Spark Powered Thermostats: Burning Down the House, Baby!


#1

In response to the build a Nest like thermostat I feel it necessary to post a warning.

For reference: http://blog.spark.io/2014/01/17/open-source-thermostat/

Sometimes the open-source community gets crazy and needs a sanity check. This is that check.

Rule #1: If you have a gas furnace NEVER mess with your home thermostat beyond what’s outlined in the user manual & that also means never have the audacity to build your own. Let me be clear. If you have a gas furnace & something goes wrong with your thermostat things can go horribly wrong very, very quickly because gas furnaces typically pump out a lot of BTUs. Our daughter almost died because an unmodified, properly installed Honeywell programable thermostat failed after four years of use & caused our furnace to remain on for an extended time, raising the temperature in her room which was above the furnace to over 120 degrees. She didn’t die because my wife and myself managed to wake up and realize the house was way too hot. Keep in mind kids don’t wake up like adults do and I think we were likely lucky that we did.

In researching this incident I found story after story of furnaces gone awry & the built in thermal protection on the furnace not cutting it off before causing serious damage. One such story was from a couple who were out of town when their furnace went nuts and raised the temperature in the house high enough that it melted every piece of plastic in the entire home. If you make your own thermostat consider that the worst case in one of these situations is that someone dies or your house burns to the ground. The best worst case is that all your stuff melts and your insurance company refuses to pay a claim because of the home-made gadget hanging on the wall. The danger isn’t quite as high for thermal induction & heat pump systems but it’s something you need to consider depending on the size of your HVAC unit. I build a lot of projects & am entirely comfortable playing with 15,000 volts around water: http://www.flickr.com/photos/patcheudor/11616785826/ . I WILL NOT, however, mess with my HVAC unit.


#2

I believe your warning is somewhat misinformed. First, user-replaceable thermostats are more the norm than not. The thermostats included in new-build homew are inefficient and frankly I believe are meant to be replaced. Gas furnaces (especially) are designed with regulated and mandated safety features that are designed to shut down the unit when unsafe operating conditions occur (vent fan fails, main fain fails, overheating, low gas pressure, etc).

A thermostat is a control device and NOT a safety device. It is not, by design, up to the thermostat to turn off the furnace when unsafe conditions occur. In fact, the thermostat may not be able to control the furnace whatsoever under those conditions.

The failure of a furnace to shut itself off is typically due to incorrectly serviced or unserviced furnaces whose safety devices have been compromised or have aged to failure. I suspect most people have a “out of sight, out of mind” attitude regarding furnaces (and hot water heaters) and fail to have them serviced on a regular basis.

I think the “warning” you present here should be more to homeowners to invest in the upkeep of their furnaces and other “out-of-sight” appliances than about installing replacement thermostats like Nest, Honeywell and others. In the meantime, the several Honeywell units I have used in the past and the Nest I presently use to control my furnace are operating well and saving me money, which I invest in furnace check-ups every few years.


#3

I didn’t provide a warning about user-replaceable thermostats. They are typically well designed and tested by companies who’ve invested millions of dollars into research and development, although as my story states, they do sometimes fail. My warning is to the home-brew community and I would like them to think before doing something stupid.

Contrary to your belief, a thermostat is in fact a primary safety device because the internal thermal cutoff in most HVAC units is there as a “things have gone horribly wrong” backup, not a primary safety control. The average thermal cutoff is rated to trigger between 165-170 degrees:

A lot of bad things can happen before it cuts off. Don’t take my daughter nearly dying from heat stroke while she slept lightly. It was a horrible experience for the whole family with lots of questions being asked about how it could possibly happen.

In our particular case the furnace was four years old in a four year old home and properly maintained with inspections twice a year, one in the summer and another in the winter along with requisite cleanings. There was nothing wrong with it, period. The primary thermostat failed because a solid-state relay failed closed and because of the way our home was designed with the furnace directly below my daughters room it was 20 degree’s warmer than the rest of the house. Her room would have easily reached 170 degrees because of the very free flow of air through the furnace with six cold air returns throughout the house. My wife and myself woke up to our bedroom being about 110 degree’s. If we would have been sleeping in the second master on the first floor instead of our primary on the third floor we likely wouldn’t have woke up in time and my daughter would have died.

