Polisy Enhancements (Future)

[markv58]

1 minute ago, MrBill said:

The problem that I see is that the UPS makes the modem single band, RF only.. the powerline signals don't make it through the UPS/surge suppressor).  WHen plugged into the UPS, nearby devices seem to work flawlessly but that degrades for devices far away, and everything works in slow motion.  (I don't have test equipment to prove my theory but that's my educated guess.)  

RF only is True until it hits a wired device. I'm getting everywhere usually with hops to spare and there are no noticeable delays. My PLM is up high and centrally located to all devices so the furthest device is about 40 feet. If it were ever to give me trouble I'd go the normal route but for now...

[Teken]

14 minutes ago, MrBill said:

The problem that I see is that the UPS makes the modem single band, RF only.. the powerline signals don't make it through the UPS/surge suppressor).  WHen plugged into the UPS, nearby devices seem to work flawlessly but that degrades for devices far away, and everything works in slow motion.  (I don't have test equipment to prove my theory but that's my educated guess.)  

If you have one of the newer On-Off Modules / Dual Outlet Relay you can turn the RF off on those units. I mention this because not all UPS are made equal so you have a 50/50 chance the powerline signal will go through. I had to do this same test on a really large installation where for what reason (don't recall) the 2413S PLM needed to be on a UPS. In that case the cheaper UPS (PWM) needed to be upgraded to a double conversion pure sine wave unit.

Keeping in mind PWM vs Pure Sine Wave isn't what's blocking the Insteon signal it's the filtering or lack thereof. Just dumb luck the UPS we selected didn't have too much filtering that it impacted the signal as we could see always 2 hops left to and from end devices.

Now, if the question is would I ever do the  very same in my home - No.

 

[giesen]

@giesen,
IPV6 is already supported. It's just the Settings UI that needs to be updated.
With kind regards,
Michel

Yeah I figured as much. But it's not really supported until you can configure it from the UI

Sent from my SM-N9500 using Tapatalk

[Teken]

NTP Server: Have the ability to make the system check for the correct time upon boot up. Would also like to see more than one option for NTP servers as a fail over.

[Michel Kohanim]

@Teken,

It already does that. And, it does the fail over by itself.

With kind regards,
Michel

[Teken]

8 minutes ago, Michel Kohanim said:

@Teken,

It already does that. And, it does the fail over by itself.

With kind regards,
Michel

Hi Michel,

Awesome - Is the option to add in a couple of user defined  NTP servers already present or just on the road map? 

[Michel Kohanim]

Hi Teken,

Yes but, the OS level fail over is way too robust for us to try and make any changes immediately.

With kind regards,
Michel

[MrBill]

I don't know if it's been mentioned elsewhere but a subset of the green notification boxes that popup on the top of the screen need to persist until dismissed. 

For example: select Check for updates.  the first message that appears says something like the upgrade command was sent.  perfectly fine for that one to self dismiss, but the next one to appear (after some delay) says whether updates are found... This one needs to persist until dismissed.  

Likewise the updates sucess|fail should persist until dismissed.   There might be others, but the basic rule should be if somone can get distracted while waiting to read the next green box then it should persist until dismissed.

[lilyoyo1]

On 3/1/2020 at 3:48 PM, markv58 said:

RF only is True until it hits a wired device. I'm getting everywhere usually with hops to spare and there are no noticeable delays. My PLM is up high and centrally located to all devices so the furthest device is about 40 feet. If it were ever to give me trouble I'd go the normal route but for now...

The RF is tied to the powerline signal at the zero crossing. So while things can work (obviously yours does so it can), you are setting yourself up for a potential issue should the ups cause any changes

[Teken]

2 Factor Authentication: If there is a possible way to incorporate 2FA into the new system that would be great. 

[MWareman]

3 hours ago, Teken said:

2 Factor Authentication: If there is a possible way to incorporate 2FA into the new system that would be great. 

+1 

FIDO2 (https://fidoalliance.org/fido2/) is compatible with Windows Hello and Yubikeys. 

HMAC-TOTP is a completely open and offline (no network dependency) and license free 2FA system. Otherwise known as 'Google Authenticator'  the protocol in incorporated into MOST mobile authenticators so the user would be free to choose whichever one they want to use.

I suggest both be implemented. HMAC-TOTP for broad compatibility - and FIDO-2 for those that want to use Windows Hello (or Yubikeys).

[Teken]

16 hours ago, MWareman said:

+1 

FIDO2 (https://fidoalliance.org/fido2/) is compatible with Windows Hello and Yubikeys. 

HMAC-TOTP is a completely open and offline (no network dependency) and license free 2FA system. Otherwise known as 'Google Authenticator'  the protocol in incorporated into MOST mobile authenticators so the user would be free to choose whichever one they want to use.

I suggest both be implemented. HMAC-TOTP for broad compatibility - and FIDO-2 for those that want to use Windows Hello (or Yubikeys).

In the interim I vaguely recall a method to enable 2FA on a Google email account while also allowing less secure apps to be used. If anyone can relay that resource link or thread it would be greatly appreciated. I was on site at a install and the client noted there was no email coming from the ISY Series Controller. After trouble shooting everything I found out it was tied to 2FA being enabled on their Google account.

