There's a virtuous cycle thing going on here: Someone releases a product with hackable/open specs (Xiaomi has a good track record here), people are overjoyed because you can't easily get good hardware for cheap and build a bunch of software around it, thus (usually greatly) extending the capabilities of the product, other people buy that product because it's much more advanced than competitors (because of all the extra software), profit for the parent company.
Basically, the company gets a bunch of people to do work for free, the product gets improved, the company makes profit, everybody wins.
Except when the business model was to sell the hardware at breakeven and make it up with the monthly subscription, and people are buying subsidized hardware and skipping out on the subscription fees.
If the company sets out to create an open platform and has a business model which works in that world, that is a beautiful thing.
Is that the case here and are we seeing a virtuous cycle, are features contributed back to the company and actually integrated into their product? I think that’s a beautiful model but I’m not sure that’s actually what’s happenning here?
Literally the first sentence of the article;
“...its price is cheap but in exchange you are tied to the Xiaomi’s Mi Home App & Cloud.”
> Except when the business model was to sell the hardware at breakeven and make it up with the monthly subscription, and people are buying subsidized hardware and skipping out on the subscription fees.
A couple other reasons:
* They want to sell the same product at different prices in different regions.
* They're concerned about copycat hardware vendors.
Hikvision (and I think Dahua) seems to want to prevent people from modifying their firmware; as far as I can tell it's for these reasons. I really wish they would just open it up. I'd love to put open source firmware on a decent outdoor IP camera. The vendors' own firmware is pretty lacking. It's untrustworthy (proprietary software from a Chinese company; how sure are you it doesn't have backdoors?), written insecurely (probably out of negligence rather than intent but again who knows), buggy in general, has mediocre motion detection (not sure I could do better on their hardware but I'd love to try), and has mediocre H.264 encoding (likewise).
Yeelight is just a startup marketing under the Xiaomi brand and is promoted by them, it's not technically Xiaomi. Same as with other branches of products (e.g. the vacuum robots).
It also happens that Xiaomi later releases products which actually compete with their partners (in this case yeelight and their bedside lamps). Also the whole Yi Camera brand. First marketed with the help of Xiaomi and now a competitor to the Mijia brand (Xiaomis own brand).
(Citations and more insight needed, that was just from memory).
>Someone releases a product with hackable/open specs, people are overjoyed because you can't easily get good hardware for cheap and build a bunch of software around it, thus (usually greatly) extending the capabilities of the product,...
I maintain a list of such things. It's amazing when I researched, there is not a central place that does it.
iRiver H3{2,4}0 was one of the earlier devices with a 2,5" HDD able to run Rockbox. Even with stock firmware, it supported OGG Vorbis. It sports a NXP ColdFire (previously owned by Motorola/Freescale).
I can recommend the FP2, if you can afford it, since its a tad expensive. Esp for the out of date hardware. But it is unfortunately not all open firmware. Then again, is there any 4G phone out there with open firmware? The FP3 should be out within a year. We gotta see what it'll have in store.
Anyway, nice list. Maybe mention the open source router firmware such as OpenWrt (EDIT: oh, you did. Well, LEDE merged w/them recently). PC-Engines APU(2) [1] also supports Coreboot. There's also a plethora of Raspberry Pi clones out there, many of which run AllWinner which is a PITA.
I actually have it on the list, but it was lower on the list because I thought it was just not as spectacular of a hack ("unintentional") as ESP8266 was. When they created the ESP32, they knew their audience :)
On the other hand, they also open themselves to people just making their own versions of the product for much less.
If you choose them for their hackability, your core processors will probably have minimal development boards available for less than $2.50 each if you're using anything less powerful than a Cortex-M4 ARM core.
And now you have a huge part of your value proposition - the easy-to-use and user-configurable software - available for free. It will be cheaper for users to create their own version of your product unless you have some very complex or precise supporting hardware. End users will get a fun learning experience and customized product if they don't buy from you, and 3rd-party wholesalers will undercut you quickly and viciously.
So, hopefully your marketing department can pull at peoples' heart strings enough to make up for the order of magnitude difference in price. It works for companies like Adafruit and Sparkfun because they give back and people appreciate that, but how much room is there for companies that rely on goodwill to keep running?
> On the other hand, they also open themselves to people just making their own versions of the product for much less.
There is a large exception for anything with a camera. Everything to do with the chipsets or sensors is under NDA and inaccessible unless you want to produce thousands of devices. I would love to be able to play with (say) a half-decent 2 year old camera chipset+sensor, which would apparently cost just a few $, but it's a no go.
For instance, the Raspberry Pi camera is entirely handled by closed-source blobs on the CPU and GPU. The best you can do is get cheap USB webcams from China for $20-30, but they're power hungry and you can't run them from a microcontroller.
It has to do with the intent and why the virtuous cycle isn't always so benign.
We should really value companies that actually make products you can take control over, rather than blindly relying on lack of security to being able to do what we want. Intent is quite important. It also sends a strange message when lack of security is seen as something good.
