the recent LTT video where he runs down all the problems with his house feels so vindicating towards my decision to never do smart control of anything in my house.

@azonenberg I think the main gap there is light switches, where you really do need an integrated solution. but otherwise yeah, actual industrial stuff is the way to go.

@gsuberland My concept there was to have the switch just be a 12/24V GPIO into the controller.

@gsuberland @azonenberg when builiding the "house enlargement" I wired every new lamp on its own circuit, so now i could centralize light control from the electrical panel. Good past me decision lol.

@gsuberland @azonenberg my pet peeve with any sort of “smart” light switch over here in Europe is that they all have way worse haptic design and are more fiddly to use compared to their non-smart counterparts.

@azonenberg hmm, I've never liked that as a solution. I want the catastrophic failure mode to be "the house functions as a regular house".

@gsuberland Yes. Which is why I said "careful attention to failure modes".

For example, relay outputs for wall receptacles would be normally closed, and there would be a watchdog (or manual killswitch) that would shut down the controller on failure and make them passively turn on.

Key lighting circuits would be 2-gang boxes with the second switch (normally left on) controlling power passively.

@azonenberg that's my point though, with that setup the failure mode is "all your lights are stuck on". that's not an acceptable failure mode in my eyes. the only failure mode I want is that the house functions *precisely* the way it did before I installed anything smart.

imo the way to do that is by having every switch point internally contain an SPDT physical switch wired to an SPDT relay in the same way as you would with a lighting circuit with two switches.

@azonenberg that way if the entire smart system fails, or a relay fails, your light switches still function perfectly normally.

@gsuberland They're not stuck on, they're on until you manually turn them off.

There are unavoidable tradeoffs in every case especially in the "I want to switch a wall receptacle with the switch" use case.

@gsuberland @azonenberg I think "telerupters" (bistable/latched switches) would allow this kind of failure mode. You just need pulses to toggle the lights, so both the automatic and the manual switches could be wired in parallel. The automatic circuit could have a sense line to detect the actual light state.

@gsuberland @azonenberg
The Shelly Pro's might get close; they have ethernet (and wifi and bluetooth) - but they also have a pair of locally programmable interfaces. So I think you could wire a physical light switch onto the 'SW1' and script it to use that to operate locally;

https://www.shelly.com/products/shelly-pro-1?_pos=10&_fid=34a228ceb&_ss=c

@gsuberland
@azonenberg
There's also a lowtech alternative :~)

ALT

@f4grx @gsuberland This puts smarts in the module at the load that can still fail. It's a local per load failure but still a consideration

@azonenberg @f4grx the important thing in my view is that the physical switch continues to work entirely as normal in any failure mode, short of any type of failure that would also kill a regular boring light switch. which is why I'd be so dead set on the double throw latching relay approach. even if the smart control board inside blows up or the relay contacts fuse in place, it just goes back to being a regular boring switch.

@azonenberg but how do you turn them off if the controller is dead and the physical switches are only carrying signal voltages? go unwire it at the board?

@gsuberland When you deploy the system, you didn't know that the switch controlled that receptacle.

The receptacle has to be controlled by a relay somewhere, and that relay has to be independent of the switch (unless you want to lock yourself into a fixed "this switch - that relay" scenario that eliminates most of the benefits of smarts).

The only sane choice is for the relay to be normally closed so the receptacle doesn't go permanently-off on failure. Which means the failure mode *has* to be always-on.

@azonenberg what I'm saying is you have the switch points carry mains just like you would in a regular house, except the switch point contains a relay internally that lets you toggle the lighting state with a smart controller (SPDT switch wired to an SPDT latching relay in series within the switch point itself). if the controller fails, the light switch continues to work 100% as normal. no lighting state changes occur.

@gsuberland This prevents you from remapping the switch to control something else instead of / in addition to the hardwired load (like an overhead light and a table lamp).

That lamp has to fail on or off if the electronics go haywire.

@azonenberg oh I have no interest in that kind of stuff, I just want a simple switch

@azonenberg I will happily give up more advanced control features to keep the basics simple and hazard/hassle free

@gsuberland For plug loads: you use the switch built into the appliance

For overhead lighting loads: 3-position DPDT switch.

Pole 1: common = GPIO, top=24VDC (or other "logic on" voltage, bottom = floating/ground

Pole 2: common = light, top=relay output bottom=relay output

Up position: light wired to relay output, GPIO high. Normal state = GPIO controls relay through controller (but can also drive other relay loads or be switched on/off by other switches, HTTP requests, whatever)

Middle position: light forced off, regardless of relay state (optional: parallel the switch with a normally-open relay)

Bottom position: light forced on regardless of relay state

@azonenberg nah, I hate that. makes it hard to just reach for a light switch without thinking about it.

@gsuberland The goal here is to provide emergency operation of critical loads (so you're not stuck in the dark / unable to sleep because all the lights are on) if the digital control system fails.

This should not be the normal/expected operating mode.