Sure… But does a typical household need this. My point was that I’m not sure that $170 for these sensors makes sense for me. And I suspect that most people are in the same boat as me. Maybe a sane answer for someone truly interested in the CO2 sensor and such for say 5 rooms is one of these in a central room and Vindstyrkas in the others. Otherwise you’re talking about $1150… Which most people just aren’t going to do.

I’ll be honest that I’m real lazy on this and just let the wifi controller choose whatever it thinks is most sane (which hopefully accounts for neighbors and stuff as well). It re-scans nightly and moves if it needs to.

But I have 55 z-wave devices and 12 zigbee… So it should be readily apparent that I don’t have to worry that much about it.

Zigbee is basically all Vindstyrkas (5x, one per bedroom and on in the “Great” room) and outdoor philips light fixtures (6x). But that’s why I was interested and looked at this product. I have so many Vindstyrkas that I was curious if there was something better out there.

Probably. It’s been a long day…

$230… the sensor monitors:

• particulate matter (PM2.5)
• CO2 concentration
• volatile organic compounds (TVOC)
• nitrogen oxides (NOX)
• temperature
• humidity.

vs IKEA sensor (VINDSTYRKA for $60).

• particles (PM2.5)
• temperature
• relative humidity
• total Volatile Organic Compounds (tVOC)

Fine enough product I suppose… but not sure that those 2 other sensors would ever be worth $170 more for me, especially since I have a CO2 monitor on one of my fire alarms on each floor… and those alarms have a z-wave relay on them. Especially since it’s wifi and I prefer zwave/zigbee to keep the wifi less cluttered. The real site (https://www.airgradient.com/indoor/) mentions pm1 and pm10 but only in like one place and doesn’t go into detail on that sensor in use or anything like that. So not sure about that. 2A power adapter requirement (non-included) seems excessive as well… They do claim that they will never lock in, that nice. They support their own software though… so there’s always that risk I suppose of any ol’ firmware update locking it down, though the certification hopefully proves that this won’t happen. I bet it’s more accurate than the VINDSTYRKA, but I’m not sure how much accuracy people actually need vs just monitoring the trend and triggering on spikes.

I’m more interested in finding an outdoor unit since air quality isn’t often part of any weather station setup. This company has outdoor units, but they’re all cellular and way expensive. Anyone know of a good outdoor unit?

I’ve shared it on lemmy before somewhere…

Yeah found it… This thread. https://lemmy.saik0.com/post/1588364

For the stuff I do… it’s not overkill at all. By a metric of any individual’s house… yeah… it’s pretty overkill.

Then yes, you’d probably be fine with any competent minipc and your favorite flavor of firewall… I would recommend OPNSense personally, but there’s others out there that I’m sure would meet your needs.

Just about any decent minipc can handle 1gbps from what I’ve seen a few years ago. You need much bigger horses to get up to 10gbps. But wouldn’t know what the minimum specs would be… I’ve been stuck in the higher end world for a while… So that information has kind of vanished from my memory… Someone else can chime in? I suspect the little baby n150 units could probably do 1gbps. Especially since you’re only doing minimal throughput on your wireguard as well (I have a few nodes and can push into 1gbps, so once again I’m resource heavy… and thus don’t have the lower requirements committed to memory anymore).

ISP -> ARRIS modem -> minipc -> Switch -> anything else you need including access points.

All of the “routers” that have wifi and a boatload of ports (unless we’re talking enterprise stuff) are all hybrid devices that are router+switch+AP, this is convenient for typical consumers, but quite restrictive for those who want to go prosumer or higher. For example… Wifi 7 just released last year. I swapped my AP out and now I have it. I can also mount that AP into the ceiling where it will give me the best coverage. Rather than the consumer answers of “replace the whole unit” or “add a shitton of mesh nodes that ultimately kind of suck” solutions that manufacturers love cause you spend more money on their products. Or other answers like you want to add a PoE device… well now that consumer unit is useless to you.

We’re missing crucial information.

What bandwidth do you get from your ISP? Do you want to run things like IDS/IPS? what kind of throughput do you want from wireguard?

What it takes to connect a 100/10 DOCSIS based service is completely different to a 1/100 service is completely different to an 8/8gbps fiber service.

You said wireguard on the modem… your modem shouldn’t be doing any routing of tunnels at all. I’m almost suspecting that you don’t know what the difference between a router and modem is because of this “misspeak”. If you don’t, you need to go watch some networking basics youtube videos and get a firm understanding before you commit to buying stuff that you have no idea what you’re doing with.

In my case, I’m blessed with 8/8 fiber. I have a full fancy supermicro server running opnsense. 10gbps on the wan side, 40gbps on the lan side for multiple vlans (about a dozen). It’s overkill because my ISP offers it… but that means that the “router” I’m using to use the 8gbps is also ~$2k cost to do it. With big bandwidth comes big processing overhead if you want to do any form of protection and tunneling (VPN or SDN).

You shouldn’t really care how many interfaces your router has outside of potentially doing LACP sort of redundancy. Use a switch to get more ports for your devices.

Sure, but my point is that it’s no different to an AUR/user repo. At some point you’re just trusting someone else.

I think the whole “Don’t put bash scripts into a terminal” is too broad. It’s the same risk factor as any blind trust in ANY repository. If you trust the repo then what does it matter if you install the program via repo or bash script. It’s the same. In this specific case though, I trust the repo pretty well. I’ve read well more than half of the lines of code I actually run. When tteck was running it… he was very very sensitive about what was added and I had 100% faith in it. Since the community took it over after his death it seems like we’re still pretty well off… but it’s been growing much faster than I can keep up with.

