Would anyone trust Windows to run a gas boiler?

[studiot]

The title says it all. Let the discussion commence.

 

 

[fiveworlds]

Absolutely as long as it was on a secured network with no chance of outside interference. Such as a techie installing a virus. Since I don't believe modern computers are immune to being hacked remotely there should be no way for a satellite or other wireless signal to get into the server.

Edited November 8, 2015 by fiveworlds

[studiot]

So my Windows just bluescreened again.

 

What would have happened if it was supposed to be controlling the safety interlocks on the boiler?

[fiveworlds]

Well generally when running a serverfarm many windows machines would be controlling things. Should one fail or bluescreen the others pick up the slack. When did you last see an ATM not work??

[Sensei]

So my Windows just bluescreened again.

When the last time you installed operating system.. ?

 

The only bluescreens that I saw this year was correlated to messing with SATA HDD. Disconnecting and connecting again HDD with spare Win7 system on 2nd disk.

After plugging disk, it was incorrectly connected, and Windows was shutting down to not damage it (after 10-20 minutes of work).

After disconnecting it, and plugging right one, it stopped happening.

Edited November 8, 2015 by Sensei

[Endy0816]

I would think the boiler would have some kind of backup system for a loss of communication scenario. Do you know any of the info for the boiler itself?

[Danijel Gorupec]

 

What would have happened if it was supposed to be controlling the safety interlocks on the boiler?

That would be a bad design. Safety interlocks should be controlled by the lowest possible level (hardware if needed).

 

In that sense, using any modern multi-user, multi-tasking, multi-whatever, GUI OS for safety interlocks is bad.... But I see no problem to use Windows for 'higher' functions.

 

Are you designing or are you commenting some existing design? Maybe you see Windows in front-end but there is actually a microcontroller behind the scene.

[John Cuthber]

What's the alternative?

Given a choice between a boiler controlled by Windows and one with no controls at all, I'd go for Windows.

 

Also, exactly what level of control does it have?

Is it just an expensive timer switch or does it have total responsibility for all the control?

If it's the latter then what incompetent moron forgot to add the safety valves and over temperature cut off etc.?

And since any competent design would fail safe in the absence of a control signal, what difference would it make if that signal was from Windows?

 

Are you hoping to demonstrate that some other operating system will work better?

That's going to be interesting when the electrical power fails.

[studiot]

Thank you all, lots of thoughts and meat for discussion.

 

My answers to the specific questions, sorry if I've missed one, please point it out.

 

No I am not designing a Windows or any other gas boiler controller. The only experience I have is a Windows operated data logger for a large commercial office. This has no controlling functions for the boiler, but can set or change parameters in the boiler's hardware contoller.

 

The last non functioning ATMs I saw were outside the Cydesdale Bank in Dundee, earlier this year.

But I agree they are generally pretty reliable.

 

Studio T does, however maintain embedded Windows POS (point of sale) units in some large commercial operations.

These are substantially more reliable than the 'secure' Windows networks in those same organisations. (Windows server domains and pro workstations).

They are not as reliable as ATM units though, producing system errors that require rebooting to clear.

[John Cuthber]

 

 

My answers to the specific questions, sorry if I've missed one, please point it out.

 

What's the alternative?

Also, exactly what level of control does it have?

Is it just an expensive timer switch or does it have total responsibility for all the control?

If it's the latter then what incompetent moron forgot to add the safety valves and over temperature cut off etc.?

And since any competent design would fail safe in the absence of a control signal, what difference would it make if that signal was from Windows?

Are you hoping to demonstrate that some other operating system will work better?

That's going to be interesting when the electrical power fails.

OK, that last one is an implicit question; I meant what would windows (or anything else) do if the power failed?

[studiot]

Sorry, John, I thought that this was all part of my answer that I am not designing any sort of controller so don't need to consider alternatives.

 

That does not mean others are not designing such a system (it is after all the logical next step from datalogging and parameter setting) and my query wonders how folks would react if they met one in a bar.

 

[John Cuthber]

I suspect that nobody can actually answer the question as asked.

Even if I think the idea of designing a boiler like that is suicidally insane, that doesn't mean that there isn't someone somewhere who would trust Windows to run a gas boiler.

(of course, if someone knows of such a system then the answer is simply "yes".)

But whether I would trust such a system depends heavily on what the other parameters were.

 

That's still true, even if nobody is actually designing it.

If I met someone who was designing such a system, I'd have to ask questions like those before I was really able to come to a sensible decision so, while I can't speak for "folks" in general, my reaction would be to ask those sorts of questions.

If the boiler is in a place away from people and property and isn't doing anything critically important, then why would anyone care if it was run by windows (or a demented frog, for that matter).

If it was the heating system for a major hospital...

[studiot]

 

1) Even if I think the idea of designing a boiler like that is suicidally insane, that doesn't mean that there isn't someone somewhere who would trust Windows to run a gas boiler.

 

2) I suspect that nobody can actually answer the question as asked.

 

1) Exactly why I think this subject needs a good airing, rather than attracting ridicule.

 

2) So perhaps you would be kind enough to suggest a better or improved one.

 

[John Cuthber]

"Do you own a car" would be a better question, because most of us could actually answer it.

 

However it might not help you in your quest to find out something about us, or windows or boiler controls or whatever.

 

What were you hoping to find out?

[Sensei]

That's going to be interesting when the electrical power fails.

That's why people invented UPS..

https://en.wikipedia.org/wiki/Uninterruptible_power_supply

 

My UPS model has option to send e-mail when there is power failure. Through USB, it can also tell computer to shutdown. And to execute commands entered in options.

So if there is power failure, admin is informed (and have to instantly go to work), and device is nicely shutdown.

