Update: 15 December 2021 – version 6.5.54 and earlier is vulnerable. Please update Unifi Controller again.
With the recent Log4j vulnerability, CVE-2021-442228, UniFi controller version 6.5.54 and earlier is vulnerable.
Jacobalberty has backported the fix to v6.0.45 and v5.14.23 for those whom are on the older hardware or controller versions.
For ours, we will be migrating to the latest v6 build by changing out Docker tag to “jacobalerty/unifi:v6” instead of “jacobalerty/unifi:stable-6” by following UniFi Controller – Docker Tag Change again with the tag changed.
While checking up on our UniFi controller image for updates, the tag “jacobalberty/unifi:stable” is no longer valid. There are 2 new tags instead, “jacobalerty/unifi:stable-5″ and ” jacobalerty/unifi:stable-6″. We will be upgrading to UniFi controller 6 with the tag “jacobalerty/unifi:stable-6.
WARNING: Upgrading the controller may invoke device provisioning, which may disrupt current service/s.
As a precaution, download a backup of the controller by going to Settings > Backup > Download Backup.
After a minute of executing the last command, check the Unifi Controller web interface and everything works. Devices will start to re-provision.
If this is successful, run the below command for cleanup
docker rm unifi.old
If this fails, suggest starting over and restore the controller docker image with the backup that was downloaded at the beginning. Be sure to clean up the docker storage folder on the host prior.
Ever wanted to connect to a remote server or host and tired of typing a password and worrying about password attacks. The solution is to use SSH key pairs, we will be covering SSH key pair authentication setup.
In addition, passwords shouldn’t be used in today production environments as they are typically weak in comparison with a public and private key pair. Multi-factor authentication should also be used, however this post will not be covering this setup.
SSH Key Pair Generation
To generate these keys, you will use ssh-keygen. Do not use RSA or DSA, they are weak, the strongest encryption key out at the moment is ed25519.
ssh-keygen -a 10000 -t ed25519 -f ~/.ssh/id_ed25519 -C “Nate15329”
If you use a long and strong passphrase, this will avoid from someone using these keys if they ever got a copy. You will need to type in the passphrase like a password when remoting in, but also the SSH key is also validated.
Remote System Setup
Next is preparing and copying the public key to the remote system that is being accessed. Never copy the private key to another system.Public keys end with .pub extension and only these are to be copied to remote systems.
Ensure the remote system has the following folder structure and file preexisting for the account. Below are the commands to get these setup.
While setting up our Raspberry Pis, one of the things that we usually setup is Log2Ram. The entire goal of this project is to extend the SD storage life.
By default Raspberry Pi stores logs on the SD card, however SD cards have limited write cycles due to being FLASH based storage. Once this limit has been reached, it will fail. Log2Ram forces logs to be stored in memory (RAM) by changing /var/log to a RAM disk and once every day to reduce writing and increase lifespan of the SD card.
Highly recommend for any environment running off of an SD card, along with configuration and sending logs to a central logging system such as syslog. We won’t be covering the central logging, but recommended for production environments.
Installation is pretty straight forward.
git clone https://github.com/azlux/log2ram.git
cd log2ram
chmod +x install.sh
sudo ./install.sh
Usually I edit /etc/log2ram.conf to set size to 128 MB instead of default 40MB by using sudo nano /etc/log2ram.conf
SIZE=128MB
Then a restart would be need to be done to make this become in effect by sudo reboot
With future updates, I suggest following the advice that is in the README file. Usually, we would need to manually stop the service prior to running the update.
We had upgraded our Ender 3 to Marlin 2.0.5.3, this will provide the steps that we did. As noted, we are using the MKS Gen L board and not the board the Ender 3 comes with.
With the new Marlin firmware, it is better in our opinion to compile it via PlatformIO in Visual Studio Code than in the Arduino IDE. It is recommended to record any values stored such as current z-offset, extrusion settings, etc before flashing the updated firmware as these values will need to be placed back afterwards.
Environment Setup
Please follow these steps to setup the environment:
Install the following extensions: PlatformIO (by PlatformIO) & Auto Build Marlin (by Marlin Firmware)
Relaunch Visual Studio Code.
