Yeah, good point. The “app setup” is built into android and iOS as far as I can tell (generating matter credentials, etc.). Better than 3rd party IMHO but not ideal, and a nonstarter for a lot of folks. Hopefully HA will come out with their own onboarding process at some point.

Fair enough; I have a dedicated SSID which is VLAN’d off from the rest of my network with no Internet access. Only my HA server can talk to those devices.

+1 for ThirdReality. They’re a little pricey but I’ve generally had good luck with them.

I’ve also had pretty good luck with cheap Matter-over-wifi bulbs. Pairing them can be a little finicky and needs to go through an Android or iOS process, but after pairing you can block Internet access for them and they work great local-only.

There’s a bug in some wifi matter bulbs where they crash, especially when going from off to a desired brightness/color state (as in, “light on” works but “light to 50%, 3000K” will crash the bulb).

I don’t think you understand what local control of smart devices means…

It’s turtles next guys all the way down I guess.

I hate meta as much as the next guy, but according to this they are the #3 organization in terms of kernel contributions, behind only Intel and Red Hat…

How does the 2016 slaying of Harambe affect the gorilla bdsm market, and specifically, what’s the impact on Go-spank’s value? Do I need to diversify before 2016, or do I double down?

Sorry for such a newb question.

Maybe not a service in the typical sense, but setting up your router+server to route your home network traffic through a VPN is a fun project.

My router (MikroTik) supports WireGuard, so I can use it with Mullvad for the whole house—but wg is demanding and it’s a slow router, so while it can NAT at ~1Gbps, it can’t do WireGuard at more than ~90Mbps. So, I set up WireGuard/Mullvad on a little SBC with a fast processor, and have my router use that instead. Using policy based routing and/or mangling, I can have different VLANs/subnets/individual hosts selectively routed through the VPN.

It’s a fun exercise, not sure I implemented it in a smart way, but it works :)

If you search around you might find free ones. Oracle has/had a free tier (though it’s Oracle, so…).

Yes, but you can run multiple VPS, from different providers, simultaneously.

What I like is that while it does depend on an external provider, it doesn’t depend on a specific external provider. Any VPS with a public IPv4 would work.

VPS+VPN, this is what I do.

VPS has public IP and runs WireGuard “server”* and a reverse proxy (and fail2ban…). Reverse proxy points to my home computer over the WireGuard link. No open ports on my home router.

For private facing/LAN-only services I just don’t have an entry in the VPS reverse proxy. DNS on the router points everything to my local server, so if at home I access everything directly. To access internal services remotely requires VPN (i.e., WireGuard to the VPS).

Works well; I have a tiny free tier VPS but even so, no complaints.

*Yes I know there are no wg clients or servers, only peers, but it plays a server-likr role.

I used Photoprism years ago, so my knowledge is probably pretty outdated.

My experience of Photoprism was that mobile was not tightly integrated. At the time I used Syncthing to sync photos — it worked ok for me, but I wasn’t going to set it up on my partner’s phone, for example.

Immich Just Works on both mobile and desktop. Multi user is great, sharing is great, and the local ML and face detection work remarkably well.

Whatever works for you is the best of course! Immich fits the bill for me, and it was very much worth it for me to “buy” it.

Regarding DNS servers, what router do you have? Some routers have simple enough DNS capabilities — I have a MikroTik, and have it set up with DNS entries for internal services (including wildcard). Publicly accessible services just use my registrar’s DNS (namecheap — no complaints).

Matter is also local—provisioning can be a PITA but once done I’ve been pretty happy with even the cheap Matter WiFi smart bulbs. Home Assistant supports them very well.

Cheap bulbs can be a little buggy, which usually means I need to power cycle some of them now and then.

My lights and motion sensors were obviously unaffected (HomeAssistant). My Emporia Vue2 power monitor would possibly have stopped working, except I flashed it with ESPHome firmware, so it’s local only, and of course it was fine. My security cameras (Frigate) were also fine.

If my smart home devices are going to stop working, it will almost certainly be my fault, thank you very much!

On low end CPUs you can max out the CPU before maxing out network—if you want to get fancy, you can use rsync over an unencrypted remote shell like rsh, but I would only do this if the computers were directly connected to each other by one Ethernet cable.

If you’re running it via docker compose it’s trivial to upgrade, and there are no breaking changes. Pull, down, up, you’re done.

Frigate is pretty good, too. I’ve only been running it for a few months but I’m very happy with it.

Though, technically that leaves you more at risk of ransomeware or something that overwrites your data.

I rsync as well, but use snapshotting on the remote drives. So, a bad rsync would suck but shouldn’t really result in data loss. Ransomware on my local+remote server would of course be very bad…

I do something similar — I have a raspberry pi and a HD, with daily rsync and snapshots (monthly retained indefinitely, weekly retained for a month, daily retained for a week). It’s at family’s house, connected to my home via WireGuard via a VPS. Tailscale (or anything really) would also work here.

It’s a great setup! Just have some watchdog reboot if it can’t talk to home (a simple cronjob with ping -c1 home.lan || reboot or similar).

Even our “slow” 35Mbps upload speed is way more than enough for incremental rsyncs of my Immich library. The initial sync was done in person, though.