Having been laid up for a while, I'm finally getting back to my projects and while going through some old things, like a Raspberry Pi3B+ running Raspbian "Stretch" OS, I got to thinking, what is the oldest version of node-red that you still have running and doing useful tasks?
For me it is node-red 1.2.9 with dashboard 2.28.1 running on a Beaglebone Green that runs an old school hard wired door/window sensor alarm system installed in 1978. The original control box is long gone but I set up an original Beaglebone (aka White circa 2012) with some level shifting logic so its 12V signals could be interfaced to the Beaglebone GPIO pins. After the Beaglebone White died during a thunderstorm (I've since upgraded the surge protection) I replaced the White with the Green and later added a node-red dashboard during the pandemic downtime and it has given no issues ever since. It runs 24/7/365 unless the power goes out and I can't get the generator started before the UPS battery dies or I discover the UPS has died when the power goes out (has happened twice since I first setup the White).
But the aforementioned Pi3B+ with Stretch is running node-red version 0.19.4 with dashboard 2.9.6. Admittedly it has been sitting on a shelf collecting dust for many years, but when I booted it, that old version of my "AI Person Detection add-on for security DVR" project still worked once I upgraded the IP address and rtsp URLs of the DVR (which changed from 720p to 1080p to 4K over the years). The limited functionality of that old AI system and dashboard still worked as good as ever!
I put my money where my mouth is when it comes to "If it ain't broke, don't fix it!" 
1 Like
As long as your device is running versions of the hardware, OS, node.js and Node-RED that align, you should be able to run right back to the very first release of Node-RED.
Of course, this would expose you to all the old limitations, bugs and issues as well. 
And heaven help you if something from the Internet ever managed to creep into your network! 
Very little chance of that, My IOT devices and security system are behind two NAT routers and neither accept any connection from the outside and any "guest" access they provide is disabled.
While this is true, this is not the only route for bad actors to gain entry.
If you have an Internet connected machine (say your daily-driver PC/Mac) that also connects to your Node-RED server then there is the potential for compromise. Similarly, if your Node-RED server reaches out and updates itself (both the OS and npm, maybe PyPi as well), that is another potential set of routes for compromise.
Not saying it is all that likely to happen but believe me things like that DO happen. We even seen many examples of physically disconnected systems being compromised.
If my desktop gets compromised the IOT devices would be the least of my worries! But the IOT and security DVR & cameras actually are in a NAT behind my Desktop, I guess triple NAT might be a more correct description.
It may be overly complicated for a "home" network, but I worry far more about my wife clicking a bad link or falling prey to human hacking. Does nothing positive for latency but we are not gamers.
I've never had a desire or need to connect to devices at home from outside.
When I first got DSL from AT&T it has a live Internet address that could be connected to from anywhere, only my Linksys router provided any security. I played around with it a bit and saw too many risks for the little upside to me. With in a year the abuse had AT&T change everything, but they seemed to have forgotten about me. When the DSL modem died the tech had never seen anything like it before and and was mystified.
I don't put anything other than streaming devices on the ISP provided router, I'm somewhat shocked that a "blackmarket" hasn't emerged for ISP router passwords since they are printed on a sticker on the bottom of the modem/router.
1 Like
