Jump to content

Would anyone trust Windows to run a gas boiler?


studiot

Recommended Posts

Absolutely as long as it was on a secured network with no chance of outside interference. Such as a techie installing a virus. Since I don't believe modern computers are immune to being hacked remotely there should be no way for a satellite or other wireless signal to get into the server.

Edited by fiveworlds
Link to comment
Share on other sites

So my Windows just bluescreened again.

When the last time you installed operating system.. ?

 

The only bluescreens that I saw this year was correlated to messing with SATA HDD. Disconnecting and connecting again HDD with spare Win7 system on 2nd disk.

After plugging disk, it was incorrectly connected, and Windows was shutting down to not damage it (after 10-20 minutes of work).

After disconnecting it, and plugging right one, it stopped happening.

Edited by Sensei
Link to comment
Share on other sites

 

What would have happened if it was supposed to be controlling the safety interlocks on the boiler?

That would be a bad design. Safety interlocks should be controlled by the lowest possible level (hardware if needed).

 

In that sense, using any modern multi-user, multi-tasking, multi-whatever, GUI OS for safety interlocks is bad.... But I see no problem to use Windows for 'higher' functions.

 

Are you designing or are you commenting some existing design? Maybe you see Windows in front-end but there is actually a microcontroller behind the scene.

Link to comment
Share on other sites

What's the alternative?

Given a choice between a boiler controlled by Windows and one with no controls at all, I'd go for Windows.

 

Also, exactly what level of control does it have?

Is it just an expensive timer switch or does it have total responsibility for all the control?

If it's the latter then what incompetent moron forgot to add the safety valves and over temperature cut off etc.?

And since any competent design would fail safe in the absence of a control signal, what difference would it make if that signal was from Windows?

 

Are you hoping to demonstrate that some other operating system will work better?

That's going to be interesting when the electrical power fails.

Link to comment
Share on other sites

Thank you all, lots of thoughts and meat for discussion.

 

My answers to the specific questions, sorry if I've missed one, please point it out.

 

No I am not designing a Windows or any other gas boiler controller. The only experience I have is a Windows operated data logger for a large commercial office. This has no controlling functions for the boiler, but can set or change parameters in the boiler's hardware contoller.

 

The last non functioning ATMs I saw were outside the Cydesdale Bank in Dundee, earlier this year.

But I agree they are generally pretty reliable.

 

Studio T does, however maintain embedded Windows POS (point of sale) units in some large commercial operations.

These are substantially more reliable than the 'secure' Windows networks in those same organisations. (Windows server domains and pro workstations).

They are not as reliable as ATM units though, producing system errors that require rebooting to clear.

Link to comment
Share on other sites

 

 

My answers to the specific questions, sorry if I've missed one, please point it out.

 

What's the alternative?

Also, exactly what level of control does it have?

Is it just an expensive timer switch or does it have total responsibility for all the control?

If it's the latter then what incompetent moron forgot to add the safety valves and over temperature cut off etc.?

And since any competent design would fail safe in the absence of a control signal, what difference would it make if that signal was from Windows?

Are you hoping to demonstrate that some other operating system will work better?

That's going to be interesting when the electrical power fails.

OK, that last one is an implicit question; I meant what would windows (or anything else) do if the power failed?
Link to comment
Share on other sites

Sorry, John, I thought that this was all part of my answer that I am not designing any sort of controller so don't need to consider alternatives.

 

That does not mean others are not designing such a system (it is after all the logical next step from datalogging and parameter setting) and my query wonders how folks would react if they met one in a bar.

 

:)

Link to comment
Share on other sites

I suspect that nobody can actually answer the question as asked.

Even if I think the idea of designing a boiler like that is suicidally insane, that doesn't mean that there isn't someone somewhere who would trust Windows to run a gas boiler.

(of course, if someone knows of such a system then the answer is simply "yes".)

But whether I would trust such a system depends heavily on what the other parameters were.

 

That's still true, even if nobody is actually designing it.

If I met someone who was designing such a system, I'd have to ask questions like those before I was really able to come to a sensible decision so, while I can't speak for "folks" in general, my reaction would be to ask those sorts of questions.

If the boiler is in a place away from people and property and isn't doing anything critically important, then why would anyone care if it was run by windows (or a demented frog, for that matter).

If it was the heating system for a major hospital...

Link to comment
Share on other sites

 

1) Even if I think the idea of designing a boiler like that is suicidally insane, that doesn't mean that there isn't someone somewhere who would trust Windows to run a gas boiler.

 

2) I suspect that nobody can actually answer the question as asked.

 

1) Exactly why I think this subject needs a good airing, rather than attracting ridicule.

 

2) So perhaps you would be kind enough to suggest a better or improved one.

 

:)

Link to comment
Share on other sites

That's going to be interesting when the electrical power fails.

That's why people invented UPS..

https://en.wikipedia.org/wiki/Uninterruptible_power_supply

 

My UPS model has option to send e-mail when there is power failure. Through USB, it can also tell computer to shutdown. And to execute commands entered in options.

So if there is power failure, admin is informed (and have to instantly go to work), and device is nicely shutdown.

