I was hoping this was going to end with "look, it runs embedded linux and here's how to get root, on a $20 camera". That would solve this problem:
Does anyone know of a good way to have a camera stream video over WiFi to my server, which can then forward it to the Internet, without passing through a third party? And, ideally, without opening ports. Burned too many times by buying cameras with streaming systems that are shut down two years later.
I think if I could get root on embedded linux on a WiFi camera, I could set up an SSH tunnel and go from there. But with the current IP camera I wasn't smart enough to get root (or a shell at all, IIRC) and it wouldn't take firmware updates.
So right now I have a terrible hacky solution where it FTPs an image to me every ten seconds, and then I put serve that... but a real stream would be way better.
Scrypted is what you want. I’m using it to stream an Amcrest AD410 doorbell camera to my NAS and forward it to HomeKit Secure Video with a local copy of the video saved on my NAS. It’s rock solid. It uses a plugin architecture and HKSV is just a Scrypted plugin (as is saving the video locally). The developer is very responsive.
Lots of RTSP cameras available - which would do exactly what you want and leaves you fairly open to whatever software you choose to implement on the server to share the feed.
I use lots of the Ubiquiti Cameras - I’ve had lots of success using them without the UniFi Protect controller app purely as RTSP devices.
This is awesome, thank you! I have a few Wyze cameras and their hardware and pricing are great, but their app is pretty bad. Would be lovely to be able to use them outside the app.
The official rtsp firmware is garbage and outdated and of course still phones home. For v3 I have been playing with https://github.com/gtxaspec/wz_mini_hacks which seems very promising since it allows ssh root access.
The “outdated” knock on it is relevant because it points to Wyze once giving a nod to tinkerers, and apparently deciding it’s not in worth it to maintain that branch vs working on the firmware that drives monthly revenue.
> The “outdated” knock on it is relevant because it points to Wyze once giving a nod to tinkerers
The RTSP firmware for the v3 isn’t even a year old (was released after June 2021), so “once was a nod to tinkerers” combined the rest of your vitriol makes me wonder if you have an axe to grind. Did Wyze kick your dog or something?
I might have a small axe to grind. My Wyze cams were much more capable when I bought them 3 years ago than they are today. Now the app takes much longer to load, and has the uncanny ability to insert an advertisement under my finger just before I touch the camera feed I want to view. Scrubbing through saved footage is slower now than it used to be.
It all smells like feature bloat that I can’t opt out of. RTSP was how I tried to escape that, but as their own site says, they no longer offer it for my cams.
> Now the app takes much longer to load, and has the uncanny ability to insert an advertisement under my finger just before I touch the camera feed I want to view.
Which platform? I’ve never once seen an ad in the official iOS app. The app was always slow to load for me in all the years I’ve used it, so that doesn’t have me riled up. My beef with them is the AI detection has taken a significant step backwards the last six months (why I flipped a bunch of my cams to the RTSP firmware).
Sorry, I should be clearer. The ads I’m referring to are for Wyze’s add-on features. “Try Cam Plus”, “Get Cam Protect”, “Home Monitoring”, etc. Not any third party ones.
And somehow I always seem to either click on the ad rather than my first camera, or click on a camera listed above my targeted one as the ad appears just as my finger lands on the screen.
And also to be clear, the axe I grind is small. I generally like these Wyze cams. For $20 each they’ve done a decent job. But knowing there is third party firmware out there is promising.
> The ads I’m referring to are for Wyze’s add-on features.
Ah, gotcha. I’ve seen those before, but haven’t experienced same issue with getting in way. Maybe I’m just slow to click.
> And also to be clear, the axe I grind is small. I generally like these Wyze cams.
The reason why I bought so many of them is because they don’t upload to the “cloud” unless they detect motion (or sound trigger). Yes, they phone home like crazy, but at least they aren’t streaming 24x7 to Google or Amazon or worse like some competitors products do. Add on to that that they are cheap, and I’m mostly a happy person. If only they could tell the difference between a person and absolutely nothing (no shadow, no movement, nothing!) I might still have all my cams on the mainline firmware.
I use a Reolink camera, my one supports a standard video stream or jpeg output accessible via a url on the device itself, no cloud required (though they’re iOS app presumably uses cloud for its connectivity, but it’s optional to use the apps). Combined with a Tailscale node in the house could provide external access without open ports.
Wyze camera with it's official (but not supported) RTSP firmware. You have to flash it with the firmware and once done it's a rock solid RTSP cam in my experience.
You either open a port, or employ a third party (even if you run that yourself), no in-between.
If you'd like a secure setup, I'd advise a generic WiFi camera, accessible only on your LAN, and setting up OpenVPN or similar, to connect to your home network. This way you need to only trust your chosen VPN implementation, and I'd wager they are pretty secure.
There are several security camera manufacturers making long battery life claims. I found Eufy's "6 month battery" claims to be grossly overstating the reality (1-2 months in normal conditions using various units) and would be suspicious of 365 day claims made by Eufy, Blink, and others.
