this post was submitted on 01 Jul 2025
743 points (98.2% liked)

Selfhosted

49829 readers
765 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
743
My reason for wanting HomeAssistant and a locked down VLAN... (imgs.xkcd.com)
submitted 3 weeks ago by Landless2029@lemmy.world to c/selfhosted@lemmy.world
93 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/32265822

xkcd #3109: Dehumidifier

xkcd #3109: Dehumidifier

Title text:

It's important for devices to have internet connectivity so the manufacturer can patch remote exploits.

Transcript:

[A store salesman, Hairy, is showing Cueball a dehumidifier, with a "SALE" label on it. Several other unidentified devices, possibly other dehumidifier models, are shown in the store as well.]

Salesman: This dehumidifier model features built-in WiFi for remote updates.
Cueball: Great! That will be really useful if they discover a new kind of water.

Source: https://xkcd.com/3109/

explainxkcd for #3109

top 50 comments
sorted by: hot top controversial new old
[–] jubilationtcornpone@sh.itjust.works 76 points 3 weeks ago (2 children)

I have a rule that "Nothing will be automated that cannot be manually overridden."

Well, actually it's my wife's rule but it's a good rule nonetheless. As a result, there's a big panel full of relays in the basement that is the "last mile" for anything climate control or security related.

There have been a few times when it's been handy. Like when the exhaust fan isn't working and I don't want to debug the ESP32 controller today so I just flip it over to "Manual".

[–] Landless2029@lemmy.world 19 points 3 weeks ago

That's a great rule of thumb. So setup two switches. One for manual and one with a ESP32.

load more comments (1 replies)
[–] Tiger_Man_@lemmy.blahaj.zone 50 points 3 weeks ago (1 children)

Internet of things sucks, but lan of things is pretty cool

[–] WhyJiffie@sh.itjust.works 18 points 3 weeks ago (1 children)

you must have lots of LoTs

[–] AnUnusualRelic@lemmy.world 8 points 3 weeks ago

Lord of the Trackers!

[–] Landless2029@lemmy.world 27 points 3 weeks ago* (last edited 3 weeks ago) (8 children)

I just bought my first home and as soon as I'm decently unpacked I'm going to start my journey on self hosting.

Currently planning:

  • Small i5 HP Pro SFF PC for hosting large apps (going to config for Linux and power it off until I get more mature
  • Raspberry Pi4: pihole and home assistant
  • Raspberry Pi4: NextCloud, Deck
  • ZigBee router thing:
  • NAS
  • Jellyfin
  • JBOD on SFF?
  • flashing old Netgear nighthawk into wwdrt
  • OS Ticket to replace NextCloud Deck for a JIRA type solution to manage projects and major house items.
  • ZigBee thermometers for better Nest accuracy
  • ZigBee motion sensors for entry ways and bathroom
  • smart plugs and motion sensors for basement TV lights

Not sure what else to add. Open to advice or suggestions.

[–] tburkhol@lemmy.world 27 points 3 weeks ago (5 children)

I've watched enough Lock Picking Lawyer never to want a consumer 'smart lock.' Half of them can be opened with a magnet. Maybe commercial grade is better, but I've been locked out of my job after every power failure for the last 10 years, until someone comes along with a physical key.

Re homeassistant on a Pi: homeassistant does a lot of database transactions, so you may want to have db storage on something other than an SD card.

[–] Postmortal_Pop@lemmy.world 5 points 3 weeks ago

I have tentative plans to make my own smart lock by way of electric motor and commercial deadbolts with an RF scanner and a back up battery for emergency. It won't be amazingly secure in a tech way, but I figure the combination of novelty and DIY should make it reliable.

That said, I gotta be that guy and remind everyone that all locks are security theatre and are not going to protect your house from the persistent or prepared. Your best defense is a combination of foresight and social engineering.

