Not everything should be connected to the Internet

Nate@postit.quantentoast.de to Technology@lemmy.ml – 257 points –
3D printer nightmare fuel: Bambu X1C and P1P started printing while owners were asleep
theverge.com

This is a good example, why not all devices should be connected to foreign servers. Errors can happen everywhere. But it could end badly, if some Corporations make errors and creating trouble, which would otherwise not happen.

In the case of the 3D-printer it is not that bad (except it destroys itself or even gets on fire), also you can turn it off. But imagine a smart stove top that lights up a towel (or something similar) while nobody is home.

Not, that I think that it is not useful to have something like that, but wouldn't it be nice, if that stuff would work locally? (with the WireGuard integration in modems, the access from outside of home with the smartphone, should also be no problem for non-tech people)

42

Ideally, almost no devices should be connected to the internet. Things like 3D printers, TVs with microphones/cameras, etc should be in a DMZ and have outgoing-only access to a restricted set of services.

If you're running anything close to a professional operation, set up your site professionally. For home users, I recommend sticking with SD cards, it's only mildly more annoying for the frequency of printing you're likely to do.

Octoprint is great, connecting the printer to somebody else's computer is crazy

Yup. I'd still put it behind a VPN though, just because of the inherent dangers in starting a 3D print job remotely.

I agree, using a VPN is generally a good idea (if the alternative is exposing it to the web directly).

I have an nginx reverse proxy with http auth, myself. It's such battle tested software that I trust it fully

For anyone doing similar: battle tested software is still fallible, and exploits could emerge at any point (same goes for VPNs). Be sure to set server_tokens to off, this prevents NGINX from revealing it's version to the world, which will help protect you in case an exploit is discovered down the line.

That's a good tip. Also: have your servers auto-update weekly. You will forget.

There's benefits to having your 3D printer connected to the internet though. It allows you to monitor the progress and lets you cancel the print if there's an error, potentially saving uou a lot on filament and repairs.

That being said, having them connect to centralized servers is dumb. Just add a Raspberry Pi with octoprint flashed onto it and set up your own connection if you want that feature.

Yep.

TVs, Fridges, Toilets, Dishwashers, Clothes Washers/Dryers, Thermostats, and a whole range of other things do not, and will never need, access to the internet.

By giving them access to the internet, you are just lighting a fuse and waiting for the bomb to go off. Maybe that bomb is personal banking details, maybe that bomb is financial in that someone cranks your AC up to 150 when you are gone for a week and come home to house full of heat damage and melt, or maybe that bomb is a 3d printer that turned on, malfunctioned, and burned your house down.

IoT is stupid.

Is there a guide for setting up a DMZ? I have a Nest cam for our dog (bought wayyy before Google bought them out) and use HomeKit for everything that allows it, but those devices have their own apps too so they have almost unfettered access to the net. I like having my AC on internet so I can turn it on/off when I’m not home in case I forgot to turn it on that morning (living in the PNW, so we don’t need it every day in the summer, as open windows are good enough and free), so I get home to a moderately cooled place rather than a hot box.

If you buy a fancy router (i.e. entry level professional grade, like MikroTik) or flash custom firmware (DD-WRT, OpenWRT, or Tomato), it should have the necessary features built in and have decent guides. I have a MikroTik router, but I've used each of the custom firmware I've mentioned as well.

You have a few options:

  • two separate physical networks - the router can be configured to bridge certain services and leave the rest completely separate
  • two virtual networks where devices are separated based on MAC or something - works the same as the first, assuming MACs don't change (could happen if the device is compromised)
  • one network where services are blocked for specific devices or certain ports - no need for separate networks, though you can often group devices to simplify rules (e.g. group all of your cameras and only allow certain traffic to/from them)

These are in order of preference top down, and reverse order of effort to setup (i.e. the first may require running new cables and/or installing new switches depending on network setup). For each option, you can configure a VPN with the network, so you can access your things remotely without having them be accessible to the outside world.

This gets trickier with cloud-based services where the only way to access things remotely is by going through someone else's server, which is when you'd need to instruct your router to allow only certain connections in and out. I prefer to just avoid those services and go with the VPN option.

I hope that makes sense. Since you're using cloud services, the last option will probably be the best bang for your buck. I personally go with the second because I plan to rerun cables to do the first soonish (my city is rolling out fiber, so I'll be messing with cables anyway).

Even if it allows that set of services, if the device allows any sort of control via that service you could still end up in a bad situation.

Recently at work they replaced the AEDs with new models that support Children, and have a Spanish guide mode, super nice. But they also are now connected to the Internet so that they report any usage and order a new set of pads automatically, plus it has a bright screen constantly cycling through advertisement of what the device is. Also for some reason the power button isn't actually a power button, and just triggers the start-up process while calling back to base, just like touching the on-screen buttons or pulling out the pads will do.

What could go wrong?

This is the best summary I could come up with:


3D printers are one of the few remote-controlled devices in a house that can get hot enough to start a fire, and now, we’re learning that remote control system wasn’t fully thought through.

(Even if Bambu’s printers do have thermal runaway protection that might prevent a true fire from breaking out, Maker’s Muse suggested in January that system needed improvements, too.)