What anyone considering making a home-brew thermostat must consider is simple. If things go wrong with a device likely not designed to be a primary safety device either through software or hardware implementation can you live with yourself? I’m aware of very few marriages as an example which could survive something like what we went through if it would have been a home brewed thermostat instead of a well known and trusted brand.


#4

Though I do not disagree with your concerns, I do beg to disagree on the safety aspects of thermostats. Construction code does not consider a furnace thermostat as a safety device, only those devices on the furnace. In Canada, at least, the construction code clearly outlines where and how a gas furnace is to be placed vented and operated. The CSA along with Provincial and National Building Standards define the minimum safety requirements for gas furnaces and their use. Perhaps the same stringent code does not apply in your area. The homebrew community should always consider all safety aspects of their projects and I understand with your warning. I am truly sorry for what happened to you and your family.


#5

I’m unaware of any building codes which call for a thermal cut-out on the primary HVAC unit before 165 degrees Fahrenheit. Also, after the incident with our thermostat I was shocked by the lack of regulations in this particular space. For most HVAC manufactures “safety” means not starting a fire, not making a house so warm that it’s fatal.

I would encourage you to go take a look at your unit, find the specific thermal fuse temperature and then go do some research into: a) at what temperature it’s possible to get heat-stroke while sleeping & b) why children sleep more soundly than adults. The only reason we have smoke detectors & carbon monoxide sensors is that deaths from those two mechanisms have been common. Death from heat-stroke because of a failed thermostat is very rare. It would be good to keep it that way and as such keep in mind again that in the whole grand scheme of things, if your HVAC cuts out at a temperature which would be fatal to sleeping children then a thermostat is in fact a primary safety device and should be treated as such.


#6

Well, let’s agree to disagree. One point to consider is that if a thermostat was a safety device, you would a) NOT be able to tamper with it or change by code and b) would have one in every room or at various locations in the house. Perhaps there is an opportunity here for a device that not only monitors for smoke and/or carbon monoxide but other conditions such as over and under temperature in a room. Perhaps even one based on the Spark Core!


#7

As someone who has designed many UL approved redundant hardware and software safety systems in medical devices, I would completely agree with @patcheudor 's warning.

If something can go wrong, it will go wrong… eventually. Design in a hardware failsafe (or two) if you know what’s good for you :wink:

I just went and ripped my Honeywell TH4110D1007/U off the wall. No UL marks, no CE marks… it’s basically a battery powered toy. Pretty disappointing.

@patcheudor I’m sure you’ve done a lot of research on this. Is there anything on the market that acts as a thermal cut-off for your furnace AC input? No power, no gas, no fan. I suppose the valve could stick open as the failure point, but at least in that case the fan wouldn’t be pushing the heat through the house… and the furnace’s built-in thermal cut-off would have a better chance at kicking in.

Also, I would not use anything wireless for a temperature fail-safe. K.I.S.S (Keep It Stupidly Simple) so it will have a much less chance of failing when you need it… and make it redundant.


#8

I’ve come to terms with simply offloading the “risk” to the manufacturers. I don’t touch the HVAC unit at all beyond periodic inspection & cleaning. If something goes wrong, the manufacturer of whatever component that failed will hear from my lawyer. It is disappointing that possibly there is a view that a thermostat is not a primary safety mechanism within the industry or the home-brew community as that tells me there are accidents just waiting to happen, if they don’t already and we just don’t hear about them. I know our incident didn’t make the press.

For safety, there are heat detectors:

They will trigger a full 30 to 40 degrees sooner than the safety cut out on the HVAC unit and with heat stroke time does play a factor so if installed in the room(s) which get hotter first they could provide some safety. We sold our home shortly after that incident. In our current home the main rooms get warmer first with the bedrooms sitting at the end of the circuit. When we were looking for homes this was something we did take into consideration.


