Skip to main content

Auto-discovery re-implemented with improved security as strong as 2FA

路 6 min read

I have regained my confidence that The Spaghetti Detective app is on pretty solid ground when it comes to security. I take full responsibility for the blunder I made in the process of developing and deploying the auto-discovery feature. Meanwhile, we don't want to have the auto-discovery function disabled forever. It would be the easiest way moving forward, but also the laziest. We know auto-discovery has made it extremely easy for new users to link their printers to The Spaghetti Detective and everyone loved it! We still want to give them a way to do it, and do it securely.

And we found a way!

The original auto-discovery design and implementation#

An update on the 8/19 security incident

路 3 min read

The Spaghetti Detective had a serious security incident on August 19th. That incident was caused by a mistake I made in the function called "auto-discovery".

This post is to provide an update on what we have done after the incident.

What we did on the day of the incident:#

  • Immediately disabled auto-discovery once we found out the vulnerability, about 4.5 hours after it happened.
  • Identified and deactivated the 73 printers that were exposed to this vulnerability during those 4.5 hours.
  • Sent an email to all The Spaghetti Detective users to disclose this incident.
  • Offered all Pro subscribers the option to cancel the subscription and receive a full refund.

What we have done afterward:#

  • Had the code base of The Spaghetti Detective app thoroughly audited by a Security Consultant. No other vulnerability is identified.
  • Performed vulnerability deep scans using Detectify, which distributed "exploitation scanning" to 30 whitehat hackers. Again nothing showed up.
  • Designed, implemented, audited, and thoroughly tested a new way to do auto-discovery. To "have more eyeballs on the code", we have launched a bug bounty program.

We have regained the confidence that The Spaghetti Detective app remains on a pretty solid ground when it comes to security. Meanwhile, we have learned not to take things for granted. We will keep our antenna up for any signs of vulnerability or abuse.

A personal note from Kenneth:#

I was waiting for a shitstorm after I sent the email about the security incident to all The Spaghetti Detective users. The consequence of the incident was serious. Although only 73 users were impacted, it resulted in unauthorized access for at least one user's printer. I didn't expect this kind of blunder to be easily forgiven.

Instead, I was humbled by the kindness and support in the overwhelming responses you folks sent to me. I only did what I should have done: taking responsibility for my own mistake and cleaning up the mess. But you generously showered me with so much love!

At that moment, I felt lucky. Not because I escaped a shitstorm. I felt lucky because I realized I happened to be serving the most awesome group of people in the world. I started The Spaghetti Detective to give all 3D printing enthusiasts a way to securely and safely monitor your printers. I have disappointed you once. The only thing I can do is to make The Spaghetti Detective better and safer so that I won't disappoint you again!

- Kenneth
Lead Developer @ The Spaghetti Detective

The Best OctoPrint Plugins And How To Install Them

路 8 min read

OctoPrint is a web interface dedicated to making 3D printing easier by allowing you to control and monitor the process. The software allows you to access and control virtually any parameter on your printer.

Moreover, in a heart-warming, traditional internet fashion, it鈥檚 open source.

There is a vast database of plugins developed by the 3D printing community that make your experience with OctoPrint even better, and here we list and explain the most popular ones.

A detailed analysis of the security incident last night

路 6 min read

I screwed up. It was the first security breach The Spaghetti Detective has had in 2 years of her existence. But it was an embarrassing one that I can't forgive myself for.

What happened?#

I made a stupid mistake last night when I re-configured TSD cloud to make it more efficient and run faster. My mistake created a security vulnerability for about 8 hours. The users who happened to be linking a printer at that time were able to see each other's printer through auto-discovery, and were able to link to them too! We were notified of a case in which a user started a print on someone else's printer.

73 users got impacted as a result. It's not a huge number. There are bugs that impact a lot more users. But the consequence is very severe. Nobody wants his/her own printers being linked to and controlled by another account.

I created The Spaghetti Detective to let all 3D printing hobbyists have a way to safely monitor their printers from everywhere. And this is one of the worst mistakes I can make. My sincere apologies to our community for this horrible mistake.

Project proposal - 3D printing problem detection using sound

路 3 min read

The Detective has done a really good job at spotting, well, spaghetti for all of us! Kudos to her! However, there is only 1 problem: her hearing is no good. This small birth defect means:

  • She can't detect anything that she can't see, such as the clicking sound when a step motor stalls.
  • She can't detect anything that she can't see clearly. This means she usually needs to wait at least a few minutes for the spaghetti monster to fully reveal itself before she can catch it.

