Month: December 2021

Posted on

Calibrating My 3D Printer: Temperature Tower

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am recalibrating my 3D printer after leaving things to rot for a year or so. Let’s get started!

Printer Alignment

The first step in getting my printer operational again was to start from the beginning: alignment. My father got out the bubble level and I folded some large papers to get the plethora of degrees of freedom all lined up.

Tuning continued with the built-in, poorly communicated bed leveling tool. The printhead traveled to each corner and I slipped a calibration sheet under it and adjusted the corners such that it could slide, but not freely. When the right Z-axis was found to be misaligned, my father reached in and turned it a bit. I was sure it would have been frozen, but we were able to level the horizontal bar.

Temperature Tower

One well-used calibration test is the temperature tower. Regular printers use ink/toner (which original manufacturers go to great lengths to regulate) and paper (which is so standardized, it’s rare to see messed up). 3D printer filament is at least as varied and presents itself as universally interchangeable as long as it fits and the printer can melt it. As a result of differences between specific models –and even specific printers/printing environments– filament and printer manufacturers can only make broad guesses as to what the best setting will be for your specific printer.

That is where the temperature tower comes in. Instead of printing the same test shape over and over again on different jobs, they can be stacked one on top of the next and an instruction to change printhead temperature for each “floor” can be inserted.

From what I’ve gathered, temperature towers are normally assembled manually in a slicer for the exact printer, but I decided to try one straight from gcode (that went hot to cold; I didn’t want the filament freezing on the bottom and making a mess trying to print atop thin air). I didn’t first make sure the printer would be able to understand it; I didn’t make sure it would fit within my printer’s volume. I just loaded it up and hit print. Surprisingly, it worked. I had adjusted my bed a bit high and the first layer was smooshed (making it very difficult to remove), but I’m officially printing again.

I used my red filament and the tower that came out demonstrated its ability to bridge, overhang, and produce fine points. Each floor is numbered after the temperature it was printed at. The whole range was fairly good, but there was less stringing higher up, where the printhead was cooler. All other tests performed well at most temperatures.

Side Project

This month’s effort to reward award goes to getting my father printing on Debian. I sat down with him to get it working and we installed the CUPS universal printer driver and it worked with no additional fiddling.

Takeaway

Printer calibration is an important step to understand and use when needed – 2D or 3D. 3D printing is a much younger technology with a literal extra dimension for things to go wrong; it requires a greater degree of technical mindedness to keep in working order to the point where you at least need to be or know a hobbyist to have continued access to this amazing consumer level technology.

Final Question

I had more planned in terms of printer calibration, but it looks like that will need to wait for next week as I figure out the thought process for PrusaSlicer. It looks like they have some sort of preheat function in the .gcode header, but in practice, I already preheat my bed and hot end before selecting a file to print. In my workflow, this programming blurb ends up telling things to cool. Any ideas where the setting is to control it?

Posted on

Baking Old Filament May Reduce Water Content

Good Morning from my Robotics Lab! This is Shadow_8472 and today, I am getting back into 3D printing, but I doubt it’s going to be pretty. Let’s get started!

Inspection of Equipment and Materials

My 3D printer is in used condition. The print bed is scratched and one of the two Z-axis rods got bent at around the same time. My filaments are old and brittle. I can’t even use the slicer it came with anymore because it’s both outdated and made exclusively for Windows. I’d rather just start over with a standard one designed to be user-serviceable. But that’s not an option at the moment.

I should learn about what I already have and work from there. There’s not much I can do about the scratch unless the original replacement pad shows up or unless I’m willing to fill it in/cover it up somehow. As much as I’d like to replace the Z-axis rod, a suitable replacement proved elusive for reasons discussed above; besides, the tweak doesn’t look that bad – the top of the rod only moves back and forth a little when the print print head is moving vertically and is down low. Alternate slicers exist. Long story short, I may as well give this printer one last chance before giving up on it completely.

Filament Reclamation

I have two PLA filaments I’m considering today: my original, red one and an opaque white one I got later and hardly ever used. Red used to just work. White felt different from its day 1 and never printed nicely. After a couple years of absorbing moisture from the air, they’re both as stiff as spaghetti. I even bent one piece of White until its middle piece snapped out from between the ends.

Besides causing stiffening, absorbed water evaporates when exposed to heat, causing problems such as the ones I experienced last time I tried printing. Water from within the filament forms steam, and it’s the steam that causes mysterious jams that seemingly go away come time for diagnostics.

