Anyone tried Security Camera Warehouse (SCW) NVRs and Cameras?

[cosmo]

Hi Fenderman,

Re plug and play, I will tell you about my Hikvision experience. I plugged the cameras into the NVR, turned the NVR on, it found all the cameras and was recording automatically. It would seem that my experience is at odds with your, assuming of course that you have actually set up HikVision cameras with one of their POE NVRs.

You cannot mix and match cameras and also retain all advanced IVS features which is very limiting with uniview/scw cameras as they dont have many design and sensor configurations.

I don't know anything about the capabilties of Uniview/SCW cameras, which is why I originally posted this thread. So I am interested in a bit more detail on this Matt's reply if he is still reading. I will add that I generally use the same or similar cameras.

There is no risk when buying via china

The risk is that if you update the firmware on some Chinese, grey market cameras, that the language configuration goes to Chinese and it is tricky to get it back. Lots of posts on this forum about those experiences. I upgraded my Chinese sourced firmware on my Dahua NVR and Cameras after having some problems with the software. Now the cameras won't do anything with line crossing or intrusion detection and the NVR won't attach a picture under any circumstances to an email anymore. So I disagree with your assertion based upon my own experiences.

SCW's own software runs on windows!!!!!!

That's interesting. Are SCW NVR's Uniview as well as their cameras?

I have nothing against Windows. Ah, well, okay, I lie, there are a lot of things I don't like about Windows. But I can live with them. Windows has a lot of great features of course. So I don't want to get into an argument about this other than to offer my personal opinion that Linux is a better 24x7 embedded solution, having been designed for it. Having a server based system Windows based is not a deal killer for me, it is just questionable why a dedicated system vendor would choose that platform for this purpose. One reason might be because it was easier for the particular programmer. As someone who spent 15 years developing Windows software before doing multi-platform server development, I can see both sides.

What is the availability of an 8ch nvr when you need the ninth camera?

The same problem you will have if you have an 8 port PEO switch with a 9th camera. The original choice for either should have been 16.

I think in this comparison, there is one thing that has been overlooked and I alluded to it in my earlier email and that is cost and complexity:

With an NVR, you just plug the camera cables in. NVRs are compact, pretty quiet and SCW's 8 channel model cost $400. The cameras, at least on HikVision, by default, operate on a different subnet to the network interface going to the network. So if you don't have a VPN set up, (and most home users do not), then the cameras are not directly exposed to the Internet, even if you port forward the NVR (which many home users do). Irrespective of the value of having a VPN and not port forwarding, there is some protection from hacking into the cameras.

With Blue Iris, yes, it may only be $50, but you still have to buy a computer and a powered switch. If you get all that for under $350, okay, you're still ahead, but I think it would be splitting hairs. I looked at the economical PC recommendations for Blue Iris and they are large, older desktop computers. I actually don't have the cupboard space for that in one location. It was hard enough to fit the Dahua NVR in. I wish they would design a compact, single drive 8 channel NVR with the drive over the motherboard.

Anyway, I could go on, but I will summarize by saying I am not dead set against one or the other. I just want to learn a bit more about each for my technical requirements, which aren't that many.

Oh, and on that note, one last question: How do you handle input alarms with Blue Iris? I have an infraRED beam device that sends a signal to a receiver and on the NVRs there are input and output alarm connections on the back. What do you do with a PC based system?

 

[fenderman]

Hi Fenderman,

Re plug and play, I will tell you about my Hikvision experience. I plugged the cameras into the NVR, turned the NVR on, it found all the cameras and was recording automatically. It would seem that my experience is at odds with your, assuming of course that you have actually set up HikVision cameras with one of their POE NVRs.


I don't know anything about the capabilties of Uniview/SCW cameras, which is why I originally posted this thread. So I am interested in a bit more detail on this Matt's reply if he is still reading. I will add that I generally use the same or similar cameras.


The risk is that if you update the firmware on some Chinese, grey market cameras, that the language configuration goes to Chinese and it is tricky to get it back. Lots of posts on this forum about those experiences. I upgraded my Chinese sourced firmware on my Dahua NVR and Cameras after having some problems with the software. Now the cameras won't do anything with line crossing or intrusion detection and the NVR won't attach a picture under any circumstances to an email anymore. So I disagree with your assertion based upon my own experiences.


That's interesting. Are SCW NVR's Uniview as well as their cameras?

