• 0 Posts
  • 51 Comments
Joined 1Y ago
cake
Cake day: Jun 01, 2023

help-circle
rss

A few (German language)sources: https://www.tagesanzeiger.ch/der-geheimdienst-will-auch-die-internetkabel-anzapfen-895734682308

https://www.republik.ch/2024/01/09/der-bund-ueberwacht-uns-alle

Basically: The Swiss Intelligence Agency do monitor all traffic going in and out of Switzerland(including incountry routing that uses external routes)and have the right to safe as much traffic as they want for 18 months- and can force swiss companies to give them access to their infrastructure even when they do not provide a service for non-swiss customers. Coming from a Intelligence agency that had the highest amount of files of their citizens of all democratic nations once (see Fichenskandal) it is more than troublesome.

Additionally swiss privacy law itself,while improved in 2023 after years of doing nothing, is still inferior to the GDPR. Unlike the GDPR it is not necessary for a person to explicitly consent to data collection unless the data is deemed especially sensitive. Unlike the GDPR there is no time-limit to notify authorities of data breaches and it is only mandatory for high risk breaches. And the right of data deletion is severely limited as the company can refuse to delete the data if it is still deemed “necessary” for the original purpose.

For me this is also why I can’t take Proton and Threema seriously. Whoever uses “swiss privacy law” as a marketing catchphrase without lobbying for improved laws (especially before 2023). And Proton openly lies on their “Why Switzerland” page.


Yeah. Exactly how I do it. .casa domain to distinguish it from my other domains, DNS challenge and I am good.

Proxmox and OPN Sense work with it themselves, for everything else I use NPM on Proxmox. Couldn’t be more happy with that solution.


Just saying, but swiss privacy laws are a huge marketing hoax and amongst the worst in Europe.


Yeah. If you are more into the recipe side of things Mealie is imho the way to go.

If you want a ERP at home Grocy is more feature complete,but also more bothersome.


A lot of guides are still for Proxmox 7 or even 6 on that matter.

Proxmox 8 has changed a lot in that regard.


You forgot the “basement dwelling gatekeepers”, there are the ones whose minds never left their parents basement and whose social skills aka lack thereof is evident in their gatekeeping.

Their way is the only correct way and Linus has actually no idea how to run Linux, hardware manufacturers don’t know anything about their products, anyone using not their service of choice is automatically an idiot and if you don’t know how to compile xyz yourself by using a self taught technique you really should get off the internet right now.

Often their advice is inefficient, sometimes it’s outdated and some even blatantly lie (had one boast in a discord that he has a myriad of secret user accounts where he intentionally gives bad advice to a FOSS product he hates).

Some also intentionally make whatever the goal is appear much harder in an effort to look smarter (that behaviour is often found in the professional world as well*)

They are the cancerous sore of FOSS and social media,imho.

PS: Anecdote: I work in healthcare,not IT originally. Everything I know is self taught, therefore. Started a new consulting gig and one of these guys, very much a “IT gatekeeper” always made the company he worked for think it takes a massive effort to install a certain product. Which made everyone’s life much harder because yes,he did install it, but he manually compiled it which took him weeks at a time, while his other work piled up. So they tried not to use this essential product whenever possible and worked their way around it.

I came there, saw that I needed said product and had it installed within 20min. The CEO sat right next to me and was stunned. “You prepared that, right?” “Uhm,no? You can just download and install it like this?”

IT-Gatekeeper was asked to join the meeting asap and told to explain why they need so long. His only excuse was “I need to review all the code” - which he did diligently, but he always reviewed ALL the code not only changes, according to his notes.

I made the mistake of saying to myself a bit to loud “but if you compile that stuff yourself then you are liable if it breaks,if you use the advised packages from the manufacturer they are”(medical device law can be interesting). IT-Gatekeeper exploded and screamed at me how I have no idea how IT works,etc.

He was let go shortly after that.


Thanks for confirming that you’re full of shit.

Because there are very very few Sliding Synch (which is the part of X that makes it faster) instances at the moment and only one that has a major userbase…


Wouldn’t say that. With most Matrix Clients, WhatsApp, etc. it’s far easier. Especially from a perspective of a elderly,less tech adept user.