A number of places have listed methods for drying out filament: bake it. Just be aware of the material’s glass transition phase where it goes from resembling a wire to resembling a more squishy rubber. The whole spool will fuse and you’re reclamation efforts will be for none. For PLA, that transition is somewhere around 140 degrees Fahrenheit.

To be safe, I elected to aim for 100-120 degrees F. My stove at home doesn’t hold its temperature that low. We put a bowel of water in overnight with a rising loaf of bread and it tested way cooler than needed. We tried our old toaster oven and tested at 125 F – close, but as I only had one shot to fix what I have, I didn’t want to risk it.

Specialized devices exist to dry out filaments. I was able to approximate one by modifying a food dehydrator operating at 125 F. My final design involved a rheostat from my father’s soldering iron to adjust the otherwise fixed temperature, some Duplos (a Lego-like block aimed at younger ages we’ve had laying around since I was little) to hold up the lid, and a tall, plastic film from my mother’s cake supplies to extend the tray. Without a thermostat, I monitored the temperature myself with a digital cooking thermometer we got for my sister’s bread making.

Both Red and White were dried overnight. White still felt stiff, so I left it in for several hours more. The temperature was difficult to keep constant. I left the contraption in a small room, and the room warms up and I have to turn the power down. If I had known how to easily, I would have built a thermostat capable of operating in those ranges. In retrospect, it would have been better to just leave it in the toaster oven on warm and not worry about it.

Side Project

I was able to get Vaultwarden running by forwarding the incoming traffic to the container’s port 80 instead of 443. However, this is still sub-optimal. I have my ability to manage passwords between devices back, and that feels sooo good after months of downtime, but I’ve been strongly encouraged to use a reverse proxy. This week, I looked into NGINX, and I believe that will be a focus some time in the coming weeks.

Takeaway

The path to my improvised filament dehydrator was a little longer than going right there. My early approach was At first, I figured I’d want to build something with a couple appliance bulbs like what the oven uses. The food dehydrator I eventually used as a base only has an on-off switch, so to lower its steady state temperature, I used some short Duplo stilts to raise a lower level to let ambient air in. I kept them for my production run, though if I have to run it again in the future, I’ll leave the sides closed and turn the power down lower on the rheostat.

Final Question

What would you tell someone who is ready to know more about 3D printing than: use slicer, level bed, load filament, press start?

Posted on

Self-Signed Vaultwarden Breakdown

Good Morning from my Robotics Lab! This is Shadow_8472 and today, I am going over creating a self-signed certificate for my Vaultwarden. Let’s get started!

I’ve spent a long time trying to figure out proper HTTPS, but slapping on a solution and going without understanding the underlying workings doesn’t feel right. I don’t even have that. As long as I learn something each attempt, that should be good enough. I’ll be following the tutorial from Vaultwarden [1] with commentary from censiClick’s video [2]. My commentary here will be largely guesswork based off those and associated manual pages [that I have no idea how to properly cite but are available by typing man <command> in most Linux terminals].
https://github.com/dani-garcia/vaultwarden/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome
https://www.youtube.com/watch?v=eCJA1F72izc

Step 1: Generate Key

openssl genpkey -algorithm RSA -aes128 -out private-ca.key -outform PEM -pkeyopt rsa_keygen_bits:2048
openssl genpkey

This base command generates a private key for OpenSSL.

-algorithm RSA -aes128

RSA and aes128 are encryption algorithms for generating the key. RSA is a public/private key system and aes is a powerful single-key algorithm. Here, they can be seen working together to create a powerful encryption without having to find a relatively private back alley to exchange keys.

-out private-ca.key -outform PEM

These flags specify where to save the key after it’s generated and what format to save it as.

-pkeyopt rsa_keygen_bits:2048

(Private KEY OPTion) This flag lets you manage options for key generator algorithms, in this case: using the 2048 version of RSA.

Step 2: Generate Certificate

openssl req -x509 -new -nodes -sha256 -days 3650 -key private-ca.key -out self-signed-ca-cert.crt
openssl req

(REQuest) This command obtains certificates. In this case, it’s generating one itself, but as the name implies, it’s aimed more at requesting them from an authority.

-x509 -new -nodes -sha256 -days 3650

-x509 specifies that this root certificate will be self-signed. The -days flag will set it to expire in ten years minus leap days. The -new flag has the user fill in some additional information for the certificate, -nodes leaves private keys unencrypted, and -sha256 is a hash function.

-key private-ca.key -out self-signed-ca-cert.crt

These final flags are I/O. key loads the key from the previous command, out names the certificate.

