Usually you want some way of monitoring how much energy your panels are producing. This helps to realise you need to clean the panels or do some maintenance if panels start failing. Or it may be useful for scheduling home appliance usage.
But in practice this almost always means connecting to the internet, because the simplest interface is wifi and data collection/display at the producer's servers. So any extra features == internet connection.
Highly recommend using solarassistant for this, instead - local server software that install on a raspi, and you hook a usb on the raspi to the WiFi dongle port on your inverter with a serial cable. Don’t provide the inverter itself with any wifi credentials.
Solar assistant has the bonus of interfacing your inverter with homeassistant, and letting it control the inverter/get signals from it (so you can do things like, if grid voltage drops to zero, do xyz)
Sorry, haven’t looked, we have a sol-ark and this was the go to solution for people on diysolarforum (https://diysolarforum.com/). I’d recommend searching around on there, or making a post, it’s amazing for learning about this sort of stuff.
Keep your [phone/PC/whatever] on one VLAN, with a NAT gateway, and they'll work just as they do now.
Keep the IoT Things inside of their own VLAN, without a gateway to the Internet.
And if a device like Home Assistant or whatever needs to exist on both VLANs in order to be useful, then: Make sure it isn't forwarding/routing/NATing packets.
---
The implementation details vary, but they needn't be particularly expensive.
What I do at home is run OpenWRT on a Pi 4 for my home routing purposes. It's fast enough for my needs and it's got simple GUI configuration options for VLAN. (Why OpenWRT? Because it's easy for me to puzzle out when I need to adjust something after a few months or a year -- I don't deal with routing every day, nor do I wish to. (Also SQM is a built-in, which always keeps WAN latency tolerable.))
From there, I've got cheap managed switches that enforce/insert VLAN tags where that is useful to me, so I can decide which physical ports are capable of talking to whichever VLANs.
And from there, I've got relatively inexpensive Mikrotik access points that are configured to provide different SSIDs for different VLANs.
It all works OK, though more enterprisey folks will almost certainly choose a very different path.
VLANs are great. Unfortunately, I've got an unmanaged 12-port PoE+ switch that doesn't support them. My workaround is to put two subnets on the same physical LAN, and my DHCP server (pihole) has an IP address on each subnet.
My (openWRT) router also has IPs on both subnets, and routes both LANs to the WAN. Restricting/throttling WAN bandwidth is easily managed in OpenWRT. Preventing WAN access is easily done by not providing a gateway in the DHCP assignment (pihole).
Obviously the big difference between this and a VLAN is that an ill-behaved device could still access the other subnet, and could still discover the gateway and route to the WAN. So far, none of the IoT crap on my restricted subnet has misbehaved.
Just my opinion but don't you want to patch that hole with a better switch? Or put it downstream of a switch that does enforce vlans? Most likely your iot devices don't really need anything more than 10-100 megabit connections anyway?
The switch I'm using is behind a panel in my garage, which is not climate controlled. Temperatures range from freezing to over 100F throughout the year. It's a fanless POE+ switch and it's doing a great job otherwise. I've replaced the switch with a different model a few times over the past five years, but this one has held up well for over three years. I'm open to suggestions for a reliable (managed or unmanaged) fanless POE+ switch that can handle this environment. Ideally, I'd like one than can do 10Gbps. The present switch is 1Gbps. Money is a secondary consideration.
I claim no expertise here, sorry. Best I can do is defer to Serve The Home; they have reviews of switches that include whether it's managed, actively cooled, throughput, etc.
Thanks for the tip. Serve The Home is a good site that I came cross for the first time just a few weeks ago. For the past five years or so I've been unhappy with the poor availability of 10Gbe in SOHO products. It appears to finally be happening, but has not yet trickled into the mainstream.
Yeah that works great until the partitioned device decides it requires Internet access and ceases operation. I recently had a Bose soundbar refuse to play sound until it was connected to the internet.. it promptly downloaded some massive 2gb update, then bricked itself while updating.
If it's a brick without Internet access, and it is also a brick with Internet access, then: It is simply a brick, and no amount of segregation can help.
That all tech devices are made in china is a myth propagated by the ignorant (or malicious).
From the raspberry pi (UK) to Samsung Galaxy (South Korea) it is trivial to find a product not made in China once you leave the low end of the market.
And now even the low end has alternatives if you spend some time and effort.
Name any category of product whatsoever and I will personally find you a non-Chinese alternative.
Even many things “made” in China are only really assembled in China. A computer that’s “made” in China is often just slapped together like a lego kit from pieces made in Thailand, South Korea, Germany, the US, Singapore and Taiwan (which isn’t a part of China).
Without having put any specific thought into it, I always assumed that while designed in the UK they would be manufacturing them in Asia, so it's a pleasant surprise to find out that you're mostly right - the majority have been made in Wales (part of the UK)!
However some are made in Asia, including China. Quoting Wikipedia (plus the citation links):
> "Most Raspberry Pis are made in a Sony factory in Pencoed, Wales,[19] while others are made in China and Japan.[20][21]"
Yeah… all ends of the market, from the $0.03 toy to the $1,400 iPhone have their physical hardware and assembly outside the West, mostly in China.
BUT. The software for the iPhone is made in the US. Which is why people buy it. All phones are black rectangles! The hardware does not matter that much. And the price to buy into the Apple software ecosystem is much higher than the sticker price of the iPhone, only some of which goes to China. So most of the reason someone buys a tech product, and most of the value, ie the software, is US made.
