was a serial splitter such that I could control the Russound serially from both the HAI OPII and HS box. Works fine. (still though have KPL's around the house) - so Russound though is controlled via KPLs, Omnitouch and HSTouch screens around the house.

I have tested the above using a virtual server with no physical connection to the devices and it worked just fine. I've been using the same connectivity for many years.

Attached is an old drawing that needs some updating of the interconnectivity of Homeseer, HAI OPII et al. Last "experiment" in my sandbox (home) was to separate the sprinkler automation to the Seagate Dockstar using Arch Linux (mentioned above). It does have its own touchscreen interface (shown) and TS is above the Rainbird box in the garage. Real and weather data is mostly via the network (testing xAP) but have connected a Midon Temp08 to the Dockstar such that it has connectivity to the 2 Rain8nets and 1 Temp08 for HW stuff connected. Working as it does now it will allow the primary home controller to mostly manage the sprinkling system via a virtual connection (IP or say xAP)and the failover could be the seagate dockstar should the main software not function or vice versa.

My issues relate to timely occurring multiple events, multiple scripts working with all of the hardware. Its a real hodgepodge of stuff. IE: if this piece of hardware does this and that concurrently with this other piece of hardware then run this VB script and this event at a certain time doing this and that. I am somewhat pickly if the event doesn't trigger in a timely manner or correctly based on the entire hodgepodge mix.

 

[drozwood90]

The disadvantage of most of these things is that it means you need to leave a power hungry computer on.

not true, HomeSeer has two Homeseer units you can buy, which the Hometroller(?) was something like 12-18W, and the Hometroller Mini(?) was something like 5-10W.

--Dan

 

[wolfdown]

I do install antivirus and antimalware for anyone else I support... but viruses don't just materialize out of thin air.

Just to be safe, and don't go near it if you are feeling sick or have a runny nose.

 

[znelbok]

Once comment on the above about XP SP2 getting the blaster virus. How many of us here connect our PC's directly to the internet.

Probably none - we all use routers with NAT as a minimum which gives us a hugh amount of security.

No PC is safe. Mac's have suffered as well. Not as much as Windows, but thats obvious because there are so many more installs.

Keep your PC up to date and behind a NAT or preferabbly a firewall and its not an issue.

I work with windows on industrial control systems and have never had an issue. We use a firewall and routers along with regular patching and virus scanning software.