[–] Landless2029@lemmy.world 5 points 3 weeks ago (1 children)

Good call. I was thinking of trying a 128GB usb3 stick I got. Maybe a ssd/nvme on a USB3 controller.

load more comments (1 replies)
load more comments (3 replies)
[–] tux7350@lemmy.world 15 points 3 weeks ago (2 children)

I wish I had setup an identity management system sooner. Been self-hosting for years and about a year ago took the full plunge into setting up all my services behind Authentik. Its a game changer not having to deal with all the usernames and passwords.

In a similar vein, before Authentik, I used Vaultwarden to manage all my credentials. That was also a huge game changer with my significant other. Being able to have them setup their own account and then share credentials as an organization is super handy.

[–] Landless2029@lemmy.world 6 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

My SO is already using keepass locally. Used to be only a paper notebook. Data breach paranoia.

I plan to setup vaultwarden or keepassXC

load more comments (1 replies)
load more comments (1 replies)
[–] qjkxbmwvz@startrek.website 6 points 3 weeks ago

ZigBee router thing:

I've been happy with the SMLIGHT SLZB-06M. You can easily flash firmware, and it has PoE which was important for me. I believe it also supports Thread, but I haven't tried this yet (and I'm not sure if it supports it at the same time as Zigbee).

Zigbee smart plugs from Third Reality have been pretty solid in my experience, and they report power usage.

For circuit breaker level monitoring, I have an Emporia Vue2. I have it running esphome, completely local

unfortunately this requires some simple soldering and flashing, so it's not turnkey. But it's been rock solid ever since flashing it. (Process is well documented online.)

I've had decent luck with cheap wifi Matter bulbs, but provisioning them is finicky, and sometimes they just crap out and need to be power cycled; Zigbee bulbs (e.g., Ikea) have generally been reliable, though sometimes I've had difficulty pairing them initially. After power cycling a Matter WiFi bulb, it takes a while for it to respond to Home Assistant; Zigbee bulbs generally respond as soon as you power them on.

I have a wired smart light switch from TP-Link/Kasa (KS205), and it's been completely hassle free (and totally local

Matter over wifi). The Kasa smart switch dongles I have work flawlessly but need proprietary pairing, and I'm afraid to update firmware in case they lose local support.

Good luck! Fun adventure :)

[–] Dudewitbow@lemmy.zip 4 points 3 weeks ago* (last edited 3 weeks ago) (8 children)

if you have a garage, design a method to basically ensure your garage door is closed without you needing to go back to check.

of course if you trust yourself with never making that mistake.

last thing you want to feel is if you remembered to close the door or not and youre already far off

[–] Pika@sh.itjust.works 6 points 3 weeks ago

I agree, I set my grandparents doors up on a timer, if its still open at 11 PM it auto closes both doors. I've got the ping a few times now saying "emergency door schedule activated" meaning that they were open and had not been closed prior.

[–] NOT_RICK@lemmy.world 5 points 3 weeks ago (1 children)

I have a controller that plugs right into my opener with a magnetic sensor for if the door is open or not. Running Homebridge I can see it and open and close it from anywhere. Did it all the way from Thailand a while back just for shits and giggles. I gotta see if I can configure it to auto shut if it’s still open at night, have had a couple of whoopsies there.

[–] Brkdncr@lemmy.world 4 points 3 weeks ago

A camera would work too.

load more comments (6 replies)
load more comments (4 replies)
[–] AnAustralianPhotographer@lemmy.world 22 points 3 weeks ago (1 children)

And it probably needs to connect using WEP

[–] WhyJiffie@sh.itjust.works 16 points 3 weeks ago (2 children)

wpa2, but password limited to 10 characters. letters and numbers only, trying anything else crashes it, and you have to figure this out yourself

[–] possiblylinux127@lemmy.zip 12 points 3 weeks ago (1 children)

Nah, it will just broadcast a 2.4Ghz noise for no reason

[–] Bytemeister@lemmy.world 5 points 3 weeks ago

I feel like it's missing that nifty FCC sticker...

