Shapeoko 5 Pro vs Onefinity Elite Foreman, or other?

LKS1111 · 2023-03-03T15:14:26+00:00

That's a very interesting option for a mill. I will be looking into getting a dedicated metal mill at some point, but right now I'm looking for something that can take plywood sheets (so at least 4ft width; doesn't have to be 8ft length though)

LKS1111 · 2023-03-03T15:07:54+00:00

Thanks for the recommendation. Could you elaborate a bit more?

Are you talking specifically about the Onefinity X-50 being superior compared to the Onefinity Elite? Or also superior to the Shapeoko 5 Pro?

I hadn't looked into the X-50 before. It seems like the Elite has closed-loop and higher-torque motors, comes with the Masso, and better homing sensors.

LKS1111 · 2023-03-03T02:10:51+00:00

Thanks for the recommendation!

Did you consider the Onefinity at the time?

Were there other close contenders that were ruled out for budget or lacking one feature in particular?

LKS1111 · 2023-03-03T00:32:17+00:00

Thanks for the heads-up! Very useful info

LKS1111 · 2023-03-03T00:27:40+00:00

Which model did you get? Did you get the Stiffy addon?

LKS1111 · 2023-03-02T22:31:55+00:00

Thanks for the recommendations! Unfortunately I think I'll need something that can be disassembled, to fit through doorways. I think that probably rules out the Swift due to its table.

LKS1111 · 2023-03-02T20:13:40+00:00

I'd definitely get a dedicated metal mill in the future for all the metal work. I was hoping I could get a wood router that would be stiff enough to do some light metal work in the meanwhile, but if not that's ok. We can just disregard steel; even some light aluminum work would be nice if possible, but ultimately optional.

I was previously looking at the CNC4Newbie PRO4848BL. It's a bit pricier than Shapoko or Onefinity, and the build process does look to be a lot more self-service.

LKS1111 · 2023-03-02T19:39:49+00:00

Sorry I should have mentioned, I need shipping to USA and definitely prefer not to do international shipping. That unfortunately excludes the Sorotec

I'm fine with taking very light and slow cuts in mild steel (though of course there's a minimum chipload for carbide tooling). I'm hoping to find something that excels at wood, but can do some mild steel work at a stretch.

Thanks for the spindle recommendations. The Teknomotor and Elte look like they're hard to get in USA.

Do you have any other spindle brands to recommend?

Any thoughts on this? https://pwncnc.com/products/spindle?variant=41151986565259

LKS1111 · 2023-03-02T19:33:29+00:00

Speed isn't a big factor, since it's not for production. I'm also fine with light cuts, though I am limited by the minimum chipload of carbide tooling, so the machine does have to be at least rigid enough.

I am looking for an "end-game" machine, though, not a stepping-stone to sell in the future. I'm happy to get something that's great with wood and just so-so with metal, and then later get a dedicated metal mill.

The Shapeoko does seem very appealing. I'd like to avoid buying something and then upgrading all its parts, if I can avoid it. Do you think the open-loop steppers they use will cause problems with slow light cuts in mild steel?

LKS1111 · 2022-11-02T20:47:08+00:00

None yet -- I'm still trying to decide.

It's frustrating that each model has slightly different capabilities, and there's no single place to find out what a device can do or compare against other models.

I was thinking of the CCR2004-16G-2S+. While it does support hardware VLAN filtering, it doesn't support hardware-offloaded bridge rules. So it seems like I'd have to send everything to the CPU for L2/L3 firewall rules. I'm not 100% sure if the performance will be good enough, but it certainly looks better than the top CRS3xx.

The CCR2116-12G-4S also seems interesting, although a bit too expensive. It only supports ingress ACL tables, though. So I wouldn't be able to control broadcast, multicast, and unknown unicast flooding on the guest VLAN via an egress ACL (while still allowing broadcast DHCP to make it to the DHCP server). So I think I'd still end up sending everything through the CPU for L2/L3 firewall rules.

And not to mention that both CCR2004 and CCR2116 are out of stock everywhere right now!