I have nothing against Windows. Ah, well, okay, I lie, there are a lot of things I don't like about Windows. But I can live with them. Windows has a lot of great features of course. So I don't want to get into an argument about this other than to offer my personal opinion that Linux is a better 24x7 embedded solution, having been designed for it. Having a server based system Windows based is not a deal killer for me, it is just questionable why a dedicated system vendor would choose that platform for this purpose. One reason might be because it was easier for the particular programmer. As someone who spent 15 years developing Windows software before doing multi-platform server development, I can see both sides.


The same problem you will have if you have an 8 port PEO switch with a 9th camera. The original choice for either should have been 16.

I think in this comparison, there is one thing that has been overlooked and I alluded to it in my earlier email and that is cost and complexity:

With an NVR, you just plug the camera cables in. NVRs are compact, pretty quiet and SCW's 8 channel model cost $400. The cameras, at least on HikVision, by default, operate on a different subnet to the network interface going to the network. So if you don't have a VPN set up, (and most home users do not), then the cameras are not directly exposed to the Internet, even if you port forward the NVR (which many home users do). Irrespective of the value of having a VPN and not port forwarding, there is some protection from hacking into the cameras.

With Blue Iris, yes, it may only be $50, but you still have to buy a computer and a powered switch. If you get all that for under $350, okay, you're still ahead, but I think it would be splitting hairs. I looked at the economical PC recommendations for Blue Iris and they are large, older desktop computers. I actually don't have the cupboard space for that in one location. It was hard enough to fit the Dahua NVR in. I wish they would design a compact, single drive 8 channel NVR with the drive over the motherboard.

Anyway, I could go on, but I will summarize by saying I am not dead set against one or the other. I just want to learn a bit more about each for my technical requirements, which aren't that many.

Oh, and on that note, one last question: How do you handle input alarms with Blue Iris? I have an infraRED beam device that sends a signal to a receiver and on the NVRs there are input and output alarm connections on the back. What do you do with a PC based system?

Your experience is at odds with every single hikvision system ever made. How is the NVR supposed to know if you want continuous or motion recordings, if motion what level. What about bitrates to determine retention time, what about alerts and remote viewing? The time.
It is highly unlikely that uniview NVR's support hik/dahua ivs.

Please STOP posting misinformation about cameras purchased from china. You are confused about the gray market and that is why you disagree. There are TWO different types of cameras available direct from china. 1) international cameras that ARE FULLY UPGRADEABLE, AND ARE IN ENGLISH. These are not only the same as the US counterparts but often times have much better design and sensor selection that what is available in the US. 2) china region hacked cameras that are not upgradeable and are never recommended. You made a foolish mistake and purchased the latter.

If you have an 8 port poe switch and want to add another camera all you need is a cheap 4 port poe switch that you can plug into the first. Problem solved. This is basic networking. Very surprised that you claim to be a programmer.

Yes the SCW NVR's are uniview.

You completely missed the point of the 50 bux. It was in direct to your assertion that there was some real risk in buying software developed by a single person. The pc can be used for any other vms.
Sad that you put your NVR in a cupboard. Silly reason to go with a toy NVR. You have not looked at the dell sff pc that are small hp a bit bigger but more room.
I encourage you to buy an NVR and cameras from SCW you are dead set on it. Then when you move on to something like blue iris you will appreciate it more.
Blue iris supports inputs from sealevel devices which can be had used for 50 bux and are available in network based or better yet support inputs from zwave devices/hubs which allow endless possibility without having to homerun all the wiring.

 

[cosmo]

How is the NVR supposed to know if you want continuous or motion recordings, if motion what level. What about bitrates to determine retention time, what about alerts and remote viewing? The time.

It defaulted to continuous recording on all cameras with a default bitrate and time, the latter which of course was incorrect.

Naturally these had to be set to what I wanted, optimized etc. My point is, out of the box, an NVR gave you basic functionality, just like a Windows installation. You still need to go in and finish the configuration to suit your purpose.

There are TWO different types of cameras available direct from china. 1) international cameras that ARE FULLY UPGRADEABLE, AND ARE IN ENGLISH. These are not only the same as the US counterparts but often times have much better design and sensor selection that what is available in the US. 2) china region hacked cameras that are not upgradeable and are never recommended. You made a foolish mistake and purchased the latter.

