Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logging to webserver #511

Open
perkabolo opened this Issue Jan 5, 2019 · 11 comments

Comments

Projects
None yet
5 participants
@perkabolo
Copy link

perkabolo commented Jan 5, 2019

Would it be possible to enable logging to a Web server?

In order to send driving data in real time to abetterrouteolanner so that their range and charging time predictions get more precise.

@fesch

This comment has been minimized.

Copy link
Owner

fesch commented Jan 5, 2019

You would need to write a Android application that collects the data from the dongle and then passes it on to some server. So yes, this is possible.

@perkabolo

This comment has been minimized.

Copy link
Author

perkabolo commented Jan 5, 2019

Is it difficult to make that an option? Instead of log to sd card?

@fesch

This comment has been minimized.

Copy link
Owner

fesch commented Jan 5, 2019

No, it is not that difficult, BUT it would require another permission, namely the one to connect to a remote network. By having this permission, it would not be clear what the application will upload. This is why the editing team of CanZE decided against pushing data from via the phone to some web server.

But maybe we can discuss again about all this, including the necessary security ...

@yoh-there

This comment has been minimized.

Copy link
Collaborator

yoh-there commented Jan 5, 2019

See this post for a more complete discussion (well, at least from the current developers end ;-) )

https://canze.fisch.lu/connected-services-thoughts/

@Felger

This comment has been minimized.

Copy link

Felger commented Jan 6, 2019

I'm not sure it would need anything all that special, if CanZE supported simple rest-like URL requests, similar to Torque Pro. Torque's permissions only require Phone, Storage, and Location.

If you offered the ability to send a string of data, and input a username / email address / other ID, perhaps even selecting a subset of data, it'd just be a simple HTTP request, which doesn't require special permissions AFAIK. Example http request:
http://example.server.com/zoeq210?user=felger@example.com&Lat=29.573Long=-95.022&SoC=96.4375&SoH=98&ext_temp=15.1&power=14.2&v=355.6&a=39.2

In this example, the user would provide the username (felger@example.com) and the server path (http://example.server.com/zoeq210), and perhaps pick all the fields to transmit.

@yoh-there

This comment has been minimized.

Copy link
Collaborator

yoh-there commented Jan 6, 2019

First of all, nothing here is technically challenging. That is really not the issue at all.

Second, and excuse me for acting "Dutch": I am not in favor of this approach at all. Usernames & passwords in url's is very unsafe. If going this route it would require at least https and POSTing data. All easy modifications to the basic idea BTW. If our friends at Torque think otherwise, good riddance to them.

As for location logging, I am putting my foot down big time. Marriages have failed over stuff like that. I know you can't protect people from being stupid, but at least you can avoid being part of it.

Sorry to be an ass about stuff like this, but I am a sucker when it comes to data leaks. Just the other day I pulled a tablet from a recycle bin. Crack in the screen. I hooked up a mouse and it started. It unlocked with just a swipe. I added WiFi credentials and there was the lady's email, Youtube history, Facebook, photo's etc. Being a nice guy I wiped the thing of course. I digress.

But of course CanZE is all open source so it can be done.

For the releases we maintain here, I propose to:-

  • think again if we really want this;
  • do we want to make the fields flexible or only battery related;
  • do we go the MQTTS route or the HTTPS/POST route
@yoh-there

This comment has been minimized.

Copy link
Collaborator

yoh-there commented Feb 10, 2019

I am bumping this issues. We're maintaining CanZE now for what, 4 years? If there is a common request, it's logging in one form or another. We have implemented some on the phone's file system and once we did it needed to be more / more flexible / online, secure, easy, whatever. What I am trying to say is: there certainly is a perceived requirement, but when it comes to hardcore what and why and how, things usually turn silent.

This is not criticism. I know this deal. My home automation has acquired about 2 GB of data about temperature, PV, light switches, whatever, that will NEVER be looked at again, yet still I put effort in logging it, it's daily backup etc. We are hoarders, if not for stuff, it's for data. SWMBO refuses to delete completely blurred photo's.

Personally, I don't want to keep this issue open forever and/or start yet another implementation, so first thing we need to do is scope the issue. Given the above, which of course is just my opinion, I propose to set the bar low, not high. For me this means:

  • Focus on driving an charging data collection (this implies NO focus on control. Charging control is out of scope for non-home usage and should be home automation and dongle based for home usage. No phone should be involved.)
  • Focus on the battery and range. Hashed VIN, SOC, temp, max power intake, SOH, age, mileage, average speed, average consumption (over say 5 min driving intervals) and that is about it.
  • Focus on either collect-then-upload (basically an offline model) OR collect-and-push (online model)
  • Think once more on whether this is actually needed and if so, if a phone-tablet is the proper platform. For this to be remotely reliable, one need to have it on always. Personally I have serious doubts about this and would much more prefer a dongle logging, collecting and forwarding, AKA move the entire issue to the CanSee project.
  • Define the security model. My personal opinion is that the MQTTS route is better than the HTTPS/REST interfaces as the data is by definition volatile, where REST is almost by definition non-volatile.

Discuss!

@Felger

This comment has been minimized.

Copy link

Felger commented Feb 11, 2019

I can comment on what ABRP would require, but past that I have no stake in the logging:

  • Custom destination address
  • Logging of key vehicle parameters for driving a plan (SoC, SoH, Power, Speed, etc). Lat/Lon optional (not required).
  • Some means of correlating the user to their data, perhaps a randomly generated user ID they can send me to identify their data.

The absolute minimum driving data I would need is SoC only, but I can do more useful things for the user if they have the option of sending me more data.
The actual interface, I can work with whatever you decide to implement. If I don't know it already (likely) I can learn it, so pick something secure!

@jimcraiguk

This comment has been minimized.

Copy link

jimcraiguk commented Feb 16, 2019

I'm of a similar mind to @yoh-there and keep the bar low with the suggestions he proposes in his comment above. I can't believe Torque are posting usernames and passwords, that's lazy or careless or lacking in any respect for user privacy.

@Felger

This comment has been minimized.

Copy link

Felger commented Feb 19, 2019

Torque doesn't even provide a field to provide a password, just an optional user ID field (email typically) and an automatically generated Torque ID (random string of letters and numbers). LeafSpy is the one that offers transmission of uname / password via http / https

@yoh-there

This comment has been minimized.

Copy link
Collaborator

yoh-there commented Feb 19, 2019

Well we could always shrug and implement a REST based, totally insecure data pushing client and not implement a listener / backend and shout "stuff it, do whatever you want, your call". The data in itself is not very sensitive though that can be debated. It seems to be the approach others use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.