> Blink Video Doorbell, Outdoor and Indoor (gen 2), and XT2 cameras can expect battery life of up to 2 years, based on 5,882 seconds of Live View, 43,200 seconds of motion-activated recording and 4,788 seconds of Live View with two-way talk. This is roughly 70 seconds per day. For the Indoor (gen 1) and XT cameras, 2 years of typical use is defined as 40,000 seconds of Motion Clips and Live View. This is approximately 50 seconds per day.
I have several Blink camera's, can attest they do indeed last more than a year. Front of house that gets more than usual traffic has lasted around 2 years between battery changes, back of house around 3 years so far. Using Duracell batteries if that makes a difference.
Same here. The squirrels in the backyard are definitely a drain on the batteries. Another reason to hate them (the main one is that they eat my nectarines).
I have a bunch in the roof cavity to monitor for roof rat incursion. They have been going for about 3 years now.
I found the Blink camera was the best for a battery camera in terms of startup on PIR detection. In comparison my newer Eufy and Arlo cameras take a second or two (sometimes more) and have much less battery life.
The downside on the Blink is that you have to buy high end lithium AA batteries
I use a Blink Camera in an semi active zone (backyard) and it lasted 1.5 years without battery change. Blew my mind since it offered almost the same functionality with better performance thank top of the market competitors.
I really hate how no big tech company is just making excellent hardware/software that people buy cus it's excellent. Everything (by big tech) seems to be some sort of sleazy scam nowadays.
When the Linux port is ready, Apple M1 laptops will (relatively) qualify as excellent perf/watt and interop with non-Apple OS.
There are cheap used HP/Dell thin clients based on the venerable AMD Puma SoC family found in the coreboot-based PC Engines APU2 (an excellent classic device which even has ECC memory).
Hardkernel (small company from Korea) ODROID M1 is a capable Linux SBC /w NVME.
If you're a tech-nerd then of course you can use your expertise to cobble together something excellent in the current milieu.
My point is that big tech FAANG-like corps never seem to sell anything nowadays that's just simply good out of the box without any sleazy scam-like caveats. That's a pretty sorry state of affairs.
It feels like we've taken one step forwards, one step backwards. Like in 80's you could buy a C64 which was just pure excellent right out of the box, but you had to be a bit of a tech nerd to buy one in the 1st place. Nowadays if you're a regular person and buy some popular computer you're buying into some sort of scam. You need to be tech-nerd to avoid the scam and get something good.
In 80's tech nerds had C64 and bbc micro and so on, and everyone else had nothing and just missed out competely on the magic of computing. Nowadays tech nerds have their own pc's and everyone else has iOS and Android and almost completely misses out on the magic of computing.
Sadly, modern businesses are often selling services rather than hardware.
> everyone else has iOS and Android and almost completely misses out on the magic of computing
If some of the iOS/iPadOS/Android people bought a ~$100 used PC, RPi or Linux SBC, they could use it as a relatively libre home "server/cloud" for learning. With Ubuntu and search engines, it's still somewhat possible to take vacations from walled gardens to visit magic computing castles that are open to user mods.
This still assumes the person in question has the time or desire to tinker around with stuff. Not everyone is a tech geek who wants to tinker around with stuff. What the parent post is saying is these things are off-limits to those people.
Freedom isn't free. See Tim Wu's book "The Master Switch", with early telecom networks as a precedent, to understand why the glory days of general purpose computing were always likely to end, https://archive.ph/9BJ20
> “History shows a typical progression of information technologies,” he writes, “from somebody’s hobby to somebody’s industry; from jury-rigged contraption to slick production marvel; from a freely accessible channel to one strictly controlled by a single corporation or cartel — from open to closed system.” Eventually, entrepreneurs or regulators smash apart the closed system, and the cycle begins anew. The story covers the history of phones, radio, television, movies and, finally, the Internet. All of these businesses are susceptible to the cycle because all depend on networks..
On a positive note, the current U.S. FTC has been making antitrust noises about tech companies and platforms, after years of relative inaction. There's a nascent global effort to enshrine "right to repair" in consumer hardware regulations, which aligns with circular economy initiatives and hardware shortages.
On a negative note, humans have deployed IoT "slave helmets" for realtime geofencing and control of construction workers with few legal rights, i.e. restricting not just the computing hardware, but the human body of the user, https://news.ycombinator.com/item?id=33675370
On a cage match note, banks and tech companies are at a 2023 global regulatory crossroads on the future of digital currencies, including crypto and CBDCs. The music/film industries led to DRM restrictions on consumer hardware. Now we have bank-vs-tech competition to be legal and physical custodian of private keys for digital currency wallets. How will that change computing hardware and supply chain security regulation?
This might be unpopular, but the Google/Nest WIFI pucks are pretty decent. I'd wish for a configuration other than the crappy mobile app, and better family controls, but compared to anything than a self rolled DDWRT it's really good out of the box, and it does its own FW upgrades.
I want to believe it will be great but even when apple was x86, linux was barely functional on the modern systems (2018-).
Proprietary drivers for radio/sensors/audio were incredibly hard to get working and the blackbox security module they have made it nearly impossible to boot and use any peripherals. I was following somewhat closely for a long while and outside of hobby hacking, it was never a useable system from what I saw.
