What is your approach to keeping these cameras off the Internet, but still on your local network to ensure they're not backchanneling with your awareness?
All IoT devices on my network go into a VLAN that blocks internet access. Using Unifi, I think it's just a checkbox to turn internet access on/off. I use a virtual nic on my Home Assistant VM that recognizes that vlan and can communicate with all those devices, as well as a separate nic which is hooked up to the main vlan.
In my router admin page, there is something called parental control. I used it to disable internet access for all the cameras. I've also used the DHCP settings to give all the cameras static IPs as well.
Dedicated VLAN. Firewall rule forbids all outgoing connections from camera VLAN, even to other LAN, but allows inbound from designated devices on a privileged VLAN (this way random devices on my network can’t talk to the cameras). Frigate is on a VM that is so designated.
I do DHCP reservations then firewall rules. Not as safe as a VLAN but not aware of any devices assigning themselves random IPs outside the DHCP reservation to circumvent it
Easier than getting VLANs working across switches and APs
This is cool. I wonder, as you were iterating on the design and development, why didn't you start with a very small grid (10x10) to validate or test different options for their practicality and operation before scaling up to the 1000 pixel versions? It might have saved a lot of time and money, but maybe small scale tests aren't sufficient to work out the kinks?
Assuming they keep improving, yes. The one I tried (I responded to the other reply with some output, which was great) is as fast as the cloud ones and nearly as good.
I am of the firm belief the solopreneurship is the future, especially with the power of AI. I don't believe corporations of any type, from startup to tech giant have the interests of anyone but the majority shareholders in mind. Employees, customers, partners, all get the shaft. When money is involved, startups aren't product companies, they're financial instruments.
We used to use symlinks to enable atomic operations, too. e.g. under /var/www/ we'd have /var/www/webapp_1.0, and have a symlink /var/www/webapp pointing to it. When there was a new version, upload it to /var/www/webapp_1.1, and then to bring it live, just update the symlink. Need to roll back? Switch the symlink back.
Wouldn't that cause problems when someone would find the old version and corrupt the data with it? Or would only the current version be accessible from the outside?
"The first sales come from the loyal CISOs who work with the fund. Although it may be considered "small money", the jumps between the first stages of fundraising are the most difficult. “Until a ‘regular’ startup company reaches sales of $2-10 million it grinds itself to a pulp, but with Gili Ra'anan, this happens in the first year of sales. He creates a mechanism that is difficult to compete against because his companies immediately jump to a valuation of $100-200 million, raise more money, and then also have more resources to compete later,” a partner in an Israeli venture capital fund tells Calcalist. “With a seemingly small purchase of $100,000-$200,000, a CISO increases a startup's value by dozens of times.”"
...
"I recruited a new CISO for a financial organization that I managed out of a desire to refresh the cyber defense system. I gave him a free hand because I trusted him and I see this position as a position of trust. Six months later, I noticed that, surprisingly, almost all of the new logos that the CISO introduced were portfolio companies of Cyberstarts [Of which Wiz is their most notable]," describes a former senior executive at a large financial institution in the U.S. "It's not that these were necessarily bad solutions, but that some of them were a very low priority for us or solved problems that were not particularly urgent. After I confronted the CISO on the subject, he admitted that he is on the list of advisers of Cyberstarts and receives a percentage of the funds from them. Shortly after this, he left the company and immediately upon the appointment of a new CISO, I asked him to inform me if he was contacted by Cyberstarts. Within a few weeks, he had already received an email from them with a description of their kind of 'loyalty program' that details exactly what he will receive the more he works with the fund."
I migrated from Quickbooks to Manager.io and haven't looked back. It keeps getting better and stronger, and is desktop based (free) with a cloud-based version as well (paid) and well supported: https://www.manager.io/
reply