Jarczak’s fork crossed the line by injecting falsified identity metadata into its network communication. “In simple terms: it pretended to be the official Bambu Studio client when communicating with our servers.”
If it’s easy enough to get access to your cloud infrastructure by just changing some metadata about the connection, then you really should re-think your authentication systems. If I were to publish the exact model and pinning of the lock on my house, it would be silly of me to be mad that someone used that to make their own keys.
The DMCA is literally written in a way that they could write “DO NOT USE” in a text file and include it with firmware and claim that using the firmware Ina way they didn’t like was “breaking a digital lock”
Honestly I’m perfectly fine with the DMCA just being entirely revoked at this point. It has enabled more bad than it has done good, even when things went “right”
They’re claiming that forking their open source code and using the user agent in it unchanged is “impersonation”. And the only reason that might be an issue is because Section 1201 of the DMCA makes it illegal to break any digital lock, even if it’s a shitty one. Whether this even counts as a lock is up for debate in my opinion, but that doesn’t stop people from getting sued and owing lawyers money.
If you share the lock and the key with the public and tell them (via AGPL copyleft open source license) they may use, share, modify it (or not), etc with no penalty, and they even give you the secret knock, i can’t in any way see how that’s breaking a lock.
I dunno. Plenty of people have gotten in serious trouble for just accessing publicly reachable data and systems. And this was without identifying themselves as someone else or acting as someone else.
I wonder if the courts would agree with you. I don’t think “your lock was shitty” will hold up in court.
Maybe this is one of those cases where every single user of the software is liable since they are the one accessing the computer systems? But the software creator isn’t? I dunno.
This is just a comment on accessing computer systems. Not a comment on 3D printers or Louis.
The impersonating metadata Bambu refers to is AFAIK only the User-Agent header in the request, and the forker didn’t “inject” or “falsify” anything, they just used that part of the open source code as it was provided by Bambu.
I’ve just been listening to the Origin of Consciousness in the Breakdown of The Bicameral mind and your username is a word I had to learn in the process.
If it’s easy enough to get access to your cloud infrastructure by just changing some metadata about the connection, then you really should re-think your authentication systems. If I were to publish the exact model and pinning of the lock on my house, it would be silly of me to be mad that someone used that to make their own keys.
The DMCA is literally written in a way that they could write “DO NOT USE” in a text file and include it with firmware and claim that using the firmware Ina way they didn’t like was “breaking a digital lock”
Honestly I’m perfectly fine with the DMCA just being entirely revoked at this point. It has enabled more bad than it has done good, even when things went “right”
what good has DMCA done???
There are even supposed to be safe harbor protections, but the reality is that individuals don’t have the legal resources for it to matter.
What, are they claiming the user agent their application uses is copyrightable IP?
They’re claiming that forking their open source code and using the user agent in it unchanged is “impersonation”. And the only reason that might be an issue is because Section 1201 of the DMCA makes it illegal to break any digital lock, even if it’s a shitty one. Whether this even counts as a lock is up for debate in my opinion, but that doesn’t stop people from getting sued and owing lawyers money.
If you share the lock and the key with the public and tell them (via AGPL copyleft open source license) they may use, share, modify it (or not), etc with no penalty, and they even give you the secret knock, i can’t in any way see how that’s breaking a lock.
But they said don’t use the key or the secret knock, otherwise they’ll write a blog shit talking you.
So if there is a legal battle, this would likely be the crux of their argument. Good to know.
I dunno. Plenty of people have gotten in serious trouble for just accessing publicly reachable data and systems. And this was without identifying themselves as someone else or acting as someone else.
I wonder if the courts would agree with you. I don’t think “your lock was shitty” will hold up in court.
Maybe this is one of those cases where every single user of the software is liable since they are the one accessing the computer systems? But the software creator isn’t? I dunno.
This is just a comment on accessing computer systems. Not a comment on 3D printers or Louis.
The impersonating metadata Bambu refers to is AFAIK only the User-Agent header in the request, and the forker didn’t “inject” or “falsify” anything, they just used that part of the open source code as it was provided by Bambu.
I’ve just been listening to the Origin of Consciousness in the Breakdown of The Bicameral mind and your username is a word I had to learn in the process.