Midinite 150 first impressions

mtdoc

Re: Midinite 150 first impressions

ChrisOlson wrote: »

You don't need to speak Modbus over TCP. All a blackhat needs to do is download the free Local App, know the IP address and serial number of a Classic hooked to the internet, and they have access to it.

It's not quite that simple. The IP address of my Classic - even if I'm using a static IP address for it, won't help you. You'd need to know the IP address of my modem which is constantly changing because I, like almost everybody, has their modem IP address assigned dynamically. Even then, of course, you need to get past whatever local firewall was present. Then, you need to find the address of the Classic on the local network then you need to know its serial number or hack into it.

But the real question here is why??

Why in the world would a hacker be downloading the Midnite Local App and be interested in finding home networks with Midnite Classics on them? You'd have to be in real tin-foil hat paranoia territory to think that there are hackers out there actively looking for RE systems to hack into - and if so to what end - just to wreck your batteries?.

Then again maybe the NSA wants to monitor my solar production - perhaps my email and cell phone data is just not enough..:roll:

Cariboocoot

Re: Midinite 150 first impressions

In day-to-day activities more things go wrong with computer-based systems due to their own built-in flaws than are ever caused by deliberate assault by hackers.

I sure wouldn't be worried about anyone hacking in to my RE system. On the other hand I have no reason whatsoever to make it available to remote access anyway. You'd be amazed and how much I ignore the thing. Haven't looked at it in over two weeks now. I expect it's running fine. If it's not, I'll fix it when I find out. Until then ... no worries, eh?

boB

Re: Midinite 150 first impressions

ChrisOlson wrote: »

You don't need to speak Modbus over TCP. All a blackhat needs to do is download the free Local App, know the IP address and serial number of a Classic hooked to the internet, and they have access to it.

I don't think security by obscurity really works. I have seen various linux clubs host a "break into this computer" contest, and invariably the skilled blackhat can break into any of them in less than 48 hours. There has been multitudes of security vulnerabilities found in SSH, the Apache webserver, etc, by developers or clubs hosting those contests. They can build the most secure application they think possible, and there's always a blackhat that can find a hole in it.
--
Chris

I would have thought that RE hackers would have broken the OB proprietary protocol in the last 10 years.

I just think that there is not enough interest and not as exciting as hacking a widely used operating system.

Maybe if there was some kind of hackers' network for RE ??

Never heard of such a thing happening to any RE system. Big utilities, yes.

boB

boB

Re: Midinite 150 first impressions

ChrisOlson wrote: »

You don't need to speak Modbus over TCP. All a blackhat needs to do is download the free Local App, know the IP address and serial number of a Classic hooked to the internet, and they have access to it.

I don't think security by obscurity really works. I have seen various linux clubs host a "break into this computer" contest, and invariably the skilled blackhat can break into any of them in less than 48 hours. There has been multitudes of security vulnerabilities found in SSH, the Apache webserver, etc, by developers or clubs hosting those contests. They can build the most secure application they think possible, and there's always a blackhat that can find a hole in it.
--
Chris

In addition, they would also have to know the port number.

bmet

Re: Midinite 150 first impressions

boB wrote: »

I just think that there is not enough interest and not as exciting as hacking a widely used operating system.

They used to say that about Apple OS. The Evil Empire was everyone's favorite target.

ChrisOlson

Re: Midinite 150 first impressions

boB wrote: »

In addition, they would also have to know the port number.

It's easy to find open ports, and on what IP address they're open, with a network port scanner program. Many times the port that's open tells you exactly what application is running behind it.

I like being able to connect to the equipment with the computer for logging data and such without having to go out to the utility room to look at the equipment. And I use the Local App for my Classics over our wireless internet between the house and my office in our equipment shop. But I have hesitated to hook it to the outside internet with a port forward in our router because I don't even own a computer that's outside our own internet, and I'm afraid somebody will get into it.