You assumption is incorrect. I originally purchased 5 Dahua cameras from AliExpress vendor Empire Technology. For some reason, the system rejected the order, so a few days later I made the same purchase from DragonEye Security Camera. The cameras were specifically annotated: "All the DAHUA products(except our own products) are with English version only; Most cameras on the market are Chinese not English." After a series of problems, I eventually upgraded the firmware. It did not fix the problems, but worsened them. So that was my personal experience. At least the cameras still work. Others have not been so lucky, buying, as you say, "china region hacked cameras" and have had the language issue. This is the risk in buying from China - lack of awareness, and was simply what I was alluding to in the risks of purchasing from China. I still purchase direct from China and did so just last month. My point is, you can save a lot, but you just need to be a savvy buyer or you might run into problems.

As I have said, I am not set on either system at this stage. I am still looking at the suitability.

On a side note, please don't hurl insults, as we are both just users of these great technologies, not the great minds that developed it. This forum wouldn't exist to discuss the merits of it if not for that.

 

[fenderman]

It defaulted to continuous recording on all cameras with a default bitrate and time, the latter which of course was incorrect.

Naturally these had to be set to what I wanted, optimized etc. My point is, out of the box, an NVR gave you basic functionality, just like a Windows installation. You still need to go in and finish the configuration to suit your purpose.



You assumption is incorrect. I originally purchased 5 Dahua cameras from AliExpress vendor Empire Technology. For some reason, the system rejected the order, so a few days later I made the same purchase from DragonEye Security Camera. The cameras were specifically annotated: "All the DAHUA products(except our own products) are with English version only; Most cameras on the market are Chinese not English." After a series of problems, I eventually upgraded the firmware. It did not fix the problems, but worsened them. So that was my personal experience. At least the cameras still work. Others have not been so lucky, buying, as you say, "china region hacked cameras" and have had the language issue. This is the risk in buying from China - lack of awareness, and was simply what I was alluding to in the risks of purchasing from China. I still purchase direct from China and did so just last month. My point is, you can save a lot, but you just need to be a savvy buyer or you might run into problems.

As I have said, I am not set on either system at this stage. I am still looking at the suitability.

On a side note, please don't hurl insults, as we are both just users of these great technologies, not the great minds that developed it. This forum wouldn't exist to discuss the merits of it if not for that.

Once again you are confused and posting misinformation. Your issue is likely user error. But more importantly, the cameras dont get bricked. By making a blanket statement about grey market cameras you imply that all the cameras risk bricking by firmware upgrade, which is false. There is no risk purchasing from china. Everything is outlined here in the cliff notes and posts. If you were foolish enough to purchase a china region camera/nvr or use a china region firmware that is on you!

I will insult foolish comments, I take pride in it. Once again you seem like the perfect client from SCW's overpriced rebranded products, buy them I beg you. If you think uniview cameras are problem free or foolishly think SCW has some control over uniview firmware go for it. This is why blue iris is exceptional, you dont need to rely on the cameras firmware for anything other then providing the video stream and the time.
The rest of US wont buy overpriced product and dont need their support.
Dont repeat the FALSE information posted by SCW that the NVR provides protection from hacking. It provides none as alastair has pointed out. Why do you think the NVR's are less hackable than the cameras. As Alastair noted they have a LARGER attack surface.
Great minds didnt develop these cameras. At best they are mediocre minds.

 

[mnederlanden]

Hi Cosmo, I have a meeting today and tomorrow with the entire UNC campus security team so I can't do a more exhaustive response until later. I will answer your question in a bit.

The NVRs run on embedded linux. The viewing software runs on windows, mac, and linux. The iOS app alpha launch was today.

If the software crashes, the NVR still records. If the NVR crashes it normally reboots and starts recording again.

Are SCW NVR's Uniview as well as their cameras?

Plug and play only works well if the manufactures are the same. It should plug in and "just work." Additionally any ONVIF Q profile camera should also plug and play. There's a bunch of ONVIF profiles that mean different things, but Q is easy to remember with this trick: "Q is for Quick!"

Fenderman is right that there's an initial setup to get things configured in whatever unique way that you want. Our support team will walk you through all those settings: recording motion, analytics, vpn, etc during our initial setup / onboarding call.

How is the NVR supposed to know if you want continuous or motion recordings, if motion what level. What about bitrates to determine retention time, what about alerts and remote viewing? The time.

We set most of these to have defaults, and then we do an onboarding call with our support team to let the customer customize the settings however they want. We do this through screenshare, remoting in if the customer wants us to, phone calls and chats. We're flexible and will work any way you want us to.