Download Marlin Firmware Version 2.0.5.3 from https://marlinfw.org/ and extract the zip folder.
Download the Ender-3 configuration from the Github repo as well: Link
Configuration
Let’s get started with configuring the project:
Place the Ender 3 example config files (configuration.h and configuration_adv.h, optional _Bootscreen.h and _Statusscreen.h) that was downloaded under step 4 under Marlin/src directory.
Click on the PlatformIO module in Visual Studio Code, click open project and select the directory where the platformio.ini file is located
Modify the configuration.h as follows:
Remove #define CONFIG_EXAMPLES_DIR "Creality/Ender-3/CrealityV1" line, it may have a different path
If the _Bootscreen.h and/or _Statusscreen.h has been copied; either to un-comment or comment (//) the lines beginning with associated lines beginning with #define SHOW_CUSTOM_BOOTSCREEN and/or #define CUSTOM_STATUS_SCREEN_IMAGE
Change line from #define MOTHERBOARD BOARD_MELZI_CREALITY to #define MOTHERBOARD BOARD_MKS_GEN_L
Change the stepper directions to opposite; end result values should be: #define INVERT_X_DIR false , #define INVERT_Y_DIR false ,& #define INVERT_Z_DIR true
Change the extruder direction to the opposite; end result value should be #define INVERT_E0_DIR false
Make any additional changes you may need for your setup.
Modify the Configuration_adv.h as below:
Set the line #define E0_AUTO_FAN_PIN to #define E0_AUTO_FAN_PIN 7
Building the firmware
To build the firmware, the Marlin Auto Build extension will be used in Visual Studio Code:
On the Marlin Firmware Auto Build extension, click Refresh button. The values will be updated to what is in the configuration files.
Click on the Build button next to mega2560 ; this should give a succeeded message in the terminal output. If it doesn’t give a success message, please review the configuration files for configuration issues.
On successful build, plug in the MKS Gen L board via USB and press the Upload button.
After the upload, don’t forget to place back any custom values prior.
A good practice is to archive this firmware somewhere (plus a simple date stamp) where it can be used as a future reference to newer Marlin firmware versions.
One of the wifi access point brands that we’ve always recommend to family, friends, and others is Unifi. Usually, we end up having to do maintenance of their equipment. A solution is to setup an Unifi Docker container for a L3 management over the internet. Sure, we could set it up to phone home to UniFi cloud management, but what would be the fun of that?
We would like to note that we are not Docker experts or work with Docker on a daily basis and it’s something we would like to study more into when we have the chance. We are sure there is a more automated way to maintain the Docker image.
Step 1: On a Linux host, add a service account for Docker. Doesn’t need to be the same name. After adding the user, get the UID of the user, this will be referenced later. sudo adduser docker_unifi
I’ll be using Jacob Albery’s container for Unifi. Use a container that you trust, at this time of this post, there was no official Unifi container. docker pull jacobalberty/unifi:stable
To create the container, we will need the UID and GID of the non root user you’ve created in Step 1. id -u docker_unifi id -g docker_unifi In this case, the UID and GID of docker_unifi is 1001.
The below command will create the Docker container and allow it to automatically restart if it ever crash and will not run as root. In this case, we are using L2 discovery to setup and firmware upgrade the APs on the local network. Otherwise, we would use network port forwarding. docker run -d --restart=always --net=host --name=unifi -e RUNAS_UID0=false -e UNIFI_UID=1001 -e UNIFI_GID=1001 -v /var/docker_storage/unifi:/unifi jacobalberty/unifi:stable
To update this container in the future, use the following commands. Just be sure to remember what you used for creating the Docker container.
docker pull jacobalberty/unifi:stable docker stop unifi docker rename unifi unifi.old docker run -d --restart=always --net=host --name=unifi -e RUNAS_UID0=false -e UNIFI_UID=1001 -e UNIFI_GID=1001 -v /var/docker_storage/unifi:/unifi jacobalberty/unifi:stable If the upgrade was successful, remove the old container by using command: docker rm unifi.old
Next is setting up external DNS.
External DNS – Setup
Since normal consumer external IP addresses usually change every so often and we needed to allow the firewall to only allow certain IP addresses as a source. An A or AAAA record will be needed to be updated dynamically by a client at the client’s location.
