Aussie living in the San Francisco Bay Area.
Coding since 1998.
.NET Foundation member. C# fan
https://d.sb/
Mastodon: @dan@d.sb

  • 0 Posts
  • 13 Comments
Joined 2 years ago
cake
Cake day: June 14th, 2023

help-circle



  • Hard-coded default passwords have been illegal in California since 2020, so it shouldn’t be as much of an issue with newer devices. Companies aren’t going to make California-specific versions of their devices, so they’ll often just follow the California standards everywhere.

    To be legal in California, the device either needs to have a randomly-generated password unique to that device (can be listed on a sticker on the bottom of the device, or in the manual), or it needs to prompt to set a password the first time you use it.

    I still wouldn’t ever expose a camera directly to the internet. Keep it just on your LAN (eg using a VLAN) and VPN in (eg using Tailscale) to connect to it remotely.





  • This doesn’t really work in real life since IPv6 rate limiting is done per /64 block, not per individual IP address. This is because /64 is the smallest subnet allowed by the IPv6 spec, especially if you want to use features like SLAAC and privacy extensions (which most home users would be using)

    SLAAC means that devices on the network can assign their own IPv6. It’s like DHCP but is stateless and doesn’t need a server.

    Privacy extensions means that the IPv6 address is periodically changed to avoid any individual device from being tracked. All devices on an IPv6 network usually have their own public IP, which fixes some things (NAT and port forwarding aren’t needed any more) but has potential privacy issues if one device has the same IP for a long time.