 

[mnederlanden]

I don't know anything about the capabilties of Uniview/SCW cameras, which is why I originally posted this thread. So I am interested in a bit more detail on this Matt's reply if he is still reading. I will add that I generally use the same or similar cameras.

ONVIF compliance is pretty bad when it comes to enforcement. ONVIF Compliance in Plain English lists the issues.

Most significantly, yes, motion and event detection in ONVIF is really poorly supported by manufacturers. ONVIF has no real enforcement mechanism other than a test which proves that at least one firmware version passed some of the requirements. This means that you can update firmware and lose ONVIF or you can get a video feed and not any analytic info while still being compliant.

Blue Iris solves this by doing the analytics post camera with the PC processor. This has some advantages like working with any camera. This has some disadvantages like higher CPU usage and energy costs. But there's a lot to like and we're following a similar path with Cirrus: We'll be rolling out some advanced machine learning analytics computer vision paid-service processes, in an upcoming release. I'm literally at UNC today giving away an extremely alpha stage gun detection machine learning model to try to reduce gun violence in schools. Stuff like that...

Again, if you like Blue Iris, we're happy to work with you. Blue Iris has some great ideas.

 

[mnederlanden]

Your experience is at odds with every single hikvision system ever made

My experience with Hikvision has been the same as /u/cosmo. They plug and play with the NVRs and comes set with some reasonable defaults for recording. Older Hikvision NVRs and new cameras don't plug and play well, but that's kinda the norm when mixing old and new from anyone's offerings (cameras or otherwise).

My experience with Dahua is that they also do that.

 

[fenderman]

My experience with Hikvision has been the same as /u/cosmo. They plug and play with the NVRs and comes set with some reasonable defaults for recording. Older Hikvision NVRs and new cameras don't plug and play well, but that's kinda the norm when mixing old and new from anyone's offerings (cameras or otherwise).

as I noted, you need to set up motion, alerts, bitrates and remote viewing. The default settings may only give you a few days of recording if you dont know what you are doing. Nothing is plug and play.

 

[fenderman]

Blue Iris solves this by doing the analytics post camera with the PC processor. This has some advantages like working with any camera. This has some disadvantages like higher CPU usage and energy costs. But there's a lot to like and we're following a similar path with Cirrus: We'll be rolling out some advanced machine learning analytics computer vision paid-service processes, in an upcoming release. I'm literally at UNC today giving away an extremely alpha stage gun detection machine learning model to try to reduce gun violence in schools. Stuff like that...

Again, if you like Blue Iris, we're happy to work with you. Blue Iris has some great ideas.

Blue iris allows for both in camera motion detection AND/OR server based detection as well as hardwired sensors via sealevel and wireless zwave sensors.

 

[mnederlanden]

You are correct. I'm sorry for the miscommunication. I don't mean to imply that "plug-and-play" will set up motion, alerts, and remote viewing. By "plug and play" I mean no networking setup for the cameras: the subnet and airgap are already built into the NVR.

Reasonable bitrates defaults are setup automatically on our systems as well, as well as recording settings and retention settings.

We are happy to set motion, alerts and remote viewing settings with the customers during the initial setup / on-boarding call.

 

[mnederlanden]

Just curiously, what's

server based detection

?

 

[fenderman]

Just curiously, what's
?

This is when the software performs the motion detection rather than the camera.

 

[fenderman]

You are correct. I'm sorry for the miscommunication. I don't mean to imply that "plug-and-play" will set up motion, alerts, bitrates and remote viewing. By "plug and play" I mean no networking setup for the cameras: the subnet and airgap are alraedy built into the NVR.

There is no airgap as alastair so eloquently explained. Total newbies have no problem setting the cameras up.

 

[mnederlanden]

There is no airgap as alastair so eloquently explained. Total newbies have no problem setting the cameras up.

There really is one on our NVRs. The only way to remote into a camera's web interface is to plug a PC into one of the free POE ports. If you would like, I can send you a 4 channel NVR for free and you can try to access a camera's ip address without plugging into one of the POE ports. I'd be happy to do this, especially if you can crack it. I would love to know where the vulnerabilities are, cause then we can fit them.

