<TimMc>
Hmm... makes me wonder if it would make sense to make a CSP report collector.
<ocdtrekkie>
The app I really need that apparently doesn't exist is a simple selfhosted DMARC report analyzer
<ocdtrekkie>
There are some tools out there but nothing Sandstorm-app-polished.
<isd>
Write it!
<isd>
TimMc: are you thinking for analyzing general CSP reports from other pages, or something more sandstorm specific
<isd>
?
<ocdtrekkie>
isd: That's like... a lot of XML handling.
<isd>
(one of these days I still want to abuse CSP reports to do the whole email style "images have been blocked for your privacy [show]" thing)
<isd>
I have an extermely superficial knowledge of DMARC.
<ocdtrekkie>
But yeah the DMARC thing is a thing where people ask for it all the time on r/selfhosted, and always gets a response that basically it doesn't exist
<ocdtrekkie>
It's not that sophisticated in itself, but it's also kinda silly mail services lack good tools for it themselves.
<ocdtrekkie>
Basically, every day, each email service that's received an email from my domain sends me an XML report about whether SPF and DKIM passed or failed on each email. Right now I dump them in a folder.
<ocdtrekkie>
The only violator was Google Groups, which doesn't rewrite your email address until after you configure DMARC to quaratine/reject mode, and I was in audit mode.
<ocdtrekkie>
Now that I switched it I should stop getting failures across the board I think.
<ocdtrekkie>
But I'm still gonna get like four of these emails daily for life now. -_-
<ocdtrekkie>
I guess one could make an app cobbling together the tools I found online already... but probably the key thing would be receiving mail, a feature I know Sandstorm has but I haven't tested in like... forever. Pre-Oasis.
<ocdtrekkie>
I'd want to just be able to have a rule that forwarded my DMARC reports to the grain.
<kentonv>
ocdtrekkie, you ever use Ubiquiti stuff?
<ocdtrekkie>
Yes
<ocdtrekkie>
I use an EdgeRouter at home and I've done a Unifi setup for my dad.
<ocdtrekkie>
That's not necessarily a recommendation, but I can tell you the pros and cons of a good chunk of their product line. :)
<kentonv>
I bought some devices to play with and first impression is that it seems amazing. But I think my worry is about lack of API access and customizability.
<ocdtrekkie>
If you're on UniFi, I assume, then yeah. Terminal access is poorly documented and generally changes you make to them outside of the UI aren't persistent.
<ocdtrekkie>
I found it super weird they sell an integrated VoIP system but you can't set traditional QoS of any kind on their UniFi switches.
<kentonv>
like if I used their door locks, I would want to be able to unlock my door via an API call from my own software.
<ocdtrekkie>
But like, the $19 smart plug which can automatically kick your ISP modem when the UDM can't reach the Internet... ****ing magical.
<kentonv>
haha yeah that thing looks brilliant
<ocdtrekkie>
I haven't done anything with their access control, it looks appealing but my dad's setup is too archaic and I'm not qualified to do that install.
<ocdtrekkie>
I also worry it might eventually go the way of their LED line.
<ocdtrekkie>
UniFi LED looks amazing and then it just like... stopped.
<ocdtrekkie>
I can confirm the smart plug completely eliminated me having to ever reboot the modem myself.
<kentonv>
ocdtrekkie, have you used their cameras at all?
<ocdtrekkie>
I haven't. My dad had the Comcast subscription garbage before I dropped the UniFi in.
<ocdtrekkie>
My impression from what I've seen though is everything is very cool if you are good with their apps and their options. It's pretty much Apple for network gear, except also affordable.
<kentonv>
yeah "Apple for network gear" is what worries me... Apple products always blow up when I try to do something custom with them.
<isd>
The hue light switches my housemate set up stopped working the other day, and I just removed them. Life is just too short to debug a light switch.
<ocdtrekkie>
I like Insteon switches because while they accept commands from my controller... they also just... are plain switches.
<ocdtrekkie>
Their failure mode is that they work like dumb switches. Same for the thermostat. Without connectivity it still just... does whatever it is set to do.
<ocdtrekkie>
@kentonv I would personally avoid UniFi brand anything if you want to do custom stuff. Though I don't know if I could recommend an alternative that wasn't outright enterprise hardware.
<ocdtrekkie>
It's a weird product space, not a lot out there for high quality home access control.
<kentonv>
unifi at least seems committed to being controlled on-prem
<kentonv>
I'm absolutely not routing any cameras through a cloud service
<ocdtrekkie>
Milestone is free for up to eight cameras. But not sure what plugins you can get for free.
<ocdtrekkie>
My cameras are on a VLAN which can't reach the Internet. I don't trust them as far as I can throw them, nearly all affordable IP cameras have awful firmware rebranded from random Chinese OEMs.
<ocdtrekkie>
ZoneMinder sounded like it might be interesting, possibly in Sandstorm even.
<kentonv>
yeah I've done the crappy-ip-camera-on-vlan thing before, reverse engineer the firmware's terrible HTTP interface and then wrap in a proxy
<ocdtrekkie>
I just figure it's relatively safe to allow them to talk to my local network, most bad behavior will depend on the Internet.
