CCTV

Warehouse 22?

Picking a CCTV management system

CCTV has moved on a lot these days, and there are a lot of cameras now. Some use proprietary systems, and some have clever custom detection and face recognition and ANPR and hardware inputs and outputs. Some have low light colour. Some have infrared. The options are endless.

But ultimately, whatever they are, you want a management system to record and allow local and remote viewing, alerts and events, basically providing a way to see what is going on and what happened later.

At home

At home, a CCTV system is largely engineered to be a deterrent for theft. A house with a load of cameras should be less likely to be burgled than the next house with none.

But it has a load of other uses, and ironically the main one is deliveries.

• Seeing a delivery in real time remotely, even "talking through the camera" to the delivery person when not there.
• Proving they did not delivery when they said they did, or that they "chucked it over the fence and that is why it broke".

But also, police, and neighbours, may ask if your camera caught something. Yes, this surprising (police asking) as it is an issue with ICO guidance, which is very confusing. They work on the basis of a case law that somehow, even though the collection and processing of potentially personal information is for personal domestic use (so outside scope of GDPR), that somehow it matters what you are seeing with the camera - i.e. seeing a road or path that is off your land. The GDPR does not have that as a criteria, and the second you try to apply that logic it to dash cams and cycle helmet cams and the like it all falls apart. I.e. my cycle helmet cam is "OK" somehow (personal use) but park my bike by the wall of may house and put the helmet on it, viewing the road, is that OK? Then run a power lead to the helmet cam so it runs 24/7, is that OK? As what point does it become not OK as it is a CCTV on my house viewing the road, not a camera on my cycle helmet viewing the road. No logic to it at all.

Of course, even if camera covers public spaces, you can "mask" them on many cameras now, to meet ICO rules.

I also wonder about CCTV, especially the CC part. What if I made cameras open to the world on the internet, it is then OCTV not CCTV, so do any of the ICO rules on CCTV now apply?

At work

At work is different, not personal/domestic use, so needs proper ICO registration, privacy policies, and notices, but once sorted you can run CCTV. There are a lot of legitimate interests for any business running CCTV, for crime detection prevention, both external (break in) and staff fraud (eeeew, don't trust your staff?). As long as you are totally clear about the CCTV, and how and what is processed for what purpose you are probably OK, but don't take my word for it - get legal advice.

Back to the point - recording and management

Whatever cameras you use, and as I say - there are a lot, you need a way to view live, and record, and view and save recordings.

There are many systems, and I have used several. However, the latest I am using has impressed me, so much I feel I should share my fortune and tell you all about it.

The system is "NX Witness", and Simon (of Dedicated Programmes) is an expert at settings these up (and supplying a range of cameras). I am lucky to have got a system from him as a birthday present, thank you.

• It is easy to use
• It is slick
• It is fast
• It is so very responsive

I have used Synology previously, and once wanted to check a delivery (that did throw a parcel over the fence) remotely from mobile, and it took me like half an hour. It was so slow and unresponsive and hard to use.

NX Witness, just works. An app on my phone and on my Mac, but I understand Android and Windows are just as easy.

I had to ask Simon how I save a video clip, as on Synology it was a nightmare, and he was "Duh! draw on timeline, right lick, export video", and it was, and it worked, and that was it!

When I click a time in the past the videos all show it, instantly, no delay. When I click a motion event, the same.

And I have custom icons on my videos now that allow me to turn on lights, open gate, and so on, simply, from my phone.

I really an impressed, simple as that!

Record all

You could record only on motion or events, but hard disks are cheap enough, and recording all has advantages.

The NX Witness makes it easy to see the motion events, and the like.

But recording all allows you to also see when something didn't happen! When a delivery claimed to happen and you can send video covering 10 minutes either side of the time with no delivery happening.

So that is what I do, only for maybe a month's worth, but that allows me to find something if I need.

One edge case was damage to some rendering on a wall, on Synology it was hard to track down, and I imagine on NX witness it would be so much quicker. It was focusing on events for a small part of the image, and the NX witness lets me highlight an area and pick only motion events covering that area.

