MFBra

Being a single purpose account I'd agree. Just additional info regarding this, as the SMS can be very slow here sometimes I decided to get google authenticator, it keeps generating the 6 digits validation password, so you'll need a second device, but it's just copy the digits, without having to wait for sms... MFBra

Good point, as you know security is always something difficult to assure. By having the 2 factor you increase the difficulty to access your account, having app password create some risk, but without any probability calculation I just "believe" that with 2 factor for general access and limited number of app password is more than do not have it. Maybe we can ask UDI to be complaint to googles 2factor in the future? MF_Bra

Yes, it became your ISY gmail password, you can have several specific passwords, one per App you want. Thanks Mwareman for providing the directions. MF_Bra

I did for security reasons and you may create app specific password for each client you want. Created one for ISY and works flawlessly. MF_Bra

Take a look at shipito.com they have several locations, offer shipment consolidation with multiple service tiers, an initial free account that you pay per usage. They did well shipping to Brazil and at a reasonable cost. Extras : They take pictures of all packages upon arrival so the user can see and decide what to do. And offer other options and you can simulate the freight prior to sign up. MF_Bra

I believe most users have been "working around" to achieve the desired behavior or "almost desired " but if we could adjust some options "on the fly" we could accomplish. Thanks MFBra

The option to delay writes to device when it's on doesn't apply? I know it may not cover all use cases, but for the cases I envision could work. Similarly one could adjust timeout of the device to accomplish the desired behavior, I mean you could increase significantly the timeout during the periods you don't want it to trigger and return it to the normal condition to have fast "light responses" when desired. MFBra

Any way to change dusk.dawn value inside a program? MF_Bra

These devices offer an option to repeat commands, and quite sure that ISY detects it and put "duplicated" in the log. I'm out of home but we'll look for it later. MF_Bra

Yes, but been easy to implement, why not consider one "seed" of the OTP inside mobilinc also? It could send the fixed password and also the OTP. If someone sniffs that traffic should hijack your connection only during that session... Hardware to decrypt the https in a correct time-frame to still have the session open. If someone implement this to target someone ISY, should be a POVHI "person of VERY HIGH INTEREST", and in that case, nothing will really protect you... MF_Bra

I'll try to summarize my suggestion, but I'd like to see 1) multiple users, providing distinct access levels, I mean, - admin or full access - user access - let you turn on/off devices or programs but not add devices or programs, etc - interface - for rest connections with limited access. And you may restrict the source ip. - not sure where should allocate mobilinc access (for instance) 2) timeout configuration for wrong password, notifications would be great also. 3) for the highest level of users, possibility to adopt OTP (on time password) such the Google authentication, Dropbox for instance let you utilize googles software to generate the OTP. In this scenario, you keep REST, do not loose mobilinc access and increase the protection. Knowing that security does not get along with simplicity ..... MF_Bra

But it will only happen if you forgot your own password or if you are under attack... MFBra

After reading all comments and considering several people open their ISY to the "wild web" I was wondering if there is any brute force attack prevention on the ISY, let's say, if there are more than x wrong passwords do something. For sure it should be considered, it could be a notification and also a "growing wait time to release again the access" (ie 3 errors 1 minute, additional password error exponential growth). I know people may complain, but I'd rather have to power cycle my ISY to reconnect than reinstall it after a hacking session... MF_Bra

Yes the standard pin and they appear in the insteon + app, but if I talk to Siri, the answer is always the same... MF_Bra

Finally i could install it in my raspberry. If I go to insteon + I can see the devices in the "add" section, and besides it doesn't update the device status, i can control them in the software but if i ask siri to do something, "she" always respond that wasn't able to find any device. Not sure if someone faced the same.