The hackers don't have to have a reason to break into a computer or piece of equipment. They do it because they can, and it's a hobby for many of them. They will do it just to leave their "mark" and put another feather in their hat.
--
Chris

boB

Re: Midinite 150 first impressions

ChrisOlson wrote: »

It's easy to find open ports, and on what IP address they're open, with a network port scanner program. Many times the port that's open tells you exactly what application is running behind it.

Chris

Yes, I forgot about NMAP which scans the ports.

Now that we have told the world how to find Classics and hack them, I guess it doesn't matter that
the MAC address is owned by MidNite Solar.

NMAP does think it is an electric meter of some other type though. I won't put that here so Google can't
find it and tie it to this posting, if that helps at all.

boB

ChrisOlson

Re: Midinite 150 first impressions

I think that informed people that run sensitive equipment don't allow outside access to it. They will use a VPN or SSH tunnel to connect to their local network from the internet, then access their sensitive stuff thru the secure connection. But many people that don't know about that stuff will not take the proper security measures. So if a hacker scans the network and finds open ports and determines what is running behind it by "probing" it (using various tools like SSH, telnet, etc.. to see how it responds) he'll just "listen" in to intercept passwords, etc that are probably being transmitted, not encrypted, in clear text when the owner logs in to make a connection.

Anybody that connects anything that can be "controlled" to the internet should know about this and take appropriate security measures. But less than probably 1% do.

Like I said, the less I have to do with computers, for the most part, the more peaceful my life seems to be. My wife and I don't even use so-called "smart phones" or text messaging because we can talk to somebody on the thing way faster and more effective than wasting a bunch of time pushing buttons on it to try to tell 'em something.
--
Chris

solar_dave

Re: Midinite 150 first impressions

ChrisOlson wrote: »

I think that informed people that run sensitive equipment don't allow outside access to it. They will use a VPN or SSH tunnel to connect to their local network from the internet, then access their sensitive stuff thru the secure connection. But many people that don't know about that stuff will not take the proper security measures. So if a hacker scans the network and finds open ports and determines what is running behind it by "probing" it (using various tools like SSH, telnet, etc.. to see how it responds) he'll just "listen" in to intercept passwords, etc that are probably being transmitted, not encrypted, in clear text when the owner logs in to make a connection.

Anybody that connects anything that can be "controlled" to the internet should know about this and take appropriate security measures. But less than probably 1% do.

Like I said, the less I have to do with computers, for the most part, the more peaceful my life seems to be. My wife and I don't even use so-called "smart phones" or text messaging because we can talk to somebody on the thing way faster and more effective than wasting a bunch of time pushing buttons on it to try to tell 'em something.
--
Chris

Most people would just setup the local network "out of the box". More and more network gear providers bring a default level of security right out of the box. Me I am a little more anal, my WiFi for instance has to be connected only with a known MAC address of the device connecting. The management of the network can only be done with hard wired devices. I am sure if some black hat wanted to they could still get into my network by cloning a MAC address into there device but the question really is why bother when you can go to anonymous Starbucks or Mickey Ds and get a WiFi connection with no issues. Not much interesting going on in my network anyway. I do use ssh tunnels for all the important comms while telecommuting and those are hard wired devices in my network.

Most bank type access is SSL encrypted anyway so those valuable passwords are protected on the "wire". Where some people get burned is they allow those passwords to be stored locally in browser based storage and the host gets trojaned or hacked. Personally I only do banking type stuff with a hard wired computer.

Now smart cell phones, there is another story, we scrapped our plans altogether. Way to many horror stories about using them floating around. We may consider getting voice only phones again but they are a rarity these days. I am with you on the texting, it is just a pain in the butt and a total waste of time when I can just call and talk or VM if needed.

ChrisOlson

Re: Midinite 150 first impressions

solar_dave wrote: »

Most people would just setup the local network "out of the box".

