Just got 1st cam (5442). Configuration questions. Quicksync, H.265 etc

[shalem2014]

Using obscure ports don't help at all. It's been proven, they will be found just as fast as other ports.

Oh combating the paranoid misinformation here regarding port forwarding is quite tiresome... CLUELESS is all I can say. I run several servers and many security systems and I can tell you that nothing could be farther from the truth. The amount of random, incoming connections on port 80 for example is an order of a couple magnitudes higher than any other port. And if you need me to prove it, I will—I have plenty of server and firewall logs!

BTW, my suggestion to use an obscure port was not to prevent the server from being hacked; that is the job of well written server code and a good username/password combination. Which is why you DON'T forward a Chinese IP camera to the Internet, and DO disable its UPnP function so it can't forward itself. My suggestion was simply to reduce the amount of random traffic dropping by and hitting the server. A good analogy would be to say that port 80 is a big front door, open, with the lights on inside, whereas an obscure port is like a manhole cover hidden in the grass in the backyard that leads to an underground tunnel into the basement. You could enter via either of them, but the front door will see far more traffic and attract far more interest. People "casing the neighborhood" will see the open front door right away, but they would never have known about a backyard entrance and would've kept driving by for an easier target. Oh, and I run web servers on port 80 too. Some places you want to attract traffic. Others, not so much. Whoever is operating this site seems to like port 80 (HTTP) and 443 (HTTPS) or we wouldn't be here. I hear that this site also has a DDNS service, so someone's got port 53 (DNS) open too. Scary stuff, huh? Not if you understand how it works and what the actual risks are.

 

[biggen]

You’re both right. Security through obscurity is a poor design choice but most of these attacks are targeted at well known and popular ports. These automated bots arent port scanning the entire range since it takes too long...

 

[XrayDoc88]

I've followed these forums for a while and I'm very close to installing my very first Dahua camera. I will have the same questions as the OP. But I also have two others:
1. I'm pretty sure that H.264 has been recommended many times instead of using H.265. Has that experience or recommendation changed?
2. I do not know what camera sub streams are and what they are used for. Can anyone explain?

Thanks!

 

[fenderman]

Oh combating the paranoid misinformation here regarding port forwarding is quite tiresome... CLUELESS is all I can say. I run several servers and many security systems and I can tell you that nothing could be farther from the truth. The amount of random, incoming connections on port 80 for example is an order of a couple magnitudes higher than any other port. And if you need me to prove it, I will—I have plenty of server and firewall logs!

BTW, my suggestion to use an obscure port was not to prevent the server from being hacked; that is the job of well written server code and a good username/password combination. Which is why you DON'T forward a Chinese IP camera to the Internet, and DO disable its UPnP function so it can't forward itself. My suggestion was simply to reduce the amount of random traffic dropping by and hitting the server. A good analogy would be to say that port 80 is a big front door, open, with the lights on inside, whereas an obscure port is like a manhole cover hidden in the grass in the backyard that leads to an underground tunnel into the basement. You could enter via either of them, but the front door will see far more traffic and attract far more interest. People "casing the neighborhood" will see the open front door right away, but they would never have known about a backyard entrance and would've kept driving by for an easier target. Oh, and I run web servers on port 80 too. Some places you want to attract traffic. Others, not so much. Whoever is operating this site seems to like port 80 (HTTP) and 443 (HTTPS) or we wouldn't be here. I hear that this site also has a DDNS service, so someone's got port 53 (DNS) open too. Scary stuff, huh? Not if you understand how it works and what the actual risks are.

The dangerous misinformation your provide is tiresome and troubling. Stop it. Port forwarding is not safe. You can post this nonsense elsewhere.
Reducing the traffic hitting the server is of no consequences. It does not affect performance. IF you are stupid enough to port forward the blue iris webserver, dont encourage others to be that dumb.

 

[Tekbotslaya]

I've followed these forums for a while and I'm very close to installing my very first Dahua camera. I will have the same questions as the OP. But I also have two others:
1. I'm pretty sure that H.264 has been recommended many times instead of using H.265. Has that experience or recommendation changed?
2. I do not know what camera sub streams are and what they are used for. Can anyone explain?

