Newsletter – June 2017

THIS MONTH…..

  • TRENDS
  • EYE CATCHING
  • FIRMWARE
  • THERMOSTAT DEVICE OPTIONS
  • WORK PACKAGE PHASES
  • PROJECT NEEDS
  • EXISTING CODE
  • LASTLY
TRENDS

United States Electricity Price per KWH
Present and Past

EYE CATCHING

Demand Response
An article sharing Honeywell is now providing three utilities with Smart Grid services. An article last fall considered if the time has come to deregulate all electric utilities. Deregulation proponents argue industry deregulation is the best way to lower costs and increase innovation. Deregulation antagonists argue the evidence so far shows little benefit to customers. An article sharing Schneider Electric has sold their data-software unit called DTN for $900 Million USD. An article sharing the search to find the balance between temperature and humidity in an office has resulted in cubicle area managers funding internal payments for immediate changes to HVAC settings. A survey of consumer perspectives regarding their Smart Grid interests revealed respondents cared primarily about saving money through time-of-use pricing in a Demand Response relationship with their utility provider.

Adoption of the Smart Grid is being driven now by customer financial capital savings. There is more interest to save money than address widespread environmental impact. The Demand Response model is advancing without concern for cyber security, as we identify in the following sections of this newsletter edition.

Smart Grid – Security
An article reporting the United States has tasked the Pentagon with the responsibility to protect the electric grid from attack by a cyber attack or atmospheric nuclear blast. The Pentagon has tasked the Rapid Attack Detection, Isolation and Characterization Systems (RADICS) to lead the protection effort. An article last year provided a thorough explanation of the smart meters in use today. An article sharing the United Kingdom placed their airports and nuclear power stations on terror alert from a credible cyber-related threat. An article sharing energy executives are pressing government agencies for more security clearance to fight cyber-related attacks on energy-related infrastructure. An article sharing United States lawmakers call for a pilot program to test for energy sector vulnerabilities.

The energy generation and distribution leaders, along with both lawmakers and defense department officials, are stating it is unsafe now to connect the national electrical grid to Demand Response by way of the Internet. It is difficult to believe an unsafe connection to the Internet will bring a good result. Good, meaning non-harmful to personal safety nor cause unnecessary risk.

Unlike
The argument supporting the position accessing the Smart Grid by using a mobile device application is no different from accessing a financial institution such as a bank by using a mobile device application is an uninformed debate. If all software applications were the same, then there would be no reason for software security. The GNU remotecontrol team considered this argument and found many differences between mobile device applications involving both the Smart Grid and financial institutions.

First, defense officials, industry executives, and lawmakers stated above it is not possible to defend the Smart Grid from cyber-related attack. Second, the United States Federal Reserve has accumulated substantive information regarding electronic, mobile and online banking. Third, they offer a course called E-Banking/Mobile Banking providing “a detailed understanding of the technologies and risks fundamental to electronic banking (e-banking) and mobile banking.” Fourth, they provide their annual Consumers and Mobile Financial Services, last posted March 2016, describing “consumers’ use of mobile financial services”. Finally, the United States Federal Communications Commission warns against “mobile wallet services to conduct financial transactions over an unsecured Wi-Fi network.

GNU remotecontrol does not find within the Smart Grid industry today regulation of any mobile device access to the Smart Grid. Neither do we find Smart Grid members are under a statute to safeguard against the security concerns identified by both the Federal Reserve and the Federal Communications Commission. Finally, we see no evidence either network connected HVAC (smart) thermostat manufacturers or software applications communicating with smart thermostats are bound by the statutes found in the banking industry.

Our conclusion is using a mobile device application involving the Smart Grid is not the same as using a mobile device application involving banking. They are dissimilar, discordant, incompatible, and unrelated. The GNU remotecontrol interface is a web application. GNU remotecontrol relies on OS file access restrictions, Apache authentication, MySQL authentication, and SSL encryption to secure your data. A mobile application is “an application software designed to run on mobile devices such as smartphones and tablet computers.” The security model used in a mobile application is not the same security model used in a web application. Both models are software based, but they are nowhere near the same code design. We agree web application security is a concern, but hold the position web application security has a much lesser risk of compromise than mobile application security. This position could change in the future, but we do not see this change occurring in the foreseeable future.

Factorial Facts
The GNU remotecontrol team considered at the beginning of the software project, over a decade ago, the multiple interfaces required to achieve Demand Response with the Smart Grid using a smart thermostat. The rising interest to access a smart thermostat by a third party involving a cellular network introduces a security concern. The cellular network accessing the Smart Grid could advance any cyber attack. Consideration of factorial evaluation reveals there are many interfaces involved from the perspective of role-based access control.