Don't use WiFi

This should not need saying, but so many cameras these days are WiFi, and even "only 2.4GHz". Just say no. Sorry. Apart from the ease of jamming the WiFi if you want to not be seen, WiFi is very much a shared medium, and a couple of cameras constantly streaming over WiFi can make it shit very quickly.

You need wires anyway for power to the camera, so use PoE, one wire, not that hard even if it means a few holes and cable clips.

Public space

A small follow up because of a comment.

The issue with GDPR is that it covers the purpose of the processing, being domestic/personal, not what you are processing, which is why the case law on CCTV covering a public space makes no sense. And so why trying to draw a line makes no sense. The fact that helmet cams and dash cams are OK, even recording public space, but not fixed CCTV, is a totally mental and wrong interpretation of the law.

I have a couple of good examples. One relative has a doorbell camera, but the house is directly on the public pavement. So to record anything they are recording public space, even when it is a delivery person ringing their door bell. That clearly should be allowed as personal/domestic purpose. (I am lucky to have a small (maybe 1m) space from public pavement).

On the other hand I have a corner that is tarmac'd along with the pavement. I was careful to ensure the tarmac has a clear line for the border of my properly, but lots of people, almost everyone, cuts the corner, walking over my properly when simply walking along the public road. So, in my case, I can record them, under ICO rules, as they are on my property. I have no real reason to, other than I am allowed to as they have not jumped over my gate, etc.

Not Noodle

I was "donated" a bag of nice Pot Noodles for when Sandra was away on holiday. Thank you.

I have always liked pot noodles (sorry), but they are one of a few foods that cause problems for blood sugar, even though not too bad in carbohydrates. Another is some maize snacks like Monster Munch. They send my blood sugar super high for a short period. I have to avoid them.

Thankfully I have mastered pot noodles now, waiting for my blood sugar to be low, drinking some whisky (yes, that has a massive impact on slowing the whole process!), and taking some tablets to help with the blood sugar on top of the daily insulin, and I can eat a pot noodle safely.

But today I was fooled, I found a "not noodle". One with no noodles!

I did what anyone would have done, and combined the spicy sauce packet and the not noodles with the next pot noodle to make a pot₂ noodle. And wow, it was spicy and intense - amazing. They should do pot₂ noodles as a thing. It was amazing.

QR marketing

QR codes are great, aren't they?

I'm not going to go in the the technical aspects here, I have done that before, but more about actually using them.

We see them on everything, from shop windows to packets of crisps.

But there are some guidelines that are worth considering if you are planning on playing with QR codes. This is very much a top level explanation, and as I say not very technically.,

Starting with what is a QR code?

It is simply a standard way to represent data in a machine readable format that can be printed or displayed on a screen, and these days almost any phone with a camera can "read" them.

Why use them?

Well, the main reason is to allow people to get to a web site, that is pretty much the main "marketing" use of QR codes.

There are a load of more technical reasons to use them, tracking products and deliveries and all sorts, even COVID related stuff, but from a marketing point of view it is pretty much "a web site" without the typing, and more importantly the "mistyping" of some URL.

Of course someone could put a sticker over your QR with another one, how would people know until they try it?

Silly graphics in them?

One of the annoying things from a technical point of view is people putting silly images and graphics in the middle, or changing them to be round dots or some such. They are designed to tolerate a lot of errors, so these generally work, but they are not close to being standard. Also they are meant to have a 4 unit white border which is often reduced to 1 unit or not at all. Again, people "get away with it", but it is not right. Properly they are a grid of black or white squares with a 4 unit white border.

But what to put in them?

This is where it gets fun - you typically put a web site, a URL, and that is it.

Start it properly HTTP:// or better HTTPS:// though again you "get away" with just WWW.

But there is more to it!

1. There is no point putting a silly long URL with loads of extra query fields, really, that makes for a dense QR code which may be harder to read. Don't do https://www.amazon.co.uk/Faikin-Alternative-Daikin-WiFi-controller/dp/B0C2ZYXNYQ/ref=sr_1_1?crid=216EE7WGMZ221&dib=eyJ2IjoiMSJ9.XweYjNYnMX2FDmEgANqtjLiG7EHQIhpAHquJL8qCQ74Nr4YyT0zmkbk9467lCnQEb862FHm0WxqOGwExyaAH8JP42vCPVbInuwGvXc5MduR3JtainfYF4sz3oXKDZrVvA81M5J9-Ro5CIDRtqDictRG7E_GGusC-wTDynho5VPmjb4R-00iqmk26qH04W9nRkcYdt7pvh2HMGyh53iA4pPdQcVPNx2Q6B2_T2DDDULQ.qMn3ZtO7J7xmPu_bSUUilYAZ64X_8IK_MAJgIaqpQM0&dib_tag=se&keywords=faikin&qid=1708887615&sprefix=faikin%2Caps%2C81&sr=8-1
2. You can use some sort of URL shortening thing, but that means on phones the preview shows some URL shortening domain and so no way to know it is "genuine". Don't do http://tinyurl.com/yrescvrw

I have seen both extremes!

The middle ground is using your proper domain name, and then a short additional path. This can make a compact URL, and show your domain as the preview for the link on phones, but still get to where you want. You can also make it all upper case which actually makes the QR code less dense. E.g. HTTPS://FAIKIN.REVK.UK

Using your actual domain means you control it and are not subject to some third party, and also the preview on a QR code on the phone shows your domain, not tinyurl.com.

I have actually seen this for some locals shops, with QR codes, that are via some site, and worked when printed, but when I scanned came up with "your free trial is over, choose a package for your QR link" or some such. Totally useless for the shops in question, when just a QR to their own website (which they have) would have worked fine.

For comparison, the above URL examples as QR codes.

1. Long URL (harder to scan)

2. Short URL (no obvious preview before following link)

3. Proper URL (clear preview and easy to scan)

4. Make it a URL!

The above is an example of a dual purpose QR. Scanned, it goes to the product site, but it includes a serial number, so when we scan it on a delivery note, etc, the URL part is ignored and the serial number is read in to to document. Customers expect a QR to be a URL, so why not use that fact.

And don't forget - check it works!

Having made the QR code, check it, pretend to be a customer/user.

• Check what the preview shows on your phone
• Check the link goes where you expect

(Yes, I ballsed that step up making this page the first time, thanks for letting me know)

JLPCB

As some of you know I use JLCPCB a lot for my PCBs.

Why not UK?

We do use UK manufacturers for our FireBrick products, but for the small cheap PCBs I make, it is simply not viable. I have tried to get competitive quotes but people in the UK cannot match the prices, or even close, or the time scales. It is a real shame, and would be great if the UK could find any way to compete.

Problems?

I posted about a weird tracking issue a while back. Thankfully it was a one off.

But things have gone down hill.

Stupid rules

One issue (I don't think I posted) was that they charge a surcharge for "multiple designs" on a PCB, i.e. where cuts or v-cuts allow parts of the board to be broken off, and those have different designs on them. I don't follow the logic at all. But what is even more weird is the logic for this - any tracks or silk screen on break of parts makes it a different part. If just blank, it not and so no surcharge. They can silk screen on it at no extra (e,g. their job number). I even tried to "follow the rules" and had text done in the solder resist (they say explicitly tracks and silkscreen as separate parts, not solder resist), but they would not play. It is a shame, I just wanted a bar code (for the board) on the break of parts of a panel. Pain, but their stupid rules.

Broken search

More recently I found, when uploading, a part was not in stock, a 124k 0402 resistor. For a start, how is that not in stock, but I did the search option and it showed many 0402 parts and I picked one in stock.

What fooled me is the search did not list resistors matching the value I was searching, and I managed to pick a 0.124Ω resistor. My mistake, after a broken search, and I got a UK company to rework for me ("hot tweezers").

Broken component selection

Anyway, my mistake. This time I ordered more boards, same bill of materials I have used dozens of times before, and for this one component, the same as dozens of designs of boards over the last 6 months.

The BOM has an "R" (i.e. resistor) in an "0402" package, with a value of "124k", simple. I don't care the other aspects, it is a potential divide as a reference for the regulator, so really does not matter what 0402 124k resistor it is, hence I have not picked a specific LCSC part number for a specific manufacturer, as that could be out of stock more easily. Like simple resistors and capacitors I simply list the value I want, obviously.

As usual, it picked the parts, and showed them, not actually showing the value, as truncated. But I gate it a value, as I have done so many times before, and obviously expect it to pick a resistor of that value.

Suddenly, this time, it picked a 1.24Ω resistor. So ignored the value I specified! This happened on two orders. One I will have to pay someone to rework, again!

This is bad, I should be able to just say I want an 0402 resistor of a specific value and it pick one. That really is one of the most basic things they can handle in the BOM upload. They used to handle it.

Update: Just to be clear, I have used JLC for years and never had an issue until now, but now it is seriously broken. I re-tested, and even adding Ω to the value does not help. Magically today the 124k is working, but the 1M is suddenly 51kΩ - which makes no sense at all. Previously perfectly fine BOM files now fail randomly. I tried setting specific LCSC parts, which works, except that they are then out of stock of the specific parts and you have to search parts instead of just using a known working BOM.

Baking

And now the latest fiasco, and this really is now taking the piss,.

A part I have used on dozens of designs over at least 6 months, and hundreds of boards. A simple LED. Indeed, my Stargate designs actually have over 500 of them on each board!

The design I am ordering is one I have ordered many times, indeed, I just received some I ordered over a week ago, same BOM, same LED (wrong resistor, as above).

But now, for some reason this "is highly sensitive to humidity, and needs baking before soldering, or it will easily got moisture damaged". They suggest checking the datasheet. There is a surcharge!

The datasheet says: "If the moisture absorbent material has fade away or the LEDs have exceeded the storage time, baking treatment should be performed based on the following condition: (60±5)°C for 24 hours."

This suggests they have stored it incorrectly maybe? and want me to pay a surcharge for their bad handling of a component.

Awaiting reply, but they have gone from "quick, easy, cheap", to "pain in the arse, costly rework, and stupid rules and extra cost."

I may have to find someone else!

Hiding passwords

A minor niggle, but some times you want a web form that has passwords.

The classic solution is type=password and send the password as the value. This works, and if the page is all https, then why not, it is secure. It also offers to save the password (something that is really hard to disable these days, and there are reasons to want to do that!).

But what if not https, for, reasons*? 

Sending a password is not ideal - but if not https, sending one back is also in the clear, but if the threat is purely snooping then it is not too daft to minimised sending it when not needing changing. You minimised the window of capturing it. You also stop someone simply requesting the page to see it, even if they are able to change it.

So a simple fix is to have a rouge value password you use to mean no change such as ********. You can send this and if a returned value is not that then it means a new password has been set.

It bugs me slightly, as it means you cannot have a password of ********.

Well, maybe.

1. Only send when password set, as always useful to be clear if a password is set or not.
2. Why not use something more esoteric, such as ✶✶✶✶✶✶✶✶ (unicode 6 pointed stars). Passwords should allow unicode stuff, obviously.
3. Allow setting the password to the rogue value if not currently set, meaning you sent blank and not the rouge value, so the rouge value coming back means someone set it. This means the only limitation is changing from one password to the rouge value without unsetting it first - not a biggie (if documented).

* such as local control to a microcontroller that has limited capability to do https and limited capability to handle certificates. A problem we would all like to solve cleanly.

** And yes, I mean for those occasions where one cannot store a hash! They exist! WiFi passwords for one. But even when a hash, you need a way to know someone is trying to change the password, and this works for that too.