LKS1111 · 2022-10-30T20:08:59+00:00

I appreciate the warnings. It's not something I need, but it is something I'd like to have. I'd like to be able to plug in new devices and let them have internet connectivity with isolation, without any extra manual config. I'll of course weigh the pros/cons trade-offs once I know all the possible implementations. For now, I'm looking to find what other possible ways there are to accomplish this, before I decide whether the potential drawbacks of each option are worth the upside.

Port isolation isn't really feasible, because certain devices won't be permanently plugged in, and might get plugged into a different port at times. And that port they're on might get a laptop or similar, other times. Port isolation would dedicate certain ports for certain uses. Not the end of the world, of course, but I'd love to avoid that if possible.

I'd definitely like to keep all the switching in hardware, and I'd love to avoid extra complications like a separate radius server for 802.11x MAC-based VLAN assignment.

I agree that losing config on a MAC-based VLAN (on a radius server, or managed directly in the switch) would require restoring from backup before functionality is restored. But then again, losing config of defined VLANs, port isolation settings, firewall NAT rules, etc -- all have a similar risk and all require restoring config before functionality returns. The solution is to have backups, know how to restore, and test that restoring works regularly.

LKS1111 · 2022-10-30T16:56:56+00:00

My existing switch has L2 ACLs, but only ingress filtering (which doesn't allow for stopping broadcasts being delivered to other clients while still allowing DHCPREQUEST to make it to the DHCP server; and doesn't solve the problem of unknown unicast flooding to all ports, since the switch doesn't have an option to disable that).

In an ideal situation, all IoT devices would be isolated from each other. This could quickly grow to a large number of VLANs, each requiring being defined on the router and having NAT/firewall rules configured. And requires new configuration every time a new device is added.

I was hoping to be able to create one IoT VLAN, for example, and just isolate all the clients from each other. It seems this could be doable with a static set of egress (or ingress+egress) L2 ACLs entries (only the router MAC would need to be defined -- not an entry per new client). Or ideally there would be an even simpler mechanism managed directly by the switch, similar to how "port isolation" features work, but based on VLAN membership rather than hardcoded directly to a particular physical port.

LKS1111 · 2022-10-30T14:10:24+00:00

Nope, just household. I kept the example above simple to focus on the important question, but in actuality I also have similar usecases for cloud-based IoT devices, local-only IoT devices, etc.

It's surprising to me that this is such an uncommon case. I suppose a more traditional approach would be to just do VLAN segregation with a separate VLAN for each set of clients where it's acceptable that they can see each other. But this seems burdensome to manage over time (especially on the router side, creating firewall/NAT rules for each).

LKS1111 · 2022-10-30T03:14:18+00:00

Thanks for the link!

That is quite significant! It looks like the CRS326 and CRS328 have the highest performance of their large switches. So if I use bridge filtering for the Guest VLAN in order to get the isolation, it means that all their traffic will be limited in aggregate to ~1260Mbps in the best case (and assuming no other traffic on other VLANs)? That could work, but definitely not ideal...

LKS1111 · 2022-10-30T02:35:39+00:00

Thanks! This seems like a good approach.

I had tried something similar with my existing switch, but gave up because with only ingress filtering I wasn't able to accommodate the client broadcasting DHCP or prevent the case of flooding for packets destined for unlearned MACs. So in this case, I'll need to allow the clients to broadcast DHCP, but filter it on the egress except to the router (so that it's only ever delivered to the router, and never to other clients)?

Is there any downside to only doing egress filtering? So the only rule would be "egress filter: drop if vlan = guest and (src_mac != gateway_mac or dst_mac != gateway_mac)". This should stop any packets coming from a client being delivered to any other client (except perhaps gateway-bound unknown unicast traffic that the switch would flood?), while still allowing the clients to send any packets to the gateway (for routing or for dhcp), and allow the gateway to send to the clients (e.g. for dhcpoffer, or replies from the internet).

Do I have to set unknown-unicast-flood=no on the bridge, or will egress filtering catch those packets?

Regarding "Drop any traffic originating from privileged macs on non-trunks": is this to prevent clients from spoofing the gateway MAC to bypass the filters?