Step Three: Preparing to Sign

openssl genpkey -algorithm RSA -out bitwarden.key -outform PEM -pkeyopt rsa_keygen_bits:2048
openssl req -new -key bitwarden.key -out bitwarden.csr

These commands are similar to before but for Bitwarden. They lack components needed to make the root certificate authority. There’s also some sort of special configuration file I’m not looking to break down, but is around under Vaultwarden’s GitHub [1].

Step Four: Signing the Certificate

openssl x509 -req -in bitwarden.csr -CA self-signed-ca-cert.crt -CAkey private-ca.key -CAcreateserial -out bitwarden.crt -days 365 -sha256 -extfile bitwarden.ext

Finally, it’s time to bring everything together to sign the certificate. Many of these flags are familiar from previous commands. Reading through it, it feels like the last stop to make sure all your papers are in order. Some operating systems are rightfully cautious about certificates signed for an overly lengthy time.

From here, it’s a matter of starting the Vaultwarden container with its new certificate and assuring whichever browsers you’re using that you trust the new certificate authority [2].

Practice to Practical

I’m glad I took the time to study this a little more closely than blindly following instructions this time. When making using openssl req, I was able to confidently regress by deleting a few files so I could give a different common name to the root CA and Vaultwarden’s certificates respectively.

The next challenge was successfully launching the Podman container. Following along with the censiCLICK tutorial, I had three new flags relative to last time I was working with Podman. One was to restart the container unless stopped (no elaboration provided).

The second flag tripped me up. I confused a pair of default ssl certificates for the of self-signed ones required later on, bitwarden.crt and bitwarden.key, created in earlier steps. I copied those two files into their own Podman-mountable directory. Once again, I added the :Z flag to tell SELinux it’s OK.

-e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}'

The final flag sets an environment variable as the container finishes starting. This particular one is configured to tell Vaultwarden where the files are to encrypt HTTPS. If they aren’t there –as I found out while I was still sorting the system certificates– something inside the container shuts it down; it was not a fun combo with the restart unless manually stopped flag as I had trouble removing the container so I could create a new for my next attempt. I knew I was done when podman ps returned a container running for longer than a second or two…

…or so I thought. I went to import my root certificate authority to Firefox, and I still can’t connect even when specifying https://<ButtonMashIP>:44300.

Long Story Short:

podman run -d --name vaultwarden --restart unless-stopped -v /home/vaultwardenUsr/<path/to/vw-data>/:/data/:Z -v /home/vaultwardenUsr/<path/to/private/certs>/:/ssl/:Z -e ROCKET_TLS='{certs="/ssl/bitwarden.crt",key="/ssl/bitwarden.key"}' -p 44300:443 vaultwarden/server:latest
Edit Jan. 6 2022: Vaultwarden listens on port 80, so I'm using -p 44300:80 now. And when you go to verify in a browser, be sure to use https:// or you get "The connection was reset".

This is my current command to generate a Vaultwarden container with Podman and no root privileges. In the end, the only major differences with Docker containers are the paths to mount the volumes Vaultwarden needs from the host machine and the :Z flags for SELinux. Currently, I’m not able to establish a secure connection. I have a help request out, and will edit if I get an update later today, otherwise, I already know what next week’s side project will be.

Side Project

Thursday held a startling surprise as a new zero-day exploit appeared affecting Minecraft, among other things. I must have found out within a few hours of it going public. After doing my research and checking sources, I concluded it was real and with the help of tech support, I was on a patched version of Paper within an hour or so of finding out.

Log4Shell (as this one has come to be called) is scary both because an attacker can take full control of a vulnerable computer and how common vulnerabilities are. On the other hand, once such exploits go public, things get updated pretty fast.

Here is the best article I’ve seen as of about ten hours of the exploit going public: https://www.lunasec.io/docs/blog/log4j-zero-day/

The moral of this story is to keep your software up to date, especially if you see any big stories about computer security.

Takeaway

All the HTTPS literature I found appears to be aimed at the curious pedestrian or the seasoned system administrator. This made it very difficult to be someone in an in-between level of understanding. On a personal note, I learned that pressing the / key while in a man page lets me search the document, a feature I really wished I knew about two years ago.

One important critique I’d offer the censiCLICK video is that the tutorial was dumped straight into the home directory and no effort was given to change default usernames/passwords, which I would consider very important for a monolithic tutorial.

Final Question

Have you ever had a project fight you to the bitter end?

