• 1 Post
  • 63 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle
  • Let’s Encrypt is good practice, but IMO if you’re just serving the same static webpage to all users, it doesn’t really matter.

    Given that it’s a tiny raspi, I’d recommend reducing the overhead that WordPress brings and just statically serve a directory with your site. Whether that means using wp static site options, or moving away from wp entirely is up to you.

    The worst case scenario would be someone finding a vulnerability in the services that are publicly exposed (Apache), getting persistence on the device, and using that to pivot to other devices on your network. If possible, you may consider putting it in a routing DMZ. Make sure that the pi can only see the internet and whatever device you plan to maintain it with. That way even if someone somehow owns it completely, they won’t be able to find any other devices to hack.



  • Agreed with using keepass. If you’re one person accessing your passwords, there’s no reason you need a service running all the time to access your password db. It’s just an encrypted file that needs to be synced across devices.

    However, if you make frequent use of secure password sharing features of lastpass/bitwarden/etc, then that’s another story. Trying to orchestrate that using separate files would be a headache. Use a service (even if self-hosted).












  • As someone who majored in CS and is now in a software engineering position, the people in tech who come from a completely different field are always my favorite. On top of just proving people wrong about the “right” way to get into the field, they’ve been around, they know how to think about problems from other perspectives, and they’re usually better at working with other people.

    Honestly, I think more people should minor in CS, or if they did their undergrad in CS, they should have to do their grad work in something else. The ability to compute things is only useful if you’re well versed in a problem worth computing an answer to, most of which lie outside of CS.


  • I see several Amcrest options that look like they have integrated AI object detection. Frigate on the other hand says you should get a “Google Coral Accelerator”. Do you know if Frigate (or RTSP, I guess) has a way to leverage the built in detection capabilities of a camera (assuming they are built in, and not being offloaded to the cloud)? Or am I better of looking at the “dumb” Amcrest cameras, and just assuming all processing for all cameras will happen on my Frigate hardware?





  • Yes, I highly recommend not relying on alpha software ever as your daily driver. I never give my photo viewing software write permissions on my images, so there’s never any risk of losing data. And yeah, I’m not directing anyone outside my household to it, so I currently don’t need to worry about servicing a bunch of users.

    The app/webapp mismatch issue has been more annoying that I think it needs to be. I understand the need to make security updates, but breaking compatibility this often is unusual.

    But again, my point is, the money you give them is a donation. If you don’t want to donate, then don’t. There should not be any incentive to get you to donate, besides seeing the project continue.