A factorial calculation of a non-negative integer n denoted by n! is “the product of all positive integers less than or equal to n.” A dominant benefit of a factorial calculation is discovering how many arrangements, what we identify as relationships, exists within a distinct list of objects, items, or any other unique entity. Let’s consider a simple example of only the service providers involved with Demand Response.

(1) Electricity Utility provider
(1) Demand Response service provider

n = 2

2! = 2 x 1 = 2

This example has two different relationships occurring simultaneously. Let’s now add in the Cellular Phone service provider. The number of relationships is more than doubled.

(1) Electricity Utility provider
(1) Demand Response service provider
(1) Cellular Phone service provider

n = 3

3! = 3 x 2 x 1 = 6

This example has six different relationships occurring simultaneously. Each relationship must always be secure not to suffer nefarious activity to the smart thermostat. Let’s now consider the addition of the smart thermostat’s manufacturer accessing the thermostat.

(1) Electricity Utility provider
(1) Demand Response service provider
(1) Cellular Phone service provider
(1) Smart Thermostat’s manufacturer

n = 4

4! = 4 x 3 x 2 x 1 = 24

This example has twenty-four different relationships occurring simultaneously. This amount is a staggering number to believe all relationships will operate without compromise. Finally, let’s add in an application installed on the mobile device to accomplish real-time communication with the smart thermostat owner leveraging Demand Response from the Electricity Utility.

(1) Electricity Utility provider
(1) Demand Response service provider
(1) Cellular Phone service provider
(1) Smart Thermostat’s manufacturer
(1) Demand Response software application

n = 5

5! = 5 x 4 x 3 x 2 x 1 = 120

This example has one hundred twenty different relationships occurring simultaneously. The different providers must work with a clear plan of operation to achieve their objective successfully. It is difficult to believe the Smart Grid today is ready for this operational complexity.

The articles sharing the Pentagon has only recently tasked RADICS to lead the protection effort against attack by a cyber attack, energy executives are pressing government agencies for more security clearance to fight cyber-related attacks on energy-related infrastructure, and United States lawmakers call for pilot program to test for energy sector vulnerabilities collectively proves there is no widespread confidence the Smart Grid can defend against energy sector vulnerabilities. This conclusion is supported by the statement of defense officials, energy industry executives, and lawmakers. The Smart Grid today is not ready operationally for Demand Response involving real-time customer input to either accept or reject time-of-use pricing offers.

FIRMWARE

We shared in our March 2017 newsletter edition we have elevated our firmware work to a dedicated section in our newsletter. GNU remotecontrol shared in 2016 we have entered the firmware aspect of the smart thermostat. We now share publicly for the first time our specific plans to accomplish building our virtualized smart thermostat.

Our build plans are pretty simple. First, we select a kernel. Second, we select what applications we need to use in our firmware. Third, we add our original code for thermostat functionality to the kernel and applications. Finally, we build the kernel, applications, and our original code into a portable container, a hypervisor, for ease of usage. We have selected VirtualBox as our container for portability. We can easily scale multiple virtualized thermostats once our work is in a portable container. This approach should accelerate further development efforts, as obtaining the virtualized smart thermostat is much less effort than compiling the source code. We then refine our virtualized smart thermostat and develop our work to live on a circuit board within a smart thermostat. Our kernel consideration is down to two kernel options.

Option 1 – CoreOS
CoreOS has a feature-rich offering. We see much active development in the CoreOS project. We do not believe we will need all of the CoreOS source code to build our virtualized smart thermostat.

Option 2 – libreCMC
libreCMC also has a feature-rich offering. We do not see as much active development in the libreCMC project as we do in the CoreOS project. We are uncertain if we will need all of the libreCMC source code to build our virtualized smart thermostat.

We are struggling to reach a decision of which kernel to select. We may select both kernels if we have the developers to do the work. Comparing the strengths and weaknesses of CoreOS to the strengths and weaknesses of libreCMC has consumed much of our time and effort. Talk to us if you would like to participate in this new part of the GNU remotecontrol framework.

THERMOSTAT DEVICE OPTIONS

We shared in our March 2017 newsletter edition of our new section to both identify and discuss available smart thermostat options in consideration with internationally accepted technology standards. This section provides insight into each offering as new information becomes available. We add Ecobee this month to our list of smart thermostat device options.

Ecobee
The Ecobee product line is owned by Ecobee. Their API seems impressive initially, but a deeper review finds they only use an HTTP-based interface for accessing their thermostat device. They have an authorization token and PIN model for device authentication. They do offer https with their Authorization Code Authorization Strategy. Ecobee integrates with Amazon Alexa, Apple HomeKit, Control4, Haiku Fans, IFTTT, Logitech Harmony, Samsung SmartThings, Vera, and Wink. Ecobee has external sensors connecting to their thermostat by an uncertain type of wireless connection.

