Thursday, April 23, 2020

Taming an AnyCubic Kossell Pulley 3D Printer

Quick post to note how I got my Anycubic Kossel Pulley basically working.  It took me forever to find how to do some of this, and I know I will forget it if I do not write it down.

  • Use DaHai's configuration video for starters.
    • Upgrade the firmware to Marlin 1.1.9.  I ended up using 1.1.9.1 as of this writing.
    • Use DaHai's files and modify them to work with stock Steppers.  Use Arduino IDE to load the firware after replacing Configuration.h and Configuration_adv.h (which I did not make changes to).  Here are the changes I made to his Configuration.h:
      • Line 624-626: Change these from his upgraded TMC2130_STANDALONE to stock A4988
      • Line 705: I got crazy loud stuttering when first descending to the bed during a print.  Lower this to get rid of that.
      • Line 868: I and several people online have measured and gotten good resulting prints with the Type 2 Probe Offset at -15.88
      • Line 938 to 940: These need to be true for stock steppers.  DaHai's steppers did not need to be inverted.
      • Line 1358-1364: Define your temperature presets. I have used PETG to great success with a preheat of 70C for the bed and 230C for the hotend.  This rises to print at 80C and 245C respectively during the print.
    • When following the leveling instructions, the video shows a "Set Delta Height" option that is absent in the version of the firmware I loaded.  This caused me no end of headaches later when the method of subtracting the bed distance from both the Z-Height and Probe Offset produced weird math and never worked properly.  Instead, I ran auto-calibration, saved the settings, then:
      • Noted my Z after going to Prepare -> Auto Home
      • Brought the nozzle to the bed using Prepare -> Move Axis -> Move Z until a business card wouldn't move when squished between the axis and the bed.  I then noted the height
      • Changed my Z height only by this amount by subtracting the number from the Z height, and a negative Z Height is thus added.
      • Saved and Auto Homed
      • Set my Probe Offset to 15.88 per recommendations online.
      • Checked it again and only touched the Z Height when it was off.  Repeat the Z height move if this is still not right.
  • With the printer calibrated, it was time to print.  I just used Cura because I couldn not get Slic3r or Pronterface to work easily.  Cura does not have the Kossel in it by default, but it can be easily added.  JDHarris on Thingiverse even shared the configuration file they made which can be picked up by Cura after a restart.
  • I printed with PETG which has a high temp but no fumes.  I found hairspray for adhesion worked best thanks to several awesome tips by people connected with the PDX hacker community.  Thanks all!
After this, it just worked and keeps working.  It's magical what a little math and open source firmware will do.  That being said, it's my first printer.  It is bound to break in ways I can't even imagine now.  First order of business?  Print things that make the printer better, as is tradition.

Update: Not all is well in Whoville.  I've developed some Heat Creep with this PETG printing at 245C, and I haven't had the time to troubleshoot it.  Wish me luck!

Wednesday, January 22, 2020

New Year, New DEF CON

During the DEF CON 26 DC101 Panel, someone (probably highwiz) asked one of the n00bs they brought on-stage, "What makes you a hacker?" In the past, it has been used by bad actors as an aggressive question.  Thoughtful types and artists have used it as a prompt.  But here it was dripping with curiosity.  "Why do you go to DEF CON?"

I'm more than a year out from a move that took me far from my hometown of Las Vegas to an adventure into the Pacific Northwest.  Budgets, family and time being what they are, I too had to ask myself, "What makes you a hacker?  Why should you go to DEF CON, again?"  Obviously, moving two states makes it harder to go.  Plane tickets are cheap enough in cattle-class, and I'm lucky to have family and friends in town upon which I can rely for lodging.  But family illness and obligation are also considerations, and this feeling in the pit of my stomach topped it all off: the idea that I no longer belonged.

Ironically, this security-focused community is affected by deep insecurities.  Concerns of legitimacy, competence, and belonging haunt us collectively, as do public examples of snake oil, burnout, and depression.  Discussions of Impostor's Syndrome are almost cliche in their frequency.  As is the mouth-agape disbelief following one of our rock stars admitting they second-guess themselves.  This loose band of social misfits and punks emerged from in our cocoon of BBSes and IRC to be famously dysfunctional. We have had to exorcise #MeToo demons, and our unhealthy relationship with alcohol keeps many away for fear of their own safety.  As a late-comer to DEF CON, I have not been personally affected by loss of friends in the community, but there's a reason Amber Baldet gave a talk on Suicide Interventions at DC21.  Hackers in my cohort are maturing as well.  Some of us are on their third career since the demoscene, and it has veered wildly away from any Information Security role.  There has to be something that keeps us coming back to the desert in August.  It sure ain't the unmistakable fragrance of Sunday morning talks.

It is a bit of a balancing act to maintain a conference that keeps drawing more and more people.  As of this writing, DC28 is scheduled to use almost 400,000 sq. ft. of conference space in a brand new facility.  Almost 30 villages with both broad and niche topics have formed, and each is a mini-con in and of itself.  Along with this widening scope, there were public and repeated attempts by The Dark Tangent to reestablish DEF CON as a Hacker event and set it apart from the Information Security industry where so many of its attendees find employment.  In the past, DT has publicly disinvited the Feds, and the run-up to DC27 saw another public clarification that while individual villages arrange their own sponsorship, DEF CON maintains no corporate sponsors.  You can see the push and pull of "What makes you a hacker?" at the highest levels.

