This stuff gets me paranoid, i have a nest doorbell, because i don't care who can look at my front lawn, and a nest camera that only gets plugged in when no one is at the house. Other than that i have a closed circuit camera system with motioneyeos (motion activated) and a few POE cameras with no wifi and send the footage offsite.
I know it is not as convenient, but these cameras are getting scary. These are only the stories we know about. imagine who else is watching.
I've been on the hunt for a physical box that could house a raspi zero w with together with a power brick and a reasonably good wide angle lens to be an outdoor, weatherproof (not waterproof) camera that only needs a power cable. Adding motioneyeos on it would make a very decent hardware, but so far, nothing.
If anyone knows something like this, a link would be appreciated.
Seconded. Needs to have ~90 deg FOV, either good enough low-light performance or provisions for an IR emitter, option for a sound interface, POE, and put in a case that looks inconspicuous enough to hang on my wall in my home. AFAIK that doesn't exist and I wish it did. Being able to run an open source cctv system would be great, as the other option is typically running grey-market chinese non-upgradeable firmware.
I don't have any pre-built recommendations, but you can figure out some dimensions and find someone online who'd be willing to 3D print it for you.
Or you could find a machinist. That'll be fairly expensive, though.
Lastly, you could probably make it using supplies from Home Depot, like PVC pipes + fittings and PVC cement, maybe some gasket sealer for any holes you drill. Probably the cheapest option of these 3.
Option 1: search ebay (or a similar retailer) for "IP65 transparent" to find box-shaped waterproof enclosures with clear lids. Arrange electronics to your satisfaction, with the camera looking through the lid. Many sizes, but looks nothing like a normal CCTV camera.
Option 2: Search for "CCTV housing" to find boxes that look like old-fashioned outdoor CCTV cameras. Fewer size choices, but less weird-looking.
My solution would be a fake birdhouse. It could be weatherproof and less conspicuous, and the hole on the front is a natural place to put a camera lens. (You might want to put a fake bird on top or something to dissuade actual birds.)
If I _had_ to put it in a tree, PoE or solar+battery would probably work. In my tiny yard I could probably get away with a regular outdoor extension cord.
Why do you need an additional nest camera if you already have a CC camera system with ethernet cameras? (Genuinely curious, because I have neither of those)
My other half wanted the nest cameras, especially the doorbell one. She wanted to be able to check in real time when we are not at home if someone was at the door.
I wanted camera's in the garage and back yard on at all times (people have wandered around the back yard before). Nest also costs per camera, so it would get expensive as well.
So it was a variety of issues and it was a compromise i was willing, or maybe forced, to do. I am happy with just the closed camera system and sending footage offsite, alerts and logging on with my VPN if needed.
"Public" is a thing distinct from "private." On your property, you get to decide where the dividing line is. That's one of the primary ideas behind the notion of private property.
The issue I have is when the property owner isn't told who has access to the resulting still images or video stream, or is actively deceived about it. I'd be reluctant to use a Ring camera at my front door for that reason, and there's no way on Earth I'd install anything like that inside my home.
True, only the police are allowed to run dash cams in those countries. We could also mention the trend toward berserk copyright laws that have much the same effect. [1]
And these are not good things. Both communal and private interests end up worse off in the long run with laws like these.
you'd have gotten a lot more agreement if you had explicitly limited your argument to recording only your own private property, by placement or otherwise.
most folks (especially us americans) accept personal propertly rights implicitly, so there's no need to vigorously defend them, especially when that defense implies caring only about yourself and not others.
By not caring about who can look at my front lawn, I am implying if that camera footage gets hacked I do not care. I own my lawn and can do whatever I want with the footage.
As for people walking or driving by, they are in public and have zero expectation of privacy. I live in a school zone with a high school of 3500 kids across the street, most walk home. No one would never believe in a million years the crap they do to my lawn and the neighbors. They throw trash in my lawn, leave soda cans and bottles at the end of my driveway so I literally have to either stop in the street and move them or run them over getting into the driveway. They throw things in the back of a pickup truck in my driveway. They do this to all 12 houses on my street. It is nice to have footage in case ANY of this results in criminal damages. And it is legal.
What I genuinely don't understand is why do you even need them. Do they somehow deter burglars? Unlikely, unless there is hard data showing that they do. Did the US somehow degenerate into a war zone lately, because everyone managed (and still manages outside the US!) to survive without those, but Americans suddenly need those cameras? Besides, what would you even do if a. you're away from your home b. a camera detects something c. you're near your phone at the moment (which isn't given at all, you're pretty likely to be asleep or busy)? Call the cops from the other side of the world and hope they come in time? Activate claymores or giant battle robots?
How come Amazon and others apparently convinced millions of middle class Americans in the space of just a few years that they absolutely require 24/7 surveillance in and around their houses? Are you that scared of your compatriots?