And on which instance did you experience that?


Depends. If you use an intermediary layer like Yunohost/Cloudron/etc. or now your way around docker it’s manageable easily.


Very unlikely by now, these issues have been adressed a while ago.


Matrix is slow on large instances, but that’s not the case here, especially if no federation is done.

And the issue with sluggishness is currently the main development focus with ElementX/matrixX that will become mainstream matrix soon. With that even the large instances are extremely fast.


It is literally one setting in Matrix to force all rooms to only do encrypted messages.

Signal is pretty unintuitive when it comes to multiple devices per user, device transfers after a device has been lost,etc.


Cloudron does that,not for free, though. But cheap


I know multiple women who mainly got themselves a PC to play Sims back in the day and who are now in senior IT roles because once they got the PC they kind of “sticked with it”.

That is something we indeed should thank The Sims for.


Old article by someone who seems to be an absolute newbie in that field.


I can recommend using Cloudron but I don’t use Radicale.

Cloudron is in no way a necessity for anyone - it’s simply me being too lazy to keep everything up to date, read all the necessary documentation for all the services we run,etc. Cloudron does all that for me - and I couldn’t be happier. Johannes,the owner, provides fast support (had two glitches with Hetzner DNS over the years) and the amount of Apps is getting wider each year, although I would rather see their range be broader (e.g. a proper Monitoring system instead of yet another project management),but that’s just me.

In theory it’s even possible to create your own apps for cloudron, both for public and private use, but that is beyond my capabilities. It can also be used as a SSO provider and reverse proxy,btw.


Simply put:No.

You need to make sure none accesses your phone even when stolen (for a myriad of other reasons as well) so passwort protect it.

This has nothing to do with WG-easy or any wireguard implementation itself-it’s simply part of Wireguard. What you could do to at least discourage an attack is to save parts of the secrets (Preshared key, public key of your network) in a password manager like bitwarden and copy and paste it into the client every time you connect - and remove it from there after you’re done. But be aware that this will only discourage a technically inept attacker - the WG client and the OS,etc. will keep enough of data of these transactions around to easily find out this information and for a good attacker you actually make it easier this way. So I would clearly not recommend it. Password protect your phone.

WAG and other solutions put another layer between your network and WG. Basically they add a captive portal and only “unlock” it once you authorised yourself there. It is not a pretty solution and you need to be aware that it easily locks you out of your own network.

Another solution could be that you build two WG connections - one that is limited to your firewall and can exclusively connect to that device. And one that has broader access. Use the first one to enable access, the later one for actual access. Then the first one to disable access again.

The WG easy container should always be run behind an authentication layer,even in LAN as it enables an attacker (who might be already in the LAN) establish full outside connections. This can easily be achieved with a reverse proxy like Caddy/nginx proxy manager. The container then needs to be behind the proxy in it’s own network with only the WG port exposed. Requires a bit of work but is easily doable…And Portainer is your friend in that regard.


Steam is a major problem for a lot of reasons,but basically none of the reasons the author gave are the main problem - It sounds more like a whining of a Mac/Apple user. Once again…

There are hundreds of more important problems with Steam.


2N Verso.

  • Works totally offline/Cloud free if required.
  • Can be integrated into any NVR&SIP environment
  • Can easily be used with plausible deniability. “Yeah, officer,I am just using it when someone rings the bell, no recording,the bell system never records,no!”
  • Very sturdy and reliable hardware
  • Offers indoor viewing stations (for the less technically adept household members)
  • PoE based, can be used with LTE in some versions.
  • Good documentation
  • With the automation licence (Costs a bit extra,but is “buy once” at least) basically everything one can imagine automation wise can be achieved, including API calls,etc.
  • Can be extended with RFID, Fingerprint, Bluetooth,Induction loops,etc.

If you want to use their cloud service you have to pay a small fee,but that’s purely optional and you can easily use your own SIP solution to avoid this. Or simply don’t answer your door from somewhere else.

The big downside? It’s ridiculously expensive. But I mean…how often does one buy a new doorbell?


On a RPi 3 mod B? Not really. Load spikes have already been mentioned and especially Home Assistant is prone to them, PiHole can be, but it can be avoided (you still wouldn’t want it to update its blocking lists while you print something as it causes load spikes).

