As a slightly more frivolous use of this website - we're approaching conker season!
Last year my kids wanted to go collecting conkers and I used a similar website (https://www.treetalk.co.uk/) to find a local place with lots of horse chestnuts.
It worked brilliantly and the kids thought I was some kind of genius for finding so many.
I have the Awair Element and I'm reasonably happy with it.
The primary interface is through their app and I think you might need to use this to get it up and running initially.
But they have a supported local API feature[1] that has so far worked as I'd expect.
In the end I've been happy with their app so have primarily used that so far. The data seems good.
They're quite expensive new.
But they were involved in some sort of cryptocurrency (!) that failed. So there are a lot of them available as nearly-new on eBay. In the UK I picked one up for about £60, I think.
The v1 devices never supported a real local API. The v2 devices like the Awair Element do have a local API built-in. It does have to be enabled via the app but it lets you hit the device's LAN address and get back real time JSON with the sensor data. Not to say they couldn't figure out a way to brick those devices in the future, but you could theoretically turn on the Local API and then firewall the devices to your network to prevent future firmware updates.
One thing I've learned over the years is that it's good to "own" your SSID, and preferably stick to pro-grade routers that let you configure local network addressing. As long as you stick to Internet providers that let you run their hardware in "bridge" mode, it means you don't have to set up new WiFi networks at all.
Even in this dual-homed setup, there is still the potential for the cameras to infect, or otherwise compromise the recording server
I agree that this is a potential risk.
But if the cameras themselves can't route to the internet in this scenario then how are they infecting the recording server?
Is the suggestion that they come shipped from the factory with code to compromise common recording servers? It seems like that would be very significant and something that we'd be able to see in action.
My biggest concern with CCTV networks that I manage is some sort of backdoor access to the cameras themselves. So the dual-homed server design is exactly what I'd choose in order to control things.
There’s also no reason you can’t isolate the recording server too. Don’t let it initiate connections to the internet and limit incoming connections as much as possible. IE: Only allow connections from a specific VLAN or VPN client IP range.
Is the suggestion that they come shipped from the factory with code to compromise common recording servers?
Yes. While I have not seen it happen yet, there is plenty of precedent in cyber warfare tactics in general to have trojaned devices act in this way. The likelihood may be low, but it also very possible, and Hikivsion has already shown they cannot be trusted, so why risk it?
(not working in security) Say they do infect this recording server that is not connected to the Internet. So what then, how do they send this data elsewhere? It's just infected and sitting there?
It’s very common for the recording server to have some kind of WAN/internet connectivity in larger scale systems. At a minimum the recording server usually has access to other internal networks. Would be possible to execute something similar to the centrifuge attack to disable other systems, wipe data, etc. It doesn’t have to always involve internet access to do bad things.
[ Disclaimer - I am responsible for a Citrix environment, but I'm reasonably proud of how well it works for our company ]
The technology behind remote desktops is fundamentally limited but I'm amazed at how good the user experience can be on a modern well-configured Citrix environment.
- The protocol responds well even on low bandwidth as long as latency is OK. On the office LAN it feels like a local computer.
- There is offloading for Teams[1], media streams[2] and even entire web browsers[3].
The tech behind this is impressive and it works pretty well (mostly!)
- For most staff it's easier to use a thin client or a minimal laptop.
- I can keep the Citrix environment patched and managed much more easily than a proliferation of laptops and home devices.
It can be a struggle at times and it's definitely not the right fit for developers. But it's got a lot of advantages and most of the time it works amazingly well.
There is something odd about the battery life on the Ikea motion sensor.
I use it in our bathroom and it's activated multiple times per day.
The first battery lasted about 3 months but the second battery has been going for over a year.
There are some reddit threads but I never got a clear answer.
> It's not even using more energy than Christmas lights or wash dryers
I can't come up with any reasonable measure by which Christmas lights use more energy than Bitcoin mining.
The reports that suggest this seem to extrapolate US figures across the world, which looks unrealistic. And they're old enough that they don't account for the switch to LEDs.
Even if a billion households had 50 strings of LED lights each and kept them lit 24/7 for all of December, they'd still use less energy than the annual usage of Bitcoin.
The 2008 paper released by the DOE pegged lights at 6.63TWH per year across all segments in the US. That's 0.02% of electricity usage in the US at the time, which extrapolated is still only 44 TWH in 2008. With 100% LED lights, the usage would be 0.663TWH according to the 2008 DOE paper. I'd assume we aren't quite there, but even so, much more than 2-3 TWH on holiday lights nowadays would be shocking.
> Even if a billion households had 50 strings of LED lights each and kept them lit 24/7 for all of December, they'd still use less energy than the annual usage of Bitcoin.
On the final math, at 5 watts per strand, you'd wind up with 182.5 TWH. Bitcoin at 150TWH-250TWH puts it into the ballpark. Nice.
You're right that an artificial pancreas needs to be super careful.
The diabetes community got started on this before the official manufacturers did. Probably in part because the manufacturers were concerned about being 100% bulletproof whereas (some) people living with diabetes were willing to take a bit more risk.
And there's a balance around alarms. Some glucose monitoring tech can be frustrating and lead to "alarm fatigue".
Most of the artificial pancreases I'm aware of mitigate some of the risk by rarely sending large boluses at all. They tend to adjust the background basal rate and only send a bolus when you explicitly tell them you've eaten.
I also have an unhackable pump, unfortunately. I know there were attempts on the later Medtronic pumps by some pretty smart people so it looks unlikely that they'll ever be able to be controller openly.
My next pump will definitely be one that allows remote control and some sort of looping. Whether that's officially from the manufacturer or not.
Quite a lot of organisations are now running Office 365. It gets updated monthly with new features as well as security updates.
Even more conservative organisations will often be running Office 365 with a lag, still getting features after ~6 months.
If you need 100% compatibility that will always take a while, and I'm sure some big enterprises are on old style office. But it seems like the vast majority of small/medium business is on the Office 365 juggernaut now.
True. And a few large organisations are taking those baby steps too. Some of these super-conservative organisations started using subscription software with Adobe’s creative cloud, and got familiar with monthly update schedules thanks to Windows and RHEL patching. They are slowly coming around to accepting that Word and Excel can be deployed and patched just like the OS, and paid for like Photoshop, or used online along with things like Teams and OneDrive inside the organisation.
Last year my kids wanted to go collecting conkers and I used a similar website (https://www.treetalk.co.uk/) to find a local place with lots of horse chestnuts.
It worked brilliantly and the kids thought I was some kind of genius for finding so many.