All I'm saying is that being able to connect to your RE equipment over the local network with a PC is nice for data logging and convenience. But one should be wary of opening a port to the outside world on a router hooked to equipment that can be configured remotely. An open port is an open invitation to hackers. While you may assume your system is obscure and uninteresting, and hackers only try to "own" Windows-based systems, that assumption is wrong. When I was in the engineering profession we used Solaris systems for CAD work and data crunching - there is no such thing as Windows in that business. I will never forget the time a hacker gained root access to one of our 16-processor SPARC servers and did:
cd /
ls -la

probably grinned at that point then executed
rm -rf

You would not believe the havoc that raised on an obscure, supposedly secure, engineering dept main server that had the data in it for about 75 Sun SPARC Workstations. All because a network admin left port 1521 open to the outside world for the Oracle database. Some hacker found it and exploited a vulnerability in the database software, gained root on the machine and it was history. And they only reason the hacker did it is just because he or she could. It's all about bragging rights in hacker/blackhat circles.

So that's all I'm saying - be careful with it and don't think that what you got is so obscure that nobody is interested in it. I'm still waiting to see what kind of security Schneider Electric put in the remote configuration software for their new ComBox to see if the ComBox itself is linux-based and if they use SSL or some other method of encryption to gain access to it over the internet, or if it's just clear text transmission of data packets.

I really hate computers. I use them when they're convenient. I spent the majority of my computer-using time on Unix systems over the years. I know little about Windows systems but they're easy to use and lots of software runs on Windows systems so it's all I use anymore. But when a computer starts taking up more of my time to do something than doing it the "old way" - I'll use the "old way" every time.
--
Chris

solar_dave

Re: Midinite 150 first impressions

ChrisOlson wrote: »

All I'm saying is that being able to connect to your RE equipment over the local network with a PC is nice for data logging and convenience. But one should be wary of opening a port to the outside world on a router hooked to equipment that can be configured remotely. An open port is an open invitation to hackers. While you may assume your system is obscure and uninteresting, and hackers only try to "own" Windows-based systems, that assumption is wrong. When I was in the engineering profession we used Solaris systems for CAD work and data crunching - there is no such thing as Windows in that business. I will never forget the time a hacker gained root access to one of our 16-processor SPARC servers and did:
cd /
ls -la

probably grinned at that point then executed
rm -rf

--
Chris

Nasty guy then, hope you had backups.

I contracted as a sysadmin to a major phone company about 17 years ago and they had a backup network. Someone hooked a modem up to one system and the hackers war dialed their way in to that connection becoming the backup user. They hunted around and found my system. I got a call from the NOC at 1AM on a Saturday night while at the bar chasing skirts that my system had stopped processing and the mainframe printer queues were backing up. It was a Sparc 1000 with 4 CPUs that parsed several printer feeds of the billing data from the mainframe that then sent the data to a set of HP 9000 systems that proceeded to build provisioning strings for the switches. I was pretty much 3 sheets to the wind and drove down to the data center which was about 2 miles away, the security guard almost didn't let me in until I rattled off why I was there. I wheeled a VT100 crash cart to the host and logged into the console and the host had 6 copies of crack running against password files brought in from other machines. I call the white hat security guys, they showed up about 30 minutes later with a couple of Sparc boxes in promiscuous mode and started to sniff the networks waiting for him to come in an pick up the outputs. The hacker never came back and by morning they had me kill the crack processes. They eventually found the modem in a development lab. What is really lucky is the hacker never figured out what my system was doing or they could have brought down a good chunk of the Western USA phone network by commanding the switches to unhook lines or shutdown. Of course they would have had to figure out the switch protocol, but I think it was pretty much a standard out in the public domain.

BTW that backup network had no Firewalls installed because it was suppose to be an isolated internal only network. About 3 months later that all changed, I bet the next week the Firewalls were on order. At least the white hats did a review of my systems and said I was not at fault. I bet those network guys were not happy with all the extra work that created.