This is why we came up with a bold idea - if we fix The Detective's hearing, she will be able to catch the criminals earlier, or catch the ones she would otherwise miss!

Fun project with NVIDIA Jetson Nano - AI failure detection for 3D printing

路 4 min read

The Spaghetti Detective uses AI (Deep Learning) to detect 3D printing failures. Compared to a CPU that runs in most PCs, GPU is much faster and more power-efficient at running the Deep Learning model in TSD. GPUs are commonly found in gaming PCs. However, even an entry-level gaming that can run TSD private server can easily set you back $1,000+. Ouch!

Are there an inexpensive GPUs that can be used to run TSD private server? Yes! NVIDIA Jetson Nano is a popular option among people who run TSD private servers. It is a single board computer so it can run TSD private server all by itself. The best part? It's quite affordable. Even if you throw in other things such as power supply, NVIDIA Jetson Nano will let you run TSD private server with less than $150!

If you are one of the people who want to jump on the Deep Learning bandwagon by doing a fun project, and you don't want to break the bank, follow along!

Easy Way to 3D Scan and Print with Photogrammetry

路 4 min read

Some context: Photogrammetry is a term coined in 1867 by a Prussian architect (hence the difficult pronunciation). It is a science that uses photos to understand information about the object(s) present. A specific use case is to use multiple pictures in determining the geospatial relationship of the same object(s) across a series of photographs, then produce a 3D model from that understanding.

And here is where I come in:

I first heard about photogrammetry from this YouTube video by CG Geek. It seemed like it might be something I could do, so I decided to try it out! I recently acquired a Creality Ender 5 Pro that I wanted to try more fun stuff with. To take this to the next level, I bought a direct drive kit from Micro Swiss in order to use NinjaFlex but you can do this same concept with a stock 3D printer and other filament.

3D Printing for Mother鈥檚 Day

路 3 min read

TSD has no affiliation with the linked sites or organizations mentioned in this article and is not compensated in any form for linking to them.

Mothers are, ultimately, the best 鈥渕akers鈥 on this planet. I write this from the vantage point of a man that has a great and loving mother and a pregnant wife who is the mother to my 2 boys with a 3rd on the way. As I see multiple frustrated Reddit posts about unlevel beds, extrusion issues, and prints going otherwise awry; I think about how those inconveniences trifle in comparison to swollen feet, morning sickness, and 9 months of utter exhaustion.

So, what better way to honor these ultimate makers than with something heartfelt and made by us? There have been many posts over the last 10 years or so about the 鈥淭op 10 3D Printed Gifts for Mother鈥檚 Day鈥 including this one from All3DP. At the core though, all of those articles are just inspiration for what you can do for your mom.

The ideas below are meant to inspire and spark a memory of a special connection with your mom. For example, my mom is really into beekeeping. I am planning to make something like this bee feeder and this honeycomb picture frame (with family pictures included, of course).

Hopefully, you can find something that fits the bill on Thingiverse or MyMiniFactory but otherwise take a look at making your own creation with Tinkercad. They are genuinely easy to use, and you can make your mom something that nobody else in the world has!

TSD is Now Included on EZPi

路 4 min read

The EZPi Pro V2

TH3D Studios's EZPi Pro V2 now comes with The Spaghetti Detective preinstalled, and is available as a secure plug-and-play octoprint setup if you're looking for one. It's been a pretty cool road getting here, though, and it started back in...

Wait, hold on, disclosures#

The Spaghetti Detective and TH3D have no monetary relationship with each other. We and they both sponsor Octoprint, and there's a Teams chat where we ask each other questions we might have about each other's products and services, but no money changes hands between us and no links attached to this article are affiliate links.

I also own this one of their shirts in purple, but can you blame me?

Now on with the story.

As I was saying, it started back in#

January of this year. Tim Hoogland, owner of TH3D, reached out that one of customers was trying to set up The Spaghetti Detective on an ezpi using their EZCam, it wasn't working for that customer, and he hoped to furnish whatever information we needed to troubleshoot and make sure our software worked with TH3D's camera.

Wade Norris of TSD suggested that, since TSD isn't in hardware and TH3D is, he "realize[d] this might be a really great collaboration opportunity." Tim agreed, saying "I think we can help each other out. I am working on a new image for our Pi kits, and one thing I could do is bundling your plugin in the Pi," asking if there were any OS-level customizations that would improve the TSD experience on EZPis, and we were off to the proverbial races.

But that's not really the beginning#

An early perfboard EZABL from May 2017