„Taking the open source path to the end“

An interview with Lukas Zeller, smart home developer from Zurich. The sole proprietor offers gateways for the digitalSTROM system and already integrates the matter standard into his products. In the interview, he explains what he thinks of the open source approach – and where there is still a need to catch up.

Dies ist die Übersetzung eines deutschen Interviews. Zum Original bitte hier entlang.

As a sole proprietor, you develop products for building automation. What significance does the matter standard have for you?

Lukas Zeller: Being tied to a system like digitalSTROM has limited the application possibilities of my product and the sales potential. matter now makes it possible to offer the already existing and mature functionality of the bridge beyond the digitalSTROM context to an extended circle of customers.

matter is also, to my knowledge, the first smart home standard that directly integrates bridges to third-party technologies. There have always been bridges between systems, but in most cases their main task was to “hide” the fact that the controller “talks” to a third-party technology. This then often led to subtle problems. In matter, on the other hand, the concept of the bridge is already an integral part in version 1.0. This means that bridges can also be displayed and managed as such in the ecosystems – an enormous advantage over “invisible” devices.

matter is, to my knowledge, the first smart home standard that directly integrates bridges to third-party technologies.“

Does matter’s open source approach mean that small businesses like you will be able to develop products more easily and cost-effectively in the future?

Zeller: As far as technical development is concerned, definitely. Thanks to the Software Developer Kit (SDK) openly developed on Github, which contains many practical examples, the development effort for common device types such as lights, switchable sockets, pushbuttons, etc. becomes very manageable. For more complex products like a bridge, it is higher, but still much lower than with own developments or purchased software components.

In addition, the open source code transparently shows how matter is evolving and what changes are in the works. This helps micro-enterprises like me keep their product up to date. A closed standard that suddenly appears in a new version can produce a lot of effort all at once. That is a risk.

Unfortunately, the CSA still thinks in proprietary terms at the administrative level and for certification. The approach does not really fit in with open source.

What do you mean by that?

Zeller: Despite open source and SDK, it is apparently assumed that a verification procedure that is not disclosed in detail and cryptographic signatures from a central location offer more security than completely disclosed firmware.

Projects such as the open router operating system OpenWrt show that open firmware on commercial hardware can achieve better results than proprietary original firmware in terms of security and long-term updateability.

I am not saying that open source is suitable for everything, especially not for every business case. But for such a fundamental infrastructure topic as building services, I think the open source path would also have to be thought through to the end. This is currently still missing from the CSA offering.

Test setup in Zeller’s lab: the matter code controls a DALI light strip. Image: Plan44

How does the development work? Do you need special hardware for it? Some chip manufacturers offer complete chip platforms, and Google & Co. offer their own SDKs for it.

Zeller: Basically, matter does not require any special hardware – and no radio either. Little is reported about this, but a key feature of the standard is that it is also well suited for a wired infrastructure. The only prerequisite: a network connection based on TCP/IP, such as an ordinary Ethernet LAN port.

The development of the matter component for my plan44 products (link) consisted mainly of getting familiar with the large, complex SDK, and then building on the appropriate example to map the existing functions (DALI, EnOcean, SmartLEDs, etc.) in matter. In the process, some small contributions to the matter SDK have already been made, i.e. code that other manufacturers can now use as well. My hardware only had to have enough memory to handle the not so small matter stack.

How much memory does matter require?

Zeller: In the case of the P44 bridge, I can quantify that: The “main program” with all functionalities (DALI, EnOcean, Philips Hue, SmartLED etc.) as well as the digitalSTROM interface has about 3 megabytes. The matter bridge, which is a new addition, has about 2.5 MB. Of course, this cannot be transferred 1:1 to other products. But it gives an impression of what matter can mean in terms of space.

The Plan44 gateways connect digitalSTROM with other systems – and now also with the matter standard. Image: Manufacturer

And what is the argument for prepared chip or software solutions?

Zeller: Complete chip platforms are of interest to manufacturers whose core competence lies elsewhere than in electronics development. This is where the purchase of modules makes sense. For example, they integrate everything that a battery-powered device equipped with threaded radio needs – including the right memory configuration for a matter device.