 

Wake on LAN, allows remotely starting up computer that's shutdown, but plugged to power supply

https://en.wikipedia.org/wiki/Wake-on-LAN

Once there is power supply fixed, admin can start system remotely..

(so it can be also used by agents and hackers)

Edited November 8, 2015 by Sensei

[studiot]

That's why people invented UPS..

https://en.wikipedia.org/wiki/Uninterruptible_power_supply

 

My UPS model has option to send e-mail when there is power failure. Through USB, it can also tell computer to shutdown. And to execute commands entered in options.

So if there is power failure, admin is informed (and have to instantly go to work), and device is nicely shutdown.

 

Wake on LAN, allows remotely starting up computer that's shutdown, but plugged to power supply

https://en.wikipedia.org/wiki/Wake-on-LAN

Once there is power supply fixed, admin can start system remotely..

(so it can be also used by agents and hackers)

 

Sounds good, but

 

In even modest sized outfits the telephone and broadband is no longer powered by the telco line, it is powered from the same mains as the server.

So unless you also have a UPS on you telecoms equipment your server will be unable to send an Email.

[John Cuthber]

A broadly comparable question to the one about Windows would be how happy would you be to have a Unix box running your boiler.

Well, if the boiler needs to send an email to let me know if anything goes wrong, that email is probably sent via servers that are Unix boxes.

 

it's complicated.

So, if I were designing it the system would be locally backed up by local safety systems that would (so far as possible) protect the boiler.

 

In essence I'd never let boiler listen to a command from the computer that told it to do anything dumb.

Then it doesn't matter if its Windows, Mac Os of a trained chimp that's providing the input to the "system" and it doesn't matter if the power fails (or the chimp is distracted by a banana).

[Sensei]

Sounds good, but

 

In even modest sized outfits the telephone and broadband is no longer powered by the telco line, it is powered from the same mains as the server.

So unless you also have a UPS on you telecoms equipment your server will be unable to send an Email.

That's rather obvious that you need to power your routers and modems from reliable power source, to get e-mail message, that something is wrong.

In LTE age, we're not limited just to cable Internet.

So it's just a matter of connecting Android device to server machine, and tell custom made app to send something. Server->Android phone->message to admin.

Or PCI-Express LTE card plugged to server, f.e. http://www.amazon.com/Sierra-Airprime-MC7750-Express-Verizon/dp/B00JY4SHEY

It can be private messaging system with admins, not sometimes unreliable e-mails.

Such system should be checking if message actually arrived or not, and demand reply. If there is no reply, repeat operation.

 

Alternative is to periodically ping server.

Say admin is in New York Queens and server is in Manhattan.

Queens machine is sending couple bytes packet, every 60 seconds.

If there is response, it's working fine.

If not, something is wrong, and have to warn admin for further investigation.

Edited November 8, 2015 by Sensei

[playground]

Quite good instrucions - also the warning may seem a quite good choice, anyways the admin should know about that.

[John Cuthber]

That's rather obvious that you need to power your routers and modems from reliable power source, to get e-mail message, that something is wrong.

In LTE age, we're not limited just to cable Internet.

So it's just a matter of connecting Android device to server machine, and tell custom made app to send something. Server->Android phone->message to admin.

Or PCI-Express LTE card plugged to server, f.e. http://www.amazon.com/Sierra-Airprime-MC7750-Express-Verizon/dp/B00JY4SHEY

It can be private messaging system with admins, not sometimes unreliable e-mails.

Such system should be checking if message actually arrived or not, and demand reply. If there is no reply, repeat operation.

 

Alternative is to periodically ping server.

Say admin is in New York Queens and server is in Manhattan.

Queens machine is sending couple bytes packet, every 60 seconds.

If there is response, it's working fine.

If not, something is wrong, and have to warn admin for further investigation.

It's a general rule of thumb in engineering, that the component that you don't need to include, can't fail.

The system you have put forward seems to me an absurdly complex one.

 

Why bother?

[studiot]

 

It's a general rule of thumb in engineering, that the component that you don't need to include, can't fail.

 

+1 I like it. and you can spend the saved money on good single malt.

[DevilSolution]

I'm confused as to the nature of the question.

 

Are you really asking whether we would trust a computer running windows (presumably non biased OS) to run a gas boiler?

 

or are you creating a debate about the safety of a windows box controlling a gas boiler over the conventional tailor made PCB?

 

If I really wanted an interface for controlling a gas boiler I'd attach something simple like an arduino with a wifi shield and have that connect to some homebrew android app. That way you could connect the boiler to the router and have your android connect to your router (through your own app so ssl enabled) and your phone could control or view the properties of the boiler where ever you are. Only thing you'd have to do is ask ISP for a permanent DNS.

[ydoaPs]

So my Windows just bluescreened again.

 

What would have happened if it was supposed to be controlling the safety interlocks on the boiler?

Same thing as if power goes out-mechanical safeties.

[DevilSolution]

Same thing as if power goes out-mechanical safeties.

 

I'm trying to remember how the sparky's at work wire up the boilers but i havent really looked, if the current stops then i guess the boiler has a little capacitor with enough power to switch the locks?

[ydoaPs]

I'm trying to remember how the sparky's at work wire up the boilers but i havent really looked, if the current stops then i guess the boiler has a little capacitor with enough power to switch the locks?

Typically there's some sort of spring loaded relief valve. If the computer shuts down and it somehow turns the boiler all the way up, then steam pressure will set off the reliefs. If the computer shuts down and it somehow turns the boiler all the way down, then steam pressure drops and mechanical valves will trigger a low pressure shutdown of equipment.

 

As for the other side of the boiler, it depends on what's powering it.

 

I should probably point out that this isn't exactly speculation. Before I went to college, I built, tested, operated, and maintained nuclear reactors and associated primary and secondary equipment. I kinda know what I'm talking about.