Works Cited

[1] “Private CA and self signed certs that work with Chrome”github.com, [Online]. Available:https://github.com/dani-garcia/vaultwarden/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome. [accessed Dec. 13, 2021].

[2] censiCLICK, “Full Guide to Self-hosting Password Manager Bitwarden on Raspberry Pi,” on YouTube, Nov 15, 2020. [Online video]. Available: https://www.youtube.com/watch?v=eCJA1F72izc. [Accessed Dec. 13, 2021].

Posted on

Emergency Power Reserves

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am adding an uninterruptible power supply to ButtonMash instead of actually finishing the Bitwarden job because SSL certificates are very confusing to research. Let’s get started!

Computers 101

Here is the first lesson in computer literacy: power in, stuff happens. But unlike simple light bulbs, computers are essentially endlessly shifting labyrinths of electronic circuits. Complex patterns of information flash back and forth at near light speed both within any given computer. Networked computers form even more complex circuits. Everything is timed on the scale of nanoseconds or tighter. Power a local node off suddenly, and these patterns can be interrupted. That is why it’s important to use proper shutdown procedures.

But power outages are almost always a surprise. Planned maintenance or safety shutoffs can happen, but more often than not, the power company is just as surprised as its customers left in the dark. Backup systems are about as varied as their applications. I’ve heard of an old diesel locomotive engine rigged to jump start power generation for an entire college campus. Combustion-powered generators are popular at many scales. The hardware I’m dealing with today is an Uninterruptible Power Supply (UPS) from CyberPower.

First Impressions

This particular unit is essentially a battery with an inverter and some electronics to monitor everything. Going off just the box and literature it shipped with, it can power a little network device for several hours or a gaming console and TV for half an hour. Just don’t go trying to vacuum with it or run a space heater off it.

The unit has a USB-B connector in back, but little more is said about it than it carries data. I had to do a bunch of background research online to know beyond the shadow of a doubt that my particular model here could communicate a power outage so the system can gracefully shut down. Otherwise, it’s useless for long and unattended outages.

I did not find the CyberPower website helpful. The Linux driver section kept listing RHEL/CentOS 7 and ButtonMash is running a RHEL 8 compatible system. By the time I got around to seeking personal assistance finding the right driver, we had lost the receipt and didn’t know the exact date of purchase, which was the only field labeled required by the help form.

I borrowed a phone and called in. After explaining my situation, retrospect has me believe I was shepherded into the part of the help script pointing me past the one spot where the RHEL driver included version 8, and by then I had forgotten I was still wondering if my specific model could actually use the driver. Assuming it could, it wasn’t clear if the driver could hook into Cockpit or if it would want an open port all to itself.

Open Source Driver: NUT

CyberPower’s official support may be official, but it left a bad impression. When I saw that the driver needed root privileges, I decided to research an open source driver. Not many appear to exist. I reached out to my usual Linux community support channel, but it was quiet all day. I eventually landed on a mention of Network UPS Tools (NUT).

Unfortunately, my research here is incomplete. My impression is that they’ve been around for a while and that I will need to familiarize myself with some less beginner-friendly Linux rituals to operate effectively there. NUT appears to be exclusively distributed as source code signed with GPG. I haven’t mastered either skill. Furthermore, even if I do get the driver working, my specific model isn’t on their known working list. In any case, I will need to reach out to this specific community at some point if I want to see it working.

Side Project

My sister is into a game called Stardew Valley. It recently had a slightly clunky update that broke her modded setup through something known as SMAPI. My father and I took turns working on it. I opted to try a clean install on the virtual machine I’m trying to set up for her, but I ran into a problem when the virtual drive filled up its physical space without dynamically expanding. I had made a copy of the whole VM, so I was able to delete the troubled clone. In the future, I should take snapshots to restore.

Meanwhile, my father worked on the original Windows install. Together, we traced the problem to the wrong specific version the dotnet 5 framework being used when I took the shasum of the install file and compared it against the files available for download. We later identified the problem as a failure to communicate on the part of the download page. The three Windows versions looked like they could be one download each for Windows, Linux, and Mac where the correct version was located in the “column” below the Linux tab’s heading.

Takeaway

It’s safe to say I’m well beyond beginner-friendly Linux territory now. I start doing sysadmin level stunts, I best expect to subside on sysadmin grade assistance. For now, I’m happy knowing ButtonMash can survive a brief power blink and that I have a while to manually shut it down if I notice an outage as it starts.

Final Question

Has quality of help ever chased you away from a particular product?

Privacy Policy