Duet3D Logo Duet3D
    • Tags
    • Documentation
    • Order
    • Register
    • Login

    What NOT to spend time/resource developing

    Scheduled Pinned Locked Moved
    Firmware wishlist
    11
    26
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DjDemonDundefined
      DjDemonD
      last edited by

      It's a shame that Duet3D didn't make the network system modular from the off, with swappable wifi/ethernet modules, but the the retrospectoscope is rather an accurate instrument.

      Simon. Precision Piezo Z-Probe Technology
      www.precisionpiezo.co.uk
      PT1000 cartridge sensors NOW IN, just attach to your Duet board directly!

      1 Reply Last reply Reply Quote 0
      • dc42undefined
        dc42 administrators
        last edited by

        @kraegar:

        @DjDemonD:

        Why not take a mini router, connect it to it and then connect to a PC. If its password protected it shouldn't be accessible to anyone else there.

        I did that last year. The WIFI was extremely crowded with SSIDs from people doing that same thing, and connectivity was horrible. Honestly I think ethernet is the only way to go there.

        Maybe run the Duet in AP mode?

        Duet WiFi hardware designer and firmware engineer
        Please do not ask me for Duet support via PM or email, use the forum
        http://www.escher3d.com, https://miscsolutions.wordpress.com

        1 Reply Last reply Reply Quote 0
        • kraegarundefined
          kraegar
          last edited by

          @dc42:

          @kraegar:

          @DjDemonD:

          Why not take a mini router, connect it to it and then connect to a PC. If its password protected it shouldn't be accessible to anyone else there.

          I did that last year. The WIFI was extremely crowded with SSIDs from people doing that same thing, and connectivity was horrible. Honestly I think ethernet is the only way to go there.

          Maybe run the Duet in AP mode?

          Not a bad plan. May try it. Just enough web connectivity to upload STLs if needed is all I really need, though. For the most part I just run demo prints at MRRF.

          Co-Creator of the RailcoreII CoreXY printer
          https://www.thingiverse.com/thing:2407174

          1 Reply Last reply Reply Quote 0
          • JohnOCFIIundefined
            JohnOCFII
            last edited by

            @Danal:

            I want to open a somewhat sensitive subject. I have fairly strong opinions on this; nonetheless, I have an open mind and would like to hear other perspectives.

            I believe that Duet Firmware developers should not spend time on developing security any further (or not much further) than it exists today.

            I'm in conceptual agreement.

            My only concern is it seems browser vendors are moving away from support of HTTP. I'd want to ensure the firmware keeps up enough with industry to avoid situations where people have to jump through hoops to use it.

            Examples of industry discussion:

            http://www.zdnet.com/article/google-tightens-noose-on-http-chrome-to-stick-not-secure-on-pages-with-search-fields/
            https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/

            John

            1 Reply Last reply Reply Quote 0
            • DjDemonDundefined
              DjDemonD
              last edited by

              @kraegar:

              @dc42:

              @kraegar:

              @DjDemonD:

              Why not take a mini router, connect it to it and then connect to a PC. If its password protected it shouldn't be accessible to anyone else there.

              I did that last year. The WIFI was extremely crowded with SSIDs from people doing that same thing, and connectivity was horrible. Honestly I think ethernet is the only way to go there.

              Maybe run the Duet in AP mode?

              Not a bad plan. May try it. Just enough web connectivity to upload STLs if needed is all I really need, though. For the most part I just run demo prints at MRRF.

              Can you upload a file to a duet over usb to be started from panel due? And leave wifi off.

              Simon. Precision Piezo Z-Probe Technology
              www.precisionpiezo.co.uk
              PT1000 cartridge sensors NOW IN, just attach to your Duet board directly!

              1 Reply Last reply Reply Quote 0
              • Danalundefined
                Danal
                last edited by

                If you take your printer to a show, and you do NOT need WiFi, you need change nothing, assuming WiFi at your home has WPA2 and a password. The SSID/Password will not be present at the show, and the printer will connect to nothing. Absolutely secure.

                If you DO need WiFi, put the Duet in "Access Point" mode with an SSID and Password that you use only for that show. That way, you can connect, but no one else can. Absolutely Secure.

                No router needed, in either case. The security is at the WPA2 level, not the Duet.

                Delta / Kossel printer fanatic

                1 Reply Last reply Reply Quote 0
                • Markdndundefined
                  Markdnd
                  last edited by

                  Another thing to bear in mind is that, although you can use a self signed certificate, it would only stop casual snooping and is easily spoofed. To implement SSL properly (and stop browsers and web security packages bleating) would require an official SSL certificate per printer at a cost of about £40 per year.

                  And for what? To stop someone who already has full access to your network sniffing the username and password that most people probably haven't set in the first place.

                  A simpler solution would be to implement a white-list of MAC addresses that the printer will allow to connect to it. Still not exactly rocket science to defeat, I accept, but it would stop accidental connections and block the casual experimenter at public events.

