this post was submitted on 01 Jul 2025
608 points (97.8% liked)

Selfhosted

44306 readers
941 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
608
My reason for wanting HomeAssistant and a locked down VLAN... (imgs.xkcd.com)
submitted 1 day ago by Landless2029@lemmy.world to c/selfhosted@lemmy.world
75 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/32265822

xkcd #3109: Dehumidifier

xkcd #3109: Dehumidifier

Title text:

It's important for devices to have internet connectivity so the manufacturer can patch remote exploits.

Transcript:

[A store salesman, Hairy, is showing Cueball a dehumidifier, with a "SALE" label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]

Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.

Source: https://xkcd.com/3109/

explainxkcd for #3109

top 50 comments
sorted by: hot top controversial new old
[–] tjoa@feddit.org 1 points 1 hour ago

FYI I learned About VLANs that it is in no way „locked down“. I can spoof the MAC address of a known device from a specific VLAN and I’m in that VLAN. Yes your devices can’t reach the internet/other devices by default but it won’t stop a bad actor.

[–] Kiernian@lemmy.world 6 points 8 hours ago (1 children)

New kinds of water, you say? The marketing department is already on it and boy have I got news for you!

[–] Landless2029@lemmy.world 2 points 8 hours ago* (last edited 8 hours ago) (1 children)

Wait... Is that heavy water?? /s

[–] ILikeBoobies@lemmy.ca 4 points 8 hours ago (1 children)

How about I hook you up with a brand new water softener on a 30 year lease but no payments in the first 5 years so it’ll be the next owner’s problem

[–] Landless2029@lemmy.world 3 points 8 hours ago

Omfg it's like solar panel companies...

So many damn houses with solar leases more expensive than just electricity

[–] irotsoma@lemmy.blahaj.zone 8 points 11 hours ago (1 children)

Yeah, companies have abused that to release buggy, incomplete products faster and only make the software stable and feature complete if they make a good profit.

[–] Landless2029@lemmy.world 6 points 11 hours ago (1 children)

Or add new bloat features / brick devices after updating TOS...

[–] JcbAzPx@lemmy.world 4 points 10 hours ago (1 children)

Remote device bricking is cheaper than researching part wear for planned obsolescence.

[–] boonhet@sopuli.xyz 1 points 9 hours ago

And both make me go with a different company next time so idk what they think they're gaining.

[–] teppa@piefed.ca 12 points 15 hours ago (4 children)

I was an idiot and bought a high end TPLink router, I can't even use Vlans without signing up for their back door service.

[–] hexagonwin@lemmy.sdf.org 6 points 13 hours ago

maybe install openwrt/ddwrt?

[–] Landless2029@lemmy.world 4 points 14 hours ago

Yeah. Even my old solid netgear got a firmware update that's begging me to get the app now. Shobe that shit up your ass.

At least give me a checkbox to stop bothering me

[–] RedEyeFlightControl@lemmy.world 2 points 13 hours ago (1 children)

Shit, are consumer appliances really getting that bad? ew!

[–] teppa@piefed.ca 2 points 13 hours ago* (last edited 13 hours ago)

I'd assume all Chinese devices are being backdoored via CCP incentives. Buy Asus perhaps, assuming Taiwan never gets infiltrated.

[–] splendoruranium@infosec.pub 1 points 13 hours ago

I was an idiot and bought a high end TPLink router, I can’t even use Vlans without signing up for their back door service.

Hm, at least with their enterprise equipment you can completely disable Omada.

[–] RedEyeFlightControl@lemmy.world 7 points 13 hours ago (1 children)

My house has manual windows, manual locks, and a dumb garage door controller... because I work in IT.

I do have a few smart appliances (environment reporting) but they are only allowed on the banishment VLAN so they don't get to interact with any single appliance inside my network. All they see is internet and nothing else.

[–] Nouveau_Burnswick@lemmy.world 6 points 10 hours ago

The S in IoT stands for security

[–] Tiger_Man_@lemmy.blahaj.zone 40 points 20 hours ago (1 children)

Internet of things sucks, but lan of things is pretty cool

[–] WhyJiffie@sh.itjust.works 11 points 16 hours ago (1 children)

you must have lots of LoTs

[–] AnUnusualRelic@lemmy.world 6 points 14 hours ago

Lord of the Trackers!