ChrisOlson

Re: Midinite 150 first impressions

solar_dave wrote: »

I wheeled a VT100 crash cart

OMG - I haven't seen one of those old DEC VT100 terminals for better than 20 years. I was afraid I was the only one getting old and even knew what they are anymore

Yeah, they had backups on the Sun servers but the backups were on tape drives. Took forever to load to get a crashed server up and running again. And people think Windows is the only thing that gets hacked. The old BSD Unix-based systems had so many security holes in 'em they were about like a sieve.
--
Chris

BB.

Re: Midinite 150 first impressions

One company I worked at--Had a very nice (I thought) System Admin who was laid off...

Turns out--He had setup a script that if he did not log in after 1-2 weeks, it would delete the hard drive for the PCB Layout system.

It deleted the files. The folks restored them from an old tape--some work lost (the tape backup ran every night, and nobody knew to replace it every night as the sys admin had been laid off--So the current backup tape was wiped out as it backed up the blank drive). Happened again as nobody found the script the first time.

Police were called, evidence gathered, sys admin was convicted and did some jail time (as I heard/recall).

-Bill

ChrisOlson

Re: Midinite 150 first impressions

BB. wrote: »

It deleted the files. The folks restored them from an old tape--some work lost (the tape backup ran every night, and nobody knew to replace it every night as the sys admin had been laid off--So the current backup tape was wiped out as it backed up the blank drive).

The drive racks for the Sun servers we had (I think they were like Sun SPARC 9000's or something like that) had RAID drives and the hard drive racks were like 6 feet tall and 3 feet wide for each one. The tape backup drives were wheeled out on the floor on a big "crash cart" with a DEC terminal on it. We considered anybody that worked with that equipment to be "blackhats" because they were constantly doing Top Secret Stuff to it.

And once the internet came to be, it got broken into more than once and they'd find self-executing shell scripts and whatnot running on them. But any old Unix admin you talk to claims their particular variation of BSD was the greatest thing since sliced bread because only THEY knew how to run it. And people think Windows is bad. Yeah, right. I don't think I've ever had as much problems with any Windows computer I've ever used as we used to have with those old Sun SPARC systems :roll:
--
Chris

solar_dave

Re: Midinite 150 first impressions

ChrisOlson wrote: »

And once the internet came to be, it got broken into more than once and they'd find self-executing shell scripts and whatnot running on them. But any old Unix admin you talk to claims their particular variation of BSD was the greatest thing since sliced bread because only THEY knew how to run it. And people think Windows is bad. Yeah, right. I don't think I've ever had as much problems with any Windows computer I've ever used as we used to have with those old Sun SPARC systems :roll:
--
Chris

Well getting into a Sun system was a real badge of honor to those hackers. I was really afraid they would pull the plug on my contract for that deal but instead I actually got a recommendation from a director for the due diligence on that system. We did some "special" stuff to that box to limit when the backup user could actually hit the system. Later I heard they replaced the backup software to initiate the connection in the other direction, no more pull the backup but push the backup. These guys had several of those really cool Storage Technology tape robots in a circular form that backed up the whole business.

Panamretiree

Re: Midinite 150 first impressions

Let's go back to punch cards, Fortran 4 and Cobol. That'll slow anyone down.

solar_dave

Re: Midinite 150 first impressions

Panamretiree wrote: »

Let's go back to punch cards, Fortran 4 and Cobol. That'll slow anyone down.

LMAO the first program I ever wrote was in Fortran on punch cards. I made a mistake and put a Form Feed inside my loop, The Operator cursed me and proceeded to drop my deck on the floor after it ran. Was quite a sight to see the IBM line printer spew paper.

westbranch

Re: Midinite 150 first impressions

solar_dave wrote: »

The Operator cursed me and proceeded to drop my deck on the floor after it ran. Was quite a sight to see the IBM line printer spew paper.

LMAO too

How long did it 'loop'?
, can just see it , especially the speed with which the tractor feed paper was EJECTED! Almost faster than a speeding bullet...

NorthGuy

Re: Midinite 150 first impressions

solar_dave wrote: »

LMAO the first program I ever wrote was in Fortran on punch cards. I made a mistake and put a Form Feed inside my loop, The Operator cursed me and proceeded to drop my deck on the floor after it ran. Was quite a sight to see the IBM line printer spew paper.