Do you know if it’s looking better in that regard for M1? I’ve been out of the loop.
There are a few positive signs, but of course we won't know for sure until it's done. The Apple Silicon approach involves firmware blobs (not good) with relatively stable interfaces (good for Linux maintainance, after the cost of initial port). https://news.ycombinator.com/item?id=33155585
... Apple? People are certainly buying iPhones and M1/2 laptops due to sheer hardware excellence. And whatever criticisms you might have of Apple, "sleazy scam" seems hard to apply.
As for software, that's more a matter of personal opinion that people just disagree over. One person's excellence is another person's hard-to-use, another person's super-secure is yet another person's too-locked-down. There's really no winning.
But no, charging 30% isn't a "scam". I mean, is Microsoft scamming people on Xbox games by taking an equivalent 30%? Is Sony also scamming with their 30% for Playstation games?
30% is industry-standard for app store distribution tied to hardware. And while you can argue maybe the percentage should be different, it's not a scam.
They're not scams, they created a platform and that's how they fund it. Would you say there is a fair percentage? What are your thoughts on retail stores?
I sometimes wonder what would the great dystopian writers of the 20th century make of the fact that people would one day say "hey telescreen, show me recipes for spaghetti" after buying it for the low low price of 49.99.
If you get close enough to a CCTV camera that you can remove the panel covering the reset switch and network connection, you can just put tape over the lens.
You have every reason not to want a smart speaker that learns about your questions and prompts to give you better targeted ads.
You also have every reason not to want to buy a piece of hardware fundamentally dependent on a server-side service the company could choose to turn off at any moment leaving you with a brick.
But people seem to treat these smart speakers with the kind of suspicion that would only be appropriate if you actually thought the speaker was listening all the time to your everyday conversations to truly INVADE your privacy.
Which - maybe you would think about a random piece of junk from a disreputable company (if you ignore the monumental amount of bandwidth this would involve that would likely be infeasible).
But I feel like you can probably trust weirdly enough companies like Amazon and Facebook NOT to do this because of the colossal news story it would be.
The other reason I can imagine technologists on here to not trust smart devices is that they might be used as a weakspot to hack into your network. Again - I can see not trusting that from a random 3rd party, but Amazon knows how to create strong secure systems. If you trust Cisco or Asus or 3Com to buy a router from them, it's really no different.
Because everything you said in your own home will be stored somewhere forever, ready for dragnet batch processing, just waiting for an appropriate witch-hunt, wrongthink prosecution or whatever. It's possible to verify that a router doesn't ship your (presumably encrypted when you care) traffic somewhere for permanent storage, with these devices it's their exact job.
The microphone is always listening, waiting for the wake word. If it can discern a wake word, it can speech-to-text everything (or will be able very soon), good luck noticing your daily <10kb of compressed text in what it sends up.
And this camera is a security camera, it's designed to send up video and audio 24/7.
If we're going to enter the land of "if it's possible (or not possible today, but possible very soon)", are you concerned with your router embedding such a capability? Your phone has a microphone. Are you concerned that Google or Apple are sending 10kb of compressed text daily after recording you all day?
I have been working on small motion camera devices like this using off-the-shelf parts, and getting 1080p to stream over wifi with arducams is nontrivial. There's a lot of special MCU features you need or you're effed: enough GPIO for the camera and the SDCARD, h.264 acceleration, enough RAM to run the LWIP stack and TLS (or crypto accelerator), zero wait-state memory. Trying to get good battery life is a whole different ball of wax. Hats off the companies that finally nailed this.
EDIT: Part 3 of this is truly impressive. OP decoded the IP used, and it came from freaking EVERYWHERE.
Nice blogpost not withstanding I dunno why anyone would bother with these, all consumer CCTV cameras are garbage as far as the hardware goes and that's what produces the image you presumably want to be using. A nice 1/1.8" or 1/1.2" Sony sensor costs some money, and a high resolution, achromatic (vis to ~1 µm) and fast lens does not stand up to the fractional-penny-shaving applied to consumer products. So you get shitty 1/3" or smaller sensors made by some backwater company with the cheapest lens someone could come up with.
The later posts show binwalk output and there are certs at the top of the binary. He’s never getting his own firmware to run. Fun hobby project for him I’m sure though.
Near 100%. If you look at the binwalk output in his later posts you can clearly see certificates as one of the first things in the binary. I’ll be shocked if this guy ever actually gets his own firmware to run here.
I've never really understood why Amazon doesn't want people hacking with their devices. If I were them, making a Really Hacker Friendly Device would boost sales hugely, as people would start making 'cool things' with it. All of their devices are incredibly tied down, however, despite the promise of relatively cheap computing (I don't own any of them, out of privacy concerns).
If some form of secure boot is used, then replacing the flash won't work either. There is one-time writable storage inside the SoC itself is used for verification. You won't be able to get it back into a state where it accepts non-signed firmware without also replacing the SoC.
part 3: https://astrid.tech/2022/08/03/0/blink-mini-fw-analysis/
part 4: https://astrid.tech/2022/08/06/0/blink-mini-4/