[–] swampdownloader@lemmy.dbzer0.com 10 points 3 weeks ago (2 children)

And you must enter password through a 2 character wide menu screen with only up and down arrows

load more comments (2 replies)
[–] SocialMediaRefugee@lemmy.world 20 points 3 weeks ago

It got hacked and now I'm really, really dry.

[–] kameecoding@lemmy.world 19 points 3 weeks ago (3 children)

I just shopped for a humidifier, purposely avoided anything "smart", I ended up with a really fucking simple one, it has a hydrostat and can aim to automatically reach a level you want (40-50-60), has 4 speed,1,2,3,auto and sleep.

And the whole thing is nothing else just a wicking filter sitting in water that has a fan pointed at it, I think Technology Connectios would be proud of my purchase.

I will have to disinfect and change filters, but no need for distilled water like with ultrasonic humidifiers, and I boil my water and let it cool back to room temperature before adding it to the humidifier, hopefully that will help with staving off build up of bacteria

[–] lepinkainen@lemmy.world 3 points 3 weeks ago

I bought a Venta LW25 and couldn’t be happier. Simple and functional, good old German engineering

load more comments (2 replies)
[–] teppa@piefed.ca 17 points 3 weeks ago (4 children)

I was an idiot and bought a high end TPLink router, I can't even use Vlans without signing up for their back door service.

[–] hexagonwin@lemmy.sdf.org 11 points 3 weeks ago

maybe install openwrt/ddwrt?

[–] Landless2029@lemmy.world 6 points 3 weeks ago (1 children)

Yeah. Even my old solid netgear got a firmware update that's begging me to get the app now. Shobe that shit up your ass.

At least give me a checkbox to stop bothering me

[–] RedEyeFlightControl@lemmy.world 4 points 3 weeks ago (1 children)

Shit, are consumer appliances really getting that bad? ew!

[–] teppa@piefed.ca 3 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

I'd assume all Chinese devices are being backdoored via CCP incentives. Buy Asus perhaps, assuming Taiwan never gets infiltrated.

[–] unique_hemp@discuss.tchncs.de 4 points 3 weeks ago (1 children)

Don't buy ASUS, they have a terrible security record. At this point I would trust only MikroTik and Ubiquiti.

load more comments (1 replies)
load more comments (1 replies)
[–] LuxSpark@lemmy.cafe 15 points 3 weeks ago (2 children)

Smart, you don't want some hacker to drown you remotely.

[–] SocialMediaRefugee@lemmy.world 5 points 3 weeks ago

Dehydrate you

[–] Cocodapuf@lemmy.world 5 points 3 weeks ago

Really you don't want hackers using your random Internet appliance as a point of attack to access your whole network.

More IoT devices means a greater attack surface. And it's an appliance you don't actually want to spend time thinking about. You don't want to waste time troubleshooting network issues with your dehumidifier... It just needs to work, or you use a different one.

[–] irotsoma@lemmy.blahaj.zone 12 points 3 weeks ago (1 children)

Yeah, companies have abused that to release buggy, incomplete products faster and only make the software stable and feature complete if they make a good profit.

[–] Landless2029@lemmy.world 11 points 3 weeks ago (1 children)

Or add new bloat features / brick devices after updating TOS...

[–] JcbAzPx@lemmy.world 8 points 3 weeks ago (1 children)

Remote device bricking is cheaper than researching part wear for planned obsolescence.