I remember I was prinitng maps using symbols, and these maps took quite a bit of paper. The paper wasn't wide enough, so I had to cut and glue them together. Operators were getting mad at me for using that much paper ...

Hard to imagine that my phone is a much better computer now than this old mainfraime that took several rooms ... Some things do get better!

solar_dave

Re: Midinite 150 first impressions

westbranch wrote: »

LMAO too

How long did it 'loop'?
, can just see it , especially the speed with which the tractor feed paper was EJECTED! Almost faster than a speeding bullet...

It had to kick out 100 sheets maybe 1/3 of a box, those line dot matrix printers were pretty fast, considering they printed a whole line at a time, plus the printer buffer had a bunch of them in it. He had to run to the printer to get it to stop.

All I could say was "I'm Sorry!"

ChrisOlson

Re: Midinite 150 first impressions

Kind of an overcast day here today, but very steady output from the solar with no variations. So I measured the input and output of my solar controllers with my Sun tester.

I measured the XW-MPPT60-150 at 1:00, close to solar noon. It was putting out actual 1362 watts to the battery (display said 1364). Input actual was 1408 ( display said 1408 ). Loss of 46 watts. The controller's heat sink was barely warm to the touch - almost cool.

The Classic's output was actual 1535 watts (display said 1549). The Classic has a larger array on it so it was putting out more power. The measured input was 1618 watts (Classic doesn't show input watts, but shows input amps & volts = 1615 watts, which is pretty close). 83 watts loss. The Classic was decidedly warm with one fan in it running steady.

I think the Classic uses a little more power than the XW controller because of the extra stuff it has in it - more powerful processor, more memory, running more processes, including TCP networking.
--
Chris

SkiDoo55

Re: Midinite 150 first impressions

Those are pretty good percentage numbers. XW 92.7%, Classic 94.8%. Are tilt and azimuth's the same? On the arrays.
Love watching the system watt hours roll up on display on computer for my inverters each day. System will turn over 21MWh tomorrow, even with the 100+ deg F day that is forecast for tomorrow.

vtmaps

Re: Midinite 150 first impressions

SkiDoo55 wrote: »

Those are pretty good percentage numbers. XW 92.7%, Classic 94.8%.

Check your math... I get XW = 96.7%

ChrisOlson wrote:

I think the Classic uses a little more power than the XW controller because of the extra stuff it has in it - more powerful processor, more memory, running more processes, including TCP networking.

You're looking at almost 40 watts difference. I doubt that the 'extra stuff' consumes most of that. What is the tare loss on the classic? The 'extra stuff' should consume the same power at all output levels.

--vtMaps

ChrisOlson

Re: Midinite 150 first impressions

vtmaps wrote: »

You're looking at almost 40 watts difference. I doubt that the 'extra stuff' consumes most of that. What is the tare loss on the classic? The 'extra stuff' should consume the same power at all output levels.

You mean idle consumption? I don't know as I didn't check that. Seems to me I did a long time ago and it was about 18 watts. But that was back before they put the display "sleep" and other power saving measures in it.

I was just curious as to why the Classic gets so much warmer than my XW controller.

Edit:
My curiosity continues with this heat issue in the Classic - both controllers are putting out about 750 watts this morning and the XW is bone cold - can't feel any heat anywhere on it. The Classic already has enough heat in the heat sink to feel that it's warm, even though the fan isn't running. But the Classic's heat sink is right next to the wall in the back of it. The XW's heat sink is out front away from the wall and it has quite large screened openings on the sides and top. So it might be just that the XW controller has an easier way to get rid of any heat so you can't feel any warm in it.

Attachment not found.
--
Chris

NorthGuy

Re: Midinite 150 first impressions

30W difference for 5 hours for 365 days. It's 55kWh per year! Quite a bit.

