Comment by sussexby
1 day ago
The same is true for our AI processing on the cameras. This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
1 day ago
The same is true for our AI processing on the cameras. This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
> This is entirely local and private. You can even air gap the UniFi Protect system from the Internet and it'll operate fine.
One week ago 3 guys broke into my shop while I was traveling. They had sense enough to power down the starlink that was providing internet which would have taken out all of the remote camera options.
They did not realize that almost everything they were doing was being recorded via the unifi system. In the end about the only thing of value left in the building was the hard drive with all of their pictures on it.
The police have used the footage to identify all of them and it will be pretty open and shut when they see a court room. Offline and air gapped the whole time they were there but did exactly what it was installed to do.
How did you hide it so that the thieves didn't find it?
A 7U cabinet in an overhead space that is difficult to access. Installation and configuration were a bit of a headache but ended up being worth it. There was a NAS in the office and they stripped 7 drives, sleds and all, out of it.
I'm guessing with such an obvious endpoint for the camera storage it never occurred to anyone there was a second box. I had something like this in mind when I wired the building. It seemed like a good idea to make onsite security footage much harder to find given the cameras were obvious and anyone breaking in would probably look to damage or destroy the system.
I really thought the cameras themselves were the deterrent, but these guys gave it a shot anyway. Cutting the cable to the starlink and walking off with the NAS drives seemed to be the plan.
In the future I'm going to add a local battery backed alarm connected to external siren and strobe that is immediate on opening the office door to draw attention. I was driving down to WWDC when the starlink went offline and saw the notice on my phone but wrote it off to equipment failure which gave them enough time to clean the place out pretty well.
The hole in my strategy was thinking nothing could happen without notification, but being in a car in the middle of Norther CA with spotty cell coverage and lots of distractions blew that up pretty hard. I'm also thinking one of ubiquiti's cellular backups is in my future. Starlink offline is annoying but not the attention grabber that a still of a guy walking in the door would have been. Cellular backup would have gotten me that.
21 replies →
[dead]
Any video surveillance system is foiled by a simple mask. Thieves who know to plan a break-in when you're away usually do their homework and come prepared.
> Any video surveillance system is foiled by a simple mask.
Do not under-estimate the number of thieves on the left-hand side of the bell curve: if you can deal with those that's half the population that's less of a problem.
(The thieves on the right-hand side of the bell curve generally work on Wall Street and generally don't do break-and-enters.)
This is why I think someone should market a cheap SIGINT tool that collects BT/BTLE/Wi-Fi data from nearby devices.
I've got this setup running on a Raspberry Pi near my front door and it collects all sorts of useful data, even from people walking by on the sidewalk, 30 feet and two walls away.
At some point, I'd love to explore vehicle emissions more, too.
6 replies →
I am unable to accept that it is fully local, since you have to bind your network to their cloud just to accept the EULA. [0] I have 0% trust that a subsequent unbind truly severs the link, because this is such a shady thing to require in the first place.
[0] https://community.ui.com/questions/e3d50641-5c00-4607-9723-4...
I'm surprised this is required. Agreed that's shady. I wonder what their reasoning is.
But if you don't trust it, the fix is easy: just deny the Ubiquiti cameras and controller all internet access. That way no trust is required.
But what if I want to access my cameras remotely but not have their manufacturer access them?
1 reply →
So once you accept the EULA, it's fully local. What's your problem with that ?
The problem I have is that the Ubiquiti camera and Dream Machine I bought were sold to me as something whose features work fully offline and that I would not have to grant any 3rd-party access to my network. I refuse to grant such access for any length of time, and cannot trust that the access will be fully revoked thereafter because Ubiquity already broke that trust by demanding access to my devices when they advertised otherwise.
I've been so impressed with Ubiquiti that I've decided to target FreeBSD for my current side project. Their camera system is wonderful. Their DreamMachine is a massive upgrade for my home network. Their APs are rock solid, no hassle, just work, and it integrates so well. I have my work / home on different subnets. I have the kids on a different subnet and behind a firewall providing some protection against ads.
Very happy customer here.
>I've been so impressed with Ubiquiti that I've decided to target FreeBSD for my current side project.
As much as I wish Ubnt are using BSD in their product, which they are not. I am understanding how FreeBSD relates here.
There's a port of Unifi network controller for both FreeBSD and OpenBSD.
https://www.freshports.org/net-mgmt/unifi10/
https://ports.to/path/net/unifi/main.html
I guess not officially supported but I use them, they work well.
3 replies →
An assumption, I made. Failed, it was.
5 replies →
Now if only Ubiquiti could solve the problem where everything is always out of stock.