Now I don't have any criticism/knowledge about this product or xiaomi in general. IP cameras are generally quite overpriced in my uninformed opinion and you still almost always get locked into the cloud. So I really welcome this hack.
I wish more companies would allow this. Look no further than games, where the ones that are memorable are the ones that can be modded to death. Look at skyrim, kerbal space program, and lets not forget Falcon BMS (originally released in 1998 and still being updated to current standards by the community). Similarly, in ham radio, a grandfather to the current maker community, vendors have been releasing closed source hardware for decades to spite the advent of SDR and GNU radio. Because of this a small chinese brand has become a major player due to their software being dumped by some enthusiasts then extended and modified to run all of the digital modes with loads of other features. It seems that every time a company with a decent product releases tools or code (willingly or not) the community comes in and pushes it to the front of the line. I don't understand why this isn't more widely recognized
This ecosystem is ripe for software based innovation. There's a lot of great hardware out there but the API's are often closed and the existing software lackluster. After some research I recently purchased a Wifi camera, and am planning on using it to track my 6mo old's sleep habits (using some custom scripts / classification / etc). Guide's like this are great because they help make these things possible. I hope over time as more people publish hacks and cool projects based on them, some of these companies will start to open up their platform / API's. There's so many potentially cool projects that will hatch out of these.
I see a lot of products like this on Alibaba that I wish I could put my own firmware on. I've messaged a few of them telling them "I'd buy 1000 of these if I can put my own firmware on them" but haven't gotten any good responses. What I'm aiming for sometimes gets lost in translation, but mostly I think they just don't get the premise I'm presenting to sales people who answer the Alibaba inquiries.
A lot of the seller in Alibaba are just buying camera OEM from a factory so they wouldn't be able to get you the software. The factory itself might be just copying the reference design from chip manufacturer and they might not have access to the code or under a NDA. The chip manufacturer does not have an incentive to provide you custom firmware. You aren't their customer.
These are exactly the same reasons which prevented mp3 players manufacturers back in the day from opening up their specifications to open source projects, such as Rockbox
Yes, it's notoriously difficult to find who actually makes the hardware for these devices! let alone who writes the firmware. Many cameras are much too hard to reverse engineer in order to run your own firmware.
Fwiw, I recall that this is exactly how Dropcam started: they reverse-engineered the firmware for (iirc) an Axis net cam, then provided their own.
The trick for most device is to get a serial console and set uboot "flashargs" or using the init=bin/sh trick, grab the root hash, shove it through hashcat.
I want to buy bunch of them and setup a grid in small farm. My challenges are
* how do I connect to wifi router which is located in the farm house, because some will be very far from the router.
* Also another challenge is how to charge the cameras?
We have p2p wifi between our barn and farm house. The barn is powered by solar.
I use engenius WAPs, a 100Ah battery, 2 100W solar panels, a $15 solar charge controller, various buck/boost converters for other power requirements. The system also powers an LTE repeater and LTE modem, to provide the farm with internet access.
Dropping wire is the absolute best way to go, however:
A properly thought-out wireless system is the second-best way.
This might consist of P2P links, multiple access points, etc. over the subject property.
That's not to say this is expensive, check out Ubiquiti and Ruckus products for examples of the kinds of radios you need to make this happen. All should fairly affordable in comparison to renting a trenching tool and dropping cable.
Speaking about cheap cameras. I'm planning to setup some cameras at home. Anyone have any recommendations for devices that are cheap, can see moderately good in the dark, can be connected to a raspberry and doesn't force you to connect to some cloud service?
The linked article is a guide to "hacking" a $30 Xiaomi Dafang IP camera. This camera is an "indoor motorized WiFi camera capable of 1080P resolution and decent night-vision, its price is cheap".
If you bought one, all the "hacking" required is inserting a MicroSD card with a custom firmware on it and pressing and holding the camera's reset button to flash the custom firmware. From then on, the camera has the ability to boot from your MicroSD which can contain services that allow the camera to stream to local clients, among other things. More detailed instructions in the article.
Thanks, I saw said article as I'm commenting in it's thread :) But I wanted to avoid the hacking and just buy something that I don't have to force into doing what I want but rather come in a clean slate.
Not trying to sound (too) snarky, but the fact that there is an article on hacking a camera to do that kinda tells you that a boxed solution to do mostly the same things doesn't exist :)
No worries, my initial comment might have been on the wrong post ("hey, I see you hack cameras but if I don't have time for that, where can I buy one with acceptable out-of-the-box behaviour?") but I felt the subject was a bit related at least, and I don't know any of them so I asked :)
Yep, I should've been more explicit, but I was counting "be cheap" as part of "mostly the same things".
Recently bought a Nest camera since it seemed like a DIY approach was going to be harder than I thought. Might end up returning it if I can get this to work how I want.
I have a couple of Xiaomi Yi cams, which out-of-the box stream to a mobile app, don't require a subscription, and will save video locally to an SD card. They are cheap and cheerful (but you would want to keep them behind a firewall). That said, this hack clearly offers a lot more functionality (I think I will replace my Yi cams with these and relegate them to recording raccoons in my backyard).