Thanks!

Main stream is the primary video feed from the camera. Think high resolution. Sub streams are lower quality streams often used for monitoring or situations where a full quality stream is not needed.

 

[shalem2014]

I've followed these forums for a while and I'm very close to installing my very first Dahua camera. I will have the same questions as the OP. But I also have two others:
1. I'm pretty sure that H.264 has been recommended many times instead of using H.265. Has that experience or recommendation changed?
2. I do not know what camera sub streams are and what they are used for. Can anyone explain?

Sure. H.265 support is getting more widespread, and in my experience, the Dahua H.265 encoder is better than its H.264 encoder.

However, to fully answer your first question, I need to answer the second question. Sub streams are secondary, lower resolution streams from the camera. Back when IP cameras were VGA, and then 720p, it wasn't a big deal. But we've gone to 1080p, 2K and even 4K, causing the amount of processor power required to decode and detect motion on these video streams to increase astronomically! Since these streams are usually saved directly to disk, there's no need to decode except to run the motion detector and/or the live camera tiles. Enter sub streams. Blue Iris can now be directed to a camera's sub stream feed for 24/7 decoding/processing/display, thus greatly minimizing the amount of required processing power. When motion is detected, the full resolution stream can then be saved directly to the disk without decoding. Or when a user clicks on a camera tile to "solo" (select/zoom in to) a camera, Blue Iris can switch from decoding+displaying the sub stream to decoding+displaying the main stream, so the zoomed image shows in full resolution.

So back to your first question... One of the main drawbacks to H.265 video is the large amount of processing power it takes to decode compared to H.264. Before Blue Iris supported sub streams, decoding a number of full resolution H.264 streams was already hard enough for most systems. But now that we have sub stream capability, we can run the sub stream at H.264 low resolution, and save the H.265 stream directly to the disk without having to decode. Thus, the only time Blue Iris has to decode H.265 is when you're soloing a camera, or if your playing back recorded footage. Both cases, it's just a single stream, not however many cameras you have on your entire system all at once.

 

[XrayDoc88]

Thank you shalem2014. I think I followed most of what you said. So when you setup cameras in Blue Iris you choose to have full resolution H.265 encoding done from all the cameras, but you don't actually decode those streams when viewing multiple cameras in Blue Iris? Those main streams just get recorded? I guess there is a way to specify that the live view windows will be a lower resolution and utilize H.264 encoding so that the CPU doesn't explode when monitoring 6-8 cameras? Do I understand this correctly?

Besides the extra processing power needed to decode H.265 on the fly, is there any drawback to that codec? Could a 10th generation Intel Core i7-10700 likely handle all streams using H.265? Thanks again.

 

[Warptrooper]

Thank you shalem2014. I think I followed most of what you said. So when you setup cameras in Blue Iris you choose to have full resolution H.265 encoding done from all the cameras, but you don't actually decode those streams when viewing multiple cameras in Blue Iris? Those main streams just get recorded? I guess there is a way to specify that the live view windows will be a lower resolution and utilize H.264 encoding so that the CPU doesn't explode when monitoring 6-8 cameras? Do I understand this correctly?

Besides the extra processing power needed to decode H.265 on the fly, is there any drawback to that codec? Could a 10th generation Intel Core i7-10700 likely handle all streams using H.265? Thanks again.

I could answer this based on my testing. Your 10700 is MASSIVELY OVERKILL for BI lol

My i3 8100 (4 core 8th gen i3 no HT) with its tiny clock speed and puny stock cooler can easily record 2x 4MP streams for me with continuous record + motion timestamps while only using like 3% CPU when running as a service (while streaming 4K RDP connection)

Now live view 2 substreams with RDP sucks up about 20% CPU usage but goes down to 5%ish with BI minimized and flat 3% (maybe less with RDP) with BI closed and running as a service.

Going full screen on a cam makes it go into main stream view for higher detail.

You really don't need a 10700 for BI unless you are running A LOT of cameras.

Even my i3 8100 is hugely overkill for my currently 2 cam soon 4 cam setup.