Any way to get Protect iOS notifications if using local mode only? Eg, using local local login but away from home.
The processing can happen within the camera, and it's nice when it does...but that doesn't mean that the only other option is something cloud-based, like some might assume.
Open-source NVR software like Frigate can do things like the object-detection/license plate/face recognition game on local hardware, with the cheapest available IP cameras. It's just a program that runs on a computer with a network and some storage and some processing ability like a GPU.
Those cheap cameras don't have to be trusted; with things like VLANs, they can hang out on the Group W bench where they have no access to anything important or the outside world. :)
(But yeah, it does represent much more of a DIY effort than something from UBNT does.)
I do like the onboard AI, and it works well for entity detection (like people). We haven't found the face detection to be very reliable in outdoor security applications. There doesn't seem to be a way to correct/combine classes if someone's detected as multiple individuals on different occasions, so we end up with the same person detected as 5 "unknown"s. This is not a hard problem to solve. You'd just allow embedding matching to different face groups, but it's annoying as a user.
Hey, why can't I get full-resolution 4k snapshots off my G5 Pro bullet?
Can I use it without running some inane management VM?
Unifi gateways run the management software now, typically they'll also be your networks router and so something you'll need to buy anyway, but if you just want to use the security/wifi elements then you can either run it in a container or if you're really determined not to run a container and not to buy a router there's the CloudKey.
The UDM runs mine, but prior to that I ran a Docker container with it. It worked well.
https://hub.docker.com/r/linuxserver/unifi-controller
You can't run UniFi Protect like this, only the network controller
1 reply →
Genuine question, if you're running unifi, why don't you want the management vm? Synology makes a decent NAS without the controller.
Synology hardware stopped being decent a while ago.
1 reply →
I like the hardware, cannot stand needing to run another machine just for management.
1 reply →
The cost is just insane though. $4-$500 for a camera that I can get equivalent specs for $50-100.
With face detection? License plates? Tamper protection?
I'm guessing you're thinking Reolink or other Chinese ultra-commodity cam. It's fine, it's just in a different product class and ecosystem - and that's where enterprises fit in, they want that support+ecosystem and not DIYing.
Reolink CX820 8MP $129 https://reolink.com/product/cx820/
Unifi G6 8MP ~$300 https://techspecs.ui.com/unifi/physical-security/uvc-g6-dome...
Avigilon H6A 8MP ~$1200 https://www.avigilon.com/security-cameras/h6a-dome
> With face detection? License plates? Tamper protection?
I do that with my Unifi Protect doorbell. RTSP streams. Google Coral. Frigate. Scales very well. Do ML on low quality stream. Look/save the high quality stream. You do it all centralized, and you can put the camera(s) on a seperate VLAN. They don't even need internet access. If you run them over PoE twisted pair, the attacker would need physical access to perform MITM. Wireless, one should assume the camera is insecure (e.g. KRACK).
3 replies →
I have rather a lot of Reolinks ... and Frigate on Home Assistant. The cameras are on a VLAN with rather minimal internet access (ie none) I make pool.ntp.org etc resolve to my own NTP servers too.
I never really thought of Ubiquity as enterprise always felt more of the premium small to mid sized business but I am sure some enterprises use them.
2 replies →
IME those sub-$100 Chinese IP cameras have you at the mercy of whatever firmware they cut from the master branch the week they shipped it. People don't buy UI because they win on specs-per-dollar. They buy it because they win on results-per-dollar.
You've clearly not owned many IP cameras, especially not outdoor cameras that go through true seasonal weather. Now, I will say that the first generation of cameras from Ubiquiti were just OK everything after the 3rd generation has been very good overall.
As others have pointed out they are supported for a long time. I have some earlier generations cameras that are going on 7 years of updates. Not only are you barely getting maybe a year of firmware updates at the $50-100 range but there's no comparison on the quality of the optics, sensor and overall hardware at that price differential.
Ubiquiti has done some shitty things over the years but Ubiquiti isn't competing against the $50-100 market. They're competing against the Axis and Panasonic quality builds. You've definitely got it backwards here.
And while, yes, you can get a decent camera from Reolink and the like at a good price it isn't surrounded by an exceptionally mature and well supported ecosystem that has yet to nickel and dime its customers with half ass SaaS and paid for features.
This comment couldn't be further from the reality of Ubiquiti's lineup in comparison.
I have run IP cameras outside for a decade plus. Whatever floats your boat
They're not all $500, some are $150-300. Overall price comparable to Honeywell, but more than, say, Lorex.
All the basic G6 cameras are in the $200 range and have edge compute?
What's the comparison at $50-100?
[dead]