A recent article claims the Ecobee offering is the best smart thermostat on the market today. This milestone takes Nest out of first place, a position Nest has held for just over the past five years. Ecobee is indeed the most feature-rich smart thermostat offering in the marketplace today.

Wired Access: No
Wi-Fi Access: Yes
ZigBee Access: Yes
API: Yes
License: Proprietary

Nest
No new findings.

Sensi
No new findings.

Carrier
No new findings.

Honeywell
No new findings.

WORK PACKAGE PHASES

GNU remotecontrol accomplishes productive work output through structured work packages. This approach helps to organize our efforts and keep things on track to achieve publishing our work. We have ten different phases for our work packages.

GNU remotecontrol Work Package Phases

Order Label Name
1 REQ Requirements
2 DSG Design
3 DEV Development
4 UNT Unit Testing
5 SYS System Testing
6 UAT User Acceptance Testing
7 DOC Documentation
8 RLS Release
9 TRN Training
10 SPT Support

The GNU remotecontrol team does not perform any work output outside of structured work packages.

PROJECT NEEDS

Staffing
GNU remotecontrol Project Help Wanted
.

New Thermostats
Many people have asked us about adding other types of thermostats to GNU remotecontrol. There are three questions that need to be answered before we can offer GNU remotecontrol support for any IP thermostat. These questions are:

  • How to CONNECT to it (NETWORK).
  • How to READ from it (CODE).
  • How to WRITE to it (CODE).

It is our hope to have dozens and dozens of thermostat types that work with GNU remotecontrol.

EXISTING CODE

Bugs
We have 0 new bugs and 0 fixed bugs since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

Tasks
We have 0 new tasks and 0 completed tasks since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

LASTLY

Whatever you do…..don’t get beat up over your Energy Management strategy. GNU remotecontrol is here to help simplify your life, not make it more complicated. Talk to us if you are stuck or cannot figure out the best option for your GNU remotecontrol framework. The chances are the answer you need is something we have already worked through. We would be happy to help you by discussing your situation with you.

…..UNTIL NEXT MONTH!

Why the Affero GPL?

GNU Affero General Public License LOGO

GNU remotecontrol LOGO

Newsletter – March 2017

THIS MONTH…..

  • TRENDS
  • EYE CATCHING
  • FIRMWARE
  • THERMOSTAT DEVICE OPTIONS
  • WORK PACKAGE PHASES
  • PROJECT NEEDS
  • EXISTING CODE
  • LASTLY
TRENDS

United States Electricity Price per KWH
Present and Past

EYE CATCHING

Demand Response
The United States Department of Energy has released the second installment of their Quadrennial Energy Review. The findings identify the need for seventy-six recommendations to better formulate a strategy for a national Smart Grid. An article finding more contention between wholesale and retail energy markets. An article describing the concern held by public utilities about transactive energy.

The oligopoly nature of an electricity provider, either wholesale or retail, is being changed to more of a perfect competition nature by transactive energy. The more change in any unit price, such as when energy is purchased and used, the less control the electricity provider has in their microeconomics relationship with their customer. The energy markets will need to learn how to succeed in this new role, as they have not historically participated in the microeconomics arena.

Smart Grid – Security
An article identifying hotel room HVAC thermostats are being controlled beyond room occupant preferences by hotel management. The Honeywell XL Web II Controller has been identified as having a vulnerability exposing a user password by accessing a specific URL. A report by the United States Department of Energy found the risk of cyber attack on the national electrical grid is high.

The journey to a national Smart Grid is not without arduous steps. Technology weaknesses are being exposed as are strategy flaws. The inability of an occupant to control room temperature is an example of how overreach can disable adoption of any leadership strategy.

New Technologies
An effort to develop a distributed sensor network powered by excess radio waves is close to completion. The sensors measure temperature and humidity levels in a dwelling. Feeding this data to an energy management strategy would substantially increase the effectiveness of an energy usage strategy.

A company providing a product to control the opening and closing of duct systems. Unfortunately, they use a proprietary radio frequency, has no API, and have no network security beyond a password. The concept is wonderful and would do well to not use proprietary and weak components in their product technology strategy.

FIRMWARE

We have elevated our firmware work to a dedicated section in our newsletter. GNU remotecontrol shared in 2016 we have entered the firmware aspect of the residential network connected HVAC thermostat (smart) thermostat. We are in the process of selecting a kernel distribution. We are down to two kernel candidates. An outcome of our firmware effort is answering the many questions about the existing firmware features in the thermostat devices available today. We address these questions in the following section.