IF you do it you need to configure it in a way that the Octopi is getting priority over everything else - which is possible with a lot of tinkering or using a VM layer like Proxmox - which is adding to the overhead again, though. This will push the 3B to its limits even more.

Personally I would advise against it heavily. If you already have a 3B, use it for the 3D Printer and buy another device for everything else (not necessarily a Pi, Arm has it’s downsides - there are a lot of energy efficient x64 solutions out there these days.) And then slap Proxmox on it,run HAOS, Pihole and whatever comes your way in the future on it. (Paperless and Frigate/agentNVR seem to come along the way naturally.



I remember when there were no sponge blocks. These are still saved in my head as “new”.


Attach a small camera to one of them and attach it to a bird feeder. Set another one up with frigate.

It’s a fun use and actually good for the environment.


If you are more into a full DNS solution that can also block Technitium DNS is a reasonable choice. It is fairly userfriendly, can be run in an LXC easily (I am doing exactly that), able to use multiple block lists in any combination you want, can be controlled by an API, is regularly updated,etc.

I couldn’t be happier with it, even though the learning curve is somewhat steep, when you are new to DNS. It is a fully fledged DNS server after all.



They are there to make sure none unauthorised launches the nukes,yes. But there is a chance someone within the military is bought by someone and that adversary doesn’t even have to be the official government of a foreign country.

To give a few examples(even though the US nuclear policy has changed and it wouldn’t be possible today, thankfully): What if Putin, with his back against the wall, decides to risk it all and by proxy let the US attack China so NATO won’t come after him?

What if Winnie Pooh faces a revolution and decides in a hitleresque manner that it China is no longer under CCP rule there better is no China and orders a loyal sleeper to attack China so there at least is a chance that he comes out of the bunker irradiated but victorious?

We all have seen enough crazy shit to not rule out even more crazy shit.

It was just a bad, lazy, process. nothing more. And I really hope that the US really did change it in the meantime.


Unless someone sends the suit with the codes in it to the Chinese dry cleaners…again…and again.


Well considering that the US nuclear launch codes were just zeros for a while, it just might be realistic.


Actually our building is much older…But as written elsewhere, we had to renew everything anyway. I used Homematic before switching over to KNX (/KNX:RF) and while it was okay for a rental (and can do much more than people think) it’s still clunky unless you use HA as an additional layer and you waste a lot on batteries. But still, better than nothing.

We are lucky that we actually have the best renters we could ever imagine but their flat was renovated cabling wise before we bought the object so there was little use of implementing something that would require rewiring AND puts me deep in the “functional liablity and GDPR” hole. But if I ever need to rewire it, it will be done with KNX simply because I can do that myself. German/GDPR law sadly is a bit uninnovative in that regard - I would happily offer my renters fingerprint access but the fact that I then would need to do four different data transfer aggreements is a hard reason to not do it.

When renting out you very soon find out that the law is heavily geared towards big corperations like vonovia and fucks over the smaller landlords whenever possible, sometimes even to the disadvantage of the renter. E.g: I can easily produce heat consumption directly from the heating system for each renter, even can automatically send them this. It can hardly be manipulated and is seen as evidence in other countries… BUT: As we rent out two apartments I do not fall under the “small landlord clause”,even though the smaller one is just a studio. So I need to install a wireless heat measuring system on all radiators and warm water outlets. Now here comes the problem: These measuring devices need to be capable of wireless measurement soon. Funny, as all of them are in the same room…where the heater is. right next to the gateway.

But you need them by law and now I need to put this shit on my renters side costs… almost 25€/month (and that was the cheapest offer by far) per apartment. I rent out for somewhat reasonable prices (well below Mietspiegel), as I rather have friendly renters than max out what I get…but that shit makes me mad. (We “refinanced” it by me taking over smoke detector maintenance so we could keep costs the same)


The system environment does have radio based components - but you are right, some things cannot be achieved without deep integration with the house. But yeah, I rented for a long time and while I used radio based systems it is not as good. My hope is that it does get common enough that more and more landlords adopt it,at least for the midrange segment. We do actually provide some limited integration for a small apartment we rent out but currently it’s not something people care about tbh and the law here is a bit problematic in that regard, but that’s a very local problem.