“Our team is working closely with our customers to provide the necessary assistance and make sure they are able to get back to printing in the shortest time possible.”

Issues like this also make us wonder about potential misuse and hacks, of course — if this printer can be remotely controlled by cloud servers to such a degree, what’s to stop Bambu employees and hackers from abusing that, including the live video feed from its cameras?

To Bambu’s credit, the company has a robust LAN-only mode that you can turn on in the printer’s settings, which allows you to send jobs over home or Wi-Fi instead of across the internet.

(Bambu even recently updated it with live video streaming over LAN, though you can currently only access that from the desktop slicer app, not your phone.)


I'm a bot and I'm open source!

But surely, a 3D printer could/can. It's just that the software that runs on it shouldn't have shit security and there should be multiple safeguards and redundant fail-safe systems.

It shouldn't be be required to use a cloud service in order to use a piece of hardware that you bought and paid for.

I'm disturbed seeing so many of the new consumer targeted 3D printers (and so many other products) going in the "cloud required" direction.

shouldn’t be be required to use a cloud service in order to use a piece of hardware that you bought and paid for.

of course. I didn't really insinuate that it should.

That's true.

Like in the example, Why the heck should a stove should need cloud access. Or even better... a tesla power wall... -.-

I disagree. I think 3D printers don't need any security because they shouldn't be accessible directly from the internet.

If you want to 3D print things remotely, you should put your printers on a DMZ and use a piece of software that bridges the DMZ that starts/manages jobs, and hide that behind a VPN and MFA.

As you said, multiple layers of security, but I don't think 3D printers should be expected to provide any of that, except maybe checksums on print jobs so they don't print corrupted files. Have hardware vendors focus on making their hardware better, have software vendors focus on making their software better, etc. Once you start expecting hardware vendors to manage security properly, you dun goofed.

Thats true. I assumed that the bamboo Labs printer has some kind of thermal shutdown / overheating protection.

But i guess that is not enough. They should also habe a fire detection. Something like a smoke detector (optional would also be fine)

My printer got one installed above (but this one is because i fear that my PSU is catching fire xD )

Some things should only be connected to the intranet

imagine a smart stove top that lights up a towel

Who in their right mind puts a towel on a cooking surface whether the surface is in use or not? That's begging for problems to occur.

I take it you don't have children.

I don't either, just saying...

If it's a child that's putting things on the stove that don't belong there (or any other hot surface) then it's a child that needs to be taught better by their parents.

Yes, if a child makes a mistake (which they absolutely will make quite a few), then the parents are supposed to educate the child better. That's a large part of parenting, nobody's disputing that. That's not the point though, the point is shit happens, and it only takes one mishap for all hell to break loose.

My roommate happened to burn like half of his entire back with 2nd and 3rd degree burns when he was 6 years old from hot grease on the stove. And he actually did know better, he just happened to have a mishap because he was young and a bit short to reach the stove properly.

Yeah maybe his mom shouldn't have allowed him to use the stove so young, but shit happens in a single parent household when mom is gone to work to earn money for the bills and food and stuff.

Interesting. I've just gone through Bambu's main website, and the product specs, and there's no mention of cloud connectivity except where it says "You can send prints by Bambu Studio ... control your printer anytime anywhere".

So, do does anyone know if Bambu printers explicitly require cloud connectivity, or can they be used without it? I was actually considering buying one until I read about this. My use case would typically be using it with Octoprint.

We have a Bambu Labs X1C at work and it is not hooked up to our network. We run it off a SD card like any other printer. Only downside is you can't access the camera to check in remotely while it's printing.

Hmmm - do you know if USB is an option? My current printer is plugged into a dedicated RasPi with Octoprint.

Edit: and thanks for the reply - it's good to know the device isn't crippled without cloud. Annoying that you can't use the camera on your local network though. May be a deal breaker for me anyway.

Sorry, should have specified. If you have it connected to the local wifi network, then the camera works. We don't have it hooked up to anything which is why the camera isn't accessible for us.

I'll have to check it out on Monday to see if there's any usb ports.

Yeah, I just moved into a place with a Nest preinstalled. I'm terrified the thing will, any day now, become part of a zombie botnet.

I need to get it DMZ'd

A dumb thermostat is a cheap and easy thing to install. Even if you're renting. Odds are when you reinstall the old one when you leave, no one will ever know.

3D printers are one of the few remote-controlled devices in a house that can get hot enough to start a fire

They can also kill you with carbon monoxide if they're not vented properly.

Wait what?!? 😅 What kind of 3D-printer did they use?

Do FDM-printer emit that much carbon monoxide?

I don't think they do that story is just people jumping to conclusions. They can produce toxic fumes, but I don't know where carbon monoxide would come from.

https://3dprint.com/163470/did-a-3d-printer-just-kill-people/

They could burn some of the Material, but the Gases which get produced by this should not be enough to kill someone (else way more people would be dead i guess).

You are right. I think it would have to be malfunctioning. Don't think a properly working one would burn any thing. I had the feeling from some of the articles that people were under the impression a usual and properly working ones were dangerous because of carbon monoxide. The same risk is true of any electric device. It could burn slowly. Everyone should have a carbon monoxide detector and still vent things properly either way. :)

The same risk is true of any electric device.

Yeah, that's right. Better safe than sorry :D