I’m surprisingly level-headed for being a walking knot of anxiety.
Ask me anything.
I also develop Tesseract UI for Lemmy/Sublinks
That’s actually my current setup :)
Got some old analog cameras at an estate sale, gutted them, and put some Pi + camera modules inside. Couldn’t get the original optics to work with it, and they lack PoE, but they’re otherwise doing well (3 years and going). Just occasionally have to reboot them more than I’d like.
Haven’t messed with v4lrtsp server, but zoneminder has been good to me. Will check that out.
“NVR” in my case is just Zoneminder lol. I run it on a dedicated USFF PC and didn’t want to deal with multi-homing it or a USB ethernet adapter. When I upgrade it, yeah, I’ll probably get something with a dual NIC and go that route.
Right now, yeah, it’s all DIY since I scrapped those cameras years ago (neither held up well to UV after 6-7 months outdoors), so I’m less concerned about it with all of them being RPis now. The only thing I lack is PoE since I didn’t want to spring for the HATs.
Yeah, that was my old setup: dedicated VLAN with the NVR and cameras in it. Had a firewall rule so I could access the NVR from regular LAN but nothing “got out” of the camera VLAN without being requested from the LAN first.
At first I had the NVR in the LAN with FW rules to reach the cameras in their VLAN, but my FW at the time struggled with all the simultaneous streams going through it so I moved the NVR in with the cams.
Maybe I’ll just stick with my current setup of just getting old analog camera housings and sticking Raspberry Pi + camera module inside lol
Don’t all cheap IP cameras feed back to at least one server in China?
I bought two different no-name brands from Amazon several years back, and both models of them were trying to call home. I ran them on an isolated network, so they couldn’t get anywhere, but they were persistent little buggers. Oh, and the root password to one of them was hardcoded to “1234567” lol
Tangent, but if anyone can recommend a good IP camera that just craps out an RTSP stream locally and doesn’t phone home anywhere, DM me lol.
Ah, okay. I haven’t really messed with Jerboa for a good while since it still seems to have issues with AOSP keyboard (last I checked in on that bug, anyway).
I was thinking of implementing a non-standard way of doing it in Tesseract (basically it would lookup the user’s instance admins and send a DM). Perhaps that’s what Jerboa is doing?
Shame, I was hoping there was an API feature for that now.
Huh. I’ll have to check that out. Unless it’s new in 0.19.4 or 5,I wasn’t aware the API would let you report users (just their content).
Thanks for the follow up.
Yep, seems manual or at least only partially automated based on feedback from other admins.
Also yeah, unfortunately, Lemmy doesn’t have the ability to report users to their home admins, just content they post. Not sure if that’s a moderation feature that’s in the pipeline or not (haven’t checked for a bit).
That would definitely work for rooting out ones local to an instance, but not cross-instance. For example, none of these were local to my instance, so I don’t have email or IP data for those and had to identify them based on activity patterns.
I worked with another instance admin who did have one of these on their instance, and they confirmed IP and email provider overlap of those accounts as well as a local alt of an active user on another instance. Unfortunately, there is no way to prove that the alt on that instance actually belongs to the “main” alt on another instance. Due to privacy policy conflicts, they couldn’t share the actual IP/email values but could confirm that there was overlap among the suspect accounts.
Admins could share IP and email info and compare, but each instance has its own privacy policy which may or may not allow for that (even for moderation purposes). I’m throwing some ideas around with other admins to find a way to share that info that doesn’t violate the privacy of any instances’ users. My current thought was to share a hash of the IP address, IP subnet, email address, and email provider. That way those hashes could be compared without revealing the actual values. The only hiccup with that is that it would be incredibly easy to generate a rainbow table of all IPv4 addresses to de-anonymize the IP hashes, so I’m back to square one lol.
Lol, that sounds like a Randall Munroe unit of measurement, and I love it. If there’s not already an xkcd for that, there should be.
Some instances do, but I think it’s more of an automod configuration. AFAIK, Lemmy doesn’t have that capability out of the box. Not sure about other fed platforms.
I used to think so, but it’s barely even that.
I’ve had 3 instance admins confirm anonymously that these were using a throwaway email service. sharklasers.com
specifically.
Possibly. I don’t think I’ve been in or active in it for a while. With check it out.
Yep. Also, aren’t there already celebrities on Mastodon? I know George Takei is. Granted, you’d have to know he was @mastodon.social
versus mstdn.social
so that could complicate things for those unfamiliar with the platform.
OP’s definitely got a point, though.
I hope this post doesn’t tank the monthly active users stats lol. Mostly that’s me hoping this problem isn’t as big as I fear.
True. But it uses a threshold ratio. They’d have to give out a proportional number of upvotes to “fool” it, and at that point, they’re an average Lemmy user lol. That script isn’t (currently) setup to detect targeted vote brigading, just ones that are only here to downvote stuff. I’ve got other scripts to detect that, but they just generate daily/weekly reports.
It takes time to detect them, but it does prevent most false positives that way (better to err on the side of caution and all that).
yeah, i’m split on public votes.
On one hand, yeah, there’s a certain type of troll that would be easy to detect. It would also put more eyes on the problem I’m describing here.
On the other, you’d have people doing retaliatory downvotes for no reason other than revenge. That, or reporting everyone who downvoted them.
It depends on the person to use that “power” responsibly, and there are clearly people out there who would not wield it responsibly lol.
Yeah, this definitely seems more like script kiddie than adversarial nation-state. We’re not big enough here, yet anyway, that I think we’d be attracting that kind of attention and effort. However, it is a good practice run for identifying this kind of thing.
Good to know. I’m going to have to account for that in Tesseract.
I don’t currently have them, but there is (or was?) a NoIR version of the Pi cameras that didn’t have IR filters. That should let the IR LED illuminators work same as most other cameras advertised with night vision.