I use my cameras to check in on my cat when I am out of town. Typically a friend only visits briefly once a day and I get peace of mind out of knowing that the cat is eating.
If the cat was not eating, I'd ask a friend to take it to the vet or to sit with a while to make sure it eats.
Can't you just ask your friend to note if your cat ate during the day? I mean, they're probably refilling the bowls anyway, so they will notice if they're full
Also the whole notion of an imminent danger for a semi-wild animal in a big house with daily renewed water and food is a bit weird to me. It seems like Amazon&co just amplify the existing irrational fears, don't you think so?
Warzone? No, but our homeless problem means people may choose to make use of your property in myriad ways. Anything from an open-air bathroom to a place to stash stolen goods. Ask me how I know. :-(
I have a nest camera pointing at my driveway. It's configured to use a zone that excludes the public sidewalk and street and only to alert me on seeing people. I really only expect alerts when my wife or the mailman comes and goes. The last time it alerted was actually the police walking across the property because I filled out an "alert slip" letting them know I was going to be gone for some time.
But the time prior to that was a homeless dude who ditched a bunch of stolen property in my yard and then came back to switch into his new stolen clothes. My wife went down and asked him to just go somewhere else mostly because this was the second time he'd done it and we didn't really want it to turn into a habit, much less for him to tell his buddies at the local homeless encampment "Hey, there's this great spot partially out of the public view...".
Unfortunately it turned into the guy screaming at my wife that she was a dumb bitch who couldn't tell him what to do, etc, etc. A police officer happened across all this as it was transpiring and ended up arresting the guy for trespassing. A big chunk of all this was caught on camera, including his using our driveway as a changing room the first time.
Hopefully that's the end of it and we never see this guy again, but if he comes around we have evidence of him trespassing previously and being told (on camera) to vacate the premises. It's just evidence if legal action needs to be taken.
Since it only shows stills, could it be some kind of race condition? Don't get me wrong, the major problem is of course that it has access to other people's camera feeds but since it only gains access for what seems like a moment maybe the access getting denied is raced by the update of the screen?
I don't know, why am I even thinking too deeply about this. A major company screwing up IoT. It happens way too often and there are a million ways they could do it.
Probably a race condition. I once worked at a bank where the core banking system had a bug where if you asked account data for user X it would about once in a thousand queries return data for some unrelated user Y if the system was under a high load.
The official, vendor-certified "fix" was that since the reply to this query contained the user ID, when calling this API you should always write a do-while loop like:
do {
accountsReply = bankCore.getAccountsForUser(myUserId)
} while (accountsReply.userId != myUserId)
This massive, embarrassing bug was not really documented anywhere, i.e. "silent information". You just "had to know" when writing code against this API that once in a blue moon, it could return data for the wrong user. But only in production, since the test environment was never under such heavy load it could trigger the race.
So, OT, but I wonder if this explains my recent atm withdrawal error on the part of wells fargo?
A $300 atm, card-present withdrawal several hundred miles away (at a golf course country club) from where I had used the card less than an hour before.
Skimmer + camera for pin is sort of the only other explanation, and I'm fairly paranoid about checking for skimmers.
I finally saw a gas station with a chip and pin reader at the Bucees in South Texas, and my spirits were uplifted considerably. Gas stations seem to be both the ideal place to install a skimmer and the companies most dragging their feet upgrading to the tech that will eventually make card skimmers obsolete. It's frustrating how behind we are on this.
We recently got a roborock for christmas, which I love btw. From what I recall some of the features of the app still say they're in beta, and they made it very clear. I'm not saying it makes it okay, but I'm curious if this part of the issue.
What bugs me is having to add a new app integration to my Home every time someone buys us a smart device or light. A few cheaper brands I returned immediately after seeing how janky the app and setup were, and also because I wanted to minimize the number of integrations when possible.
How could this be a race condition? if you ask for a specific stream channel why would you get other stream channels? even if its for a thumbnail preview, the software behind this has to be a clusterfuck to begin with
E.g. there could be a cache that (incorrectly) returns a reference to a cache item without any locks being held by the client and reuses cache items on eviction. Then if an eviction happens before the client is done with an item, there is a data race between the client reading the item and the item being updated into the new, unrelated, cache entry.
Although, if that were the case, I'd expect various partial mismatches to also happen.
Yeah, you can get that, "um, exact case" too, with Rails in 2018, ask how I know it's easy to trip over while switching between web servers like Puma and Unicorn, because of the different way they each handle objects threading/forking.
I found out when my new Rails 5.1 app which was using Puma, had to be switched to Unicorn so that it could work with our uniform platform for Rails apps. Puma threads are I guess pretty cheap and so are basically disposable, so they are created freshly all the time, but Unicorn process forks are made once per app-start because they're process forks, and incur some greater expenses.
