this post was submitted on 12 Nov 2023
1483 points (96.1% liked)

tumblr

3480 readers
2 users here now

Welcome to /c/tumblr, a place for all your tumblr screenshots and news.

Our Rules:

  1. Keep it civil. We're all people here. Be respectful to one another.

  2. No sexism, racism, homophobia, transphobia or any other flavor of bigotry. I should not need to explain this one.

  3. Must be tumblr related. This one is kind of a given.

  4. Try not to repost anything posted within the past month. Beyond that, go for it. Not everyone is on every site all the time.

  5. No unnecessary negativity. Just because you don't like a thing doesn't mean that you need to spend the entire comment section complaining about said thing. Just downvote and move on.


Sister Communities:

founded 2 years ago
MODERATORS
 
(page 2) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 19 points 1 year ago

just make sure the gun is not near the printer so it doesn't shoot you

[–] [email protected] 17 points 1 year ago

Freelance IT tech here. I can totally relate to this.

[–] [email protected] 16 points 1 year ago (2 children)

There are selfhosted smart homes fyi

load more comments (2 replies)
[–] [email protected] 15 points 1 year ago* (last edited 1 year ago)

IT professional of 15 years here. I have all the smart home shit and I love it. It's all on a separate VLAN, I have MAC address filtering network-wide and I have a firewall. I understand being burnt out by your job and not wanting to deal with it when you get home, but I love my work and my smart home stuff is robust enough that all I ever have to do is replace alarm sensor batteries once or twice a year. You can have both.

[–] [email protected] 15 points 1 year ago

IoT is terrible, and typically proprietary. I prefer the FOSS and SelfHosted route. But as it turns out, I too prefer a less online set of home items.

[–] [email protected] 14 points 1 year ago (2 children)

Unless you want to live like a luddite, you can find ways to have the best of both worlds.

As a fairly seasoned IT veteran I think it boils down to the tradeoffs between security, privacy, and convenience--just like at work. I'm sure most of us have implemented things in less secure ways to accomodate a business need. When you do that at work, you just try to mitigate that risk as best you can by putting other measures or controls in place. I do that at home.

Everyones tradeoff decision will be different, but at some point, for me, the convenience of some IOT and smarthome devices outweighs the security and privacy concerns. Or at the very least I realized its a weird hill to die on as we use our android phones, google for searches, gmail, instagram, etc. I am sure some of you have completely divested yourself of all of those services and have GrapheneOS installed on your phone and use OpenStreetMaps to get yourself lost. Most of use still use a few of those.

That said, I think the nerdiest and most security privacy saavy among us in the IT field can implement it in a fairly secure way. Pfsense,Ubnt, ofsense,openwrt routers with vlan segregation for traffic. IDS/IPS, pihole local dns, etc. You can absolutely make it so devices only communicate in ways that you approve. With things like VPNs (tailscale), Cloudflare tunnels, etc you can access your stuff securely without exposing any admin things to the public web.

Digital locks are fine, just get one with a mechanical lock too. I have a digital lock on my front door that I can program with keycodes but it also has a key. I can give the cleaners a temp code if I need to. I can give my neighbors a code if they watch the house while I am away for a long time, then I can get expire it when I return. The analogue alternative is arguably less secure.

That is basically my requirement for smarthome or connected devices. I need to be able to control it to a level that I feel comfortable and if it fails or isn't connected it still needs to work. IE no smart light switches that don't function if the wifi is down--they still need to be a switch. My nest thermostat still works without wifi. My smart plugs still work without wifi. If any of those things was hacked or compromised, they are completely segregated from anything of actual value on my network--and depending on the device it wouldn't be able to see anything else at all.

For major appliances, I dont see the value of any 'smart' features built in (yet), so I won't be buying them anytime soon but if I did they'd still have to meet the "still needs to work in 'dumb' mode" requirement--smart, connected features are extra not required to function.

load more comments (2 replies)
[–] flambonkscious 14 points 1 year ago (5 children)

I have very minimal smarts in my home. I'm jaded and over it all, and you can guarantee the shitty devs producing this stuff couldn't care less, while working for actively hostile mega-corps.

Fuck that. Having said that, there are compromises - my TV does get out to the internet and I have a win 11 PC in the lounge as the primary machine.

If I had the emotional energy I'd start fiddling with nessus or whatever the new flavour is, to confirm my suspicions but I just don't need the burnout

load more comments (5 replies)
[–] [email protected] 13 points 1 year ago

Your network is only as secure as it's weakest link, IoT devices are a liability unless they are on their own isolated network and who has the time to set that shit up to open their blinds from a phone?

[–] ElBarto 13 points 1 year ago

I work in retail, which is the reason why my house is shit.

[–] [email protected] 13 points 1 year ago

Can confirm. Technology is a disaster waiting to happen.

[–] [email protected] 13 points 1 year ago (15 children)

Has OpenWRT but doesn't know how to stop smart home gear from leaking data?

Back to school for this fella

load more comments (15 replies)
[–] [email protected] 13 points 1 year ago

When you see how the sausage is made you don't want it. Software engineers know how many corners are cut

[–] [email protected] 12 points 1 year ago (3 children)

Goddamn right.

Actually, I hadn't thought about the router and I'm panicking now. My router is some MR9600, and the speeds through it are great, but I feel like I over paid for something that I can't install my own firmware on. I think my pi.hole is the DCHP anyway, and now I'm really thinking I need to find a new router

load more comments (3 replies)
[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

My strategy is just be unpredictable af. Use FOSS as much as possible. Dont use google services except maybe google maps. Make an active effort to decouple accounts. Treat phone number 2fa like the plague.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (7 children)

IT since the 90's.

I have all those things and more, and 6 seperate VLAN's with isolation, strong rules, alerting and honeypots in all the right places.

load more comments (7 replies)
load more comments
view more: ‹ prev next ›