#9

Patch​eudor, don’t think I am waiving your concerns off. Unfortunately, the residential building code is a minimum requirement and usually all that the manufacturers implement. Commercial and industrial systems require more stringent controls and it is just now in Canada that residential construction must include fire sprinklers. An ideal heating system is hardwired and designed to fail in “safe” mode. For a furnace, that means completely off. That also means more sensor points, ideally in every room connected to the furnace to provide a complete closed-loop control system. If a sensor fails, the furnace reacts accordingly.

Unfortunately, homes typically have a single thermostat and the furnace is slaved to it. If it fails, as it did in your case, neither the furnace nor the thermostat knows any better. The ideal thermostat needs to know when it fails (output sensing, watchdog capability, etc.) and provides elegant shutdown of the controlled furnace or an alarm condition (like a smoke detector’s low battery warning) warning residents of the failure. In our home, there is an ON/OFF switch that disables power to the furnace located in a clear spot in our basement stairs in case of emergency.

At the end of the day, we are ultimately responsible for our own safety and that heat alarm is a good start. The only way I know to get the safest equipment is to use industrial grade stuff but for most of us, the cost is prohibitive.


#10

I think these are the key items to consider for the home-brew community when it comes to making thermostats:

  1. If something bad happens your significant other will blame the thermostat manufacturer. If that’s you, be prepared.

  2. If something bad happens your insurance company will blame the thermostat manufacturer. Again, be prepared.

  3. If something bad happens you’ll likely blame yourself. Again…

  4. The fail-safe built into the vast majority of HVAC units is not sufficient to prevent harm beyond preventing a fire so keep that in mind.

  5. Fail-safe controls external to your HVAC unit are a good idea for the truly paranoid whether components of your HVAC system are home-brewed or not.


#11

Hey guys - thanks for the lively debate here. @patcheudor I think your warning is helpful; for us the thermostat was a proof of concept and not necessarily intended to be actually put into use. We just wanted to see how far we could get with it in 24 hours. That said, there are now nearly 400 followers on its github page, and they’re asking for things like the enclosure design, so clearly there are folks who are planning on building their own.

@patcheudor would you be willing to provide a brief warning we could add to our Github README on safety hazards? Since you have experience here your advice would be helpful.


#12

I certainly agree with you on these!


#13

Here’s a first stab at the README warning:

"WARNING: Many HVAC units are capable of producing very high temperatures and in the case of systems with a high output gas furnace fatal temperatures can be reached in a matter of hours within a typical home. Where required by building code, HVAC systems will have safety cut-offs so that when the air temperature flowing through the unit reaches 165 to 170 degrees Fahrenheit they will shut-down to prevent a fire. The safety cut-off temperature of your system should always be considered when designing a thermostat for an HVAC unit. Even when equipped with a safety cut-off, temperatures reached before the cut-off can at a minimum cause common household plastics to melt and household electronics to fail. In worst case scenarios these temperatures can be fatal to pets and sleeping occupants of the household.

Relays have been known to remain in a closed position either through a direct component failure or at the direction of other discrete components such as a failed temperature sensor or even control system software. With this in mind, if you choose to build a thermostat you must consider its operational environment all means by which something could go wrong within your control system and understand mitigating controls which must be implemented internal to the design such as fail-safe run timers or controls external to the design including additional safety cut-offs or alarms. If the thermostat you build and implement for your HVAC unit fails there could be very tragic consequences including property damage and death. In such cases insurance companies may have valid reasons for denying claims. Proceed with caution."


#14

The best thing to do would be put in a hard coded max temperature that is checked outside of the standard temperature checking code. Then add in a max run time for the heater.

Or maybe just add a thermal fuse that can turn off the system if the room temp gets to high?


#15

A hardware safety system is much easier to “prove safe” than a software one :wink: Those little bugs and unforeseen corner cases really muck things up.


#16

Puts on Robe and Wizard Hat
Casts Level 69 "Resurrect Thread"
Roll 1d20: …20!
Spell Succeeds, Thread Resurrected

Sorry to be a Thread Necromancer—Takes off Robe and Wizard Hat—but I figured there’s no need to start a whole new thread.