THERMOSTAT DEVICE OPTIONS

We add a new section to our newsletter for 2017. The purpose of this section is to both identify and discuss available residential network connected HVAC (smart) thermostat options in consideration with internationally accepted technology standards. This section provides insight into each offering as new information becomes available.

The present market status is to force the thermostat owner to use a third-party to access their thermostat device. Device control and privacy are not clearly defined when a third-party is involved. The mandate to use a third-party to access the thermostat device provides no user rights for accessing their thermostat beyond what the third-party allows. Furthermore, no privacy rights are provided to the thermostat owner regarding either access to the thermostat device or the data generated by the device. Overriding third-party access restrictions for the thermostat owner is best accomplished by the thermostat manufacturer developing and releasing an Application Programming Interface (API) for the thermostat owner to access their thermostat device.

We identify five commonly asked questions about a thermostat device. There are three questions about the network connectivity to access a device, one question about API availability, and one question about the type of license provided by the technology owner. This list is not meant to be comprehensive.

Nest
The Nest product line has already been well-discussed in previous newsletters.

Wired Access: No
Wi-Fi Access: Yes
ZigBee Access: Yes
API: Yes
License: Proprietary

Sensi
Sensi is a technology protocol owned by Emerson Electronics. They licensed their technology to various electronics manufacturers. They are also working with Amazon for their Alexa product line to integrate with Sensi.

Wired Access: No
Wi-Fi Access: Yes
ZigBee Access: No
API: No
License: Proprietary

Carrier
The Cor product line is owned by Carrier. Carrier formed a strategic relationship with Ecobee to use their API.

Wired Access: No
Wi-Fi Access: Yes
ZigBee Access: No
API: Yes
License: Proprietary

Honeywell
The Lyric product line is owned by Honeywell. The product is a member of their Smart Energy division. They have partnered with a data analytics firm to find energy usage patterns. They are also working with Amazon for their Echo product line to integrate with Lyric.

Wired Access: No
Wi-Fi Access: Yes
ZigBee Access: No
API: Yes
License: Proprietary

Conclusion
The resounding message from these thermostat device manufacturers is they are integrating their products with complementary technologies. This association causes a new relationship to exist between technology owner licensing and the thermostat device owner. Furthermore, the purchase today of a thermostat device does not mean the thermostat device will not be forced to interface with another technology in the future. This scenario occurred when Google purchased Nest. The absence of complete device control by the device owner has resulted in a confusing position for the home insurance industry to clearly understand and insure against risks. The electronics manufacturing industry presently does not want the owner of a thermostat device to have direct access to their thermostat device. Hopefully, this position will change when it is evident forcing a third-party to be involved is not producing enough satisfaction on the part of those either manufacturing or purchasing these thermostat devices, and when the technology owners are willing to end their insistence to use a proprietary technology license.

WORK PACKAGE PHASES

GNU remotecontrol accomplishes productive work output through structured work packages. This approach helps to organize our efforts and keep things on track to achieve publishing our work. We have ten different phases for our work packages.

GNU remotecontrol Work Package Phases

Order Label Name
1 REQ Requirements
2 DSG Design
3 DEV Development
4 UNT Unit Testing
5 SYS System Testing
6 UAT User Acceptance Testing
7 DOC Documentation
8 RLS Release
9 TRN Training
10 SPT Support

The GNU remotecontrol team does not perform any work output outside of structured work packages.

PROJECT NEEDS

Staffing
GNU remotecontrol Project Help Wanted
.

New Thermostats
Many people have asked us about adding other types of thermostats to GNU remotecontrol. There are three questions that need to be answered before we can offer GNU remotecontrol support for any IP thermostat. These questions are:

  • How to CONNECT to it (NETWORK).
  • How to READ from it (CODE).
  • How to WRITE to it (CODE).

It is our hope to have dozens and dozens of thermostat types that work with GNU remotecontrol.

EXISTING CODE

Bugs
We have 0 new bugs and 0 fixed bugs since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

Tasks
We have 0 new tasks and 0 completed tasks since our last Blog posting. Please review these changes and apply to your GNU remotecontrol installation, as appropriate.

LASTLY

Whatever you do…..don’t get beat up over your Energy Management strategy. GNU remotecontrol is here to help simplify your life, not make it more complicated. Talk to us if you are stuck or cannot figure out the best option for your GNU remotecontrol framework. The chances are the answer you need is something we have already worked through. We would be happy to help you by discussing your situation with you.

…..UNTIL NEXT MONTH!

Why the Affero GPL?

GNU Affero General Public License LOGO

GNU remotecontrol LOGO

%d bloggers like this: