Not paywalled link
GOAT
I’m surprised this isn’t a bigger part of the story.
Bambu’s authentication is just the client saying “I am Bambu Studio”. The server completely trusts that with no additional authentication.
It’s like setting up a website with a user login, and if someone puts in “admin” in the username field without a password, the system says “sounds good” and lets you in. And then the website owners getting mad that someone hacked their system.
Blatant incompetence. I can’t believe they’re using their stupidity as an argument.
Important to note that the license they release their software under explicitly allows users to do exactly that
Man I was looking at one of the Bambus to supplement my old Monoprice Maker Select. I was hoping to something with less fuss.
Bamboo started going bad ages ago. This episode is just the last of a long series.
So I have a Bambu printer but I don’t use it all that much. What is going on can someone give me a summary?
Classic enshitification arc. They were a fast growing startup that engineered really good printers and software. People, especially newbies flocked to them because their software was easy to use and their initial print quality was very good without any tweaking or tuning.
But they were backed by private equity, and had to start showing higher and higher returns, they started locking in users with their proprietary cloud services.
They’ve been locking users in more and more recently, and just a few weeks ago, threatened a user with legal action for posting AGPL code up on their own repo. The code enabled users to use their Bambu printers without needing to sign into Bambu’s cloud.
Now there is a big community backlash and Bambu is having to do PR damage control.
Bambu has been adding controls to their printers to force commands from your slicer to go through their servers before being sent to your printer. This had caused some stuff to stop working, like 3rd party AMS systems.
One guy forked (copied it and made his own changes to) their code and removed the restriction. Bambu didn’t like that and threatened him to take it down, while accusing him of falsely impersonating them to make API calls to their servers.
The dude is like “I didn’t impersonate shit, I just forked your code.” Bambu’s code is just a fork of other open source software, all under an open source license. So they have no authority to tell someone not to fork their code, since it’s all open source licensed.
So a lot of people have banded together to push back against Bambu and are ready to take them to court if necessary. They see this as a step by Bambu to try to make their printers more restricted (only use their addons, their filament, go through their cloud, etc).
What a shit “but both sides” article.
“Bambu said they didn’t do something wrong so we must take that into consideration”.
It’s one of the most transparent and plump “I want to hold my users hostage” in a long time.
And what a community to do it to. The FUNCTIONAL diy techie 2a hippe crowd that strives for freedom.
Like in what universe would somebody with a brain think “ah yes, let me try to pull a fast one on this group, nothing can go wrong”
I don’t have a printer, but I’m well acquainted with the people who do have printers, and from all walks of life. That is not a “take it and roll over” crowd.
You might as well try to sell Vietnamese children full priced nikes.
It doesn’t even cross their minds. I’m about to leave my current job together with two other seniors because our boss decided we’d turn everything into subscription products. Most of it are forks of open source software running on very basic hardware and we were doing fine with selling working solutions and support. Now every piece of hardware will be subscription based. The customers will own nothing and end up paying triple.
Our boss is baffled that we don’t want to do this.
This kinda reminds me of when Sony decided to declare war against people putting Linux on their PS3s. Like, buddy, this isn’t someone you can win a war against and you are wasting your time and good will trying to.
That was such a wildly stupid move. They lost a hundred million dollar lawsuit, and also inspired the hardware hacker geohot to breach the PS3s DRM for the first time. The same DRM they had crowed about for 3 years for being “unbreakable.” I’m pretty sure he breached it in a week.
Turns out all the nerds just left the PS3 alone because the “other OS” option that shipped Linux with it let them do all the things they wanted to do with the PS3 already, things they bought the $800 console for. Things that sold more consoles!
They burned goodwill, lost hundreds of millions in a lawsuit, lost console sales, lost their anti-piracy talking point, and all for what? To remove easy Linux access for a few thousand niche users who were doing cool shit like making clustered super computers.
Sony had people turning their gaming consoles into SUPER COMPUTERS and instead of shouting to the rafters about how rad they were and basking in some reflected glory, they decided to fuck with them instead.
Idiots, but not a big surprise from the “let’s hide rootkits on audio CDs” people.
And many people warned exactly this would happen. Bambu introduced a closed system into an open source hobby and the parallels to home ink printers were pointed out immediately by the community. Bambu essentially announced this would happen. I‘ve been saying this for years.
Not exactly. You can use any filament (analogous to the ink) and they have said they won’t limit that. They have rfid tags in the filament but the printers without AMS don’t even have the ability to read it.
Until they go back on that I don’t really mind them. I don’t want to use other slicers etc. I didn’t buy this printer as a tinkering project but to print stuff and at that it really is very good.
I mean I really wish they were more open but I didn’t buy this printer because I thought it was open. I bought it knowing it was not. I’ve had many printers over the years and I’ve always hated having to mod them to make them usable. I just want it to work out of the box and Bambu is the first one I’ve had that really delivered on that.
