Spark Powered Thermostats: Burning Down the House, Baby!

Obviously you wouldn’t get that exact bimetallic switch, 86f is a bit low. That was just the first one I came across.

I only made assumptions because the OP didn’t really give us a lot of detail to go on. I guess my point was that the warning shouldn’t be: Don’t touch your thermostat. And should be: Get informed and know the risks.

I’d sooner build my own thermostat than I would garage door opener. (Garage doors kill people and pets every year. Thermostats don’t.)

Again, that’s why I said it was my two cents. :wink:

I’ve never heard of necromancy being outdated info. I’ve always seen it as threads older than a certain period. Gonna have to research this!

1 Like

I hate stupid Internet etiquettes and that's one of them. There's that guy (the keeper of the net) that's always yelling at you for resurrecting an old thread, while your post is plenty relevant and adds to the conversation... maybe it's solving a problem that has existed, or maybe you are also reaching out for similar help. Locking threads just because they are dated is also lame. Don't go look it up... just BE THE CHANGE :smile:

1 Like

Ah screw it. I am going to “rant in” on this one …

FREAKIN SAFETY FREAKIN FIRST

PREIOD.

Anything home made as a one-off especially has HUGELY higher chance of failure, for all manner of potential reason. Safety MUST be considered ALWAYS. Safety is about catching the one in a million. It can be the quintessential opposite of a system’s intended functional design. Safety asks the question, what if the gods hate us?

To play down the risks – however remote – is poor form. It does not matter if, “only” one person in 7 billion installations gets killed. Safety is a PRINCIPAL. It should be respected and discussed in that context.

No statistical computation of odds can bring a child back. NONE. Safety is an ATTITUDE.

Safety concerns ALL aspects of messing about with stuff. Just taking your factory thermostat off the wall and leaving the wires exposed for the freakin cat to play with, could kill a child. Calculate the risk and take the action you believe appropriate – but NEVER, ever, never, ever bloody ever just shrug it off to chance or statistics or even cold, hard evidence. At least consciously INTEND to be safe.

Finally, on a more emotional front, if someone comes in here and says, “Hey. Just a heads up in the way of a warning … my kid nearly died because …” then well SHUT UP AND LISTEN. Even if the OP was completely full of it, there is still NOTHING over-stated about a child nearly dying. NOTHING. Ever, IMHO.

Yeah OK. Enough said.

DISCLOSURE: I have multiple home made, mains powered devices in my home that could cause harm if just the right, err wrong thing happened. I am constantly going over in my head any all all new safety related perspectives concerning these devices and I might even be losing some sleep over some of them, even though they’ve been fine for years.

Like I said. Safety is an ATTITUDE. Wear it with pride.

/rant

1 Like

I knew I was going to get a lot of flack for my post, but I still stand behind it. I think you mis interpreted what I was saying @gruvin… I wasn’t shrugging off the safety concerns, I was putting it in perspective. I completely agree with you: Safety first! If you are unsure of what you’re doing, don’t do it. I flat out say that in my post.

That said, saying “a child almost died” is a play to emotions, not logic. It shouldn’t matter if it’s a child, adult or pet; loss of life is loss of life. My point was that it’s not just relegated to just your thermostat. Anytime you deal with something that has the potential to hurt yourself or others, you need to know what you’re doing. That includes: Live A/C, Garage Doors, Thermostats, Vehicles, etc.

Safety is a mindset and if someone doesn’t have that mindset an appeal to emotions isn’t going to help them, logic will. I’d rather educate people into doing things The Right Way than scare them from doing it at all.

I know a lot of people who do brake work on their cars (including myself). There’s massive risk for injury to yourself or others if you don’t do it right, yet you never see Hayes Manuals or forums post anymore than a warning about safety and not working outside your comfort zone. That’s what I think we should post on threads that deal with things that can be potentially dangerous.

Warning: Thermostat wires carry 24VAC at up to 2A or greater. An incorrectly configured thermostat can cause the heat and/or Carbon Monoxide in your house to rise to dangerous levels if your furnace’s safety systems are broken. Always make sure to include external safety overrides like a thermistor or bimetal switch to help prevent problems. Also make sure your HVAC equipment is regularly serviced by a qualified professional. As with all projects that have the potential risk for loss of property or life, be absolutely sure you know what you’re doing; if you are unsure ask for help! Safety is a Mindset; Be Smart and Be Safe.

Ok, my turn here. I have done research on this and worked in the construction industry for over 18 yrs. Thermostats are NOT considered safety equipment since they are user adjustable and installable. The UL standards, which they must pass, state safety in terms of installation, as well as, stating accuracy and performance requirements.