I'm not a conspiracy nut but there is something to say about how attractive Xiaomi's offerings are. For everything from phones, TVs, and other electronics; you would be crazy not to purchase it.
In there lies a hidden threat. Possible from a tiger nation state.
They don't even really advertise in the West much yet?
The surveillance threat is one that applies to any cloud-linked device, sadly. As a non-Chinese living outside of China I almost mind surveillance by China less; what are they going to do with it, after all? (Unless you count the Mariott guy they got fired?)
I don't have any links on hand, but I know of a handful of situations that I remember:
* Xiaomi android phones had some kind of analytics APK built in around 2016 that would send a shitload of data over HTTP to their servers, and even would allow downloading emergency updates over HTTP. Their "fix" was to enable HTTPS, but leave the ability to force downloads and continue to run the analytics programs on the phones.
* Their robot vacuum used a password of "robotrock" to encrypt and sign updates.
* Their "yeelight" smart-bulbs were recording audio and sending them back to their servers over HTTP.
* Their "air purifier" also sends analytics and does updates via HTTP without any signatures.
IIRC many of these were fixed at some point, but I know at least once they said (paraphrasing) "we aren't going to fix it because the device isn't capable of HTTPS", but I don't remember which device it was. And it's enough for me to understand that they don't seem to take data privacy and security very seriously at all.
Xiaomi want to become an ecosystem/lifestyle provider, kind of a blend of Apple and IKEA.
The margin on each individual product aren’t high (especially the electronic ones), but it leads to selling higher margin products down the line.
I’m living in China and I now find myself buying Xiaomi towels and USB cables and pens and AA batteries and beer... since I know they will have an acceptable quality at a non-excessive price. Margin on all those is likely to be much higher than on that $30 IP camera.
I have a Wyze cam that I installed OpenIPC on. Very simple process if you’ve ever flashed a firmware before. OpenIPC lets you turn off the cloud stuff and I have mine pushing video over my local network to MotionEye on a Raspberry Pi. The Wyze has IR night vision but the IR can’t see through windows at night so be aware of that.
It was like $25 on Amazon, pretty good deal I think.
Does anyone know of a good Android viewer for RTSP? I'm probably going to proxy it with an HTTP webserver over TLS (if I can do that with RTSP? EDIT: Apparently I can't, I'll have to find a way to add authentication) to add basic auth, so the viewer will need to support that.
I use TinyCam on an Amazon Fire tablet to view my RTSP stream but only locally. Over the Internet I view the stream from MotionEye on my RPi using their authentication. In that case I can view it in the browser, no app needed.
Yes you lose complete access to the Wyze app. There is another recommended app you can use to replace it called Mi Home but the point of this for me was to replace any cloud stuff.
That being said if you have a video server like MotionEye or maybe Smarthome has it (that was mentioned before), you can likely do some alerting based off that. I know MotionEye has email alerts and might have some other alerting that I don't use.
Looks great and I was started to look into it, but seems it's just within US (and even with that, probably only provide the power adapter for US plugs). I should have been more clear and indicated I live in the magical world of Europe (Spain specifically).
Thank you! I had no idea OpenIPC was out there! Going to be upgrading all my Wyze cameras tonight! This is amazing and EXACTLY what I wanted from Wyze!!!!
Yeah, did the same. First reaction was regarding not finding any list anywhere of supported models, which is strange in itself. But the second point that they are still using a binary blob which no one knows what it does, doesn't feel very safe if you're worried about companies spying on you.
I’m pretty certain the Xiaomi and Wyze are the same camera, just in different packaging. Wyze is pretty honest that they don’t manufacture their own cameras. That being said, I think the software in the article is the same or very similar to OpenIPC. The web interface is identical. You’d probably get the same results with either camera.
I was able to find some RPi cameras on eBay for about $8 each, though they weren't NoIR. I also found RPi ZeroW for the official price of $10 (from pishop.us) and that combination worked well as an open remote cam for me.
In the UK, that makes it cheaper than the Philips Hue PIR-based motion sensor, which is crazy. And while non-Zigbee, you could easily integrate it into an existing Hue setup.
It enables you to add more intelligence to your home automation because not only can it detect motion, if you offload the processing, it can enable object recognition.
So your cat doesn't trigger it. Or triggers a different action.
Because you can control the IR leds and filtering, you can mount it in a dome for ultra-cheap external pan and tilt with an external IR illuminator.
at weenect we're working on gps tracker for dogs and cat, we have a g-sensor that put the system in sleep when the tracker stop moving and wake it up after a certain threshold. but we need to find some good "threshold" that typically won't wake it up when the dog or the cat sleep and move a little, we have some good values but we still some moves on our tests animals (i.e the co-founders dogs and cat) during the night.
We would like to know if it's due do an actual "the cat wake up to go eat/play/whatever" or it's just "the cat is scratching itself"
so with that camera we could image the camera always recording a stream (or by chunk) and when a move over the threshold is detected, it call something on the camera it copy somewhere else the last N minutes so we can analyze it without staying up all nigh :)
Basically, the company gets a bunch of people to do work for free, the product gets improved, the company makes profit, everybody wins.