Z-wave devices in secure mode and range

Hmmmm !
That’s okay but what about - How long does ‘inclusion mode’ stay active for you to run around the house in press their buttons, and to wake/include battery devices ?
Not saying you’re wrong, just that I don’t know.

My wife is not happy being my “trician’s mate” pressing buttons on kit, when I shout.
Also I’m not happy with her putting fingers in live back boxes, caught her once putting a knife in a toaster to fish out some bread - I went spare - she said "well you do it ! " :blush: so now I just wait till she’s out of the room.

Hi Justin

I’ve just been through including 20 Fibaro Dimmer 2 dimmers with a Aeotec USB stick on a PI, and two of the dimmers repeatedly failed to “Include” correctly until I moved the Pi close to the physical location of the dimmer. They repeatedly failed to add the critical “Level” entity which is the one you actually use to dim the lights. Was this a fluke? I assumed it was to do with proximity/signal strength. The whole network consists only of these Fibaro Dimmers.



When I tried using the button on the stick, I always lost ‘something’ on the device (a sensor or other attribute). I just use the z wave manager now.

You may be right, about it having to do with needing direct contact with the controller, but I think the true reason has to do with latency and wake time (not ‘secure routes’ as stated before). I have noticed on some of my farther away nodes, that they have much larger average_response and average_request… like 150-1000ms vs about 30ms for devices with direct hops. For a battery node that doesn’t stay awake to receive commands for long, this delay in communications can mean some commands are left processing when the device falls back to sleep. I think this may be the reason the ‘old school way of adding/excluding’ may still have it’s place when it comes to battery powered devices.

Not sure if it’s even possible, but what would be nice is if manufacturers of battery powered zw devices made use response and request times to scale the awake time when using a ‘wake button’ for adding/excluding.

According the specifications- battery devices should stay awake XX (can’t remember) seconds after starting inclusion mode (on the device). They shouldnt go to sleep till OpenZWave sends a “wakeup-no more information” packet - which basically puts it back to sleep. They should sleep after the timeout if they don’t get included.

In reality - not everyone follows the specs. :exploding_head::rage:

I just log into HA interface on my phone using my internal network, use it to start the inclusion and hit the device.

Duh !

How stupid am I ? (don’t answer that ! ) an obvious solution.
I’ll try not to feel like a complete moron as I walk away in shame. :sob:

Just wait till the wife finds out… :stuck_out_tongue: @Mutt

I don’t like having the admin creds stored on my phone. Since my pc has the creds saved that makes it much easier to login (my password is not memorable long with random chars). So it takes much more time to type that in my phone and then I have to ensure the browser doesn’t remember it (lest I lose my phone and give someone full access). So I rarely use my phone for admin stuff, but adding zwave nodes is one case where I do use it. Would be better though if certain devices stuck to the standard so I wouldn’t have to.

If you secure your phone effectively you don’t have to fear loosing it :stuck_out_tongue:

A decent password or fingerprint for phone access should secure the phone well enough its not an issue. after X invalid entries phone self-destructs the data on it.

@truglodite, I fully agree with @firstof9 and @a_lunatic a phone is a pretty damn secure way of storing such information. Unless you subscribe to paranoid delusions about large multi-nationals and/or governments wanting to turn your lights on and off in which case you need much more help than we can provide…

@truglodite I also secure passwords inside a password vault ie: LastPass that way I can share them between my desktop and mobile.

All great replies guys, thanks!

@Doranagun, is that the default setup for 'droid’s these days, to delete after x fails? Happen to know a way for me to verify this, and perhaps adjust x?

@Mutt, sometimes I do wonder if I am a tin-hatter, but no I don’t ‘believe in’ stuff without doing my best to research it with a critical mind. I’m just not as much in to my phones as I used to be, back when everyone (including myself) was rooting them. So perhaps some ignorance is creeping on me and affecting my mindset. My s8+ isn’t rooted, and that gives an idea how long it’s been since I’ve looked into vulnerabilities. So I’ve always though that some half way decent hacker could get in easy enough with phone in hand. Although, it does makes senses these days that phones aren’t as insecure as they used to be.

@firstof9, I still to this day use the system I have used for about 25years… an encrypted text file on my file server. I did look into pass vault apps a while ago, but honestly my uses don’t generally require one. The most sensitive info I access from my phone would be my lan, via vpn, secured with 4k tls certs. Otherwise, I just let google store my website passwords for things like this website (not my bank, etc… just don’t trust/need google that much lol).

This is something specific to iPhones, I haven’t heard of this for Android phones. There is a remote wipe feature you can use for on Android in case someone nabs it tho.

You added one more reason for me to ditch my aging phone and get an iphone. My wife and kids all use iphones. I’ve always used 'droid because of the control it has for some things, but lately my phone has been used more like a phone and less like a computer. So the privacy of iphone is definitely attracting me that way… now if my batter would stop lasting a full day I’d have the WAF to upgrade, LOL.

No one will switch me away from Android :stuck_out_tongue:

I switched to an iPhone awhile ago because I don’t need to be around a computer 24/7. The setup of an iphone is 10 minutes. My last android took so damn long. Never again. Then when you get a new iPhone, you just log in and all your apps and settings get pushed over. Unlike android where it only downloads the apps… then you gotta go through and setup each app to your liking.

All my android settings follow my account, background, apps, passwords, etc.

even if you switch phone brands? Last I checked, it did not do that. Had a galaxy 1 and 2 had to configure both, was super annoying. Caused me to do the switch. Granted that was almost 10 years ago now. Either way, apple had it at the time.