Yes and no. Each component comes with an “app”(basically comparable with a driver for PC hardware) within the programming software that does the setup.

So you don’t have to decide what triggers what and some part of the logic behind it - but the app often does most of the work and you do just some fine tuning.

To give you an idea: I decide which switches (I always have regular switches even if the light normally goes on/off automatically) and what detection zones should trigger the light X1. I then link the “Switch Action” to the bus address of the LED controller L1. The LED Controller then gets told what to do with that information. In my case I have two different modes: Normal and Partymode (I use Day/Nightmode for that). In Normal mode the App gets told to interpret a “On” Action as “start HCL” and a “off” as a,well “turn it off,dude”. The HCL mode then is started with the HCL Settings according to the time. I can adjust the settings for the HCL mode (e.g. I want it darker in the evening) or I can just use the preset.

Now for party mode the same switch action does not mean “use HCL” as the same light that I want at 1am might be nice if I am on my way to bed but not If my guests need to find the loo or their staff when leaving. So it’s now a simple “turn the light on at 100%”.

Once that is done you commit the change by programming the module and you’re done. (The components always communicate directly without a central module that could fail)

Now the beauty of the system is that you can be as flexible as you like. You want that switch to no longer switch on the lights but rather close the blinds? Sure. Just link it to another address.

To give you another example what the app does itself: The blinds do close according to the sun’s elevation. I basically just linked the relevant module addresses to the respective sensors,told the module the size of the blind parts (used for calculating the optimal closure position) and linked it to the “veto object” that is calculated by the home Assistant and send to the bus via IP Gateway (basically a object based on the estimated weather. I live in an area with heavy temperature drops). Everything else is done by the weather sensor - raising or lowering based on temperature and of course wind speed.

Each app can be automatically loaded but you can also load it yourself if working in an offline environment - as they need to be 100% downwards compatible you can always work with your hardware even as long as you have the app. I therefore have them all saved/backuped in case some company might go bust. (In theory you then can still get them through the association but I don’t want to rely on that).


Regular presence detectors (MDT 4 zone presence detectors, 120€ each) for the bigger rooms with some additional single zone detectors( mostly MDT as well around 75€) for some special applications (e.g. Sofa). Used those as well for some really small rooms (loo,etc.)

For the home office rooms and general presence in the bedrooms we used Steinel True Presence (around 300€ but includes air quality sensors - in the end they aren’t much more expensive if you plan on measuring air quality there anyway). They are dumb in terms of positioning in the room but superior for detecting people who do not move for a long time.

In addition to these I have normal KNX motion detectors(mostly MDT for about 90€) for some areas (as mentioned elsewhere: Next to the bed at ground level to detect your motion when you get up at night and switch on the light with 5% red so the wife does not wake up)

In terms of how it works:

Presence detectors (excluding the Steinel) are basically pimped infrared motion detectors. They detect your signature against the background and unlike motion detectors kind of remember your signature for a while. Each one has one or more “zones” it can detect you in. The “minis” mentioned above have one, the 4 zone ones have,well,four which are aimed at 45,135,225,315 degrees in case of the MDTs. This allows the detector to basically differentiate between someone being “in my right upper corner”, “in my left lower corner” etc. (Especially as detection ranges can be varied between zones but also for various applications and even day/night mode).

With a bit of clever positioning e.g. my presence detector in the kitchen has four zones: at the stovetop, workspace one and workspace two and “entry”. The detector sits on the ceiling right where these zones meet (which is not the middle of the room in this case!)

If anyone registers a presence the normal light goes on (when it’s dark enough). If you go into workspace one (where most cutting is done) the under-kitchen-cabinet light goes on. The sensitivity for that is much smaller as I don’t want it to go on if you just pass through, though. Additionally the sensitivity of the “entry” is smaller as I don’t want the light to go on if someone just passed the kitchen in the hallway.

The Steinel works a bit different as it is radar based and has only one zone, but is therefore able to recognise ones breathing movements/minimal movement while e.g. working. Otherwise it works the same.

The additional ones I use are there to recognise people better, e.g. my living room is fairly big and I want the system to specifically recognise people being on the sofa so the mini looks straight down only - while the big 4 zone detector is only able to see if people are “in the direction of the sofa”.