Maybe the more experienced here may help, but considering the issues are always in the details, so just to review : - if you had the latching circuit working without the module and - really sure you got the "last" switch wire that run up to the light (connected to micro's load port) - have neutral and line to micro module (careful to not use here any travelers or the load cable from the switches) - have the correct configuration for latching I'd suggest to create a "lab" install in a bench prior to return the modules... MF_Bra

Reproducing my friend's difficulties I'd say that Stusviews suggestion to review wiring was the most important, the travelers were messed up. We measured the wire that comes from the last switch just to check if there is power in distinct position of all switches in the chain (just to double check that installation). If you can detect on/off in that wire and assuming your micro module sense 1 wire is not broken, I'd suggest double check if you have configured latching, because I understood that micro module can control the load without any sense connected, so it seems to be good. I know it may be repetitive based on what you have done, but 3 modules with problem is just improbable. MF_Bra

Sorry it's mixed English and Portuguese but I'm out and cannot edit, I had a friend facing difficulties with it and created this to help him. Hope it may help. (It follows Brazilian code, and when you see "fase or rede" means load. Neutro is self explaining). MF_Bra

Sorry, with a closer review indeed all final parameters don't use the coma. But you are far closer to play with, I'm still waiting for some help with npm install as i get an error probably from openssl.... npm ERR! Error: 1996251664:error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding:../deps/openssl/openssl/crypto/ec/ecp_smpl.c:939: npm ERR! 1996251664:error:1408D132:SSL routines:SSL3_GET_KEY_EXCHANGE:bad ecpoint:../deps/openssl/openssl/ssl/s3_clnt.c:1566:

don't you need a ", " after the ISY block of configuration ?

Just tested and worked. Pretty simple network resource. Http / GET / URL ENCODED / standard time-out. MF_Bra

Yes, it is available in linux/windows but my idea is to reproduce the "get" to that specific URL in a network resource. Don't you believe it may work? MFBra

In my research of Dynamic DNS i noticed that at least FreeDNS offers a way to update the current IP via a wget command, so it may possible to create a network resource and update your ip from ISY... they offer this method to update : wget -q --read-timeout=0.0 --waitretry=5 --tries=400 --background http://freedns.afraid.org/dynamic/update.php?alsdkjfqoweruoqpweurqweourqopwu #changed the final string just for this example

Hi, Sorry it may be a long post. Just returning something i've been learning here.... I've been using a VPN to promote external access to my ISY, but it doesn't works pretty well in some places where I typically stay (i.e. firewall from my office) so I decided to open it to the external world, but this could create a WAF problem if any hacking activity takes place.... not sure if i'm being so paranoid but decided to take the script from this post http://forum.universal-devices.com/topic/9172-howto-proximity-notification-wifi-phone-ipad-laptop which detects wifi presence and after some tweek I could create a rule to open external access to my Isy only when i'm not at home and only to the typical external IPs/CIDRs i frequently get, so i reduce drammatically the probability of WAF risks... the script i'm using in my router to open the external access is the following, if it may help someone. #!/bin/sh ISY_Addr=xxx.xxx.xxx.xxx Int_Port=<your internal port> Ext_Port=<your external port> cmd="-I” # (-I means to include, if you want to delete replace to -D) exists=$( iptables -vnL | grep -c $ISY_Addr ) # Variable to check if the rule is already in place if [ $exists -eq 0 ]; then iptables -t nat $cmd PREROUTING -p tcp --dport $Ext_Port -j DNAT --to $ISY_Addr:$Int_Port # create the port forwarding while read line do iptables $cmd FORWARD -p tcp -d $ISY_Addr --dport $Int_Port -j ACCEPT -s "$line"; # authorize the external access done < IPs_to_open.txt #one source ip or ip range (CIDR) per line to authorize access i.e. 14.3.2.1 or 45.6.0.0/14 fi and an almost identical to remove the access when i'm at home #!/bin/sh ISY_Addr=xxx.xxx.xxx.xxx Int_Port=<your internal port> Ext_Port=<your external port> cmd="-D” (-I means to include, if you want to delete replace to -D) exists=$( iptables -vnL | grep -c $ISY_Addr ) # Variable to check if the rule is already in place if [ $exists -gt 0 ]; then iptables -t nat $cmd PREROUTING -p tcp --dport $Ext_Port -j DNAT --to $ISY_Addr:$Int_Port while read line do iptables $cmd FORWARD -p tcp -d $ISY_Addr --dport $Int_Port -j ACCEPT -s "$line"; done < IPs_to_open.txt #one source ip or ip range (CIDR) per line to remove access i.e. 14.3.2.1 or 45.6.0.0/14 fi My next step is to be even more strict and instead of using typical IPs i'll move to Dynamic DNS to identify my Iphone's or Computer current ip address and release only one IP... so much paranoia ?