                  Better still, get a cheap (£15) wireless AP and put it right next to your Duet WiFi then use an Ethernet connection from your PC/Laptop to it. Effectively turns the Duet into an Ethernet model with a private network. (Surround it with a Faraday cage if you want to get even more isolation)

                  1 Reply Last reply Reply Quote 0
                  • Danalundefined
                    Danal
                    last edited by

                    @Markdnd:

                    Better still, get a cheap (£15) wireless AP and put it right next to your Duet WiFi then use an Ethernet connection from your PC/Laptop to it. Effectively turns the Duet into an Ethernet model with a private network. (Surround it with a Faraday cage if you want to get even more isolation)

                    Duet itself has AP mode. With WPA2. No extra router needed.

                    Delta / Kossel printer fanatic

                    1 Reply Last reply Reply Quote 0
                    • Danalundefined
                      Danal
                      last edited by

                      @Markdnd:

                      A simpler solution would be to implement a white-list of MAC addresses that the printer will allow to connect to it. Still not exactly rocket science to defeat, I accept, but it would stop accidental connections and block the casual experimenter at public events.

                      At a public event, even if the config is untouched and the Duet is still in "client" WiFi mode, it will not connect, because there are no WPA2 APs with the correct SSID and Password of the printer owner's home network.

                      To be clear, the SSID can't be discovered, because clients don't broadcast it.

                      The WiFi client in the duet will be sending an 802.11 management packet known as a "probe request". This contains NO information about the SSID; even if an 'evil' AP responds to it, that evil AP would have to have prior knowledge of the SSID and the Password of the printer owner's home network to associate and authenticate the Duet.

                      Short version: Config untouched, all is still secure, no one can connect, including the printer owner.

                      Delta / Kossel printer fanatic

                      1 Reply Last reply Reply Quote 0
                      • Danalundefined
                        Danal
                        last edited by

                        To summarize two posts:

                        Public event. Config untouched. Perfectly secure, as the printer client has no network to which it will connect. However, printer owner can't connect either; only paneldue usable.

                        Public event. Config changed to AP mode with a throwaway SSID and PWD for that event (that the owner of the printer never tells anyone). Perfectly secure. And, the printer owner can connect, if they choose to put their mobile on that network.

                        Delta / Kossel printer fanatic

                        1 Reply Last reply Reply Quote 0
                        • kraegarundefined
                          kraegar
                          last edited by

                          @Danal:

                          To summarize two posts:

                          Public event. Config untouched. Perfectly secure, as the printer client has no network to which it will connect. However, printer owner can't connect either; only paneldue usable.

                          Public event. Config changed to AP mode with a throwaway SSID and PWD for that event (that the owner of the printer never tells anyone). Perfectly secure. And, the printer owner can connect, if they choose to put their mobile on that network.

                          Good call. I don't know if AP mode was implemented last year when I took my own AP. I'll probably switch it to AP mode for MRRF, and see if I can get a connection at all. If not, SD card should be good enough.

                          Co-Creator of the RailcoreII CoreXY printer
                          https://www.thingiverse.com/thing:2407174

                          1 Reply Last reply Reply Quote 0
                          • dc42undefined
                            dc42 administrators
                            last edited by

                            AP mode wasn't working this time last year.

                            Duet WiFi hardware designer and firmware engineer
                            Please do not ask me for Duet support via PM or email, use the forum
                            http://www.escher3d.com, https://miscsolutions.wordpress.com

                            1 Reply Last reply Reply Quote 0
                            • Danalundefined
                              Danal
                              last edited by

                              @dc42:

                              AP mode wasn't working this time last year.

                              Ah, did not know that. In that case, an extra router would be the secure way to have WiFi at a show.

                              Resummary given the above:

                              Public show, no config changes. All secure. No one can use WiFi, including the printer owner.

                              Public show, change config SSID and PWD and also bring a WiFi router, to effectively act as an AP. Printer owner can use WiFi. As can anyone he tells the SSID/PWD. Secure from everyone who doesn't have the SSID/PWD.

                              Delta / Kossel printer fanatic

                              1 Reply Last reply Reply Quote 0
                              • tomasfundefined
                                tomasf
                                last edited by

                                @Markdnd:

                                Another thing to bear in mind is that, although you can use a self signed certificate, it would only stop casual snooping and is easily spoofed. To implement SSL properly (and stop browsers and web security packages bleating) would require an official SSL certificate per printer at a cost of about £40 per year.)

                                If you configure your browser/OS to trust your self-signed cert, you get the same kind of security as an expensive bought cert. Spoofing it with a MITM attack would trigger a security warning, just like spoofing any website cert would. So there's nothing insecure about using self-signed certs, really.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Unless otherwise noted, all forum content is licensed under CC-BY-SA