[–] boonhet@sopuli.xyz 5 points 3 weeks ago (1 children)

And both make me go with a different company next time so idk what they think they're gaining.

load more comments (1 replies)
[–] ragebutt@lemmy.dbzer0.com 12 points 3 weeks ago* (last edited 3 weeks ago) (5 children)

This has been my approach and it has gone okay so far except for 2 issues that are quite a pain:

1: you have to thoroughly research what you buy. Does it work on an isolated vlan? Just because it works with home assistant does not guarantee this. Many home assistant users are comfortable with some degree of data collection and an integration does not mean that it will work local only (nor does it mean that all features will work). If it does work local only you may sacrifice some features. Cameras are a good example. Most cameras with object/person detection do this in hardware, but not all. If you circumvent the Internet connection and proprietary app you may sacrifice this, or more likely alerts

2: there is 0 regulation binding a vendor to the terms of service agreed to at the point of sale, including making significant and sweeping changes. Case in point: I got a chamberlain myQ garage door opener. It worked well and opened my garage door. Integrated with home assistant via the API. However, chamberlain serves a lot of ads for upsells and services via their shitty app. They decided that users circumventing the app and not seeing that you could give amazon drivers access to your garage to deliver packages (seriously) or buy shitty cameras was unacceptable so they updated the TOS and revoked API access for all users. The only way it works now is via their app. I sold mine and built a ratgdo

Another example is Philips hue: while they have been able to be used local only for over a decade Philips has decided they’re going to start a subscription security service with all the devices that entails based around the hue hub. At some point in the near future if your hub updates it will require you to sign in to a Philips account and be online. This one’s way worse as some people have thousands of dollars invested in hue. I have like $300 in the fancier white hue bulbs but some people on the HA forums and reddit literally have their house decked out with like 80-100 bulbs, many of which are the RGB. Kind of silly but they do work very well, flicker free, good color, and last ages. I still have some from like 2016 going strong. Luckily here if you have the bridge on an isolated vlan it won’t update and worst case the bulbs work with ~~zwave~~ zigbee but the principle of the thing is ridiculous. It should be illegal for a company to change the terms this far after the contract of sale

Other examples too. Many car manufacturers (Mazda, Chevrolet, ford) because api access limited data collection for them to sell, some companies are openly hostile to home assistant and when an integration is created they will go out of their way to break it (Ariston, bambu), etc. see https://github.com/unixorn/internet-of-trash

load more comments (5 replies)
[–] Kiernian@lemmy.world 11 points 3 weeks ago (1 children)

New kinds of water, you say? The marketing department is already on it and boy have I got news for you!

[–] Landless2029@lemmy.world 4 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Wait... Is that heavy water?? /s

[–] ILikeBoobies@lemmy.ca 5 points 3 weeks ago (1 children)

How about I hook you up with a brand new water softener on a 30 year lease but no payments in the first 5 years so it’ll be the next owner’s problem

[–] Landless2029@lemmy.world 6 points 3 weeks ago

Omfg it's like solar panel companies...

So many damn houses with solar leases more expensive than just electricity

[–] RedEyeFlightControl@lemmy.world 8 points 3 weeks ago (1 children)

My house has manual windows, manual locks, and a dumb garage door controller... because I work in IT.

I do have a few smart appliances (environment reporting) but they are only allowed on the banishment VLAN so they don't get to interact with any single appliance inside my network. All they see is internet and nothing else.

[–] Nouveau_Burnswick@lemmy.world 6 points 3 weeks ago

The S in IoT stands for security

[–] tjoa@feddit.org 7 points 3 weeks ago (6 children)

FYI I learned About VLANs that it is in no way „locked down“. I can spoof the MAC address of a known device from a specific VLAN and I’m in that VLAN. Yes your devices can’t reach the internet/other devices by default but it won’t stop a bad actor.

[–] flux@lemmy.ml 8 points 3 weeks ago* (last edited 3 weeks ago) (4 children)

Depends on you hw. That seems rather poor implementation.. I believe my TP switch might handle that, because it rejects traffic to its management interface from mac X from vlan 20 because it sees the same mac in vlan 10.. (only vlan 20 is allowed for management)

load more comments (4 replies)
load more comments (5 replies)
[–] KingThrillgore@lemmy.ml 4 points 3 weeks ago

We have water, heavy water, hydrogen infused water, nitrogen infused water, ice-9, h2o2...what will they think of next?!

load more comments
view more: next ›