Luckily, we are able to setup the DDNS settings at these locations, each with their own unique API key following a naming convention and under a different domain name than the primary one utilized. If the client has a public domain name already, see if you can get them to setup DDNS on public DNS instead. We are using Cloudflare DNS nameservers and protections; this will be different depending on what you use.
We suggest making a subdomain that you only know and add sub-records to that.
For example:
A record for 1 client site
Host Name: c1.u.i
Proxy status: DNS only (do not use proxied, your firewall will block these)
A record for another client site
Host Name: c2.u.i
Proxy status: DNS only
If DDNS is configured correctly, the DNS records update with the correct IP addresses. Next we configure the firewall to only allow these certain FQDN.
Firewall – Setup
We use pfSense firewall here and the easiest way to setup the firewall settings and not having multiple repeating rules is to setup an Firewall Alias for both the Ports and Hosts allowed. Below is an example of the Hosts alias.
In the firewall rules, we set the Hosts Alias as the source, the destination, and the Port Alias for the allowed custom Ports. This would prevent usual internet background scans and malicious users/bots from seeing the ports are open.
As always, secure this environment with firewalls and within a DMZ network zone that is separate from your normal network and always keep this host and the Docker image updated. We allowed the following ports through the firewall defined here: https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used#2
UniFi Controller – Setup
Be sure to set the Controller hostname to the FQDN and check the box to Override inform host withController Hostname/IP. Also, update this public DNS record to point to the Controller WAN IP address.
To remove/migrate a external client
Migrate their Unifi Management 1st. Note: Site Export works wonders.
Notify the DDNS record is no longer required (unless they set it up and want to keep it)
If any, remove their public DNS entries & their DNS API access to your domain management
Remove the FQDN name from the firewall host alias.
I had purchased a MikroTik RB260GS (product link) to allow me to setup vlans for about $40 and later be able to setup a fiber run for a few remote devices.The MikroTik RB260GS is able to handle 802.1Q VLAN tags with 5 Gigabit Ethernet Ports and a single SPF cage. It can be powered by PoE (Power over Ethernet) on the 1st port and has a small form factor of 4 7/16 x 5 1/2 x 1 1/8 inches or 133 x 139 x 28 mm. There are larger and different models to choose from as well and should be considered depending on your needs.
From the beginning of trying to setup the VLANs, I had a hard time with this switch and a learning curve ahead of me for this solution. I hope this will assist those whom are having difficulties as well.
Port – Trunk
A trunk port is where multiple VLANs share the same physical connection and is used for the network backbone infrastructure up to the Access Level Switches.
Also, consider the amount of VLANs and traffic going through this port, it will be limited to 1 Gigabit and shared amongst all the VLANs going through it. Sometimes, it might be a better idea to have the SPF port be the trunk port with a 10 Gb fiber module. It would use less power, faster, lower latency, and electrically isolated from the other end of the trunk on this connection.
For this switch, it’s best for the trunk port to be port 1, especially if PoE is being delivered from another switch, or the SPF port. Below is how to configure the trunk port and can be any port on the switch.
Navigate to VLAN tab
Configure the port’s Ingress settings as listed:
VLAN Mode: Enabled
VLAN Recieve: Any
Default VLAN ID: 1
Force VLAN ID: Unchecked
Configure the port’s Egress settings as listed:
VLAN Header: Add If Missing
Navigate to VLANS tab , Add the VLAN numbers here.
Make sure the Trunk port has all of the VLANs settings are set to Leave as is
Access Ports
These ports only have a single VLAN associated to them and is normally used at the Access Switch Level when end devices plug into.
Navigate to VLAN tab
Configure the port’s Ingress settings as listed:
VLAN Mode: Strict
VLAN Recieve: only untagged
Default VLAN ID: <Your VLAN ID here>
Force VLAN ID: Unchecked
Configure the port’s Egress settings as listed:
VLAN Header: always strip
Navigate to VLANS tab
Make sure the Access port has all of the VLANs settings are set to Not a Member, except for the VLAN ID you’ve entered in step 2. It would be set to the value Always strip.