So suddenly we noticed when switching to Unicorn that Class vars (those starting with an "@@" which are declared and have values in the class scope) are not reliably empty at the start of a request anymore, but usually had some value left hanging around from the previous request. Class vars are basically global variables so shame on us, now we know.
That previous request of course could have come from any logged-in user, so be careful what you store there! It's much easier to say "if the variable is empty, then initialize it thusly" and count on hitting that corner case once in a while, than it is to say "what is the order of my actual dependencies and how do I keep them ordered" – at least it seems easier until it bites you like this!
This is all because of NAT. I bet that to bypass it they have various servers where your cameras connect to and the image is streamed through them when you use your app to view it. When you're connecting you just see the last frame stored that previous user was viewing. Their fix probably will be to just delay the app display so it is not showing this.
Anyone that thinks that cameras that are connected to "the cloud" don't give the company access to them is an idiot.
The fact that most of the images are distorted in some way seems significant. Perhaps faulty firmware was sent out?
I know someone who programmed cheap Chinese GPRS printers used in food ordering, he messed up his deployment script and gave every device the same ID - a special test ID that would return every single order no matter which take-away it was destined for. So basically, every order went to every take-away.
This scream of a lack of firmware QA more than anything else.
I have some cameras that are offline (no cloud integration, no internet connection) and when looking to buy a spare I noticed that all the newer and otherwise identical models only work with cloud integration. No ONVIF, no RTSP. Forcing the user's hand into sending all data into their cloud for very little convenience gained, if any.
Google shutting down Xiaomi access to Assistant following Nest Hub picking up strangers' camera [1]
>"We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."
...
>It appears Google isn't taking any chances when it comes to this issue, disabling Xiaomi integrations entirely. We reached out for further confirmation that this would mean a blanket disabling of all Mi Home products and were told that is the case.
Pretty annoying they have to mess up all my other devices, but at least it's being addressed.
Huh. I'm not sure what should be the baseline of "okay" now anymore, but I wonder if this isn't worse than leaving things be. Leakage is out there anyway, and it seems likely now that it is buggy enough for malevolent actor to find a way to spy on his neighbour. But what about those who is away from home now and really needs the footage for some reason? I guess lack of this footage would be a bigger security issue for them than the chance a couple of frames will leak to somebody else.
Stories like this only confirm to me that while Zoneminder is far from perfect it was the better option for me compared to using consumer-grade options. I buy cheap ($40-$60) PoE cameras (I have some Reolink and 1-2 SV3C's I think), I immediately block their internet access by MAC address, then add them to ZoneMinder. I have 2 Wyze cameras as well but they are also only allowed to talk to ZoneMinder and I have flashed a custom firmware on them.
50 comments
[ 7.3 ms ] story [ 124 ms ] threadI know it is not as convenient, but these cameras are getting scary. These are only the stories we know about. imagine who else is watching.
If anyone knows something like this, a link would be appreciated.
Or you could find a machinist. That'll be fairly expensive, though.
Lastly, you could probably make it using supplies from Home Depot, like PVC pipes + fittings and PVC cement, maybe some gasket sealer for any holes you drill. Probably the cheapest option of these 3.
Option 2: Search for "CCTV housing" to find boxes that look like old-fashioned outdoor CCTV cameras. Fewer size choices, but less weird-looking.
I wanted camera's in the garage and back yard on at all times (people have wandered around the back yard before). Nest also costs per camera, so it would get expensive as well.
So it was a variety of issues and it was a compromise i was willing, or maybe forced, to do. I am happy with just the closed camera system and sending footage offsite, alerts and logging on with my VPN if needed.
This is extremely selfish. What about your neighbors who walk/drive by your front lawn? You're doing your neighborhood a surveillance disservice.
The issue I have is when the property owner isn't told who has access to the resulting still images or video stream, or is actively deceived about it. I'd be reluctant to use a Ring camera at my front door for that reason, and there's no way on Earth I'd install anything like that inside my home.
See, that's the idea behind the word "public." Nobody has to ask user lm28469 on Hacker News for permission to take photos in public.
This is a good thing.
And these are not good things. Both communal and private interests end up worse off in the long run with laws like these.
1: https://www.asmp.org/copyright-tutorial/photos-public-buildi...
most folks (especially us americans) accept personal propertly rights implicitly, so there's no need to vigorously defend them, especially when that defense implies caring only about yourself and not others.
As for people walking or driving by, they are in public and have zero expectation of privacy. I live in a school zone with a high school of 3500 kids across the street, most walk home. No one would never believe in a million years the crap they do to my lawn and the neighbors. They throw trash in my lawn, leave soda cans and bottles at the end of my driveway so I literally have to either stop in the street and move them or run them over getting into the driveway. They throw things in the back of a pickup truck in my driveway. They do this to all 12 houses on my street. It is nice to have footage in case ANY of this results in criminal damages. And it is legal.