[–] DrunkAnRoot@sh.itjust.works 2 points 11 hours ago

i love it when my vacum makes a remote connction to a other countrye goverment that way i get tracked by mine and theres whatba time we live in

[–] AnAustralianPhotographer@lemmy.world 20 points 19 hours ago (1 children)

And it probably needs to connect using WEP

[–] WhyJiffie@sh.itjust.works 13 points 16 hours ago (2 children)

wpa2, but password limited to 10 characters. letters and numbers only, trying anything else crashes it, and you have to figure this out yourself

[–] possiblylinux127@lemmy.zip 12 points 16 hours ago (1 children)

Nah, it will just broadcast a 2.4Ghz noise for no reason

[–] Bytemeister@lemmy.world 4 points 16 hours ago

I feel like it's missing that nifty FCC sticker...

[–] swampdownloader@lemmy.dbzer0.com 8 points 15 hours ago (1 children)

And you must enter password through a 2 character wide menu screen with only up and down arrows

[–] hedgehog@ttrpg.network 2 points 11 hours ago (1 children)

The up arrow moves through the letters, e.g., A->B->C. The down arrow moves to the next character in the sequence, e.g., C->CA->CAA. If you click past the correct letter, you’ll have to click all the way through again. And if you submit the wrong letter, you have to start all over (after it takes twenty seconds attempting to connect with the wrong password and then alerts you that it didn’t work, of course).

[–] smeenz@lemmy.nz 3 points 7 hours ago* (last edited 7 hours ago)

And when you press down, the current letter's value briefly increments to the next letter before being replaced by an asterisk. Z causes the router to crash.

[–] kameecoding@lemmy.world 19 points 20 hours ago (2 children)

I just shopped for a humidifier, purposely avoided anything "smart", I ended up with a really fucking simple one, it has a hydrostat and can aim to automatically reach a level you want (40-50-60), has 4 speed,1,2,3,auto and sleep.

And the whole thing is nothing else just a wicking filter sitting in water that has a fan pointed at it, I think Technology Connectios would be proud of my purchase.

I will have to disinfect and change filters, but no need for distilled water like with ultrasonic humidifiers, and I boil my water and let it cool back to room temperature before adding it to the humidifier, hopefully that will help with staving off build up of bacteria

[–] LandedGentry@lemmy.zip 3 points 15 hours ago

Boiling definitely helps and is a hell of a lot cheaper than constantly buying gallons of distilled

[–] lepinkainen@lemmy.world 3 points 16 hours ago

I bought a Venta LW25 and couldn’t be happier. Simple and functional, good old German engineering

[–] ragebutt@lemmy.dbzer0.com 12 points 22 hours ago* (last edited 11 hours ago) (3 children)

This has been my approach and it has gone okay so far except for 2 issues that are quite a pain:

1: you have to thoroughly research what you buy. Does it work on an isolated vlan? Just because it works with home assistant does not guarantee this. Many home assistant users are comfortable with some degree of data collection and an integration does not mean that it will work local only (nor does it mean that all features will work). If it does work local only you may sacrifice some features. Cameras are a good example. Most cameras with object/person detection do this in hardware, but not all. If you circumvent the Internet connection and proprietary app you may sacrifice this, or more likely alerts

2: there is 0 regulation binding a vendor to the terms of service agreed to at the point of sale, including making significant and sweeping changes. Case in point: I got a chamberlain myQ garage door opener. It worked well and opened my garage door. Integrated with home assistant via the API. However, chamberlain serves a lot of ads for upsells and services via their shitty app. They decided that users circumventing the app and not seeing that you could give amazon drivers access to your garage to deliver packages (seriously) or buy shitty cameras was unacceptable so they updated the TOS and revoked API access for all users. The only way it works now is via their app. I sold mine and built a ratgdo

Another example is Philips hue: while they have been able to be used local only for over a decade Philips has decided they’re going to start a subscription security service with all the devices that entails based around the hue hub. At some point in the near future if your hub updates it will require you to sign in to a Philips account and be online. This one’s way worse as some people have thousands of dollars invested in hue. I have like $300 in the fancier white hue bulbs but some people on the HA forums and reddit literally have their house decked out with like 80-100 bulbs, many of which are the RGB. Kind of silly but they do work very well, flicker free, good color, and last ages. I still have some from like 2016 going strong. Luckily here if you have the bridge on an isolated vlan it won’t update and worst case the bulbs work with ~~zwave~~ zigbee but the principle of the thing is ridiculous. It should be illegal for a company to change the terms this far after the contract of sale

Other examples too. Many car manufacturers (Mazda, Chevrolet, ford) because api access limited data collection for them to sell, some companies are openly hostile to home assistant and when an integration is created they will go out of their way to break it (Ariston, bambu), etc. see https://github.com/unixorn/internet-of-trash

[–] hedgehog@ttrpg.network 1 points 11 hours ago (1 children)

I thought Hue bulbs used Zigbee?