 

Wake on LAN, allows remotely starting up computer that's shutdown, but plugged to power supply

https://en.wikipedia.org/wiki/Wake-on-LAN

Once there is power supply fixed, admin can start system remotely..

(so it can be also used by agents and hackers)

Edited by Sensei
Link to comment
Share on other sites

That's why people invented UPS..

https://en.wikipedia.org/wiki/Uninterruptible_power_supply

 

My UPS model has option to send e-mail when there is power failure. Through USB, it can also tell computer to shutdown. And to execute commands entered in options.

So if there is power failure, admin is informed (and have to instantly go to work), and device is nicely shutdown.

 

Wake on LAN, allows remotely starting up computer that's shutdown, but plugged to power supply

https://en.wikipedia.org/wiki/Wake-on-LAN

Once there is power supply fixed, admin can start system remotely..

(so it can be also used by agents and hackers)

 

Sounds good, but

 

In even modest sized outfits the telephone and broadband is no longer powered by the telco line, it is powered from the same mains as the server.

So unless you also have a UPS on you telecoms equipment your server will be unable to send an Email.

Link to comment
Share on other sites

A broadly comparable question to the one about Windows would be how happy would you be to have a Unix box running your boiler.

Well, if the boiler needs to send an email to let me know if anything goes wrong, that email is probably sent via servers that are Unix boxes.

 

it's complicated.

So, if I were designing it the system would be locally backed up by local safety systems that would (so far as possible) protect the boiler.

 

In essence I'd never let boiler listen to a command from the computer that told it to do anything dumb.

Then it doesn't matter if its Windows, Mac Os of a trained chimp that's providing the input to the "system" and it doesn't matter if the power fails (or the chimp is distracted by a banana).

Link to comment
Share on other sites

Sounds good, but

 

In even modest sized outfits the telephone and broadband is no longer powered by the telco line, it is powered from the same mains as the server.

So unless you also have a UPS on you telecoms equipment your server will be unable to send an Email.

That's rather obvious that you need to power your routers and modems from reliable power source, to get e-mail message, that something is wrong.

In LTE age, we're not limited just to cable Internet.

So it's just a matter of connecting Android device to server machine, and tell custom made app to send something. Server->Android phone->message to admin.

Or PCI-Express LTE card plugged to server, f.e. http://www.amazon.com/Sierra-Airprime-MC7750-Express-Verizon/dp/B00JY4SHEY

It can be private messaging system with admins, not sometimes unreliable e-mails.

Such system should be checking if message actually arrived or not, and demand reply. If there is no reply, repeat operation.

 

Alternative is to periodically ping server.

Say admin is in New York Queens and server is in Manhattan.

Queens machine is sending couple bytes packet, every 60 seconds.

If there is response, it's working fine.

If not, something is wrong, and have to warn admin for further investigation.

Edited by Sensei
Link to comment
Share on other sites

  • 2 weeks later...

That's rather obvious that you need to power your routers and modems from reliable power source, to get e-mail message, that something is wrong.

In LTE age, we're not limited just to cable Internet.

So it's just a matter of connecting Android device to server machine, and tell custom made app to send something. Server->Android phone->message to admin.

Or PCI-Express LTE card plugged to server, f.e. http://www.amazon.com/Sierra-Airprime-MC7750-Express-Verizon/dp/B00JY4SHEY

It can be private messaging system with admins, not sometimes unreliable e-mails.

Such system should be checking if message actually arrived or not, and demand reply. If there is no reply, repeat operation.

 

Alternative is to periodically ping server.

Say admin is in New York Queens and server is in Manhattan.

Queens machine is sending couple bytes packet, every 60 seconds.

If there is response, it's working fine.

If not, something is wrong, and have to warn admin for further investigation.

It's a general rule of thumb in engineering, that the component that you don't need to include, can't fail.

The system you have put forward seems to me an absurdly complex one.

 

Why bother?

Link to comment
Share on other sites

I'm confused as to the nature of the question.

 

Are you really asking whether we would trust a computer running windows (presumably non biased OS) to run a gas boiler?

 

or are you creating a debate about the safety of a windows box controlling a gas boiler over the conventional tailor made PCB?

 

If I really wanted an interface for controlling a gas boiler I'd attach something simple like an arduino with a wifi shield and have that connect to some homebrew android app. That way you could connect the boiler to the router and have your android connect to your router (through your own app so ssl enabled) and your phone could control or view the properties of the boiler where ever you are. Only thing you'd have to do is ask ISP for a permanent DNS.

Link to comment
Share on other sites

I'm trying to remember how the sparky's at work wire up the boilers but i havent really looked, if the current stops then i guess the boiler has a little capacitor with enough power to switch the locks?

Typically there's some sort of spring loaded relief valve. If the computer shuts down and it somehow turns the boiler all the way up, then steam pressure will set off the reliefs. If the computer shuts down and it somehow turns the boiler all the way down, then steam pressure drops and mechanical valves will trigger a low pressure shutdown of equipment.

 

As for the other side of the boiler, it depends on what's powering it.

 

I should probably point out that this isn't exactly speculation. Before I went to college, I built, tested, operated, and maintained nuclear reactors and associated primary and secondary equipment. I kinda know what I'm talking about.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.