I’m not a fan and I’ll move to other brands when I can (my latest printer is a snapmaker) but I think they do still offer good value for money.
I didn’t buy this printer as a tinkering project but to print stuff and at that it really is very good.
There are plenty of other printers that do this. Prusa, Creality, Flashforge, Anycubic. Plenty of slicers available. I don’t know why you’re pretending Bambu is necessary, or like it’s the only option.
Any time I find print files online that are in .bgcode format, I’m like “seriously…”.
I usually slice projects myself anyway because I don’t use PLA, but it’s just kinda lame to post a project online using the only closed source format that only works with one kind of printer.
Plus, there’s the whole spontaneous combustion issue…
I’m not saying it’s the only option but it’s a good option for the price if you just care about printing stuff.
And the options you mention aren’t real alternatives. For €180 my A1 mini is really great value, and so was my P1S. I haven’t seen anything that comes close to the print quality and printer design for a similar price. An ender would be of similar price but it looks like a science project and it’s not nearly as capable without a lot of manual tuning and upgrades.
Prusa is way too expensive for me. Anycubic and Creality are cheap Prusa knockoffs that need a lot of tuning to perform well. We have a lot of CR-10s and Enders in the makerspace but they’re always out of order for maintenance or some upgrade.
And regarding the slicer I really don’t care which slicer I use. It just has to do its job.
If you “just care about printing stuff” then why would you go with the walled garden that relies on userlocks, proprietary formats, and forced network connectivity to function? Not to mention the fire risk and rug pulling…
Anycubic and Creality are cheap Prusa knockoffs that need a lot of tuning to perform well.
My kobra prints fine. .16mm layer height by default (in OrcaSlicer), but it can go down to .08mm just with the default .4mm nozzle. I haven’t experimented with anything smaller, but so far I’ve had no issues. The precision and speed is remarkable, and I can calibrate, print, and do everything I need to do entirely offline.
There was no manual tuning or upgrades required, it showed up, assembled easily, and has been plug-and-play since. Yes, there’s an option to upgrade because of it’s modular design but that by no means means that it’s required. I can retrofit it to print with 16 different filaments, but I’m fine with the default of 4.
And regarding the slicer I really don’t care which slicer I use. It just has to do its job.
If you don’t care which slicer you use, then why would you go with the only one with a proprietary format that locks you into a walled garden? That’s some really weird logic…
If you “just care about printing stuff” then why would you go with the walled garden that relies on userlocks, proprietary formats, and forced network connectivity to function? Not to mention the fire risk and rug pulling…
Because I don’t care about the walled garden. The only thing I would mind is locking down filament but they don’t do that. So these things aren’t a negative to me. Not a positive either, just a neutral.
That Kobra looks nice, all the Anycubics I’ve seen in our makerspace are all the old ones that are basically Prusa Mk3 knockoffs. And it’s affordable, it looks basically like an A1 but with 4 colour printing without the ams. Nice! I’d consider that for my next printer.
Bambu was the one company I oped to be wrong about when first seeing them. But their communication smelled “we are your future” from the beginning. :(
yeah, a lot of PR effort for Bambu while the reality is slightly different.
An example: they say: we didn’t patch the security hole (the user agent “chech”) because the user experience would have been affected blablabla…
Well, they introduced this security hole on linux BECAUSE they deployed the new mandatory network “plugin” (that you are forced to use because: it’s automatically installed and it’s mandatory to print even locally) without providing a working solution for all their linux customers when deploying it.
Yes! They didn’t implement a real authentication solution for their own linux implementation AND they didn’t answer to their linux customers who had the software broken for MONTHS.
And them providing this user agent hack solution months later allowed anybody to understand how it worked without retro engineering their network plugin (something the article forgot to mention but it was the main attack vector of bambu against the developer threateninghim to go to federal jail, something they also forgot to mention).
Great user experience mindset here. Breaking their printer to introduce a mandatory connectivity plugin (reminder: linux is officially supported on the marketing pages) and threatening those who try to fix it using just what the license allows them to do.
I suspect the DDOS attack they had on their cloud service is more linked to their change of mind regarding this mandatory network plugin.
It could be all the linux client trying to download their network plugin but failing and retrying in loop. That wouldn’t surprise me following the user agent choice.
Or people unhappy. After all, they changed the terms of the contract after users bought the printer. Really a Dark Vader style of user experience here!
If you want to avoid this kind of amateurish/parasitic behavior, buy the original: Prusa.
I’ve one printer from them since many years that I upgrade each few years. Currently, I’m waiting for a sale for the upgrade kit to the Core+
Once I got all I can from it, my upgrade from A1 Mini is gonna be Prusa lol, should have aten the price difference at first.
Yes they are expensive but the fact that you have an official (and supported) upgrade path possible for my little printer bought more than a decade ago is really recommendable. And I love mounting it myself. You learn a lot about the product during this process.
retro engineering
The practice of hacking old electronics?
ha yes, it’s retro in my native tongue but reverse in English. Well, I keep it because i find this mistake funny :)
nEuTrAl JoUrNaLiSm
Has Bambu labs considered printing and then eating a bag of dicks?
“Is It FoOd SaFe???”
3d printing community reply, probably.
I’m surprised that people are surprised by this. Bambu has clearly telegraphed what kind of assholes they are in the past when they locked down their firmware and local APIs, so this was just expected behaviour IMHO.
Fully agree. This has been discussed for years and most Bambu costumers basically said the risk of your printer being essentially disabled by an update over night was worth it for the quality and low cost of the printer.
A part of me expects Bambu costumers to take this with dignity and move on. They knew the risks after all and are in no position to throw a tantrum after shitting on Prusa for years.
But a different part of me rejects costumer responsibility. It‘s almost always used by bad corporations to shift the blame on the little guys. I want them to fight this. To cause a shit storm that scares off other corporations from trying something similar. It‘s kind of entertaining too. I‘m not gonna lie.
costumer
You keep using that word. I do not think it means what you think it means.
Although, to be fair, there are likely some costumers among Bambu’s customers, since 3D printing cosplay props is definitely a Thing.
That’s actually one of the big reasons I’ve considered getting a 3D printer. It would make prop-making so much easier. I’m decent enough at carving and sculpting stuff. But carving mistakes can be costly if you accidentally remove too much material. But with a 3D printer, you can see your end product on screen and verify it looks the way you want. And then (assuming the printer is correctly set up) it is just… Done.
I like my Bambu printers but I’m not shitting on Prusa. They do a good job. They’re just too expensive for me.
I don’t know. I switched jobs somewhat recently (sw development, tech sector) and my new set of colleagues are all Bambu shills. This sort of stuff apparently doesn’t have the reach it should.
Some people really enjoy living in walled gardens I guess. But when I see people like GamersNexus who were considering a large order of Bambu printers are now ticked off by this they really should’ve known better.
And fuck you theverge.com for your paywall. archive
Are we against journalism now too?
Imagine wanting remuneration for time and labour.
I accidentally bypassed the paywall by clicking one of the links to a different article (the “Go fuck yourself, Bambu” link to GN) and then clicking the back button. When I landed back on the Verge article, the “subscribe to the verge to continue reading” message was gone and I had the full article text.
Only worked once tho, I just tried to do it again and I still get the “subscribe” message now.
The fact that they have a history and are now more committed than ever to locking down hardware that they don’t own is ridiculous. Fuck bambu.
I was looking at a mini a1 recently. What’s an alternative?
Prusa MINI
Elegoo Centauri Carbon 2
Anycubic Kobra S1
Qidi Tech Q2
Creality has gone IPO and AI, aka down the same path as Bambu. Maybe an old reliable used ender 3, but I wouldn’t but anything new from them.
Speaking of, plenty of old reliable mk3s out there.
Yep grab a mk3s from FB marketplace for like $200 and print like mad.
Very happy with my Anycubic Kobra S10 + ACE. I chose it because I knew I could use open source software if needed and even the stock software works purely over LAN when needed.
You could look into the Ender 3 V3 SE. I don’t know what your needs are, but it will probably work.
Just something tiny, inexpensive, beginner oriented and no drama
The newer ender printers are definitely less drama than the older ones. Unless you go higher end with them where they have bed leveling and more sensors I’d recommend something more plug and play.
Big fan of Prusa.
Voron Micron or Salad Fork kit.
I’m always a supporter of qidi, though for my next rig I’m going to go full diy.
I use Arch, btw.
I’ve been looking at getting a Sovol, specifically the SV06 Plus ACE.
I wonder what others think about them compared to some of the other options mentioned.
I have a Sovol. They work, but they take more care and feeding. The quality of life features from some other brands aren’t there. I hardly use mine because actually getting it dialed in to get a good print is a pain in the ass.
But they’re also very hackable.
Archived link: https://archive.is/p6ufq
Archive.is is sketchy
I did not know…what’s sketchy about it?
It scrapes authors’ work and reproduces it for other people at a profit. Lemmy users have a problem with that if you also say the word AI.
Oh and it’s a DDOS attack vector.
And has apparently been caught modifying archived pages.
@floofloof and for that I dont update my bamby for over a year now…
I have to say that I love the reliable on my prints compared with the printer that I had before, but I am ready to search for anlther brand in the future… unfortunetely I dont think I am theyr target customer, I probably make part of the group that they test things on to get to a broader audienceVerge let me read the article, but then after i clicked a link to one of its sources, it wouldn’t let me continue reading… Useless.
Works with 3rd-party JS and frames disabled. Archive should work?