I have two, so I would get 110kWh/year less if I had Classics. Looks like I made a good choice.

My XW SCCs do get warm when processing 2-3kW, but never hot.

SkiDoo55

Re: Midinite 150 first impressions

N

vtmaps wrote: »

Check your math... I get XW = 96.7%



You're looking at almost 40 watts difference. I doubt that the 'extra stuff' consumes most of that. What is the tare loss on the classic? The 'extra stuff' should consume the same power at all output levels.

--vtMaps

You are correct must have mistyped into calculator late last night!!

Cariboocoot

Re: Midinite 150 first impressions

Before you guys get all excited over a 2% efficiency difference remember that the readouts on any charge controller aren't that accurate to begin with. They don't have to be Fluke-meter quality, they just have to work.

So unless you're comparing them side-by-side in laboratory controlled conditions with external measuring all you're doing is looking at two different generated numbers. You could get the same variance with two of the same unit.

SkiDoo55

Re: Midinite 150 first impressions

Fully understand that, appeared that he was using external metering on both and comparing to built in meters.
I am grid tied so I don't work with charge controllers except for a cheap 20 amp unit that I have used once to top charge a car battery from a 250 watt panel just to check it out. I would consider features and reputation if I were to set up a off-grid or hybrid system.
Just nice to hear reports on the actual operation of various systems, that they are producing at rated efficiencies and observations on potential concerns.

ChrisOlson

Re: Midinite 150 first impressions

Cariboocoot wrote: »

So unless you're comparing them side-by-side in laboratory controlled conditions with external measuring all you're doing is looking at two different generated numbers. You could get the same variance with two of the same unit.

I checked them with my Sun tester that has a hall effect sensor on it - every time you use the tester the hall effect sensor has to be zero calibrated and it's pretty accurate. The main reason I tested the XW controller was to see how accurate the measurements are in it. The XW-MPPT60 has two shunts in it that measure PV in and Bat out on the negative leads. The readings on the display of the XW-MPPT60 are spot-on with my Sun tester.

Then I got curious as to why the Classic seems to run so hot as compared to the XW-MPPT60. I think I've determined that the Classic does use more power to run its internal stuff (it's a more complicated controller with a LOT more features in it). But I think the cooling system design has some to do with it too. It appears that the Classic is using fans to try to exhaust hot air out the front grille and the heat sink is in the back against the wall. The XW-MPPT60 uses the same cooling theory as the XW inverter with the top vented natural convection deal, and the heat sink is in the front, where it gets better air flow to it.

There is a noticeable difference in the temp of the two controllers at the same output. Like NorthGuy said, the XW controller gets warm but never hot - and the only place you can feel any warmth on it is at the heat sink. The Classic gets decidedly hot to where it's uncomfortable to touch it at midrange outputs, and you will burn your hand on the heat sink if it runs at full output for very long.

I'm thinking these MPPT solar controllers must have an efficiency curve like an inverter. I would like to know where the "sweet spot" is where the controller runs at peak efficiency vs capacity to determine how to size arrays to controller capacity and get the best efficiency possible. But it seems the controller folks don't publish that information like they do for inverters.
--
Chris

Cariboocoot

Re: Midinite 150 first impressions

ChrisOlson wrote: »

I'm thinking these MPPT solar controllers must have an efficiency curve like an inverter. I would like to know where the "sweet spot" is where the controller runs at peak efficiency vs capacity to determine how to size arrays to controller capacity and get the best efficiency possible. But it seems the controller folks don't publish that information like they do for inverters.
--
Chris

This is true. By dint of info from numerous MX users it seems they work best at about 75% load rating (i.e. 45 Amps). No info from MidNite on the Classic's efficiency curve as far as I know and not enough anecdotal evidence gathered yet to get the numbers otherwise.

But as an old engineering acquaintance of mine used to say: "Talk to me about 10% or don't talk to me."

Maybe MidNite's next generation of controller will seek to eliminate the cooling fan need. I think "The Kid" is fan-less @ 30 Amps.