Worms ...

A decent firewall in your router can keep many things at bay.
Did an experiment once. Had an old pc(no virus protection and no firewall) which I connected up via a dial-up modem to the internet and it took less than 30 minutes before it was infected. Reformatted the hard drive and re-installed the software and then hooked it up to my router and did the same thing, after 4 hours no infections.
The Yoggie Gatekeeper Pico might be a solution as well. Though it seems the company is having difficulty raising funds
Maybe some of the Linux based routers can be hacked to provide more security features.

no expert, but SFAIK firewalls are good against known threats, leaving others to get-through - ie: leaving a lot of vulnerabilities ... ?

Use a standalone computer

Question is how much could you actually destroy by gaining access? Lights....worst you can do is turn them on and bump up the electricity bill...heating again...increase the bills. If you have security systems...then ideally they should be standalone and have redundancy built in anyway.

You could with Idratek build in protection at the MCU level so even if the computer becomes compromised you can still safeguard systems. This can be made even safer by allowing only local firmware updates.

hmm, stand-alone computer might only go so-far ... eg: turning everything on in the house could make a lot of heat (all-electric, no gas, so lots of current), so lots of potential for trouble ... out of control also means distraction & hassle & SWMBO on the war-path ... not to mention the bills, and the planet ... and, while the HA might be stand-alone, day to day, interventions (updates, adjustments, analysis, etc) would still need linking to other computers (via RDP), from time to time ...

and not only lights, heating ... also water, audio-visual, Internet connection, local networks, etc ...

meaning, some sort of overall sanity-checks might be useful, time to time - ie: checking, given what's normal & commanded, are things happening within bounds (??)

Lots of trouble but nothing a free evening/weekend couldn't fix - there is very little actual physical damage you could do. And bills couldn't really be effected that much as you'd notice a significant change when you returned home.

As I said...protection at a lower level wouldn't be difficult at all and guard against bad programming.

I think if we're being honest...it's more likely we'll mess up our own system than someone in front of a laptop on the other side of the world

well, maybe - OK, light & heating, not too terrible, what about taps, if they could run on & on, and thermal stores, if could boil ... separate monitors that could intervene, might be good ... but how separate - locally separate, or just separate within Cortex ?

I'm a firm believer that thermal stores for example should have mechanical protection built into them regardless of whether they're HA controlled or not. Any control system can crash or create a condition where the network or controller becomes unresponsive. Air compressors and relief valves as another example.

One of the features of Idratek is the separate MCUs in the modules. In safety critical areas you can (in theory) apply simple logic to be applied AFTER the command is received.

Eg for taps you can combine it with either a water sensor inside the overflow or a cleaner method would be to program the module to measure the valves duty cycle over a rolling one hour window and then work out from that whether the bath is likely to be overflowing. Combine this with the same module that handles the drainage and a water sensor height and you remove even more guesswork.

For a overflow method though this embedded within the module itself would guard against excessive water wastage.

yep, you're right, of course... question then is how Reflex & Cortex co-exist & interact - ie: can in-module Reflex monitor what's happening & over-ride Cortex instructions when necessary ? Or, if Reflex is inhibited while Cortex is running, can the monitor function be created within Cortex in some sort of separate way - ie: can safety & other limits be set independently, as a catch-all, to protect against screw-ups & malicious interventions ?

I'm not too sure if it's accurate to describe the safety features as Reflex....I only meant it as a way to differentiate between Cortex control.

I think whether the modules are driven by Cortex or Reflex commands 'safety logic' should be applied to the requested command and a suitable response given.

For me the idea of a monitor within Cortex doesn't appeal at all....it must be programmable from the PC and if a worm has been designed to interfere with the network itself I can't imagine it would be difficult to rewrite the monitor to green light any malicious traffic.

yep, you're right ... 'though the problem then is how to do it without introducing significant extra cost & sources of unreliability ...

all this was done with aircraft years ago, but they needed multiple redundancy to make it work, and got into all sorts of voting schemes ... not something we want to do !

must say, it's tempting to think in terms of some sort of overseer, that looks at the broad sweep of things & cries foul when it looks like things are going awry ... as when water flow & electrical current don't match what seems to be appropriate ...

eg: maybe we could have Cortex tell of what it's asked what to do, and the overseer could check the sum of this against what the main house-meters are saying ... sort of parity check !

I don't quite get this?


The extra cost is minimal....you just need to code in checks for the certain conditions that create a dangerous situation.

Question is should it be included anyway as part of a good robust design?

yep, it should, basic good practice ... but where & how exactly to include it, given the set-up would include the solenoid, one of the Idratek relay units (an SRH, say), with Reflex, and Cortex ... not forgetting we are working on the customer side of things, not within the Idratek team ...

I don't honestly think you can....it would be best coded into the MCU inside the module.