 

[fenderman]

There really is one on our NVRs. The only way to remote into a camera's web interface is to plug a PC into one of the free POE ports. If you would like, I can send you a 4 channel NVR for free and you can try to access a camera's ip address without plugging into one of the POE ports. I'd be happy to do this, especially if you can crack it. I would love to know where the vulnerabilities are, cause then we can fit them.

oy...you completely missed the point. The NVR is just as susceptible to hacking if not more than a camera.
You cant fix anything, you can only ask uniview for a firmware update. They are in total control, you have none.

 

[mnederlanden]

Additionally, I've been working with a hardware designer to create our own POE powered devices (for a separate, secret project) and I can tell you that the hardware engineers that we're working with have absolutely designed a physical barrier in these new devices. I wasn't part of the hardware design process for our partner, but I have worked directly with the engineers on this new project. I know for a fact that there's no physical way to access the devices using POE power on these unreleased models because there is a physical barrier.

 

[fenderman]

Additionally, I've been working with a hardware designer to create our own POE powered devices (for a separate, secret project) and I can tell you that the hardware engineers that we're working with have absolutely designed a physical barrier in these new devices. I wasn't part of the hardware design process for our partner, but I have worked directly with the engineers on this new project. I know for a fact that there's no physical way to access the devices using POE power on these unreleased models because there is a physical barrier.

Please stop with this nonsense. There cannot be a physical barrier otherwise the cameras could not communicate with the nvr. Yet again you miss the bigger picture. Assuming what you are saying is correct and the cameras cannot be accessed, it makes no difference if the NVR can be accessed. You must admit that there is no phony "Air gap" between the NVR and the internet.

 

[mnederlanden]

You can only ask uniview for a firmware update.

Correct.

They are in total control, you have none.

Not completely correct. We're one of their largest customers. They fix bugs for us weekly.

This is really no different that your scenario with Blue Iris. You guys move a lot of product and you get power because of that with the developer. That's a good thing. You help him manage his bugs and know which bugs are more important at any given point. It is soft power, yes, but it is powered none-the-less.

 

[fenderman]

Correct.



Not completely correct. We're one of their largest customers. They fix bugs for us weekly.

This is really no different that your scenario with Blue Iris. You guys move a lot of product and you get power because of that with the developer. That's a good thing. You help him manage his bugs and know which bugs are more important at any given point. It is soft power, yes, but it is powered none-the-less.

You are confused we have no input and dont get any priority with respect to blue iris updates. He does this all on his own based on use input. We dont provide direct blue iris support to users. Its all here on the forum that the developer does not visit. We sell very little BI product compared to most other resellers and have only been selling since the end of last year. This forum has been around for over 5.
You have very soft power, you would not even know if someone disclosed a vulnerability to uniview. These china companies like hik have been known to sit on the disclosed vulnerabilities for months. Then there is the issue of EOL NVR's. For example, there are many hikvision NVR's (presumable some that you have sold when you moved hik product) that no longer receive any updates because they decided to label the machine EOL. What is the user to do at that point?

 

[mnederlanden]

Please stop with this nonsense. There cannot be a physical barrier otherwise the cameras could not communicate with the nvr. Yet again you miss the bigger picture. Assuming what you are saying is correct and the cameras cannot be accessed, it makes no difference if the NVR can be accessed. You must admit that there is no phony "Air gap" between the NVR and the internet.

This isn't how the hardware works. An airgap protects the cameras from being access by something other than the NVR. All processes to the camera must originate in the NVR. So, no camera can be hacked if the NVR isn't hacked. That's how this works.

I don't really know how UNV does it. That's proprietary and they haven't told me.

But I can tell you that this isn't nonesense. Here's one way to do it: use a reverse SSH, which is an even more highly secure form of protecting client data than even a VPN.

With a reverse SSH, the edge device can deposit files into a trusted repository (like a cloud or a NVR with a secure, known endpoint) and can look at files in the repository for instructions on what it should do (like settings changes or firmware updates), but unlike a VPN it cannot receive directions - at all. All communication with a reverse SSH device are outgoing. All communications to the device are blocked - even the central server cannot send it instructions outside of its existing "look at the trusted repository every n integrals" parameters.

The only way to compromise a reverse SSH is for both the trusted device to be hacked and the for the hacked to have knowledge of what files the edge device has been instructed to look for and what validation (hashing algorithm based on mac address, timestamp based hash, whatever) is required for the files to be accepted by the edge device. This is highly unlikely.

You can even do reverse SSH tunneling to connect two devices that can't talk to each other through a trusted validation servicecenter (like the cloud),