"Oh look at these wonderful Chinese 3D printers, they're legitimately ahead of the Western competition and so much cheaper."
They DDOS the competition, steal intellectual property, violate software licenses, and catch fire.
"Oh look at these wonderful Chinese electric cars, they're legitimately ahead of the Western competition and so much cheaper."
Early on this seemed a pretty simple case of corporate misbehavior, but as with most issues that blow up on social media as cartoonishly simple battles between Good and Evil, additional details reduce that comfortable clarity. Since the service Bambu Studio connects to isn't required to run the software, their claim that keeping the service proprietary doesn't violate the AGPL might be valid after all. This would justify their objection to Jarczak publishing a fork that connects to the service without authorization.
I doubt that this will change the main discussion tho. No amount of information matters when people only glance at an issue long enough to swipe left or right and keep doomscrollin'.
But how the slicer connects to their propriatry cloud service is under the AGPL. That is the part that has been copied.
Due to the original Slic3r software being AGPL and Bambu studio being a copy of Slic3r it is also under the AGPL.
So Jarczak has only copied code that is under the AGPL. As mentioned in the article, the only bit of security bambu had was a name in the commands sent saying that the command came from Bambu Studio, it wasent encrypted, it wasent locked down it is right there in the code.
Now, Bambu could change their security to have a proper auth handshake with the cloud services, that would lock this method off because it wouldnt matter if the code is out in the open for all to see, you would still need to log in. But Bambu didnt do this, they just tried to legally gag someone instead.
That is why people are up in arms.
Sorry, I misstated the article - yes, what Jaczak modified or forked seems to be a networking plugin. What I get out of the article is that Bambu says the plugin is "separately delivered" software which they claim means it doesn't fall under the AGPL. The way I interpret it is that there's an unresolved dispute whose technicalities I don't know enough about to have originally taken Jarczak's side on. Maybe you do but for now I'm going back to being neutral. I agree putting pressure on the guy if they have no grounds for it is wrong - if that's what they did.
It is kind of amusing how, "You guys are knee jerking your reactions instead of looking at the issue carefully" gets the knee jerk upvotes here.
i have a bambu ps1, bought last December, I've only used it in LAN with orcaslicer, should i get rid of her? I've never used bambu app
With the new A1 catching fire issue it's not unreasonable to consider their engineering flawed and dangerous. Reason enough...
Not paywalled link
MVP doing god's work!
GOAT
I'm surprised this isn't a bigger part of the story.
Bambu's authentication is just the client saying "I am Bambu Studio". The server completely trusts that with no additional authentication.
It's like setting up a website with a user login, and if someone puts in "admin" in the username field without a password, the system says "sounds good" and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can't believe they're using their stupidity as an argument.
Important to note that the license they release their software under explicitly allows users to do exactly that
Man I was looking at one of the Bambus to supplement my old Monoprice Maker Select. I was hoping to something with less fuss.
Flashforge AD5X
bought it recently, really happy with it, works completely offline without the official apps. I never once connected it to their services
Bamboo started going bad ages ago. This episode is just the last of a long series.
What a shit "but both sides" article.
"Bambu said they didn't do something wrong so we must take that into consideration".
It's one of the most transparent and plump "I want to hold my users hostage" in a long time.
And what a community to do it to. The FUNCTIONAL diy techie 2a hippe crowd that strives for freedom.
Like in what universe would somebody with a brain think "ah yes, let me try to pull a fast one on this group, nothing can go wrong"
I don't have a printer, but I'm well acquainted with the people who do have printers, and from all walks of life. That is not a "take it and roll over" crowd.
You might as well try to sell Vietnamese children full priced nikes.
It doesn't even cross their minds. I'm about to leave my current job together with two other seniors because our boss decided we'd turn everything into subscription products. Most of it are forks of open source software running on very basic hardware and we were doing fine with selling working solutions and support. Now every piece of hardware will be subscription based. The customers will own nothing and end up paying triple.
Our boss is baffled that we don't want to do this.
This kinda reminds me of when Sony decided to declare war against people putting Linux on their PS3s. Like, buddy, this isn't someone you can win a war against and you are wasting your time and good will trying to.
That was such a wildly stupid move. They lost a hundred million dollar lawsuit, and also inspired the hardware hacker geohot to breach the PS3s DRM for the first time. The same DRM they had crowed about for 3 years for being "unbreakable." I'm pretty sure he breached it in a week.
Turns out all the nerds just left the PS3 alone because the "other OS" option that shipped Linux with it let them do all the things they wanted to do with the PS3 already, things they bought the $800 console for. Things that sold more consoles!
They burned goodwill, lost hundreds of millions in a lawsuit, lost console sales, lost their anti-piracy talking point, and all for what? To remove easy Linux access for a few thousand niche users who were doing cool shit like making clustered super computers.