And so we approach a new year and a new DEF CON.  Since DC19, I've grown with the conference.  I started managing Toxic BBQ with the help of friends and this will be our fifth consecutive kick-off barbecue.  People just show up to create an inviting space from scratch for anyone that can find it.  I won a Black Badge with my son at DC 26 by solving crypto puzzles and have tried to contribute in equal measure since then. And yet there's this nagging feeling...

Ultimately, I've decided the gate-keeping question is not an important one to answer.  What I give to and get from DEF CON keeps me going.  I'm comes down to a desire to think things I have never thought before.  I may not be able to show off like some, but I can gawk with the best of them at the Hacker Carnival.  DC28's theme, Discovery!, is right out of my high school years when the internet promised the sum-total of human knowledge at our fingertips and all that we could do once those barriers dropped.  Maybe we can celebrate by shedding our insecurities.  Just for the weekend.

Sunday, May 5, 2019

Splined Miter Jig and the Resulting Picture Frames

Here are a few pictures from back in 2016 showing a picture frame which was the first thing I made using my brand new jig: a miter sled I built from scratch for my Jet table saw.
The frame is Indian Rosewood. It has a very strong grain and is slightly oily. It was easy to book match, and each corner has a key from some yard cypress. The contrast between the two woods wasn't enough to make them stand out, but it gave the frame lots of strength. The finish is paste wax and nothing else. Very lustrous.
The glue up was really awkward due to the thickness of the piece. I bought strap clamps for next time. I'm not a fan of the simple geometry either. I need to take the time to make a few more shaping passes before cutting the miters. The frame itself kind of consumes the photo placed therein because there is such a deep well between the inside edge and the glass. It is very chunky as a result.
The hardware and glass was bought or salvaged from cheaper frames. I didn't measure right for the glass and had to shave a mm off one side to make it work. Gulp.

Sunday, March 24, 2019

The Aviary: Huckleberry

The Aviary, Pg 404

One of the cocktails hailing from The Office, a speakeasy basement bar underneath The Aviary, this seemed simple to assemble with only one bit of complicated machinery: a sous vide.  Also, the presentation alone was intoxicating: a frothy head atop a mauve concoction? Sign me up!


I was able to obtain a chinois at a Goodwill.  The strainer and pestle separates juice from pulp and seeds.  However, the main ingredient is a clove tincture (fancy word for Everclear infused with clove). This required a sous vide as written.  As long as I've heard about them, I have never pulled the trigger on this low temperature wonder-machine (I don't have an instant pot either).  I figured it was time to lay that to rest.

There are plenty of DIY sous vide videos on the internet.  I settled on one that recommended a rice cooker combined with an industrial 110V AC temperature controller instead of a brewer's setup.  The most important part of this setup is the type of heated pot you use.  I couldn't use my crock pot, for example, because it had a digital control.  Every time the power cut off and then back on, it would not return to heating the pot.  My manual-switch rice cooker worked like a charm, however.  Then, for $20 in parts from the hardware store and $20 for the temperature controller on Amazon, I had a safe contraption through which to control my rice cooker and keep a pot of water within 2 degrees of a specific temperature for any length of time (perhaps "safe" is relative; use wire nuts and an electrical box when playing with mains, kids; the picture below shows iteration one with no cover).


The clove tincture was dead simple but extremely smelly.  $1 in bulk cloves and some Everclear got me a half dropper full of the cloviest drops the ever passed your nose. A word of warning: toasting the cloves is a horrendously smokey business.  Do this with a hood on full blast or outside.  We had to open all the windows and run for coffee.  I already had a vacuum sealer so I dumped the toasted cloves into a bag, poured on the alcohol, and dunked it into the rice cooker for an hour.  I decanted the result into an amber bottle with dropper and savored the aroma (which wasn't hard; it was everywhere).


The rest of the recipe was fairly simple.  Huckleberries don't come into season until August, so we went with blackberries from Mexico.  The syrup came together easy with a few gradually finer strainings.  6oz made 166g of juice.  Amaro Averna from Total Wine, Bombay Gin on sale, and Angostura bitters I already had on hand completed the boozy bits.  A quick trip through a shaker came out with a pink foamy pour that gradually separated into mauve and foam.  The bitters and pepper hit our nose, and the herbal hit of the drink completes it.  It's just sweet enough with off-season blackberries to be pleasant without being overpowering.  As we drank, we noticed the colors change and aromas deepen.  Very fun and dynamic drink.



A second round (can't waste syrup, after all) made with vodka toned down the herbal nature.  This will probably be the version I make for myself unless the guests are already gin drinkers.  Too close to 'too much' pine.  A friend suggested ditching the clove and replacing it by painting the glass with Chartreuse.  Either way, this seems to be a reliable cocktail to just have on hand.  Freezing berry syrup during their season in 2oz portions and the huge amount of clove tincture I have left over means it will be quick to assemble with a fun story to tell while we shake it up.