Furnaces, on the other hand, MUST have safety systems in place to prevent overheating or gas burning without active ventilation for example. These are hard, user inaccessible PRIMARY safety devices which must follow dictated regulations. This does NOT prevent a thermostat from being “smart” and acting as a backup to the PRIMARY devices.

So, timb is correct, safety IS a mindset and being an engineer, it is a fundamental philosophy for me. Whenever we design something that can mitigate danger or enhance safety, it is our duty to do so to the best of our knowledge. These efforts have produced regulations and standards so that this knowledge can be shared.

So, all this to say, when a project calls for it, safety should be a guiding principle but not a restriction or inhibitor. Otherwise we would not have cars or planes or fire for that matter!

2 Likes

Hmmm. @timb ... I took no offence and I meant none in return.

@timb [quote="timb, post:24, topic:2204"]
I wasn't shrugging off the safety concerns, I was putting it in perspective.
[/quote]

See, there it is again. Sorry, but fate (in the absence of God's angels?) knows no perspective. Perspective is irrelevant when considering the principals of safety. Clearly, any practical attempt to design perfectly safe things requires razor sharp perspective, not to mention perfect knowledge and a functioning crystal ball. But the principal of safety itself cares not about statistical probabilities or theories -- or even abosulte facts, for that matter.

Many of the common arguments have emerged here; "The government wouldn't allow ..." and "The big company doesn't do xyz, which proves ..." and more. None of these actually address safety. In fact, they spit in its face.

So in the real world, in this case, sure -- the risks would seem to be incredibly low that someone could actually die from a stuck HVAC relay, unless conditions were just so -- in spite of one stranger's claims to the opposite. After all, with respect to the poor guy for the sake of an argument, how do we know he wasn't just trolling for a forum flame war in the first place? BUT THAT'S NOT THE POINT.

By all means, lets debate the practical risks. This to me is very simple proposition. Let us agree that it is possible for a relay to jam on, for any number of unlikely reasons. Let us then all remove our HVAC thermostats tonight, tie the wires together to have the thing lock on heating mode and go to bed. The answers as to the real risks will soon be known! WHY are we even debating any of that? Sheesh. Simple. :stuck_out_tongue:

"But no one would be dumb enough to do that!" -- I hear you protest. And that would appear to be exactly the home-brewer's nerve that was hit ... that, "we are not bloody stupid and who the hell do you think you are anyway? You're just fear munging and trying to make us look bad!" Ney. I don't believe that though. Do you, really? Do we really think that anyone is going to not build a Nest just because one post showed up in a forum? Come now. Chillax! hehe

By all means, lets continue the debate the practical risks and how to design a better thermostat.

Let me continue that myself by addressing this idea ...

... Great software design idea. Now we're on track with some positive solutions! But umm, what if your physical relay contacts weld themselves together?

At NASA, I have heard that they have a saying something along the lines of, "Nothing in space can go so badly wrong that you cannot make it WORSE." This is a testament to how seriously those guys take safety and I see no reason why we should not proudly promulgate the same principals ... even if we fail and fry SparkCore's like they're goingout of fashion, 'cause it's fun! :smiley:

[Dang. I ran out of time for a good proof read. Hope I didn't screw it up to badly! ]

1 Like

This is a great thing if the thermostat actually IS UL listed. I took my Honeywell unit off the wall, earlier in this thread and found it's not marked with any safety standards, nor were any stated in it's manual.


Another thing that's important to note, is that once a product is UL approved... the manufacturer of the device is audited by a UL inspector as much as 4 times per year to make sure mostly everything is proper. I say mostly because they really don't check all of the low level stuff that could change, and I don't even think they scrub the critical components list that much. But you can easily be shut down for small deviations and I've seen it all happen so I take every precaution when working on UL approved products. It's nice to at least know you can't just mark your products with a UL sticker for a bunch of paperwork and testing that happened once. It's an on-going check and balance so it really does mean something.


A great way to think about safety is to look at it from UL's perspective. Find an applicable UL standard and design your product to meet all of it's requirements. in lieu of that, do a simplified Design FMEA on your product, and anything that can harm or injure (via Electrical Shock, Fire, Smoke, Physical Injury) a patient or operator of the device should be categorized as Critical, or Non-Critical. Basically, you don't want any Critical issues. The way to flush them all out usually is create a single failure to every component by shorting it out or opening it, and ask yourself... "What's the worst that could happen due to this single failure, given the entire operating range of the product and tolerance or all components? Is that going to cause harm to someone?" If so, it's critical... and you need to fix it. I'm always consciously thinking "How can I make this SINGLE FAULT TOLERANT?" That's a great first level of protection.