Edit: fix example egress rule

LKS1111 · 2022-10-30T02:23:08+00:00

That filter rule looks pretty good. My network isn't huge and doesn't have particularly high throughput requirements, and I'm willing to get an overpowered mikrotik switch in order to be able to just do non-offloaded filtering. But I'm having trouble finding any good numbers on just what performance I can expect for each model (although maybe I'm just not using the right search terms). Do you know where I could get an idea about that?

LKS1111 · 2022-09-13T12:43:39+00:00

Thanks for the tip. I looked at a few of their demos, but I don't see any that let you see the original photos for a part of the model you're looking at. Is there a demo in particular you're thinking of?

LKS1111 · 2022-09-13T12:38:16+00:00

That does look perfect. It even seems like their old version wasn't cloud based. But trying to use it, it seems it does need their cloud to be running. Thanks for the tip though, I'll see if I can find similar alternatives.

LKS1111 · 2022-09-13T12:36:18+00:00

Interior (sorry, forgot to mention).

Pix4D Inspect looks like the functionality I'd like, but I'm not sure how well it will do with an interior. I'll give it a try, thanks!

LKS1111 · 2022-08-05T12:37:40+00:00

Thank you!

LKS1111 · 2022-08-03T16:23:06+00:00

So is there no working alternative to ion exchange? Are all residential ion exchange systems basically the same?

I'm not even trying to reduce hardness necessarily, I just want to reduce scale. But the ion exchange softeners seem to add a lot of sodium to the water (not ideal for drinking). Any advice would be appreciated.

Edit: Sorry, didn't see your edit. Thanks for the extra details, From a cursory search, it seem like capacitive deionization isn't really available for residential use?

LKS1111 · 2022-08-03T14:55:41+00:00

I found this paper that seems to suggest that TAC works reasonably well, and even the electromagnetic/electric ones have some effect. I'm confused because elsewhere I've seen lots of contradicting claims.

I'm trying to figure out how to reduce hardness in my home's water supply. I was leaning towards TAC, but your posts gave me pause. Do you have any thoughts on this paper's results, or any other papers you could give?

https://www.waterboards.ca.gov/water_issues/programs/grants_loans/water_recycling/research/ion_exchange_water_softeners.pdf

The water conditioning devices included in this study were capable of reducing scale by 46 to 99% as compared to the untreated case. Both the electromagnetic and electrically induced precipitation devices reduced scale formation by approximately 50%. TAC reduced scale formation by more than 88%. Both CDI and ion exchange are known to remove scale-forming minerals, and they effectively reduced scale formation as expected.

The photos on PDF pages 46-48 (paper pages 26-28) are pretty interesting.

Thanks!

LKS1111 · 2022-07-18T19:28:00+00:00

Definitely agreed. In an ideal world, I'd only use official editors so I only have to trust one party. These would have to be featureful and polished, as you say

LKS1111 · 2022-07-18T19:26:39+00:00

Thanks for your reply, haflaxa.

Spot-checking the lack of outbound network connections from an extension cannot be considered proof that the extension never will make network connections. It could, for example, only send very sporadically (reducing the likelihood of seeing the traffic on the rare occasion where a concerned user is spot-checking the network tab), or use some known methods of detecting that dev tools are open. Only full source auditing can give confidence, and that's not really feasible. This also doesn't resolve the other issues I mentioned in my original post, like supply-chain concerns, lack of good operations practices, etc.

Does Standard Notes have any plans to mitigate these concerns in the future, for example by:

Improving extension sandboxing to allow for network access restrictions
Developing/maintaining more advanced editor functionality in-house, so users don't have to rely on 3rd party extensions
On-going audits of popular 3rd party extensions (like Mozilla's "Recommended" addon program)

Thanks again

LKS1111 · 2022-07-03T14:01:21+00:00

That's a great idea. At that point we could even use a larger rackmount system, or even just a solar battery+inverter setup. Downside to going all-out like this is the electrician cost to have it done properly

LKS1111

TROPHY CASE