halfsak

joined 2 years ago
[–] [email protected] 2 points 23 hours ago

They did say they wanted the military to be more lethal. Didn't think they'd start with such soft targets as domestic passenger airlines though.

[–] [email protected] 2 points 1 week ago

I've edited the post to add a note about an outbound rule possibly needed in the printer VLAN. If the printer VLAN is locked down, it could be blocking the advertisement before the UDP Relay gets a chance to see it. This should fix that. See if works for you

[–] [email protected] 1 points 1 week ago

ACL's can accomplish it if that's your only goal, but there are other benefits of vlans for security and privacy. For example an ACL works at layer 3, so it won't block other nosy devices on your network from seeing everything else via layer 2 and then reporting back what it finds. VLANs also make it easy to use different security policies for each network if you do any sort of IDS/IPS as I do.

[–] [email protected] 2 points 1 week ago

Yeah sorry I wish I had time to really expand this out into a nice guide, but unfortunately I don't right now. There aren't any comprehensive guides that I've found, but it's still worth a look. Everybody's network is a little different in terms of setup and equipment. Hopefully with the basic ideas I've shared it can point someone in the right direction to figure out a working solution in their environment.

[–] [email protected] 29 points 1 week ago

Also, if you agree that this change by Bambu is ridiculous, make sure to let them know how you feel at [email protected]

81
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
 

In light of recent developments with Bambu's Authorization system, I thought I'd share what has worked for me to keep my printer secure in my network, and control any updates to either the printer's firmware or to Bambu Studio.

First, I have my printer set in LAN mode and connected on a separate VLAN which has all outbound Internet traffic blocked. This is setup on my router/firewall PC running pfSense. My desktop PC running Bambu Studio is on my normal usage VLAN which does have Internet access. In order to discover the printer in the separate VLAN, I use a package in pfSense called "UDP Broadcast Relay", and set it up to rebroadcast between the two VLAN's anything on port 2021 which is what the printer uses to advertise itself on the network. Keep the spoof source set as 'Original' address. As long as my desktop PC's VLAN has access inbound into the printer's locked down VLAN, bambu studio will be able to connect to the printer once it sees the advertisements. If you don't run pfSense or something similar, and your printer is on your same network, check your router to see if it has a built in firewall. You might be able to set a static IP for your printer, and then block that IP's outbound traffic.

EDITED TO ADD: Depending on how locked down you have your printer's VLAN, you'll likely need to create an outbound rule in the printer's vlan allowing UDP traffic from your printer's IP as the source, to the destination ip and port of 255.255.255.255:2021 so that the UDP Broadcast Relay package will see the broadcast advertisement.

Secondly, to lock down Bambu Studio, I've created two rules in windows firewall. The first one is inbound, which is set to allow only traffic to the bambustudio.exe program from my local networks. The other one is an outbound rule to block all traffic from the program, except for my two local networks (the two VLANs). If you have any existing inbound rules for BambuStudio, which you likely do from when windows first asked you if you wanted to allow the program to connect to the internet, disable them. This will still allow connection to the printer, but block any accidental or sneaky updates that you weren't aware of, or accidentally clicked to update when you didn't mean to. This also blocks any access to maker's world community models from within the program, but you can still go there in your browser. In fact if you can still see the models online on the home page of the program, you didn't get your firewall rules setup right. These rules will also block your browsers ability to open files from makers world directly into bambu studio if that's what you're used to, but you can download the 3mf file and then open it as an extra step.

If I ever decided I do want to apply an update, I can temporarily disable the firewall rules. However, in the past I really only updated to get the profiles for new bambu filaments in both the studio and the AMS. This is moot now, as I don't plan on ever buying Bambu materials again unless they reverse course.

Hope this helps someone

[–] [email protected] 8 points 1 month ago (1 children)

NYPD probably found the gun and id's in the backpack found in central park and planted it on this guy so they could claim victory

[–] [email protected] 16 points 5 months ago (3 children)

Yup. This is how you create a single point of failure when it comes to privacy.

[–] [email protected] 12 points 5 months ago

That's the general idea, but life's not that black and white. It's better if both parties contribute to avoiding collisions. It's the same reason why I'm required to have brake lights and hazard lights on my car.

[–] [email protected] 2 points 2 years ago

I'm using aqara temp/humidity sensors throughout the house. I'm not sure what the fan is, it's just a standard exhaust fan, but its controlled with a Kasa smart switch.

[–] [email protected] 10 points 2 years ago* (last edited 2 years ago) (2 children)

No need for occupancy sensor. I have mine set to turn on when bathroom humidity is both above 70%, and 10% greater than my living room humidity. It'll run a minimum 5 minutes, and then once the humidity is back within 10% of the living room, or below 68%, it'll shut off. It's been working great for over a year.

I also have it set to auto shut off 20 min after manually being turned on, but just before shutting down it checks the humidity to make sure it doesn't meet the above criteria. This avoids the event where you turned the fan on while dropping a deuce but then got in the shower right after - don't want the fan shutting down early. Also, if I ever manually turn the fan back on within 5 minutes of it auto shutting off, it will run for 10 min before shutting down vs the normal 20.