The coommand is :sudo npm install Complete error npm http GET https://registry.npmjs.org/request npm http GET https://registry.npmjs.org/node-persist npm http GET https://registry.npmjs.org/xmldoc npm http GET https://registry.npmjs.org/node-hue-api npm http GET https://registry.npmjs.org/xml2js npm http GET https://registry.npmjs.org/carwingsjs npm http GET https://registry.npmjs.org/sonos npm http GET https://registry.npmjs.org/wemo npm http GET https://registry.npmjs.org/wink-js/0.0.5 npm http GET https://registry.npmjs.org/elkington npm http GET https://registry.npmjs.org/request npm http GET https://registry.npmjs.org/node-persist npm http GET https://registry.npmjs.org/xmldoc npm http GET https://registry.npmjs.org/node-hue-api npm http GET https://registry.npmjs.org/wemo npm http GET https://registry.npmjs.org/carwingsjs npm http GET https://registry.npmjs.org/wink-js/0.0.5 npm http GET https://registry.npmjs.org/elkington npm http GET https://registry.npmjs.org/sonos npm http GET https://registry.npmjs.org/xml2js npm http GET https://registry.npmjs.org/node-persist npm http GET https://registry.npmjs.org/node-hue-api npm http GET https://registry.npmjs.org/xmldoc npm http GET https://registry.npmjs.org/wemo npm ERR! Error: 1996251664:error:10067066:elliptic curve routines:ec_GFp_simple_oct2point:invalid encoding:../deps/openssl/openssl/crypto/ec/ecp_smpl.c:939: npm ERR! 1996251664:error:1408D132:SSL routines:SSL3_GET_KEY_EXCHANGE:bad ecpoint:../deps/openssl/openssl/ssl/s3_clnt.c:1566: npm ERR! npm ERR! at CleartextStream._puller (tls.js:618:24) npm ERR! at CleartextStream.CryptoStream._pull (tls.js:552:19) npm ERR! at SecurePair.cycle (tls.js:842:20) npm ERR! at EncryptedStream.CryptoStream.write (tls.js:230:13) npm ERR! at Socket.ondata (stream.js:38:26) npm ERR! at Socket.EventEmitter.emit (events.js:88:17) npm ERR! at TCP.onread (net.js:395:14) npm ERR! If you need help, you may report this log at: npm ERR! <http://github.com/isaacs/npm/issues> npm ERR! or email it to: npm ERR! <npm-@googlegroups.com> npm ERR! System Linux 3.18.7-v7+ npm ERR! command "/usr/local/bin/node" "/usr/local/bin/npm" "install" npm ERR! cwd /homebridge npm ERR! node -v v0.8.8 npm ERR! npm -v 1.1.59 npm http GET https://registry.npmjs.org/carwingsjs npm http GET https://registry.npmjs.org/wink-js/0.0.5 npm http GET https://registry.npmjs.org/elkington npm http GET https://registry.npmjs.org/sonos npm http GET https://registry.npmjs.org/xml2js npm http GET https://registry.npmjs.org/request npm ERR! npm ERR! Additional logging details can be found in: npm ERR! /homebridge/npm-debug.log npm ERR! not ok code 0 MF_Bra