Sony had people turning their gaming consoles into SUPER COMPUTERS and instead of shouting to the rafters about how rad they were and basking in some reflected glory, they decided to fuck with them instead.
Idiots, but not a big surprise from the "let's hide rootkits on audio CDs" people.
And many people warned exactly this would happen. Bambu introduced a closed system into an open source hobby and the parallels to home ink printers were pointed out immediately by the community. Bambu essentially announced this would happen. I‘ve been saying this for years.
yeah, a lot of PR effort for Bambu while the reality is slightly different.
An example: they say: we didn't patch the security hole (the user agent "chech") because the user experience would have been affected blablabla...
Well, they introduced this security hole on linux BECAUSE they deployed the new mandatory network "plugin" (that you are forced to use because: it's automatically installed and it's mandatory to print even locally) without providing a working solution for all their linux customers when deploying it.
Yes! They didn't implement a real authentication solution for their own linux implementation AND they didn't answer to their linux customers who had the software broken for MONTHS.
And them providing this user agent hack solution months later allowed anybody to understand how it worked without retro engineering their network plugin (something the article forgot to mention but it was the main attack vector of bambu against the developer threateninghim to go to federal jail, something they also forgot to mention).
Great user experience mindset here. Breaking their printer to introduce a mandatory connectivity plugin (reminder: linux is officially supported on the marketing pages) and threatening those who try to fix it using just what the license allows them to do.
I suspect the DDOS attack they had on their cloud service is more linked to their change of mind regarding this mandatory network plugin.
It could be all the linux client trying to download their network plugin but failing and retrying in loop. That wouldn't surprise me following the user agent choice.
Or people unhappy. After all, they changed the terms of the contract after users bought the printer. Really a Dark Vader style of user experience here!
If you want to avoid this kind of amateurish/parasitic behavior, buy the original: Prusa.
I've one printer from them since many years that I upgrade each few years. Currently, I'm waiting for a sale for the upgrade kit to the Core+
Has Bambu labs considered printing and then eating a bag of dicks?
"Is It FoOd SaFe???"
3d printing community reply, probably.
So I have a Bambu printer but I don’t use it all that much. What is going on can someone give me a summary?
Classic enshitification arc. They were a fast growing startup that engineered really good printers and software. People, especially newbies flocked to them because their software was easy to use and their initial print quality was very good without any tweaking or tuning.
But they were backed by private equity, and had to start showing higher and higher returns, they started locking in users with their proprietary cloud services.
They've been locking users in more and more recently, and just a few weeks ago, threatened a user with legal action for posting AGPL code up on their own repo. The code enabled users to use their Bambu printers without needing to sign into Bambu's cloud.
Now there is a big community backlash and Bambu is having to do PR damage control.
There's talk of cloud services and apps and shit...
I only have an Ender3. Do most printers not just use a microSD card, too?
Bambu has been adding controls to their printers to force commands from your slicer to go through their servers before being sent to your printer. This had caused some stuff to stop working, like 3rd party AMS systems.
One guy forked (copied it and made his own changes to) their code and removed the restriction. Bambu didn't like that and threatened him to take it down, while accusing him of falsely impersonating them to make API calls to their servers.
The dude is like "I didn't impersonate shit, I just forked your code." Bambu's code is just a fork of other open source software, all under an open source license. So they have no authority to tell someone not to fork their code, since it's all open source licensed.
So a lot of people have banded together to push back against Bambu and are ready to take them to court if necessary. They see this as a step by Bambu to try to make their printers more restricted (only use their addons, their filament, go through their cloud, etc).
I'm surprised that people are surprised by this. Bambu has clearly telegraphed what kind of assholes they are in the past when they locked down their firmware and local APIs, so this was just expected behaviour IMHO.
Fully agree. This has been discussed for years and most Bambu costumers basically said the risk of your printer being essentially disabled by an update over night was worth it for the quality and low cost of the printer.
A part of me expects Bambu costumers to take this with dignity and move on. They knew the risks after all and are in no position to throw a tantrum after shitting on Prusa for years.
But a different part of me rejects costumer responsibility. It‘s almost always used by bad corporations to shift the blame on the little guys. I want them to fight this. To cause a shit storm that scares off other corporations from trying something similar. It‘s kind of entertaining too. I‘m not gonna lie.
costumer
You keep using that word. I do not think it means what you think it means.
Although, to be fair, there are likely some costumers among Bambu's customers, since 3D printing cosplay props is definitely a Thing.
And fuck you theverge.com for your paywall. archive
Are we against journalism now too?
There are better ways to do what you are implying. The entire FOSS movement is an example of this.
Free doesn't mean free beer.
I would say that the FOSS movement is proof that some form of payment may be required, otherwise most projects are at the mercy of subsidies from corporations.
But Jellyfin!
Jellyfin is sponsored.
Imagine wanting remuneration for time and labour.
This is a most excellent place for technology news and articles.
