Thanks for the hints. I do run openvpn, and use that for remote access. Its a better solution than putting services directly on the internet. I should update to wireguard one day, time permitting.
I have tried
blue iris, that was no good. The biggest problem was the CPU consumption, and the resulting power hog that turned my PC in to. If it supported Dahuas API to offload motion detection to the cam since its a low power arm cpu that already implements the detection and provides an API that would be ideal. Then the PC wouldnt need to decompress the streams to implement anything, it could just save the compressed stream, like an NVR. I also was not a fan of the BVR format and the lack of a stand alone tool to convert to MP4 in a lossless way. I found scripts that said they did it with ffmpeg, but it did not work for me. I also found I could set up an auto export but that was a pain and involved re-encoding the streams. Not what I was looking for.
I am aware of frigate, and it looks very nice. The road block, for me, with that was the lack of availability for the coral-ai accelerators. I have since found some, but to be honest I have struggled with getting my head around home assistant also. In the past I have had working in a limited configuration and then break when the app is upgraded. I am aware there are howto videos and the app is always getting more mature but I don't have the time or the will for that. I want something that just works with no or minimal configuration.
I have settled on smartpss, as the only option, but I have installed it in to a VM with nothing else in the VM. Yes someone inside dahua could likely use it as a jump box still but at least when it has admin access to the host, there is nothing else on the host. I already run VMs full time on my workstation, and this one is running ok with only 4G ram so this is ok for me.
I have also recently closely read the dahua license. Has anyone noticed that it says it is governed by the laws of the PRC? Is anyone familiar enough with these laws to know how that opens up the risk or likely hood for backdoors?
I tested patching the resources section of the app exe to allow it to run without admin, but then it won't start up even though it should not need them. It could just be needing that to run the NVR part as a service, but then it should be able to install that service at install time while the installer has admin, and let the client run without it. So poor coding or more nefarious than that? Hard to say.