Hope that describes it somewhat, let me know if you have any questions!


I understand your intentions, but there question is why add this layer of complexity. A switch that is a switch and switches everything I want no matter what because it is forced by the common standard to do so and can not send any data ever is a good switch.

And tbh, while I am an absolute advocate for OSS I rather have a switch that is not depending on a possibly abandoned OSS project (been through that) - hardware in this field has incredibly long lifetime, much longer than almost all OSS projects (remember, EIB is older than Linux!) and does it’s complete job from day one. There is no evolution in some hardware in this field and all evolution that did happened did not happen hardware side but communication wise - where we are also hardware limited. It is therefore much more important to define a common standard for communication - which we have - than have flashable components (exceptions apply,sure). We need to force legislation to get a common standard of communication or at least mandatory offline gateway availability to prevent thousands of components going to waste in a few years.

It does not help your cause when you can flash the hardware but the hardware is still talking to the wrong, proprietary communication channels.


As we had to redo all wiring anyway (renovation of a 80 y old house) and worked in stages it’s a bit difficult to do an estimation. Generally we found KNX is about +15%/+20% to comparable conventional wiring depending on the complexity (conventional wiring is cheaper for simple “one switch one light” situations but gets immensely expensive for more complexity - we found KNX was cheaper for some situations like “four different switches in four different locations all switching different combinations of lights”). In total around 40k € for a large house- that includes rerunning all wires, a few specialities due to age of the house and installation by a master sparky but no programming by them(did that myself - it’s not that difficult actually but takes a bit of time to get into).

The KNX wiring in theory could be done by a amateur as it is 24v only, but 240V needs a professional here. If we had done all KNX wiring ourself and let the sparky only do the 240V part (which in retrospect we should have done) we would have actually gotten out cheaper than conventional wiring, but I had no time to do so.

Of course the level of integration we opted for is far beyond what you normally put into a house - it’s a hobby more or less and we will not break even in terms of energy savings ever - but as we had to do something anyway why not do it right. Additionally it is heavily geared towards us getting older (e.g. we have motion detection at the ground level beside the bed - this recognises if you get up at night and now switches the bedroom lights on at 5% red so the wife does not wake up and then switches the lights on towards the loo. The whole routine is capable of recognising that someone has fallen or is unable to get off the loo)

It all depends on the brands you choose - as KNX has a huge spectrum of suppliers there is everything from cheap switches that are hardly more expensive than regular ones and top notch switches that cost 500€ each…we went with rather cheap but flexible ones.

A friend did some calculations with normal “off the shelf” smart home stuff like Hue, etc. and was 20% above what we payed for comparable level of integration.


As someone who does live in a “fully smart” home, used quite some time to plan it and had to fend of “smarthome” manufacturers like flies aroud a shitcake:

90% of all products on the market are a scam and shouldn’t be called smart at all - they are fancy “remotes” either via voice or mobile phone. Nothing about that is smart. That’s dumb. It is not more convenient compared to a proper lightswitch if I need to know a long specific voice prompt or take my mobile out of its pocket to switch on a certain light.

What the autor of the article requests is already on the market for decades - KNX/EIB any a few other standards (Modbus, Onewire, etc.) are available for ages, are not depending on one brand and one central component. There is no fucking need to stay within a walled garden but the point is: These systems exist for such a long time that they do not show up as “big introduction” at IFA or CES. They evolve gradually and to stay within German exhibitions are found at the Light and Building rather than the IFA. Because the first one is a builders/electronics exhibitions, the later a multimedia/TV trade fair. The Verge is simply at the wrong place.

To give you an idea of my (actually very common, nothing about it is very special) setup/usecases and what I mean with “smart”: KNX does everything that requires switching, all sensors, basically all background work excluding the doorbell (works via LAN) and Fingerprint (works via LAN).