Multi-VLAN Ports
Sometimes there is a need where a port may need multiple VLANs going across it to a device, like a wireless access point. See below settings
Navigate to VLAN tab
Configure the port’s Ingress settings as listed:
VLAN Mode: Strict
VLAN Recieve: any
Default VLAN ID: <Your Default VLAN ID here, usually management VLAN ID>
Force VLAN ID: Unchecked
Configure the port’s Egress settings as listed:
VLAN Header: always strip
Navigate to VLANS tab
Make sure this port has all of the VLANs settings are set to Leave as is except for the VLAN ID you’ve entered in step 2. This would be set to the value Always strip. The non-allowed VLANS on that port should be set to Not a Member
Testing your config
It’s best practice to test each port to see if the configuration is correct when doing this the 1st few times. Wireshark (link) will be your friend or even a simple checking of the IP range you receive will work for the most part. There are plenty of online tutorials with working with Wireshark and I will not cover them.
After breaking my Ender 3 board by acciendent, I decided to switch to a MKS Gen L board. Contained in this article are the steps that I’ve taken to swap boards. I am writing this after the fact, I do apologize if I miss any details.
WARNING: This deals with handling electronics and electricity. Follow at your own risk.
Required Equipment & Software
MKS Gen L Board
Computer
Arduino IDE
Screwdrivers (insulated one for adjusting stepper drivers)
Multi Meter
Step 1 – Print a Case & (Optional) BLTouch mount
Print a case for the MKS Gen L board and optionally the BLTouch mount beforehand. Following are the models I’ve used:
After opening the case, label the current connections on the Ender 3. Below is an image describing what everything is.
Step 3 – Write down current Ender 3 Firmware settings
Write down/take photos of current Ender 3 Firmware Settings for acceleration, steps, etc.
Step 4 – Measure Stepper Drivers’s Voltage
Measure the stepper drivers’ voltage when it’s powered on. Only connect your multi-meter negative lead to the main negative terminal and positive lead to each stepper driver potentiometer and record the voltage value. These will be used for future reference in tuning the external stepper drivers.
Step 7 – Install Stepper Drivers
Install stepper drivers onto the MKS Gen L board. Keep track of which stepper model you use, they may be needed for preparing the firmware.
Step 5 – Prepare MKS Gen L Firmware
Next we will be preparing Marlin 1.1.9 Firmware to be flashed onto the MKS Gen L board. Obviously, we will be including the configuration for the BLTouch and we are keeping the original Ender 3 display. Note: Since we are keeping our original display, we are going to lose the SD card functionality. To get this functionality back, replacing the Ender 3 original display with one that has a SD card.
Copy files from Marlin Example Configurations/Creality/Ender-3 to Marlin Folder. Overwrite files that already exist.
Within Configuration.h change the following:
#define MOTHERBOARD BOARD_MELZI_CREALITY to #define MOTHERBOARD BOARD_MKS_GEN_L
#define INVERT_X_DIR true to #define INVERT_X_DIR false
#define INVERT_Y_DIR true to #define INVERT_Y_DIR false
#define INVERT_Z_DIR false to #define INVERT_Z_DIR true
#define INVERT_E0_DIR true to #define INVERT_E0_DIR false
#define E0_AUTO_FAN_PIN -1 to #define E0_AUTO_FAN_PIN 7
(Optional) BLTouch Configuration.h changes:
//#define BLTOUCH to #define BLTOUCH
//#define BLTOUCH_DELAY 375 to #define BLTOUCH_DELAY 375
#define X_PROBE_OFFSET_FROM_EXTRUDER 10 to #define X_Probe_OFFSET_FROM_EXTRUDER -42
#define Y_PROBE_OFFSET_FROM_EXTRUDER 10 to #define Y_PROBE_OFFSET_FROM_EXTRUDER -5
//#define AUTO_BED_LEVELING_BILINEAR to #define AUTO_BED_LEVELING_BILINEAR
//#define Z_SAFE_HOMING to #define Z_SAFE_HOMING
Install U8glib package under Sketch -> Libraries -> Manage Libraries
Configure the stepper driver settings under Configuration.h. Search #define X_DRIVER_TYPE and change the options to match the same models used. A4988 is automatically assumed the stepper driver for all stepper locations.
Try click on the check mark on the top left, this will compile the project and ensure no errors shows up on the bottom status window.