So I’m working on my own little Spark Powered Thermostat, but unlike everyone else it seems, I don’t have a “Conventional” HVAC system. I’ve got a Heat Pump, which makes things a bit different wiring and control wise. Now, from Googling and reading various professional HVAC manuals, I’ve got the wiring pretty much down; I understand how a Heat Pump works and what my controls are (Compressor On or Off; Reversing Valve On for Cool, Off for Heat; Fan On or Off, Emergency Heat On or Off).

I’m pretty much good to go, except for one big question: When going from heat to cold or cold to heat, do I need to disable the compressor before enabling/disabling the reversing valve, and if so for how long?

I assume the answer is yes, I do need to stop the compressor (as most thermostats I’ve seen won’t start heating/cool for a few minutes after you’ve switched the mode).

Any HVAC experts in the house who can give me a hand? :smiley:

My Wiring

For those who want to follow along, here’s the difference between a Heat Pump and Conventional setup:

Conventional HVAC Systems consist of an A/C unit and furnace. The A/C is a compressor that sits outside with a small tube that runs through a series of coils in your air handler and back. The furnace is in your garage or basement and is either gas or electric. When your system calls for heat the furnace starts up and a blower forces the warm air into your air handler and through the duct work, filling the house with warm air. When the system calls for cooling, the furnace turns off and the compressor outside starts, compressing refrigerant into a liquid and pumping it through the coils in your air handler, where it absorbs heat and changes into a gas; this now warmer gas returns to the compressor unit where it’s compressed under high pressure and goes through another set of coils that cool it down, where it turns back into a liquid again. So an A/C unit isn’t actually bringing cold in, it’s taking heat out!

So why am I telling you the intricacies of an A/C unit? Because a Heat Pump System is just the A/C portion of a conventional system; by that I mean there’s no furnace for heating, it’s just the outdoor compressor system and air handler. The outdoor compressor unit is exactly the same as described above, with one small—but important—addition: The Reversing Valve! Essentially, when activated, this valve reverses the flow of refrigerant through the system, which means either the coils inside the air handler are taking heat out of the air (cooling your house) and moving it outside or the coils outside on the compressor unit are taking heat out of the air and moving it inside (warming your house).

In this type of Air-Air Heat Pump setup, no matter if the system calls for cooling or heating, the yellow (Y) wire is powered, which activates the compressor. What matters is the state of the orange (O/B) wire, which controls the Reversing Valve. On the majority of systems, it’s on for cooling and off for heating.

(On most setups there’s also an E and/or AUX input, which activates Emergency and Auxiliary heating, respectively. Emergency Heat is generally an array of ceramic or wire heating elements inside the air handler which serves two purposes: 1) As backup heat if the compressor fails or it’s too cold for it to maintain the desired temperature. 2) If it’s raining/icing/snowing and very cold, the air exchanger/coils can become a sheet of ice, if this happens the system will go into cooling mode and turn the Emergency Heat on, so that the inside coils can pull that and transfer it to the outdoor coils, where it melts the ice. Clever, eh? The Auxiliary heat output is general for a small gas furnace or ventless propane/natural gas heaters and mostly not used.)


#17

Back to the original topic regarding the safety of a :spark: powered thermostat…

If safety is a concern, and commercially available thermostats are considered safe, couldn’t you just use both a commercially available thermostat as well as a spark core?

Leave the commercially available thermostat set to 80 degrees or any cutoff point above normal operational levels. The commercially available thermostat’s relay should always remain closed, and the relay attached to the :spark: core would normally control the furnace. If, however, for some reason the Spark’s relay failed to open, the relay from the commercially-available unit should then open at 80 degrees.


#18

Getting a Commercially approved safe thermostat which accept user inputs would be the ideal case.

Your :spark: core is only going to send some input to trigger some heating profiles and the thermostat does the rest.