Now obviously there are a ton of constraints in an electronics design, and you can't always make EVERYTHING single fault tolerant AND still make profit on it. Well if you did, it would surely be on it's way to Space... There are different categories for things... some circuitry does not provide a protective safety function, so it's not critical and therefore need not be single-fault tolerant. On the other hand, some things are so deadly that they need to be double-fault (or more) tolerant. It just depends on the nature of what makes it critical. Voltages are a great example, low voltage DC is no problem... unless it's an APPLIED PART which means it's some type of electrode and intended to come into contact with a PATIENT or OPERATOR, then even low voltage DC can be quite dangerous and cause harm or injury. Once you start ramping up the voltage levels and making it AC instead of DC, you may need double or triple insulation on isolation barriers.

Once you start getting into software control of protective safety functions... the gloves come off and lots of restrictions are put into place. Try making your software AND hardware single fault tolerant from end to end... it's not easy, and requires so much documentation and testing that most people avoid it like the plaque. There, I just paraphrased 2 years of work on 3 different products in two sentences and I haven't even scratched the surface.

gruvin, NASA does not talk about safety in the same way you do. They think about how to keep a piece of equipment working where humans can't reach it. You talk about safety in a corporal, personal sense as in "life and safety".

NASA considers self-healing software and redundant mechanical and electronic systems but at the end of the day, when a machine fails it is only a machine. When you speak of risk to human life, it is a different context, where the affected party is not a disposable machine. In this context, "safety" is a concept which can never be guaranteed or always fully assessed. Hence we speak in terms of probabilities not absolutes because anything that can go wrong will go wrong... maybe.

The only perspective on safety we must maintain is that it is a myth. Everything about life is intrinsically unsafe. The "principal" of safety is about due diligence keeping in mind that without an infinite budget or schedule, the idea of being totally "safe" is untenable.

I believe this topic will start a discussion on how to make things as "safe" as possible, either in context of reliability or that of protection of life.

So in the case of the comments made by toyotabedzrock, I would say a temperature checking code running on the same processor as the code that could fail is unsafe since the processor is a single point of failure. Instead, it should run on a singly tasked companion processor whose sole purpose is to maintain those hard limits.

Consider me in! :slight_smile:

NASA has a 30 some step process for soldering each wire of a system, including cleaning the wire like 4 separate times before actually being soldered; yet they put an entire crew’s life at risk by ignoring multiple warnings from both their own engineers and the company that made the 28 cent O-Ring, solely because they didn’t want to scrub yet another launch and let down Uncle Sam.

When management OK’ed the launch on that frosty morning, they knew the risks but chose to ignore them. As a consequence, a group of brave people, including a school teacher, lost their lives on National Television.

Then they tried to cover it up! So yeah, when I think “Safety First” NASA isn’t really what comes to mind. (It’s not like it was an isolated incident. These are the guys who lost an entire rover because they couldn’t convert from metric to imperial. At least nobody died then.)

timb, you are correct! I was thinking of NASA in terms of probes and rovers, not the astronaut side. What it comes down to, is the largest single point of “failure” in all if not most situations is the human. And more often then not, political, financial and a myriad of other factors conspire to render “safety” an elusive and truly difficult goal to achieve.

So who wants to build a nuclear reactor using Cores so we can manage everything in our pajamas from home! :open_mouth:

For the record, I’m really enjoying the intelligent discourse herein. Just goes to prove that we home-brewers are willing to engage the topic of safety, which I think is an excellent and healthy sign. So long as we are all thinking about safety, then I am happy. Rants aside, I get a sense from all here that our attitude is on the right side of that proverbial fine insanity line. Cool. :smiley:


@timb … yeah. Man. I got up to watch that launch. I was 15. I hadn’t seen any for a while and for some reason on the eve of that launch, I decided to set my alarm for the 5am local event. I was excited, still in awe of the spectacle of man going into space. The instant I saw the flash and solid fuel boosters separate, my heart fell out on the floor. It was already clear to me that it was all over for the brave seven, even as the TV commentators tried desperately to grasp for any last shreds of hope.

That event and a few very near misses in my own life have honed my emotional respect for safety, as a principle. But of course, nothing changes the reality of things going wrong just whenever they feel like it. {sigh}

I watched a recent video on TED (where I was reminded of that NASA quote) by an astronaut who said that the odds of catastrophic failure in any given shuttle launch, from obviously thousands of possible failure points, had been calculated to be something like only one in thirty five – a 1:35 chance of dying at every launch. Wow.

(I wonder how deep the math was? Like, maybe they merely took one Challenger and divided it by 35 launches that didn’t kill anyone?)


