This is a good example, why not all devices should be connected to foreign servers. Errors can happen everywhere. But it could end badly, if some Corporations make errors and creating trouble, which would otherwise not happen.

In the case of the 3D-printer it is not that bad (except it destroys itself or even gets on fire), also you can turn it off. But imagine a smart stove top that lights up a towel (or something similar) while nobody is home.

Not, that I think that it is not useful to have something like that, but wouldn’t it be nice, if that stuff would work locally? (with the WireGuard integration in modems, the access from outside of home with the smartphone, should also be no problem for non-tech people)

  • sugar_in_your_tea
    link
    fedilink
    arrow-up
    40
    ·
    1 year ago

    Ideally, almost no devices should be connected to the internet. Things like 3D printers, TVs with microphones/cameras, etc should be in a DMZ and have outgoing-only access to a restricted set of services.

    If you’re running anything close to a professional operation, set up your site professionally. For home users, I recommend sticking with SD cards, it’s only mildly more annoying for the frequency of printing you’re likely to do.

      • sugar_in_your_tea
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        Yup. I’d still put it behind a VPN though, just because of the inherent dangers in starting a 3D print job remotely.

        • bjornp_@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          I have an nginx reverse proxy with http auth, myself. It’s such battle tested software that I trust it fully

          • Zikeji@programming.dev
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            For anyone doing similar: battle tested software is still fallible, and exploits could emerge at any point (same goes for VPNs). Be sure to set server_tokens to off, this prevents NGINX from revealing it’s version to the world, which will help protect you in case an exploit is discovered down the line.

            • bjornp_@lemm.ee
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              That’s a good tip. Also: have your servers auto-update weekly. You will forget.

    • mnemonicmonkeys
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      1 year ago

      There’s benefits to having your 3D printer connected to the internet though. It allows you to monitor the progress and lets you cancel the print if there’s an error, potentially saving uou a lot on filament and repairs.

      That being said, having them connect to centralized servers is dumb. Just add a Raspberry Pi with octoprint flashed onto it and set up your own connection if you want that feature.

      • sugar_in_your_tea
        link
        fedilink
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        You can also just VPN in. It’s not hard, and many routers have that ability today.

    • Dubious_Fart@lemmy.ml
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Yep.

      TVs, Fridges, Toilets, Dishwashers, Clothes Washers/Dryers, Thermostats, and a whole range of other things do not, and will never need, access to the internet.

      By giving them access to the internet, you are just lighting a fuse and waiting for the bomb to go off. Maybe that bomb is personal banking details, maybe that bomb is financial in that someone cranks your AC up to 150 when you are gone for a week and come home to house full of heat damage and melt, or maybe that bomb is a 3d printer that turned on, malfunctioned, and burned your house down.

      IoT is stupid.

    • flames5123@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Is there a guide for setting up a DMZ? I have a Nest cam for our dog (bought wayyy before Google bought them out) and use HomeKit for everything that allows it, but those devices have their own apps too so they have almost unfettered access to the net. I like having my AC on internet so I can turn it on/off when I’m not home in case I forgot to turn it on that morning (living in the PNW, so we don’t need it every day in the summer, as open windows are good enough and free), so I get home to a moderately cooled place rather than a hot box.

      • sugar_in_your_tea
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        1 year ago

        If you buy a fancy router (i.e. entry level professional grade, like MikroTik) or flash custom firmware (DD-WRT, OpenWRT, or Tomato), it should have the necessary features built in and have decent guides. I have a MikroTik router, but I’ve used each of the custom firmware I’ve mentioned as well.

        You have a few options:

        • two separate physical networks - the router can be configured to bridge certain services and leave the rest completely separate
        • two virtual networks where devices are separated based on MAC or something - works the same as the first, assuming MACs don’t change (could happen if the device is compromised)
        • one network where services are blocked for specific devices or certain ports - no need for separate networks, though you can often group devices to simplify rules (e.g. group all of your cameras and only allow certain traffic to/from them)

        These are in order of preference top down, and reverse order of effort to setup (i.e. the first may require running new cables and/or installing new switches depending on network setup). For each option, you can configure a VPN with the network, so you can access your things remotely without having them be accessible to the outside world.

        This gets trickier with cloud-based services where the only way to access things remotely is by going through someone else’s server, which is when you’d need to instruct your router to allow only certain connections in and out. I prefer to just avoid those services and go with the VPN option.

        I hope that makes sense. Since you’re using cloud services, the last option will probably be the best bang for your buck. I personally go with the second because I plan to rerun cables to do the first soonish (my city is rolling out fiber, so I’ll be messing with cables anyway).

    • ramble81@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Even if it allows that set of services, if the device allows any sort of control via that service you could still end up in a bad situation.