BUT #2: the solar inverter software is used as DRM. This should serve as EXTRA evidence for you that the SOFTWARE MATTERS and that the hardware is completely fungible.
Tbf, they meant stuff where the firmware updates and/or control-plane are controlled by Chinese servers. I'll go further: all Internet of shiT gadgets shouldn't be allowed to phone home: Chinese, Korean, American, doesn't matter. One day, the manufacturer/operator will use. That internet connection in ways contrary to customers best interests.
Don't plug it in unless you have the expertise to already know the answer to that question. That should also be your advice to any friends/family. Plugging something like this into a network is a horrifically bad idea.
This is like asking people on the Internet how to safely mix random household cleaning chemicals. If you don't have the background to answer that yourself, you should not be doing household chemistry.
I found out after our solar system was installed that the enphase inverter came with a cell modem for monitoring and remote management. Our installers didn't know how or even if it was possible to configure the system without one.
After I bought out our panels, I found the Enphase modem and disconnected it. It was a USB box connected to the monitoring unit, the monitoring unit has other networking options, and it's mine anyway.
Now you know to advise people to look into that question before the install/find an installer that can guarantee it. If the thing can't easily have cell function disabled (e.g. by pulling a readily accessible card), then advise people to stay away from enphase.
The issue is that a lot of IoT things won't even work unless they have Internet connection and a registered account.
The careful approach to IoT is to never connect a device to anything, dump the firmware, analyze it, reflash the EEPROM with patched TLS certificates (if necessary), write your own server implementation, let the IoT device join a dedicated IoT WiFi network, on that network run everything through a gateway pretending to be "the Internet", where the emulated server is running. Yep, it's this bad.
Of course, if the device or its malfunction cannot cause sufficient harm (e.g. it's a light, usually it's not worth to reverse engineer it) then just run it on a separate SSID and VLAN, with least access necessary to get it running (starting from blocking everything and allowing network by network until it works).
And, uh, if the device has a LTE or can use something like Amazon Sidewalk, it gets even trickier to keep it tame.
I don't have any solar power stuff, but I did this with my old cat feeder machine. In the process I discovered a service/backdoor SSH account, a system that does not encrypt p-frames at all before uploading data to the cloud, and a bunch of other things that made me happy I did not connect it to any public networks. Short conclusion: consider against with a camera or a microphone that runs on Tuya-developed firmware. Generalized conclusion: consider against IoT from any manufacturers you don't trust to fully respect your best interests, or aren't willing to audit first.
The downside is obvious, of course. And with every year more and more manufacturers tighten up their hardware, but I'm certain the crappy programming and service backdoors are all there, only ways to mess with the network traffic or firmware are clamped down.
> The issue is that a lot of IoT things won't even work unless they have Internet connection and a registered account.
To a significant extent I see this as a "buyer beware" situation. Now, a lot of people aren't even really aware of the problem nor knowledgeable enough to know what to look for, but I'd expect the majority of the HN audience is both aware of and able to understand the problem enough to be capable of looking out for and avoiding it.
I personally don't mind if a device uses internet connectivity to provide a useful service, but I refuse to buy anything that requires internet connectivity arbitrarily for functionality that could easily be performed locally. The first thing I do when I think a new IoT device might be neat is google "<product> Home Assistant" and see what comes up. If there's no integration or the integration is cloud based instead of local I probably won't buy it.
IoT devices are not necessities, most of them are either luxury items or disposable novelties. You can always just not buy them. There are certainly some categories, particularly in the residential market, where it may be harder to find an option you find agreeable but its far from impossible. If every major offering in a category is bad in this way, you almost certainly don't actually need that thing.
To best of my awareness, there are no good automatic cat feeders on the market - just crappy ones and tolerable ones.
This doesn’t mean they’re a some novelty gimmick I don’t really need. I’ve got two cats, one had developed a health condition that requires special diet - and I’d say that a feeders that track consumption and can recognize between two furry assholes and unlock only for the appropriate one, are basically a necessity for me here. Without those I would have to force unnatural feeding schedules on my cats, so I can watch them eating from their own bowls.
Even basic stuff like smart lights isn’t totally a gimmick. It’s not just a light with phone for a remote control, after all. Being smart enough to e.g. not blast at full brightness in my eyes if I need something at nighttime is not just a fancy thing, but good for sleeping hygiene.
I have a sunsynk inverter which is the same hardware as deye but apparently different software. I have it hooked up to a Pi4b running home assistant using this https://github.com/kellerza/sunsynk and it has no direct internet access. I can connect to my home network using tailscale to monitor power usage and generation through the HA app if I'm not at home
I stuck IOT stuff on a cheap linksys WRT router with ExpressVPN firmware. It forces all clients out over that so Nest, Amazon et al can’t snitch or sell my demographics or billing address to people. Not tying it to my home IP anyway.
but this require a DMZ or a second external IP address (I have both with centurylink) because if it’s double nat on your home network. Thee devices can access your home network.
Often the equipment won’t actually work either if you try to filter it meaningfully. I’ve had IoT cameras (in particular) that would brick themselves if you didn’t allow 443 to all Amazon IP blocks. :s
But in practice this almost always means connecting to the internet, because the simplest interface is wifi and data collection/display at the producer's servers. So any extra features == internet connection.