That’s what i can think of if safety is really a concern :smiley:


#19

Honestly I think the OP’s “concerns” are way overblown. The fact that his Honeywell commercial thermostat along with his furnace’s built in safety overrides both failed and heated his daughter’s room to “over 120 degrees” (which by the way I highly doubt was the actual temperature, as things would have been catching on fire in the basement at that point, but I’m digressing) is a tragic accident, yes, but it tells me two things:

  1. Someone wasn’t having their HVAC system properly inspected and maintained. A competent installer should have been able to see there were problems with the safety features.

  2. Honeywell is one of the largest manufacturers of HVAC equipment in the world and, while once a maker of quality equipment, their consumer stuff is now built very much to a budget and I suspect by the absolute lowest bidder. Doing research and buying a good thermostat with safety features would have gone a long way.

The warning was about a commercial system failing and has absolutely nothing to do with building your own. As long as you do your homework and understand what you’re dealing with and the potential for things to go awry (and methods for preventing it), you should be OK. In fact, assuming your furnace’s safety features are working, I’d be much more concerned about building anything that plugged directly into 120VAC than I would building my own thermostat.

Just to stress, I’m not brushing off what happened to the OP, I’m sure it was tragic for him, but I don’t think the lesson here is “DON’T EVER TOUCH YOUR THERMOSTAT!” so much as it is, “Buy a quality, well reviewed thermostat and have your system serviced every year by a qualified and competent professional.” If you’re building your own thermostat I think you’re past these points and the message should be, “Do your homework, know what you’re dealing with and what can go wrong.”

Just my two cents! :wink:

(As a side note, the OP mentions reading about a lady who went on vacation and when she came home everything made of plastic inside the house was melted. There is absolutely no physical way that’s even remotely possible. I’m sorry. Just, no.)

@jonathan That’s a bit overkill, really. Just use a bimetal switch! That one is normally closed (conducting) and will open (stop conducting) at 86f. Just put that between the output of your heat relay and the wire going into the wall. Get another one that’s normally open (not conducting) and set at least 10 degrees above freezing to put between the 24VAC feed from the wall and heat wire going to the wall.

With these two bimetal switches, the heat will cutoff if it gets too hot (86f in this case) and come on if it gets too cold (above freezing). This prevents your dog from catching on fire and IKEA furniture melting if your Core CFODs and the heat sticks on, plus it keeps your pipes from bursting by keeping the house above freezing if your power goes out or something. (That’s the beauty of bimetal switches: 100% mechanical!)


#20

@timb you make more assumptions in your above post than I could keep track of! Because of that I can’t use anything you said to design a safe system. I’m not going to be any more of an ass and break down each thing you said… just know I have mostly problems with it! But know I still love you :smile:

Also the bi-metal switch you linked to has a ± 5.4ºF at 86ºF when it OPENs and ± 9ºF at 59ºF when it RESETs and closes. Which means it could OPEN at 80.6F and close again at 50F. I could easily see cases where your house gets up to 81ºF before you turn on your heat (let’s say your thermostat batteries die, or you turned off your heat for some reason), your bi-metal switch would OPEN and not RESET again until them temp got down to 50F. There might not be a good way to reset that thing if you can’t cool it back down very easily. I’d probably pick something that didn’t have such a huge hysteresis. Maybe something you could more easily control, like a thermistor with a hardware window comparator. Certainly not as easy as plugging in a chinese bi-metal switch off ebay, but since we’re talking about properly engineering a safe solution… it needs to be safe, and a solution. I haven’t really thought long enough about this to even claim my solution is safe or the best solution… because it just reminds me of work, and I do that 50 hours a week.

So for this to work, you would need to put the relay from the thermostat in series with the relay from the spark core to be safe. When the relay closes, it turns ON the heat. So if the relays were in parallel, either the Spark Core OR the Thermostat could turn ON the heat… but if one of them failed ON it would keep the heat ON even if the other relay opened. If you put them in series, not either relay can open and shut the heat OFF. However, if they are in series they BOTH need to turn on to turn the heat ON. This is obviously bad because we don’t want to be a slave to the thermostat anymore… we want the Spark Core to be in full control. So in series, we have to wait for the thermstat to call for heat in addition to the Spark Core calling for heat.

BTW: Necromancy is really only an issue on threads that may contain outdated information.