Reply to post:

The Internet of things is great until it blows up your house

Henry Wertz 1 Gold badge

Yeah...

1) The clothes, you have a standardized range from 1-10 or whatever, have a "please iron with setting 5" on the clothes. Done.

2) The other example... as AC says, a 4-bit microcontroller would have more than enough power for this (and I don't even know if they're on the market any more, but even a embedded 32-bit CPU is well under a dollar) I can't see any reason to have this have bluetooth or anything in it, I would expect it to have the usual "1 through 6" or whatever temperature knob, and a mode switch to switch in a few modes to do whatever cooling off later and so on based on the sensor inputs.. I'd expect this to have reasonable factory calibrations in a lookup table, but calculating "on the fly" really shouldn't require going online either. For safety purposes, although the software should also have "sanity checks" to avoid unsafe temperatures, the existing safety shutoff should be kept as-is.

Safety can be an issue, but to avoid it I advocate using hardware safety interlocks when reasonable. For example, the electric blanket retains a temperature cutoff (the software should still have a final "sanity check" on the temperature, but some piece of hardware ultimately shuts it off in case of CPU failure or whatever). In the case of the stove... well, first, I don't know why you'd want to remotely turn it on, it doesn't take that long to heat up. But, I would use furnace-style hardware... on the furnace I have now, you hold down an igniter switch while lighting the pilot. You let up on the button, and if some temperature switch hasn't gotten up to temperature, the gas shuts off. I'd give the CPU only access to a "gas plus ignition" switch, the hardware would limit on time and excessive retriggers, so the CPU could try to blow up the stove all it wants and the hardware would prevent it.

I think anyone working on these "iot" devices that do anything important should read up on the Therac-25. In short, it was an electron beam medical device that would run the high-energy electron beam without spreader plate due to a race condition, causing about 1000x the intended dose; if some data was updated close enough to 'start of procedure', and there were incorrect results, they could slip in after the safety checks. On the previous models, a hardware interlock prevented this configuration but the previous hardware safeties were removed in favor of full software control. Most devices aren't that likely to be harmful, but I still recommend leaving in hardware interlocks.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019