But none of these issues are any different than installing from AUR.

The rule should just be “don’t run shit from untrusted sources” which could include AUR/repo sources.

Eh… I have my own repo that pulls the PVE repo and updates a bunch of things to how I want them to be and then runs a local version of the main page. While I don’t stare at every update they make… There’s likely enough of us out there looking at the scripts that we’d sound some alarms if something off was happening.

AUR repo items don’t necessarily clean themselves up properly either. So I’m not sure why you think that’s part of some requirement for the scripts if we’re comparing the 2.

Edit: But in the case of this specific repo… You delete the lxc or vm that you created.

There is no functional difference to piping a script vs running an AUR or other user repository install.

I have a self-hosted instance running for about the past 3-4 years. But pulling new PO Tokens isn’t working anymore so my instance is kind of broken right now.

To be frank, it’s unlikely you’ll get a running instance operational at this point unless something changes.

Edit: You have to rotate IP addresses when the PO Token problem happens. But it’s a gamble if the next IP you get from your ISP will be allowed by Youtube.

Also, you didn’t beat shit. The French military did.

That’s some revisionism there… You know that the British had a bunch of Germans as well right? 30,000 German/Hessian mercenaries (nearly half their forces). It would only be natural to work with the French considering the trade that they wanted to conduct with the Americas… If you’re allowing the British to take the German numbers, you have to take the French “anti-numbers” as well… since they only wanted to join in on the fun to spite the British.

Well I don’t mean to harp on it… Plex in this instance is much better off. When provided proof of the problem they fixed it. Jellyfin has had issues about this going back to 2019… 6 years ago. Still no fix in sight. And the first ticket I linked proved the concept can be abused. With the issues getting hidden because “We’re closing this because we’re consolidating… oh wait… we’re closing it because we’re splitting the issues out.” I’ve legit had people tell me that the problems were fixed because they saw the issue closed.

And now I hear that JF is even deprecating SSL and mandating proxy or esoteric custom config to implement SSL themselves again… Seems they’re going backwards?

I had Jellyfin setup for just myself because I’d love to get away from the risk of Plex screwing shit up (and to get off their SSO). But the frustration of the dev responses to some of these issues and the fact that I’m literally the only person who’s able to deal with the restrictions needed to keep it secure… I just turned it off. I didn’t want to deal with managing two systems because my kids/wife/other family couldn’t figure out how to use it.

others are about media access

Yup, and these are the biggest risks IMO. I find the well organized, big media companies with deep pockets and a few basic scripts that we know to work to be the biggest vector of liability.

https://github.com/jellyfin/jellyfin/issues/1501
https://github.com/jellyfin/jellyfin/issues/5415#issuecomment-2071798575 (and the following comments)
https://github.com/jellyfin/jellyfin/issues/13984

A person’s biggest threat running Jellyfin is going to be the media companies themselves. Sony (the company known for installing rootkits on people’s computers) can pre-hash a list of their movies with commonly config’d locations/name schemas for their content and enumerate your system for if you have their content. Since you don’t have any authentication on the endpoint, they’re likely not violating any law through circumvention. The “random UUID” is just the MD5 hash of the path/filename. So it’s actually highly guessable… especially for people using default docker configs and *arr stacks and you normalize names using these tools.

Their response was “this attack isn’t in the wild”(as if they actually know… running a script and checking a few hundred thousand requests to go through a list of movies isn’t all that taxing and users won’t even notice it to report it… let alone have enough logging to notice it to begin with) and “it breaks compatability, so we don’t want to do it”. Which I find laughable. It turned me off from Jellyfin all together.

Edit: And because every time I bring up the issue I get downvoted for “fear mongering”… There are answers to resolve it… you need to use non-standard naming schemes in your files/folder structure and fail2ban. But that expects users to do that… And I could do that… but it’s a security risk non-the-less and the developers response to the risk being what it is is what’s scary to me.

Edit2: The LDAP one… I should clarify I don’t care about that one since well… requires you to additionally config stuff that most users won’t. But the media exposure issues are default and universal and require setting things “non-standard” to have any protection from, which users generally WON’T do.

Yeah the API token exposure in the URLs is another thing… And that can expose itself in all sorts of ways.

Jellyfin is not intended for direct exposure to the Internet.

https://jellyfin.org/docs/general/post-install/networking/

There are multiple ways of exposing Jellyfin to the outside - the most common ones are:
forwarding its Ports directly to the internet (not recommended!)
forwarding through a Reverse Proxy
using a VPN connection to enter the Network
use a VPS to Reverse Proxy to your home network

Intended… not recommended. The reverse proxy one should also not be recommended until they resolve the unauthed endpoints issue as well really. Security is a weak point on Jellyfin in general.

Seems you don’t see the captcha… try printing the page using the button and closing the print prompt. should see a captcha show up.

Edit: Here’s the content for you. Seems that loading the page directly somehow breaks the captcha… No idea why.

Edit2: and the full page with the URL in the bar so you see that the link is accurate… Just broke-dick site it seems.

I can’t help you if you can’t read “B-Tech Distribution, Inc.”.

You bought it from the US distributor.

https://sosenterprise.sd.gov/BusinessServices/Business/FilingDetail.aspx?CN=198011242117207117138223098088044218180167017157

They buy the Chinese product and package it in their own package.