[–] ragebutt@lemmy.dbzer0.com 2 points 11 hours ago

you’re right, my bad

[–] Landless2029@lemmy.world 3 points 17 hours ago (1 children)

Gahhhh...

Sounds like a total PITA

And yes we need stronger consumer protections.

I follow FUTO so I'm aware of TOS BS.

[–] ragebutt@lemmy.dbzer0.com 2 points 10 hours ago* (last edited 10 hours ago)

I’ve been happy with reolink cameras fwiw though not 100% so. They do have some nonsense though

I also prefer Lutron Caseta for lighting. It’s fairly bulletproof (I’ve literally never had any connectivity issues in like 6+ years) and they haven’t pulled any tos nonsense as far as I know. Downside is pricey and the install is more complex than typical iot stuff. And while they can control outlets they are only rated for 10A lighting so keep that in mind.

The only internet requirement for both of these (not always with reolink I think but at least with the cameras I have) is that you have to allow internet once during initial setup to pair devices. Once that is done you can remove internet access and delete the app

The common thread with these is wired too. The further along I go the more I realize that 2.4ghz WiFi iot shit is garbage. going from WiFi cameras that had privacy concerns and disconnected to local only poe cameras that just work was very nice. Learn from my mistake, don’t buy bullshit eufy cameras that you then have to sell at a loss.

And for your own sanity don’t try to get smart smoke detectors. Your options are either Google/nest that apparently does work well (never tried it, fuck Google), the new kidde that is built into amazons ring platform (never tried it, fuck amazon, plus the preceding model had awful reviews), or the new firstalert that is replacing the Google/nest (again, fuck Google, but I did try the preceeding first alert and it was atrociously bad).

I mention this because this brings up a key issue with regulatory compliance in the US (and probably EU, dunno). You can also try a number of off brand detectors as well that apparently work a lot better. If you search amazon for smart detectors you’ll see stuff like x sense and these apparently have somewhat solid reviews and work okay (though getting them to work in HA is mixed).

However, what amazon fails to mention is that these types of detectors have not been submitted for regulatory compliance in the US (unlike Kidde, firstalert, etc that you’d find at a home depot). They “meet UL requirements” but they have not been submitted for testing so they cannot print the UL logo on the box (legally) but they can write “meets UL requirements”, which is misleading. Fuck amazon and fuck the us government for giving them no culpability in selling obscenely dangerous bullshit

This means if you use these and your house burns down your insurance could technically nullify your policy for not having adequate protection. Or they could not work and you could die, of course

There are smart relays you can tie into an interconnected smoke detector circuit using normal smoke detectors that are appropriately rated if you do want alerts on your phone. There are also device that will listen for chirps but these get false positives

load more comments (1 replies)
[–] jubilationtcornpone@sh.itjust.works 59 points 1 day ago (2 children)

I have a rule that "Nothing will be automated that cannot be manually overridden."

Well, actually it's my wife's rule but it's a good rule nonetheless. As a result, there's a big panel full of relays in the basement that is the "last mile" for anything climate control or security related.

There have been a few times when it's been handy. Like when the exhaust fan isn't working and I don't want to debug the ESP32 controller today so I just flip it over to "Manual".

[–] JustEnoughDucks@feddit.nl 1 points 11 hours ago* (last edited 11 hours ago)

KNX.

Everything is decentrally programmed, and you can do extra automations and stuff from home assistant, but KNX devices are wired (generally) and will always Just Work™. More expensive that the cheaper retrofit options, but if you factor in manual overrides or getting the "better" wireless smart devices it is comparable. They generally also have a manual override at the panel. For core functions like lights, HVAC, roll shutters or blinds, etc... That is honestly the best option (unless you want every light to be an RGB light for some reason, then you still need smart bulbs)

load more comments (1 replies)
[–] SocialMediaRefugee@lemmy.world 18 points 1 day ago

It got hacked and now I'm really, really dry.

[–] LuxSpark@lemmy.cafe 15 points 1 day ago (2 children)

Smart, you don't want some hacker to drown you remotely.

[–] Cocodapuf@lemmy.world 5 points 18 hours ago

Really you don't want hackers using your random Internet appliance as a point of attack to access your whole network.

More IoT devices means a greater attack surface. And it's an appliance you don't actually want to spend time thinking about. You don't want to waste time troubleshooting network issues with your dehumidifier... It just needs to work, or you use a different one.

load more comments (1 replies)
load more comments
view more: next ›