Step 6 – Flash Firmware
Connect the MKS Gen L board to the computer with Arduino IDE installed. Ensure under Tools -> Board is set to Mega 2560, Tools -> Processor is Mega 2560, and you’ve selected the proper port. Then click the button on the top left with an arrow pointing right.
Step 8 – Swap cases & boards
Warning: Turn off power and unplug power.
Unplug and unscrew everything from the Ender 3 board, by now each should be labeled to where they go. They should correspond with the labeling on the MKS Gen L board.
Note for the Ender 3 sensors, you may need to trim off the bottom left notch as shown above.
For plugging in the BLTouch, the 2 pin connector goes into the z min sensor with black to the middle pin and white to the S(signal) pin. The 3 pin one (brown, red, & orange pins) plugs into the last 3 pin socket as shown in this picture.
Step 9 – Adjust Stepper Drivers
Turn on the power and adjust the stepper driver potentiometers with an insulated screw driver and measure with a multimeter to get as close as you can get to the values you’ve written down under step 4. Essentially, the same as measuring in step 4.
Step 11 – Calibrate
With BLTouch, include G29 after G28 command in all GCODEs and adjust the bed corners to be within 0.1 mm or better of each other. Also, adjust the Z offset when Z axis is at 0 after G28 and G29 commands using https://nate15329.com/3d-printer-calibration/.
As a system builder, enthusiast, and gamer, one of the items we usually purchase in a new build is RAM (Random Access Memory). This RAM is used for fast temporary storage for your CPU (Central Processing Unit). Persistence storage such as HDDs and SDDs are very slow to process data directly plus they have a limited lifespan for reads and writes. Hence RAM is used between the CPU and the persistence storage, bringing faster application performance. We’ll take a look at finding the lowest RAM latency, which would be the faster response RAM and estimated cost per GB.
RAM is sold in terms of how fast the RAM is and CAS Latency. RAM speed is the built in clock cycles that refreshes the memory and is usually in terms of MHz or MT/s. CAS Latency is the delay time between memory controller asks for data and data is available on the RAMs output pins and is usually in nanoseconds.
Since usually RAM is sold with different speed and CAS Latency, the following formula will assist you on figuring out the relatively faster RAM as the 2 values do determine the performance of the RAM.
Latency (ns) = Clock Cycle Time (ns) x CAS Latency (CL)
Latency (ns) = (1/Module Speed(MT/s) x 2) x CAS Latency (CL)
To find the higher performance RAM, look at the least CAS Latency and higher speeds to minimize the latency as much as possible as shown below in the table. We’ve excluded some results due to not existing on the market or only found very few results to provide an good average price per GB.
Module Speed
CAS Latency
Latency (ns)
Est Price $/GB (6/2019)
4400
17
7.73
20.937
4400
18
8.18
19.749
3600
15
8.33
16.281
4000
17
8.5
15.745
4400
19
8.64
18.041
3200
14
8.75
11.149
3600
16
8.89
12.292
4000
18
9
11.619
3000
14
9.33
8.923
3200
15
9.38
9.895
3600
17
9.44
10.635
4000
19
9.5
15.706
2666
13
9.75
11.697
3000
15
10
8.61
3200
16
10
8.932
3600
18
10
10.754
3600
19
10.56
6.484
3000
16
10.67
7.868
2400
13
10.83
6.906
2666
15
11.25
7.023
3000
17
11.33
5.577
2400
14
11.67
6.454
2666
16
12
6.582
2133
13
12.19
6.242
2400
15
12.5
7.432
2133
14
13.13
9.76
2400
16
13.33
5.82
2133
15
14.06
7.466
2400
17
14.17
7.164
The difference between the lowest and highest latency times are 7 nanoseconds apart. These differences might be noticeable, but very slightly.
As for our gamer audience, it is wiser to spend extra money on the GPU than on faster RAM. usually for gaming an individual computer only needs 8 to 16 GB depending on the game and near 10 ns in latency before getting higher prices.
Officially, DDR4 memory limitation is set by JEDEC (https://www.jedec.org/) and the upper limit is at 3200 (MT/s) before needing to turn on XMP (Intel Extreme Memory Profile) in your motherboard settings to get the higher speeds on XMP Ready/Certified RAM.