<kentonv>
yep
<ocdtrekkie>
So if my NVR is on a VLAN they can talk to, bo real need for much more. As long as the cameras are ONVIF capable you shouldn't have to worry about what is running on them.
<ocdtrekkie>
FWIW I think the UniFi cameras should work with a third party NVR setup if you want trusted firmware, but still want something that will let you customize it.
<kentonv>
searching for Unifi ONVIF stuff I find most people are complaining that they can't use ONVIF cameras with Unifi software... funny, I'm worried about the opposite
<ocdtrekkie>
Ideally you want it good enough to identify someone though. But admittedly my fisheye experience was limited to one very small camera.
<ocdtrekkie>
Ahhhhh, that angle setup... interesting, I haven't tried one of those at all.
<ocdtrekkie>
Amcrest is the new US Foscam, basically.
<ocdtrekkie>
I have some older Foscams that required an ActiveX control originally, but I haven't played with their newer ones yet at all.
<kentonv>
ah yeah I had a bunch of foscams in my old house... as of 10 years ago they didn't need ActiveX, they produced MJPEG
<ocdtrekkie>
I think I just had to get through some firmware updates before they behaved with non-IE browsers.
<ocdtrekkie>
Speaking of ZoneMinder probably being Sandstormable (with IpNetwork, mind you)... if I had a way to connect a serial port to a Sandstorm grain... I could totally just move/rewrite my home automation system into it.
<isd>
Probably what I'd do is to have a small shim program on the outside that talks to the grain over a websocket. This is basically what I wrote https://github.com/zenhack/websocket-proxy for way back when
<isd>
Where does the serial port come in exactly?
<ocdtrekkie>
It's a USB port. (On Windows, it's assigned a virtual COM port)
<isd>
Ah, yeah
<isd>
makes sense
<ocdtrekkie>
Would there be performance issues trying to shove a serial port another network protocol? Looks like mine is connected with a relatively high baud rate compared to some serial devices. 19200
<isd>
Looks like that one is backwards from what you'd want -- though probably not hard to cannibalize the code from there for talking to the serial port and make the thing you actually need
<isd>
Note that the one I wrote is < 60 lines of code. This is not terribly complicated.
<isd>
It basically proxies a local vnc server into the grain
<isd>
it's a bit more complicated than the base websocket-proxy, since it needs to support multiple connections form the grain into the local machine. capnp to the rescue
* ocdtrekkie
bugs Ian to publish more of these to the store.
<isd>
Also, the code is a better example now that it uses current go-capnp
<isd>
Mostly just mechanical changes but still.
<ocdtrekkie>
So I could use this to share my desktop on box A via my Sandstorm server on box B, to say, you somewhere else on the Internet, right?
<isd>
Right
<ocdtrekkie>
And would I follow the install instructions on box A or B in this example?
<isd>
Box A.
<ocdtrekkie>
Okay, awesome.
<ocdtrekkie>
I try not to monkey with anything on my actual Sandstorm box since, you know, I need it.
cwebber has joined #sandstorm
xet7 has joined #sandstorm
<kentonv>
Hrm, played with zoneminder a bit and I don't really get it. I guess it wants to process the raw video streams and do motion detection itself? Can't most cameras do the detection onboard, so you don't have to be streaming and processing video constantly?
<kentonv>
for just one video stream it was eating 1.2 CPU cores on my epyc but admittedly I didn't give it access to a hardware decoder, which I guess is what it wants.
cwebber has quit [Read error: Connection reset by peer]
cwebber has joined #sandstorm
<kentonv>
oh unifi will happily give me an RTSP stream to import into zoneminder... is that the extent of the integration possible? Does zoneminder interact with cameras in any way beyond the video stream itself?
yarmo has quit [Read error: Connection reset by peer]
yarmo5 has joined #sandstorm
<ocdtrekkie>
I think that's probably one of those optimizations harder to find in open source solutions.
<ocdtrekkie>
But I haven't actually tried ZoneMinder myself yet.
<kentonv>
I was sort of hoping ONVIF included a protocol for receiving motion notifications from the cameras but it looks like all it really does is discovery and filling in basic config details to stream the video feed. At least that seems to be all ZM uses it for.
<kentonv>
then again I could be misunderstanding the UI, it's kind of confusing
<ocdtrekkie>
I know there are multiple ONVIF profiles, which both cameras and recorders can or can't provide. But I also know Milestone (proprietary Windows software, but basically the gold standard in the space) tends to prefer proprietary model-specific support over ONVIF.
<kentonv>
I think my conclusion though is... go ahead and get unifi cameras, in the worst case I can always put them into RTSP mode and use ZM or anything else, but the best case is the integrated unifi UI seems nice.
<kentonv>
and I can tell it to send an email to an SMTP server on motion alerts, which is basically an API
<ocdtrekkie>
The other thing is some recorders only save and process key frames, and them save and process more frequently when motion is detected.
<ocdtrekkie>
Without explicitly instructing the camera to adjust what it is sending.
<ocdtrekkie>
Yeah, I'm also not sure I have a really strong recommendation on where else to go if you want a really decent experience right now.