So if that is selfish, then I am cool with that.
How come Amazon and others apparently convinced millions of middle class Americans in the space of just a few years that they absolutely require 24/7 surveillance in and around their houses? Are you that scared of your compatriots?
It's even more puzzling than gun worship tbh
Also the whole notion of an imminent danger for a semi-wild animal in a big house with daily renewed water and food is a bit weird to me. It seems like Amazon&co just amplify the existing irrational fears, don't you think so?
And for Mr "Irrational fears", no, I do it for entertainment, not because BigEvilCorp taught me to be afraid.
https://www.nytimes.com/2019/12/30/us/wyze-security-camera-b... https://forums.wyzecam.com/t/updated-12-29-19-data-leak-12-2... https://blog.12security.com/wyze/
I have a nest camera pointing at my driveway. It's configured to use a zone that excludes the public sidewalk and street and only to alert me on seeing people. I really only expect alerts when my wife or the mailman comes and goes. The last time it alerted was actually the police walking across the property because I filled out an "alert slip" letting them know I was going to be gone for some time.
But the time prior to that was a homeless dude who ditched a bunch of stolen property in my yard and then came back to switch into his new stolen clothes. My wife went down and asked him to just go somewhere else mostly because this was the second time he'd done it and we didn't really want it to turn into a habit, much less for him to tell his buddies at the local homeless encampment "Hey, there's this great spot partially out of the public view...".
Unfortunately it turned into the guy screaming at my wife that she was a dumb bitch who couldn't tell him what to do, etc, etc. A police officer happened across all this as it was transpiring and ended up arresting the guy for trespassing. A big chunk of all this was caught on camera, including his using our driveway as a changing room the first time.
Hopefully that's the end of it and we never see this guy again, but if he comes around we have evidence of him trespassing previously and being told (on camera) to vacate the premises. It's just evidence if legal action needs to be taken.
The official, vendor-certified "fix" was that since the reply to this query contained the user ID, when calling this API you should always write a do-while loop like:
This massive, embarrassing bug was not really documented anywhere, i.e. "silent information". You just "had to know" when writing code against this API that once in a blue moon, it could return data for the wrong user. But only in production, since the test environment was never under such heavy load it could trigger the race.A $300 atm, card-present withdrawal several hundred miles away (at a golf course country club) from where I had used the card less than an hour before.
Skimmer + camera for pin is sort of the only other explanation, and I'm fairly paranoid about checking for skimmers.
Rooted point-of-sale devices are also a possibility - that's what led to the big Target hack.
So POS systems store pins? I can't imagine them being certified if they do, or for what reason they might.
AFAIK, the POS hacks all ended up with cc numbers, no pins.
POS systems aren't supposed to store PINs, but a compromised one certainly could.
What bugs me is having to add a new app integration to my Home every time someone buys us a smart device or light. A few cheaper brands I returned immediately after seeing how janky the app and setup were, and also because I wanted to minimize the number of integrations when possible.
Although, if that were the case, I'd expect various partial mismatches to also happen.
Ask me how I know this, um, exact case.
I found out when my new Rails 5.1 app which was using Puma, had to be switched to Unicorn so that it could work with our uniform platform for Rails apps. Puma threads are I guess pretty cheap and so are basically disposable, so they are created freshly all the time, but Unicorn process forks are made once per app-start because they're process forks, and incur some greater expenses.
So suddenly we noticed when switching to Unicorn that Class vars (those starting with an "@@" which are declared and have values in the class scope) are not reliably empty at the start of a request anymore, but usually had some value left hanging around from the previous request. Class vars are basically global variables so shame on us, now we know.
That previous request of course could have come from any logged-in user, so be careful what you store there! It's much easier to say "if the variable is empty, then initialize it thusly" and count on hitting that corner case once in a while, than it is to say "what is the order of my actual dependencies and how do I keep them ordered" – at least it seems easier until it bites you like this!
I wish NAT was never invented by Cisco.
Anyone that thinks that cameras that are connected to "the cloud" don't give the company access to them is an idiot.
I know someone who programmed cheap Chinese GPRS printers used in food ordering, he messed up his deployment script and gave every device the same ID - a special test ID that would return every single order no matter which take-away it was destined for. So basically, every order went to every take-away.
This scream of a lack of firmware QA more than anything else.
>"We’re aware of the issue and are in contact with Xiaomi to work on a fix. In the meantime, we’re disabling Xiaomi integrations on our devices."
...
>It appears Google isn't taking any chances when it comes to this issue, disabling Xiaomi integrations entirely. We reached out for further confirmation that this would mean a blanket disabling of all Mi Home products and were told that is the case.
Pretty annoying they have to mess up all my other devices, but at least it's being addressed.
[1] feedshttps://www.androidpolice.com/2020/01/02/uh-oh-xiaomi-camera...