Here’s what I use to calibrate our 3D printers. There are many guides out there for most of the methods and didn’t see the need to go into heavy details.
Calibration Tools used:
Pro-Grade Electronic Digital Caliper 82806
Know your accuracy tolerances, ours was +- .02 mm for lengths below 100mm with a resolution of .01 mm
First thing we will need to calibrate on a new 3D printer is the filament extrude rate. It is very important to get this as accurate as possible, minor tweaking can be done with extrusion multipliers.
To figure this out by telling the printer to send 30 mm of filament through with the hot end disconnected and measuring with a caliper to see if the amount is accurate. Then update the stored value of Esteps/mm under Marlin Motion options by following this formula: Current Esteps/mm * 30mm / Actual amount of filament pushed
For example:
Current Esteps/mm: 93
Tell printer to extrude this amount of filament: 30mm
After measuring the amount of filament extruded: 29.33 mm
New Esteps/mm value = 93 * 30/29.33 = 95.124
2. Bed Leveling
Bed leveling is crucial for it will either allow your print complete properly or outright fail later on besides filament run-out or the disastrous thermal runaway. There are numerous ways of getting this done usually by sliding a piece of paper between the heated nozzle and heated bed, or something similar to a BLTouch or a conductive sensor.
The methods that are used often:
1st is done with piece of paper between heated nozzle and heated bed at normal printing temperatures for the printer. Since I print mainly in PLA, the temps would be at 200 C and bed at 70 C. Then manually level the middle, then the 4 corners where the paper is slightly catching between extruder and the bed
Next, print Bed Leveling squares that looks like the 5 dot side on dice, 1 mm height and slightly adjust our leveling while it prints and wait a few lines are printed after adjusting and see if its flat and clean looking and doesn’t come off of the bed easily. An example of these squares on Thingiverse: https://www.thingiverse.com/thing:2789086
For Auto Bed leveling, a great bed visual is from OctoPrint with the plugin Bed Visualizer. It will highlight which corners need to be readjusted much better and readjust the dark red and blue slightly. Just keep an eye on the visual scale as it will re-adjust.
3. Wall thickness
Next up to calibrate our Wall thickness, please note that this will affect your bed leveling, extrusion multiplier, and/or Esteps/mm. Essentially with .2 mm nozzle, print a hollow cube with .2 mm thick walls with a layer height of 0.16 mm (80% the size of the nozzle), then measuring with a caliber. A good resource to use are the Thin Wall calibration files created by MEH4d at https://www.thingiverse.com/thing:342198
Once the .2 mm thick walls have been printed, measure the wall thickness with the caliber but exclude the bottom of the walls. The bottom will usually be a tad off due to 1st layer height/bed leveling is a tad off. If the thickness is off try adjusting the multiplier between .9 and 1.1, but keep in mind of your calibers limits. For example, if the measured result was .19, you could be very will be accurate.
If you had to adjust your multiplier to get best results outside of this range, place the multiplier back to 1 and adjust your ESteps/mm. Lower if the walls were too thick and the opposite if the walls were thin. After readjusting, you may need to readjust the bed level and layer heights.
Usually, a good max layer height for each of the nozzle sizes are at 80% as shown below:
0.2 mm nozzle = 0.16 mm layer height
0.3 mm nozzle = 0.24 mm layer height
0.4 mm nozzle = 0.32 mm layer height
0.5 mm nozzle = 0.40 mm layer height
0.6 mm nozzle = 0.48 mm layer height
4. XYZ Calibration Cube
At this point, print a calibration cube and measure with the caliber. Usually, it’ll be within measured dimensions that are to be expected. Check how the cube looks by actually looking for infill, speed, and other issues and try to correct them in our slicer program. Slowing down the speed improves many issues at this point.
5. Stress Test
Now its time to stress test your printer. Good set of models to use are by ctrlV on Thingiverse especially https://www.thingiverse.com/thing:704409 and then part fitting a M4 nut in the slot. Also, look at how well the filament retraction works and increase or decrease the retraction length.
This Site Uses Cookies
This site, like many others, uses small files called cookies to help us improve and customize your experience. Learn more about how we use cookies in our cookie policy.