S2 plugin updated to the latest, release notes updated.

Hi Rich,

Will, the s2 plugin version be updater to x86 linux too? It is at v240 now

Hi. Is it possible to disable S0 in the plugin and require S2 for all HS Zwave communications?

thx
mike

rjh - Wondering the same...

rjh Still hoping for an update to the x86 version of this plugin. Some understanding of the future of S2 support in Homeseer would be welcomed too...

I can update the x86 version. Right now Silicon Labs (formally sigma), is forcing hubs to use the ZIP interface for controllers. This interface only runs on Linux. So software on Windows will need a new interface and it will be expensive. Also, it means a total re-write of our Z-Wave plugin, something we don't want to do (and don't need to do). The solution we have now cannot be certified (even though it works). So we are on hold as they may be changing this requirement. That is where we are at. Obviously they think that Z-Wave should only be support by small low powered hubs that run Linux and they don't want to support other OS's.

Wow. Appreciate the background. I'm no Windows fan for this sort of application, but it's still frustrating that they can be so short-sighted...seems pretty clear they view low-end hubs backed by cloud processing for event logic as the one true answer...

Don’t they know the market? I’m sure they do...
what is the reason for this?

The reason is security, they created the code that does the encryption and want to limit where it ends up. But they did do a DLL that works on Windows, so maybe they just don't want to maintain the different versions. I think they feel that small low powered hubs is where the market is. So we would need to create a new Z-Net like device that Windows users would need to use. Its more work for us with no benefit over what currently exists.

I updated the X86 version, its in the updater now.

With the recent announcements around WSL 2 (Windows Subsystem for Linux) being baked into Windows 10 late 2019, is this a viable option for natively handling the Linux interface inside the Windows OS?

Currently I am using the standard (S0) Z-Wave plugin. So far I have only had lights and sensors in my system, but I now want to include my Z-Wave capable smart locks (which do support S2). I can either include them with S0 (continue with existing plugin), or else switch to the S2 beta plugin. I have the Zooz S2 Z-Wave USB interface.

Keeping in mind the following:

- I am not concerned at all about anybody "snooping" my devices during the inclusion process (which I understand was the key issue with S0?)
- I am fine with my previously included lights and sensors to be in S0 mode, it would just be locks and future devices I would want to get on S2 security.

Questions:

1) Once the inclusion phase is completed, is S0 secure enough for locks, or could some two bit burgler unlock my doors using come easy common S0 exploit that would not work if I was on S2 ? (If the only real risk is during inclusion, I could just stick with S0)

2) If I upgrade to the S2 plugin, what happens to all of my already included devices (and all the events I they are in, etc, etc) ? Will they continue to work (in S0 mode)?

3) If I want to upgrade existing S0 devices to S2 (all my devices support S2), do I need to exclude and then reinclude, and redo all my associated events, custom strings, etc, etc - or is there a more seamless way to "upgrade" the security?

4) I understand Ztool does not support S2. If I am on the S2 plugin, can I still use Ztool to include S0 devices (where I don't care if they are S2 or S0) ?

5) How/Where do I add S2 devices (in S2 mode), if not with Z-Tool?

6) Are there are other benefits to S2 (such as speed/performance), other than the more secure including process, that would make it worthwhile to upgrade to S2?



Thanks!
/-Tim

My understanding of S2 is that S0 devices that aren't locks are entirely unencrypted, so the risk is any time any signal is sent to/from the device, not just during inclusion. The authenticated S2 mode is what protects device inclusion; adding an S2 node in unauthenticated mode is susceptible to inclusion-time sniffing, but assuming that's secure then the device is secure going forward.

But locks are always encrypted in S0, as far as I'm aware. I don't know enough about your other questions to answer them authoritatively.

Any updates from Sigma? Or are they being stubborn and standing firm on the ZIP protocol?

No, looks like ZIP is required. For us to support this it means a pretty much total re-write of the Z-Wave plugin, which will take months. And the result is something that no one is asking for. We can keep what we have now in sync with the standard Z-Wave plugin so those who want to use S2 can use it. But it will probably will never be a "certified" Z-Wave product. But you never know, there is always a chance they may relax the requirement for ZIP.

After HS4 is released, we may revisit this.

I for one am GLAD to see the requirement enforced. Windows has been a total security nightmare since forever which is why I stopped any and all support for it 1/2005. I run HS3 on Fedora Core 30 (looking at RHEL8 soon) and want to see MUCH more and BETTER Linux support. The SOLE reason I am running std not HS3 PRO is because virtually NOTHING I need or would use runs on Linux like FW updates, HSTouch editor, etc. HS3 runs EVERYTHING here. HVAC conrtrol board has been gone for months now replaced by Simple relays and Z-Wave devices/controls. Dir=tto on heat, zone control, etc. Next gen dual backup emergency power system (UPS primary, generator secondary) Comes online for its first test this weekend and that (3 transfer switches, UPS, Generator, load shedding, etc) will be 100% HS3 controlled and managed.

I'm going to try this S2 plugin to see if I get any better results with Siren6 and start trying t get as much as possible to either wired (via HS3 Arduino/Pi plugins) or Z-Wave S2.

Also something I CAN do in LINUX but NOT windoze.... HA ACTIVE/BACKUP clustering! I am working on install scripts and things to setup using a Pi3/4b as a backup cluster node with pacemaker/Linux HA when the interface is a Z-Net with the Primary node being a Fedora Core VM. Also lets not forget the possibility of a container based HSx install on a multi-system platform. Face facts.... win is more or less dead. Server side it's been dead for YEARS, just waiting for desktop side to finally fall over.



Honestly this win/lin issue really should be a moot point by now as windows is becoming nothing more than a poor clone of Linux with a overburdened inefficient interface. "Desktops" these days are rapidly moving to either Linux, Chrome OS, or Mac. A Raspberry Pi makes a FANTASTIC desktop and the 4b with 4GB RAM even more. Good luck running win on that! And NO I don't have SW issues as WINE has come a REALLY long way and what still is left not running on Linux (less and less each month) runs VERY well on WINE (YES INCLUDING O365/2016 as well as TONS of games, cad tools, etc). Been running ONLY Linux desktops since 2005 and have NEVER been hacked or EVER had to "reinstalll". Never had a single issue with HW drivers or magor version upgrades either since Fedora Core 6. FC6 to FC18 ran on a 2004 HP laptop with Pentium 4 200Mhz CPU and 2G RAM (which ran Starcraft 1 just fine) until I bought Starcraft II and "had" to get a Dell M6700 with FC18 that now runs FC30.