Lights:

The system does recognise people automatically when they enter a room and their positioning in a room. Paired with enviromental data (natural light level in the room, outside light, time of the day, our schedule according to our calenders*) it determines the appropriate level of light based on the human centric lightning concept. Light will be brighter and more blue in the morning (unless I am coming home from nightshifts), darker and more orange in the evening (unless we have a party), very dark if you go to the loo at night. It furthermore recognises your positioning in the room (e.g. when you are in a certain part of the kitchen certain lights go on) or that certain power sockets draw power according to a certain charateristic (e.g. the TV goes on)

Temperature:

The system knows current inside and outside temperature and the expected forecast*. It will heat the rooms accordingly, e.g. will turn down the kids rooms during schooldays but have them back at temperature when school ends. If the system recognises that someone is still in the room for long after school should have started it determines that someone is sick/schools off unexpectedly and temps are adjusted accordingly. In the summer the system shuts the blinds according to the light level to keep the heat out - based on the current position of the sun(e.g. the eastern blinds are lowered in the morning but not the western ones) and outside light levels. It will let enough light in for everyone to work but at the same time keep the heat out.

Air quality:

The system measures the air quality of the rooms and outside air quality&temperature and does ventilate accordingly - or ask us to manually open a window if that doesn’t provide sufficient clean air. (But won’t do so if the Air quality outside is bad)

Windows/Doors:

All of them have sensors showing their opening status, some if they are properly locked.

Doorbell/Fingerprint:

The Doorbell/Fingerprint system is the only system not on the bus as Video is beyond the scope of what the system can transfer.

Devices/Appliances:

Most things are “dumb” integrated first- we see when the washing machine is done because of the power charateristic, we see if the refrigerator is broken the same way. While we use Home Assistant for additional comfort, it is not really necessary.

Visualisation:

We use both KNX only as well as Home Assistant. But I could change over to openHAB, ioBroker or whatever we want tomorrow.

*: This data has input from external sources.

My point is: This is done without much user input. And by using around 30 different brands. With dumb actors and sensors (blind e.g. are just a “on off” motor, windows are binary contacts, same goes for leakage, etc.) so the components can be exchanged easily. And you don’t pay the hefty premium everyone tries to sell you for their “remote controlled blinds” (twice the price for a shitty remote,another useless gateway and Alexa…) and it’s far easier to use different brands. And if the blind actuator brand goes bust (way more unlikely compared to a smarthome startup) it will work without a cloud and can be exchanged seamlessly with any other brand.

We are there. But it is not fancy enough for the media.


You mean like KNX?

Which we have for 3 decades now, is totally offline if needed and can by design not leak data without the user noticing, is available both wired an non-wired, is compatible across hundreds of manufacturers and even has some open source projects, is totally backwards compatible and does not require a fancy “central component” that might stop the whole system functioning?

Seriously: The whole smart home world is a scam. 90% of all products that are new and fancy are nothing more than “voice/mobile remotes” and not truely intelligent. They are used because people refuse to do their homework in terms of smarthome.


Sorry for the European point of view,but wtf.

A person out on bail joking about fleeing the country would literally mean a direct “go to jail now” card for anyone in any western judicial system I know.

How the fuck is that not happening in the US guys? That’s absurd.


Minecraft and Civilization VI.

Sounds bland? Somewhat. It’s more the fact that I started playing them with the kid and the wife for the first time effectively. The kid got a Minecraft account when it was three days old, both the wife and I played it heavily during the (horrible/stressful) pregnancy as she got sick from other games for some reason. Now playing it together was fucking wholesome and easily one of the most memorable experiences. We now run a small private server for us and some friends and it is an absolutely fantastic bonding experience - even more so as I can easily join when I am on one of my rather frequent business trips.

Civ6 is a bit similar experience wise but it also started a absolute transformation in the kid - it has read all (literally ALL) the childrens and adolescent history books in our rather well equipped local library and we now have to very carefully have to choose which adult books are appropriate - and therefore are learning a lot about history we never figured we would need to read about. (Scythian history? Really,kiddo?)


How did Matrix fail?

It’s the base for numerous messengers used by governments around the world, it has a userbase of more than 70 million core users (not counting the various closed messengers). Various competitors (e.g. Rocket Chat) have changed their base to Matrix.

And Beeper is Matrix with Bridges (which you absolutely could deploy yourself). In theory anyone could recreate the Beeper functionality with existing other apps/bridges AND be able to communicate with Beeper on their native standard - Matrix.