Duet muti printer server anyone?

Danal

V1.02 Now available.

Release Notes, 1.02:

• Speedup initial connect on page load.
• Cleanup wording around IP or HostName in several places
• Added "Disconnect and Close" button.
• Made individual line "Disconnect" buttons active.
• Added completion percentage to status while printing

Release Notes, 1.01:

• Allow hostnames (in addition to IP addresses)
• Fixed table sometimes not (re-)built properly after add or delete

Danal

dc42

Nice!

Danal

Everything in the above picture is real, updated from connections to real duets, and will perform the labeled actions when clicked, EXCEPT for the gray (white) buttons.

dc42

One little bug: under Chrome the printer names are displayed, but under Firefox it continues to show "TBD at first status update".

pogo1213

@Danal:

@pogo1213:

1.18 duet firmware
Chrome browser
Also DWC opens in the browser

I just clicked done with the blank password field.

Very interesting. Close to what I'm using. Hmmm… I may have to put a debugging console log in temporarily... but... I've just changed the central dispatcher/connector to make it more reliable, so, if you don't mind, try again.

You should see "V1.02" in the block of notes, if things have successfully refreshed. (Ctrl+Shift+R).

Will do, I'll let you know how it works

Danal

@dc42:

One little bug: under Chrome the printer names are displayed, but under Firefox it continues to show "TBD at first status update".

Interesting. Some subtle Javascript difference, no doubt.

Thanks, I will check it out on FF.

Danal

@dc42:

One little bug: under Chrome the printer names are displayed, but under Firefox it continues to show "TBD at first status update".

In the spirit of transparency: I'd broken this updating of the name from the board in all browsers.

V1.03 now available.

Release Notes, 1.03:
Fixed a bug that sometimes prevented newly added printers from obtaining and displaying the board name (i.e. the name stayed "TBD" forever).

Danal

@pogo1213:

Hey, it looks great! Im having an issue connecting, I added the IP for one and waited but it fails. I dont have a password on this board so I left the password blank. Could that be the issue? I have Deleted and retried a few times just to be sure. Thanks for the help.

Try 1.03 and let me know. If it still fails to connect, please do this:

1. Press F12. This opens a split screen. Click on the "console" tab in the split.
2. Reload the page. Ctrl-Shift-R, just to be sure.
3. Wait approximately three minutes. Several messages will appear in the console. Please copy/paste and email these messages to me. Don't wait too long!

I am "danal (dot) estes (at) gmail (dot) com".

Thanks!

pogo1213

I'll try right when I get home, it will be 3 hours. I tried late last night with 1.02 to no avail.

Cata

Nice server. Currently I am using a split screen with two tabs. I will try this in my 7" screen with raspberry pi 3.

tomasf

Nice work. This could be pretty handy.

Interesting to see that DWC includes a Access-Control-Allow-Origin header that allows stuff like this. Doesn't feel great that any website could pull data from my Duet if it wanted to. Or for that matter, execute arbitrary G-code, which would work even without CORS.

Danal

@tomasf:

Interesting to see that DWC includes a Access-Control-Allow-Origin header that allows stuff like this. Doesn't feel great that any website could pull data from my Duet if it wanted to. Or for that matter, execute arbitrary G-code, which would work even without CORS.

Just my opinion:

The Duet server should be treated as insecure, with or without any given header, etc. For one thing, it doesn't do HTTPS, and so the password should be considered open to discovery by anyone on the same network. Traffic to and from a Duet should never be exposed outside the network segment it is on… NEVER to the public internet. It should ALWAYS be proxied with external authentication and external facing HTTPS provided by that proxy.

With regard to "Any Arbitrary Website", the code loaded from a malicious website into a browser that was already connected to a Duet (via DWC or MultiDWMC) would have to find the Duet's address. There is no (known) way to discover a Duet. (Otherwise, I'd be using it...).

Given that a Duet can't be treated as secure, then configuring toward maximum utility on the local network segment makes sense.

Again, just my opinion.

Danal

@Austin55:

I am much more interested to know more about duet printer server. I will wait for next updates.

About

• A Duet Board/Firmware?

• "Duet Web Control" that comes with the board firmware?

• "Multi Duet Web Monitoring and Control" which is being discussed in this thread?

dc42

@Danal:

There is no (known) way to discover a Duet. (Otherwise, I'd be using it…).

Actually there is a way to discover a Duet WiFi if you have an Android smartphone or tablet. Look for "Find my Duet" on Google Play.

Danal

@dc42:

@Danal:

There is no (known) way to discover a Duet. (Otherwise, I'd be using it…).

Actually there is a way to discover a Duet WiFi if you have an Android smartphone or tablet. Look for "Find my Duet" on Google Play.

Ah, interesting… is the underlying technique usable from a browser/javascript?

And/or is the "Find my Duet" source available?

chrishamm

@Danal:

And/or is the "Find my Duet" source available?

See https://github.com/chrishamm/FindMyDuet

tomasf

@Danal:

The Duet server should be treated as insecure, with or without any given header, etc. For one thing, it doesn't do HTTPS, and so the password should be considered open to discovery by anyone on the same network. Traffic to and from a Duet should never be exposed outside the network segment it is on… NEVER to the public internet. It should ALWAYS be proxied with external authentication and external facing HTTPS provided by that proxy.

I agree. I just think it's a shame that this is the case. TLS might be a bit too much to ask, I guess, but some rudimentary cookie-based authentication sounds reasonable to me. Attackers could still sniff the traffic and find the password when the user authenticates, but it's much better than nothing.

@Danal:

With regard to "Any Arbitrary Website", the code loaded from a malicious website into a browser that was already connected to a Duet (via DWC or MultiDWMC) would have to find the Duet's address. There is no (known) way to discover a Duet. (Otherwise, I'd be using it…).

Yep, apart from using a zeroconf address (that you would still have to guess). However, a web page could iterate through common local IP numbers (say 192.168.0.*) and the chance of finding it would be relatively significant. I don't like the idea of security through obscurity.

Danal

@dc42:

Actually there is a way to discover a Duet WiFi if you have an Android smartphone or tablet. Look for "Find my Duet" on Google Play.

So mDNS / Bonjour is supported by Duet firmware. Unfortunately, there is no way (I can find) to browse for a mDNS / Bonjour directly from Browser based Javascript.

This does (somewhat) address the security concern.

Danal

By the way, I'm taking a short pause to re-package "Multi" for github, and create build scripts that produce a .zip package suitable for "serving from Duet" and a package suitable for "Serving from anywhere".

More soon… meanwhile, keep the feedback and design ideas coming...

http://danalspub.com/MultiDWMC

for now, if you want to take a look.