@peekay123 – really good words and perspective. Thanks.


Now let’s do the Nest! :smiley:

Here’s what I do: I’m currently using an old, non-trendy, wifi-controllable thermostat. In fact, it’s something I bought by walking into a local brick-and-mortar hardware store some years back. It has a well-documented API (http), and it can be controlled by sending commands directly to it (while it’s cloud-controllable, this bypasses the cloud). By doing this, I don’t have to worry as much about safety engineering, although, as the OP mentioned, even a properly-installed, unmodified thermostat can fail.

I also have it connected to a powerful/flexible, home automation controller. While the thermostat doesn’t learn like the nest (although it may be possible via the HA controller), it does what I want, and I can control it via various means.

Side note: a lot of the “home automation” spark projects here have more-or-less already been done. If people want to do these projects as cool hobbies, great – more power to them. However, if they’re doing it as a means to an end (home automation), most of these have already been done (and keep in mind that all of the following can be controlled via a home automation controller):

  • Locks: Schlage, Kwikset, and Yale already make controllable locks (products which have been shipping for a while – not vaporware like some “trendy” locks). Not only can you remotely lock/unlock these, but they also report their status. Some have keypads, and you can even change the pin codes remotely.

  • Sensors: you have door/window/garage door sensors, as well as temperature, humidity, motion, and water sensors. You also have low-voltage relay and input devices. Prices for these are often in the $35-$50++ range, although they can go higher. These can compare favorably to spark-based solutions, especially when you consider that the battery-powered sensors can go for months without a battery change.

    Combine temperature sensors with some kind of alarm, and you can detect things like a runaway furnace.

  • Dimmers and appliance controllers (wall-warts that you plug into the wall).

  • Internet-enabled sprinkler/irrigation controllers. The cheapest one I’ve seen is around $140, and so building your own spark-based solution might be cheaper.

The above generally don’t use wifi, though.

So I’m well into the design of my thermostat. This is something I’ve been wanting to do for awhile now and—like my SparkBot—it’s a nice fun project for me.

I picked up a 1.5A Single Phase Bridge Rectifier today, which will be used to convert the 24VAC into DC, which a pair of linear regulators will then bring down to 5V & 3V3. This will power the Core, Relays, Display, MSP430 Watchdog and other various bits of hardware.

The MSP430 will act as a safety watchdog and perform the task of controlling the relays; this way if the Spark CFODs and doesn’t recover I won’t wake up sweating and/or freezing. The Spark will talk to the MSP430 over I2C and basically just send a single byte, with the least significant four bits (the four MSB are ignored) representing the state of the four relays: 0b0000xxxx - Where x are Emergency Heat, Fan, Reversing Valve and Compressor, respectively. If the MSP430 doesn’t hear from the Core after 5 minutes, it’ll try and reset the Core once per minute; if that fails 5 times it’ll take over control and act as a basic thermostat using its built-in temperature sensor, trying to keep the temp above 60f and below 70f.

Ideally I’d like to use a nice large touchscreen LCD for the interface, but until I get the first prototype in of my TivaC powered 4.3" LCD backpack (basically doing for larger LCDs what Digole does for little ones) I’ll be using a 1.8" Digole Color OLED.

I’ve got a really nice 24-Bit 0.5c accurate Altimeter module I’ll be using for temp/barometric pressure. I’m still looking for a really good, accurate humidity sensor (and not the DHT-22), so if anyone has recommendations I’d love to have them! (I’m considering getting a nice capacitive humidity cell and pairing it with 555—in place of the charge capacitor—so I get a pulse output.)

Oh, by the way, I figured out the answer to my original question when I bumped this thread: The Reversing Valve signal can be activated at the same time as the Compressor signal. All the electronics are on the compressor unit outside, so I doubt it would let commands be sent that could hurt it. (I figured out the answer by pulling my thermostat off the wall and putting a few volts into the 24VAC input pins, which goes straight to the relays (it’s battery powered). I then hooked my scope up to the Reversing Valve and Compressor relay outputs and set the thermostat to Cool; it simply activates both relays at the same time. I ran it through Heat, Cool and E. Heat, while recording state of the relays so I had solid data to emulate.

Hopefully I can have this thing up on the wall by this weekend!

timb, for ultimate safety, would it be smart to sense when a relay contact is working/stuck or not by feeding back the relay outputs? Possibly using opto-couplers or a double-pole relay, using one pole for sensing. I am pretty sure on a DT relay, if one contact welds, the other won’t operate either because they are on the same arm.