I've looked everywhere and don't see an obvious place to white list incoming device that is using Googles SMTP address. The only thing I could think to offer to the client was to create a new dedicated email account just for the ISY Series Controller to send outbound mail. Which by the way was a whole other sh^t show because we must have tried two hundred email alias only to be told it was already taken!!

[markv58]

@Teken You can create an app password unique to each device or system that uses your gmail account. Log into the Google account and go to the Security page.

[Mustang65]

A while back, probably a year or so ago, I was having issues with my Security camera DVR and ISY with Gmail. I tried to find out what happened and finally gave up and switched to Yahoo email. Have not had a problem since then. I know it had to be something with Gmail as both my Security DVR and ISY email crapped out at the same time.

[Teken]

33 minutes ago, markv58 said:

@Teken You can create an app password unique to each device or system that uses your gmail account. Log into the Google account and go to the Security page.

How does one see or add the ISY Series Controller inside of the Google Security settings page? Unlike all of the other devices in my list which are running a standard OS. The ISY has no ability to accept or broadcast itself like other devices like my phone, tablet, computer, etc?

I can't seem to find the generate key option.

[markv58]

1 hour ago, Teken said:

How does one see or add the ISY Series Controller inside of the Google Security settings page? Unlike all of the other devices in my list which are running a standard OS. The ISY has no ability to accept or broadcast itself like other devices like my phone, tablet, computer, etc?

I can't seem to find the generate key option.

Login to your Google account - Manage Account - Security - App Passwords - Select app - Mail - Device - Other - enter the name (ISY)  then Generate.

Use that password instead of your regular password on the device.

[Teken]

15 minutes ago, markv58 said:

Login to your Google account - Manage Account - Security - App Passwords - Select app - Mail - Device - Other - enter the name (ISY)  then Generate.

Use that password instead of your regular password on the device.

Yes, was able to see this option once I re-enabled 2FA on the account. I was also able to generate the unique 16 character password but upon entering it to one appliance I received an error message that 2FA was being used.

I'll try the same password the ISY Series Controller to see if it works or what error message pops up. Also, to be clear is there a difference selecting the different options from mail / other?? As I picked other initially because selecting mail did not allow me to enter a friendly name as seen in your image capture. 

[markv58]

10 minutes ago, Teken said:

Yes, was able to see this option once I re-enabled 2FA on the account. I was also able to generate the unique 16 character password but upon entering it to one appliance I received an error message that 2FA was being used.

I'll try the same password the ISY Series Controller to see if it works or what error message pops up. Also, to be clear is there a difference selecting the different options from mail / other?? As I picked other initially because selecting mail did not allow me to enter a friendly name as seen in your image capture. 

I may have been wrong, been a while. Select either an app or device and then generate. Pretty certain I selected device for ISY.

[MrBill]

(I didn't review to see if anyone has already suggested this)

• Access to the polisy web interface from the portal. 

Which should not be too difficult to implement considering it's browser based and must be on the same network as the ISY that is already portal connected.  The use case of course is remote access from not on the local network without opening ports.

[MWareman]

(I didn't review to see if anyone has already suggested this)

• Access to the polisy web interface from the portal. 

Which should not be too difficult to implement considering it's browser based and must be on the same network as the ISY that is already portal connected.  The use case of course is remote access from not on the local network without opening ports.

Not sure the ISY is powerful enough to run a proxy like this.

Maybe better to have PolISY establish an independent connection to the ISY Portal to provide this service, and take over the proxying to ISY.

[MrBill]

40 minutes ago, MWareman said:

Not sure the ISY is powerful enough to run a proxy like this.

Maybe better to have PolISY establish an independent connection to the ISY Portal to provide this service, and take over the proxying to ISY.

I didn’t mean to imply the ISY would run the proxy.  But it can certainly help determine the address, and if one is reachable, so is the other.

[garybixler]

Hi, would be nice to have a button to view the Polisy log which is referred to after updates. I know you can view it using the command line, but  I never got there.

Thanks

Gary

[Michel Kohanim]

@garybixler,

I totally agree and included in the list.

With kind regards,
Michel

[MrBill]

wilst reading this thread:

it occurred to me that it wouldn't be nice if you could simply open a terminal window right from the GUI.  I've seen a terminal session embedded in a web page somewhere (a web host as I recall) so it should be possible.  wouldn't solve every need for PuTTY but it would make it easier in some cases for the less experienced users. 

another thought would be a link that opens PuTTY with arguments so that a less experience user only needed to install PuTTY on their machine then click a link in the GUI to open to the correct address etc. 

[apnar]

wilst reading this thread:
it occurred to me that it wouldn't be nice if you could simply open a terminal window right from the GUI.  I've seen a terminal session embedded in a web page somewhere (a web host as I recall) so it should be possible.  wouldn't solve every need for PuTTY but it would make it easier in some cases for the less experienced users. 
another thought would be a link that opens PuTTY with arguments so that a less experience user only needed to install PuTTY on their machine then click a link in the GUI to open to the correct address etc. 

WeTTY work work well for this and is MIT licensed so should be able to be included.

https://github.com/butlerx/wetty