The Aviary: Knickerbocker

The Aviary, Pg 249

One part of a tiki flight, I was recommended to try this this based on the raspberries.

While the recipe as written requires a pacojet, I don't have $5000 just to get deliciously drunk.  I tried an ice cream maker to make the slush instead with fantastic results.  The instructions say to freeze the mix and rum separately and process together, but a spin in the ice cream maker brought it to just enough slush for a small batch.






The real winner here is the recommended rum.  My first "drink until you hurl" experience was with coconut rum, and I've avoided the spirit ever since.  The Zaya Gran Reserva aged rum has really caught me by the nose, however.  It has just enough molasses to be delicious, and the aging has mellowed it considerably compared to its frat-boy cousin.  I'll definitely be stocking this as a rum of choice (unless the book turns up something even better).

Dan Moves North

Plenty has gone on in the past year. Here's a quick rundown:

- Learned how to quilt. 104 patches from my tour-guiding days on a lap quilt.




- Learned how to Black Badge at DEF CON 26. Shout out to my fellow Murder Hobos, PunkAB, and the entire Dungeons@DEFCON team for this kick-ass experience.













- Learned how to move across country through forest fires and with cats









- Learned how to survive a leg infection possibly from a cat scratch (not pictured; it was pretty gnarly)

- Learned how to not buy board games. I finished a 10x10 (play ten games ten times or more) without buying any new games in between. Moving thinned the collection, but it still takes up an entire linen closet.




Friday, July 27, 2018

Testing Encryption - 3 years of Dan Boneh's Online Cryptography Course

Three years ago in July, I completed Dan Boneh's online cryptography course with distinction through Coursera's Cryptography 1.  Since then, I've had the opportunity to use and test cryptographic systems at work and for hobbies.  Here are a few lessons learned when testing encryption.

I have found my fair share of bugs in the crypto we chose to use at work.  I've gotten into a routine when testing encryption used for message authentication:
  • Test the same plaintext multiple times.  Does it need to be different each time?  How much of the MAC is different each time?  It might help to explore the data your hashing function spits out as it can tell you how your hash function does what it does.
  • Replay it.  How can a user abuse identical MAC'd data if they replay it at a later date?  For a different user?  Can you add items to the plaintext that will allow you to validate not only the data but the source or timeframe as well?
  • Ensure your hashes are detecting changes. Is your MAC rejected if you change the data at various places within the message?
  • Rotate the key. Do you need a hash to survive a key change?  Usually you can just regenerate the data and re-MAC it, so figure out if you really need to use MACs over long lifetimes.  They're easy to compute.
  • Generate a bunch at once.  Is performance an issue with the service?  Most hashes are built for speed, but is yours?
For each of these failure modes, I'm looking mostly for hints of weakness.  I'm expecting pseudo-random noise, but how does my brain distinguish that from almost random noise?

There are many times when you need to generate a unique but random value but don't have the space to use a GUID.  To evaluate if a solution will be "unique enough", check out the Birthday problem wikipedia page, and this table of probabilities in particular.  Find out how many possible values exist (9 numeric digits = 10^9 ~= 2^30).  Compare on the table with that value as the hash space size versus the number of times you'll be setting this value.  This will tell you if the algorithm you want to use is sufficient.  If you are making long-term IDs that can only be created once, you obviously  want the probability of collision to be extremely low.  If you can recover from a collision by creating a new transaction fairly readily, you might not need as much assurance.  Ive used this to help drive a decision to increase unique token size from 13 to 40 characters, guide switching from SQL auto-numbers to random digits to hide transaction volumes, and ensure internal transaction IDs are unique enough to guide troubleshooting and reporting.

Time and again, the past three years have taught me that cryptography must be easy for it to be used widely.  I've stayed with Signal for text messaging because it just works.  I can invite friends and not be embarrassed at its user interface.  It doesn't tick all the boxes (anonymity is an issue being a centralized solution), but it has enough features to be useful and few shortcomings.  This is the key to widespread adoption of encryption for securing communications.  Since Snowden revealed the extent of the NSA's data collection capability, sites everywhere have switched on HTTPS through Let's Encrypt. Learning more about each implementation of SSH and TLS in the course was both informative and daunting. I was anxious to get HTTPS enabled without rehosting the site on my own.  Early 2018, Blogger added the ability to do just that through Let's Encrypt.  It requires zero configuration once I toggle it on.  I can't sing its praises enough.  The content of this blog isn't exactly revolutionary, but this little move toward a private and authentic web helps us all.

Dan Boneh's Cryptography course continues to inform my testing.  The core lesson still applies: "Never roll your own cryptography."  And the second is how fragile these constructs are.  Randomness is only random enough given the time constraints.  Secure is only secure enough for this defined application.  Every proof in the course is only as good as our understanding of the math, and every implementation is vulnerable at the hardware, software, and user layers.  In spite of this, it continues to work because we test it and prove it hasn't broken yet.  I'm looking forward to another three years of picking it apart.