I am enjoying watching this thread develop from a very negative tone to a positive and safe source of ideas. In that spirit:

What you might want is a device known as a “thermal cutoff” which just a separate bimetallic switch with a high trip point. Here is a link to one that is rated for 15A and cuts out at 377F.

http://www.globalindustrial.com/p/hvac/controls/thermostat-controls/supco-thermal-cutout-15-amp-377-open-temp

These are often used as part of a safety system to completely cut power when things are too hot.

The one and only time I have had a thermostat fail, it was a UL-listed bimetallic coil type that someone bumped into (unknown to me at the time) and jammed the cover on so hard that it prevented the switch inside from operating. We woke up cold in the middle of the night and the first thing I did was was pull the cover off the thermostat and it clicked right on. I replaced it the next day.

My experience with getting devices UL-listed is that what they really care about is not the functioning of the device, but the components and the flammability of the actual device. If you use UL-listed components and and get your enclosure UL approved, you are generally good to go.

As most of you, I have a lot of experience with control systems and the thing I find with thermostats is that most modern homes only have one. Commercial systems have a combination of multiple thermostats and multiple air volume control valves (VAV) to manage the flow of air and thus temperature more accurately. With a single measurement point, it is hard to a) balance the temperature in each room and b) provide safety features in each room.

On this note timb, perhaps you should be thinking of a multi-point system with a single thermostat but sensors in each room. You won’t be able to control air flow to each room but at least you can detect irregular situations that you can react on like high/low temp or high humidity.

I had seen a project on kickstarter (I think) that used smart wireless floor vents that could control the flow of air into each room. The system could then balance the house by opening/closing vents to manage air flow much like commercial VAV boxes. I’ll try to find the link. :smile:

I think this is it or at least very close: http://www.theactivent.com/

You mean monitor the NC contact (which will conduct when the relay is off)? You could do that, but it would be a PITA to setup, as you'd need a rectifier + smoothing capacitor + regulator and possibly an opto-coupler to bring the 24VAC down to a TTL level signal.

Honestly, rather than doing that I'd skip the relays all together and just use a TRIAC which should be more reliable.

Yeah, this type of stuff has actually been around for quite awhile! In home systems, they have motorized dampers which can be added to the ductwork so you can control the airflow and temperature in each room. The problem is you physically have to cut sections out of your ducts, so it's difficult, time consuming and expensive to install.

Recently I saw a pretty cool alternative that allows you to retrofit existing ducting for airflow control: Basically a small airbag can be put inside the ducts (through a small slit in the case of flexible ducting, which can easily be sealed with foil tape); a 1/4" tube connected to the airbag runs out the slit; this tube is then hooked to a tiny little air pump; as the airbag is deflated, more of the duct is blocked, regulating airflow! Pretty ingenious if you ask me!

That Activent system is pretty cool for someone wanting to retrofit their home without getting a Smart Thermostat and everything. It's a shame it only comes in floor register sizes though. They need to make one for the round celling registers.

For a DIY system like we're doing, you can make your own motorized floor registers for under $20. That would pair very nicely with the mesh networking system I'm doing for the Spark Core; hook each register up to a sensor pod, which can open/close the register based on actual temperature in that area!

So we have two separate heat pumps for our house: One for downstairs and one for upstairs. This first version of the Spark Thermostat will be going upstairs, but once I work out all the bugs I plan on making one for downstairs as well and I plan on having the two communicate! That will let me do some neat things like allowing one unit to assist the other under specific conditions. During the day the upstairs door is left open, since heat rises I can have the upstairs unit automatically scale back the temperature a few degrees during the day to take advantage of the extra heat coming up the stairs! You can reverse that in the summer to take advantage of cold air sinking down.

I'd like to be able to cool/heat each room with motorized registers or dampers in the ductwork, but we're going to be moving at the end of the year so I don't want to put in all the work until then. :smile:

We're making thermostats here man, not fire alarms! I think 377f might be a bit high… XD

Yeah, I mentioned this a few posts up. Ideally you'd use a normally closed one set at around 100f between the relay output and call for heat input, with another one that's normally open and set for 40f directly between your 24VAC input and the above bimetallic switch's input. (That way the 100f switch could kill the 40f switch if it got stuck on for some reason.) That way you've got mechanical protection from overheating and your pipes bursting.

I’d be careful about blocking off vents. It may be OK if you have a modern heater. However, if you have an old heater, I’d be careful about blocking off vents – the heater might overheat or worse.

The thermal cutoff goes on or in the furnace plenum near the furnace itself. The outlet air temp for my furnace in heating mode is around 200F. It is a common thing.

Ohhh, gotcha! I was under the impression that most furnaces already had a thermal cutoff like that. Are you suggesting adding an additional unit?