In addition, the modules ensure that radio technologies are implemented in accordance with regulations. They will pass the necessary tests in the field of radiation, interference immunity, etc., which are required for CE conformity, without any surprises.

As far as the SDKs of the large ecosystem providers such as Google and others are concerned, they are interested in retaining their customers. That’s why they offer SDKs that contain functionality beyond the matter standard – at Google, for example, AI-based personalization. App developers can use this, but are then bound to the respective ecosystem. For providers of matter devices like me, however, this doesn’t play a role – on the contrary, thanks to matter they no longer have to worry about the peculiarities of the ecosystems. At least not primarily – of course, no one can avoid practical tests with all major platforms and detailed maintenance …

“The big ecosystem providers are all about retaining their customers.”

Your bridge follows the specifications of the standard, but is not yet certified by the CSA. Will it still work?

Zeller: Yes, very well, in fact. However, the field of experimentation is still limited, because apart from Apple with iOS 16.1 and SmartThings – apparently with restrictions for bridges – there are currently no ecosystems that have released matter productively.

Apple handles uncertified matter products in the same way as non-certified HomeKit devices: A dialog appears during setup that points out the lack of certification, and you have to explicitly say yes here. Otherwise, there do not seem to be any restrictions.

However, the decision to handle it this way is up to the respective company. SmartThings seems to do the same as Apple, Google and Amazon could in principle decide differently – but I think that is rather unlikely.

Certain CSA benefits are not available to an uncertified product. What are they? And what would that mean for potential buyers?

Zeller: A non-certified product may not call itself “matter compliant” or use the matter logo in any form of marketing, on the device itself, or on the package.

It is also missing from the DCL, the Distributed Compliance Ledger. This encrypted database identifies certified devices using digital signatures and also contains metadata such as product descriptions or secure links for firmware updates.

Does this mean a rogue product with security vulnerabilities can compromise the entire matter installation?

Zeller: Yes. Even certification with all the tests cannot rule out the possibility that a signed firmware may – intentionally or unintentionally – contain security-relevant errors that can be exploited.

“Even certification can’t rule out safety-related bugs in the firmware.”

However, the DCL mechanism lowers the likelihood that malicious actors from the outside will inject modified firmware into a widely distributed product without detection. That’s real protection for mass-market products, which are a much more lucrative target for attackers than niche products. And it helps with goods purchased online whose manufacturer may be difficult to contact. But those who buy a niche product usually inform themselves anyway, do research and consult recommendations from other users.

In one point, however, I hope that the CSA will still follow up: Currently, unlike other standards like Bluetooth, there is no free or low-cost membership level to get the technically required vendor ID assigned. This means that uncertified products at the moment have to use one of the existing “test” IDs and cannot identify themselves unambiguously. This is counterproductive from the CSA’s point of view as well, I think.

What does that mean exactly? What advantage would this manufacturer identifier have?

Zeller: It would facilitate a smooth transition in case of a subsequent certification. If the vendor ID only comes with the official certification, then all connections that were previously created with a test ID will almost certainly break. A disadvantage for users who trusted the vendor beforehand.

It would be a sign from the CSA that they are serious about the slow road to certification that small companies and open source projects have to take if they made the Vendor ID more low-threshold.

Is certification worthwhile at all for sole proprietors like you, for example in terms of costs?

Zeller: I would also like to know that in more detail. As a non-member, I only have the publicly available information. According to this, in addition to the annual membership fee of 7000 US dollars, there are one-off costs of 3000 dollars for each certified product.

How a bridge that integrates different hardware products and functionalities is counted here, I don’t know. Nor how software updates are handled, which have to be signed each time to be considered certified.

A serious clarification and estimation of the costs is unfortunately only possible after an upfront investment of 7000 dollars in a CSA membership. As a solo-entrepreneur, I would like to see more transparency here.

“As a solo-entrepreneur, I would like to see more transparency.”

What is clear to me, however, is what makes matter so unique and progressive: a thoroughly open source SDK that allows me to make meaningful contributions to the further development of the standard even from a tiny niche.

Mr. Zeller, thank you very much for this interview.

Share this information: