What I don't get...BambuSlicer is open source. And, not only is it open source, it's a fork of PrussaSlicer, so Bambu doesn't have the ability to re-license it.
It's licensed under the Affero GPL which is very strict about the licensing of derived works. That license requires Bambu to include the source code to any additions they make, including all of the logic, keys, etc. that they're baking into any binary distributions. If they don't, they're violating the copyright rights of Prussa and many others.
So, either Bambu has to open source all of this, which defeats the purpose (given that it's already leaked, that's gonna happen anyway) or they have to route everything through a separate program for their own slicer.
I don't know AGPL well enough to know if a plugin is considered a derived work but it sure seems to imply it:
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
I am angry at the bait-and-switch Bambu is pulling. I bought one of their printers in the Black Friday sale on the understanding it was reasonably hackable and open. Now they're trying to lock it down so I can't print on my own printer without using their approved software and DRM chain. It's outrageous.
bait-and-switch? We, those who advocate for open source 3D printers, saw it coming from miles away. This has very very clearly been their plan all along, they themselves said as much (e.g. they are doing the "apple model"). They have been very transparent about this, yet people still fell for it.
I bought a printer. It had some stuff. I didn't want that stuff to be gone after I bought it. That's a bait-and-switch, because they didn't explicitly say "be aware, that stuff is going away on Jan 2025".
I don't know how I feel about this. I hear your frustration about this. OTOH, Bambu is a walled garden approach. I also know the Prusa Core 1 is going to be less open to keep the cheap aliexpress knock-offs at bay. This could be an issue with Bambu labs as well if cheap knockoffs start appearing using reverse engineered P1Ps with modified P1P firmware.
They never officially supported compatibility with Orca, or Home Assistant. Vendors break compatibility with unsupported stuff all the time. Don’t make purchase decisions on unsupported features if you’re gonna get all bent out of shape about it.
Sorry to potentially pour oil into fire here, but I'm curious: did they really?
"Officially support" printing without internet connection?
Was this explicitly documented as a feature or did this just "happen to work" as you expected?
A lawsuit may have some leverage to find that something could have been "reasonably expected" to work in a certain way, but that's quite uncertain territory.
i.e. I would expect an Apple Watch to also work with Android Devices, but this was never officially supported by Apple and it's arguable whether it was reasonable for me to even expect this.
My toilet doesn't officially support crapping without an internet connection either. I'd argue that in both cases it's implicit unless very explicitly disclaimed.
I mean, as a snarky hyperbole about how ridiculous consumer products have become, sure. In reality, I would be very surprised if Oral B decided I needed Internet access to use my toothbrush.
Yes, "lan mode" is an officially supported advertised feature, where you can happily print on an isolated network. (though as of this morning it now sounds like they're backing off after public backlash)
Well yeah if you're not using LAN you're using WAN which means internet. But the option is there to use either one if you want, or even just put a physical SD card into the printer directly if you want, no network needed at all then, LAN or WAN.
Yes, the default workflow on the product is that all prints go via their cloud service. For the first year or two of the X1C's existence this was the only way to print, but they later introduced lan mode.
Leading to obvious speculation as to why they have stuck themselves processing megabyte g-code streams between your desktop and the printer on the same network...
But since cloud use is optional anyone with the security/reliability/longevity concerns just don't have to use it.
Personally I don't see the cloud stuff as providing any value at all though I know people whose kids print stuff from their makerworld site via their phone app that consider it useful.
I have absolutely no insight into their operations or requirements, but when I see someone forcing traffic to their servers, I immediately think they’re looking for metadata, or training NN models on your data. NN generating 3D models is pretty valuable at the moment, and taking users data to train models without informing them is for some inexplicable reason considered ok even by many people that get foaming-at-the-mouth-mad over other privacy violations. Like I said, I’m just spitballing and have no knowledge of this operation, but it would give me pause before using it as a professional 3D artist.
This is the Google model then. Base everything on open source, even allow unofficial builds of your operating system (LineageOS, Graphene), but slowly introduce more and more device attestation and DRM so it becomes de facto impossible to actually use anything but the closed builds because everything from banking apps and electronic identification apps to streaming apps will refuse to run on your "unsafe" operating system.
Currently the only thing which won't run on a non-google blessed android build is google wallet, although a lot of applications rely on google's proprietary services exposed through google play.
I've not ran into any banking applications which won't run on a non-google build of android (as then they would only run on a pixel). That being said, I refuse to seriously bank with any bank which doesn't offer a functioning website. My main bank offers an app but you have to wholesale switch to it.
This is false. List of apps which refuse to run on my old OnePlus 6 which I revived with LineageOS:
- Danish national identity app (MitID). I had to get a hardware token that generates one-time passwords.
- My banking app (still works in the browser though).
- The de facto payment app used for peer-to-peer payments and as a credit card alternative all over Denmark (MobilePay).
- The app for controlling the heating system in my car.
- Revolut.
- The app for showing a digital version of my government issued health insurance card. It's literally just a barcode and a number, so I can get by using a photo of the card instead. This underlines the ridiculousness of requiring Play Integrity attestion.
- The app for showing a digital version of my driver's license. As a bonus this app also doesn't work if you have set your default browser to Firefox instead of Chrome, even on a non-rooted phone.
On top of this, one app for scanning goods in the supermarket stopped working, but without explicitly saying why. I suppose it just silently depends on some Google service, but I have not way of knowing that.
I also cannot get Chromecast to work, but that is perhaps to be expected when replacing the Google services with microg, and not strictly a result of DRM. It is a major inconvenience though.
Denmark is one of the most digitized countries, and in many ways that is good. However, it also means that you are increasingly coerced into the whole Google/Apple ecosystem and that it is very hard to get out. Luckily there are alternatives to all of the above apps, but it is a major inconvenience to have to use them.
I don't know much about LineageOS but GrapheneOS supports attestation (albeit with its own keys) and it works for all the banking apps I have had the displeasure of using here in the UK including revolut.
If LineageOS did support those APIs (which it can support if it wanted to, without any blessing from Google) then presumably most if not all of those should also work.
Try GOS and see if it's broken there. If it works on GOS then you can shout at google for ever exposing the attestation APIs but the apps you're complaining about aren't actually abusing attestation in the way you claim, LineageOS is simply choosing not to implement the features they rely on.
Pretty sure this also requires the banks to then accept those attestation keys. Graphene pushes for them to do this, so you can't simply run whatever open OS you want on your device (like on desktop where you can also do online banking), you need to specifically use some third party service that then tells the banking software it's really okay to run on your device. I do find this to be a bit crappy, but at the same time it's quite amazing that Graphene has enough traction to convince many app vendors they should support an open/secure OS!
Do you have the sandboxed Play Services installed? It works fine for me on Graphene (just checked).
That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Then you're free to keep your personal phone FOSS and as private as you like, without fear of getting locked out of important stuff due to a crappy Google® SafetyNet® upgrade.
> That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Anything which doesn't support an alternative method (not involving a proprietary blessed google phone) of management should be illegal if it's government related and should be boycotted if it's not.
I certainly agree with the sentiment (I would trust-bust tech giants, and severely restrict advertising as a whole for being a negative-sum game).
Nevertheless, for living in this world while preserving your privacy, my advice stands. Separate the devices that you control, which you will use for personal and private purposes, from the devices that global corporations and institutions control, which you will use to access the services those institutions provide - services which, by definition, you would not control anyway.
It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
(FWIW, I lived in three different European countries over the past decade and so far the governments all offered TOTP-based web alternatives to their apps. When it comes to private banking, only one (Lunar) was available only via app, but it was also the only one that ran without Play Services.)
> It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
What I am saying (and what I do) is that it's far simpler still to just not rely on anything where this might be the case.
If my bank turned around tomorrow and said I can't use their website to manage my account, I would not attempt to get their app working on my phone, I would switch bank.
Anything that depends on the SafetyNet API will not run if your android build does not pass the checks, the list is much much bigger than "just google wallet". Whether a rom passes safetynet or not very much depends on what google considers blessed today, and what they will consider blessed in the future.
None of the unofficial Android builds allows me to access to the secure element in my SIM card to use my e-signature, which works with SIM menu prompts triggered OTA by the application I'm currently using, mostly governmental services.
If I'm on a custom ROM, the notification never pops up.
You have to have evidence that this is because of attestation, though - lots of open source software is missing lots of features because they are just missing features.
It's not an attestation problem, but a trusted pipeline problem. Yes, the required files are missing, but carrying them from official builds doesn't work either, because all pipeline from modem to kernel has to be signed, and the chain breaks somewhere, and you can't build it without the private keys Google/OEM has.
It's like Trusted HDCP pipeline. Every part has to be signed properly, and no open distribution of Android can do that, period.
SIM services is an integral part of the GSM stack, and all custom ROMs I used had SIM services menu, and I was able to see and utilize the functions in the menu, sans the ones requiring accessing the secure element.
There was one missing file (which I don't remember its name now, it's long gone), but I always carried over that one from the official ROM (same Android version, mind you), but while everything still worked, this was not enabling me to use the secure element based SIM services (namely e-signature).
The problem was not "not being able to access secure element", it was visible, but making it do (secure/verifiable) things, which require an "operator message" to trigger the right process on the phone. Even if the system which I'm trying to login said that the process should start, the phone just didn't respond/started the e-signature process. In my country, if your SIM is blocked for any reason from using these services (e.g. when you change your SIM and not-activate e-sig again), you SHALL and WILL (in RFC sense) get a message detailing what went wrong.
Again, the moment I flashed the original image, secure element based SIM services started working, I didn't need to do anything on the other side. Different ROM, it's working. Flash the custom one, reboot, it's gone. Add the required files back, no luck. That simple.
BTW, I was not mad that it was not working. It's a legally binding wet signature equivalent. I don't want that pipeline to be peek/poke enabled.
And they have plenty of experience building walls around a garden. Ask anyone using OSX for the past 15 years and you will see how difficult it has become to write or publish software for Apple.
Alternate description of the same information: “newer upgrades made older devices batteries’ last longer”
They did nerf speed. But they did it for a reason. I get being mad about your phone being slowed down, but i don’t get being mad about it once you understand why.
> They did nerf speed. But they did it for a reason.
That reason was to incentivize people to replace their old "slow" phones with faster new phones. If Apple actually cared about the problem of older phones having limited battery life they'd have made the batteries in their phones replaceable.
There are conflicting priorities in every product. Apple tends to optimize look and feel over practicality. So they’ve drawn a hard line at user-serviceable battery. I agree with you that’d a bad call, but I also understand that once you’ve made that call the next best option is what they did.
They are replaceable. I've replaced batteries in older iPhones plenty of times, had Apple replace the battery in a few, and I'm probably going to use the Self Service program to get the parts for my 14 Pro Max soon as it's getting a bit tired out.
I suppose that anything is "replaceable" if you're willing to involve things like soldering irons, heat guns, or specialized tools, but replacing a battery on an iphone is not something that the vast majority of the population would be equipped to do or be comfortable doing.
- Battery Management (iPhone 6, 6s, and SE): In 2017, Apple introduced a battery management feature in iOS 10.2.1 to prevent unexpected shutdowns by throttling the performance of iPhones with degraded batteries. This led to slower device performance without informing users, which is a removal of expected performance functionality.
- 32-bit App Support: With the release of iOS 11 in 2017, Apple dropped support for 32-bit apps. This meant users could no longer use older apps that had not been updated to 64-bit, effectively removing access to those apps on updated devices = You want the new OS? -> you have less functionality.
- Pulse oximetry features were recently removed from new Apple Watches due to Masimo's patent infringement claim.
> This led to slower device performance without informing users, which is a removal of expected performance functionality.
As opposed to the device unexpectedly shutting down due to a degraded battery not being able to push enough energy to support the CPU? They didn't remove expected performance, they prevented crashes which are by definition 0 performance. All Li-ion batteries degrade over time. That's not removing a feature...
Well, they DID remove expected performance by slowing CPU performance, disn't they? People who had bought these iPhones (and not the previous ones) did so also because of the promise of a more powerful CPU, a promise broken by Apple. It is removing a feature (a better CPU) and Apple knew it that's why they did it without informing users.
Just to add, they also got fined by the EU for doing so, so it was ruled to be illegal. Bambu's changes would fall into the same category of altering the product and degrading the experience after its been sold.
Just to let you know that InstaCam360 did the same on their cameras with the smartphone app.
Previously you could directly upload the 360 videos do youtube, now you need to download the film locally on the phone, then host a converted version and only after those loops you are permitted to upload.
Or you can now buy a monthly subscription and get back the feature that was already there before. Quite disappointed with this kind of behavior.
the problem is that user got no choice. Some might prefer degraded performance, others might prefer to charge their devices more often.
Also seller should have no business touching anything that they've already sold - they do might offer support, but it should be up to user to accept it or not.
Indeed; while I've not had this specific issue with the phones, I do still have a mid-2013 MacBook Air lying around (it's now too old to realistically sell), and the battery on that was so worn by the time I got an M-something to replace it that would go from "fine" to "emergency shutdown" during boot if I forgot to plug it in. And then report something like 20% if I plugged it in and immediately booted it again.
It's not like the battery is actually empty. The phone is still able to run at 40% if it limits CPU power draw. As long as the throttling curve is accurate to the battery quality, it's all upside. A slow device is better than a turned off device. And if you want to keep your phone above 40% charge so it runs faster, go for it.
The root problem was not the throttling, it was the phone's inability to run at expected speed after a couple years.
No, it was dynamic based on voltage. iPhones with worn batteries had higher performance at full battery and swapping the battery with a fresh replacement restored full performance even at low battery percentage. In fact this is how the slowdown was discovered: someone replaced their iPhone battery with a non-genuine replacement and it got noticeably faster.
Apple (IMO rationally) chose that people would prefer a working phone, one they can use to call emergecy services, for example, to a phone that just suddenly dies.
After the massive hissy fit the Internet threw (along with lawsuits), they added a switch. Now you can choose to have your phone suddenly die.
But the legend lives on that "Appple slowed down phones permanently!!" - even though the fix for that is a 40€ battery swap that takes 30 minutes in any mall phone repair shop.
If you left It hooked up to a charger, their fix would never have affected you. It only slowed down the cpu when the risk of catastrophic shutdown was imminent.
I like a toggle for features like this, but it was a pretty standard user experience / reliability choice imho.
what if you replace battery AFTER the fix was applied? you can't rollback.
again, it's about user's choice. it's not apple's device, but whoever bought it.
they shouldn't be even allowed to DECIDE which option is better. user should be able to pick whichever they want to go with.
With a new battery, the throttling goes away. The cpu throttling only kicks in if your battery condition is poor, and then only at lower charge levels where the risk of unplanned power loss is imminent.
I get it, but if you’re going to accept binary blob updates from a manufacturer at all, this one wasn’t bad.
If there was a toggle, Would you really run your phone in “reckless disregard for battery condition” mode?
Because that is what this fixed, a flaw in the firmware where the power management subsystem made incorrect assumptions about the battery condition. All new phones come with this baked in and working properly, so your phone doesn’t randomly die in the middle of calls when your battery gets old.
People pitchforked over this update without understanding what it was designed to do. If your phone has a good battery, it does not throttle the cpu. It just adjusts the power management profiles to reflect battery aging.
But the way they did it was far from malicious. It only affected users who were actually in danger of an emergency shutdown, during times when the shutdown was imminent. While I don’t want anybody diddling my firmware without giving me a choice, this particular issue was really a nothing burger in the end.
It was discovered when it became apparent that replacing a defective battery made the phone faster. Seems like a standard reliability / user experience fix to me. Not
Many people would choose the “don’t adjust system power consumption to prevent unplanned shutdowns when the battery is about to fail” toggle.
No, it isn't. If the battery was broken and they knew the battery was broken, they should have informed the user the phone could be fixed with a new battery. They decided to gimp the device and not tell the user so they would be more likely to purchase a new device rather than simply fixing the old one.
Imagine Ford deciding their cars must drive at 50% their speed when the engine oil is older than 2 years and at the same time forbidding users from changing the oil.
Yet there are always people justifying these type of awful practices as better for users. These aren't, the measures are only good for business.
Ford actually does this. They have something called limp mode for when sensors detect degraded conditions. They won't honor the warranty if you clear the code manually and continue operating the vehicle.
Many cars enter limp mode for when the ECU senses a possibly damaging condition. This limits the performance and capabilities until someone with a diagnostic computer can plug it in. Many times these diagnostic computers are entirely proprietary.
I'm not saying it is justified, but to pretend that other businesses don't do this is silly.
Well, that still wouldn't reduce your car speed by 50%.
And even for that case there would be a warning on the console and a mechanic would be able to inform what is happening. On this iphone case, there was no warning at all on the device nor there was any disclosure that they would be doing this to the phones.
You know this. In either case, thank you for the ECU info.
Yes. I live in Germany, drive German cars and know the tech.
Regular service is indeed a bother. You know what I hate the most? In my oldish Mercedes it isn't even possible to change/update the hour without using a proprietary tool only available at official Mercedes mechanics. Since I refuse to pay premium cost for attending their mechanics, the clock on my car is always with wrong time.
And let's not even get into new business models like charging you a subscription to unlock the car to move faster or to unblock the heated seats. Indeed they also have quite "creative" ways to squeeze money and force to get new models.
Forbidding them from changing the oil? I personally changed my battery, I did not feel like it was forbidden.
Not even that hard.
For me, the firmware fix helped me limp through the 2 months before I finally got around to replacing the battery.
It made my phone that was flaky and unreliable below 40percent battery into a phone that worked slightly slower once the battery got low, but didn’t just randomly shut off during calls anymore.
I’d have preferred a toggle, but to be honest I doubt I’d have ever used “reckless disregard for remaining battery capacity” mode.
It was not overblown. Apple didn't disclose what they were doing or give the user the option to decide what was best for them. When a company chooses to behave that way, it should hurt them, and it did.
Apple's actions in this case were even worse than Bambu's. At least Bambu documented what the update did and offered the option of declining it.
The big difference is that none of these changes were part of a defined strategy to lock the user in to their products and ultimately generate more profit, as with the Bambu example:
- Battery management was to handle an issue that was encountered as batteries aged
- 32 bit support: Apple is well known for being one of the more aggressive companies when it comes to forcing users (and especially people coding apps for their platforms) to adopt required tech changes. But again, not directly profit-driven.
- Pulse oximetry: probably the closest to a profit-driven-decision, as this was driven by a patent issue, and presumably they calculated less of a hit from removing the feature than paying feed to the patent owner? Not great, but still not directly part of a user-unfriendly Apple-derived strategy, as with Bambu.
the keyword being _phone_, not smartphone. Bambulab too will let you print from SD card without logging in their infra, they are just locking the rest of the ecosystem. 1 to 1 analogy.
It's still a smartphone - with web browsing, mail and everything else what's available out-of-the-box. And Bambu will cut out even local network access and, as they stated in "Terms of Use", can lock print jobs until you update firmware. Far from 1:1 analogy...
They are actually adding in LAN modes (standard and developer) with these changes so I'm not sure what you're talking about with them cutting out local network access. Neither will require auth.
As the issue here came through software update, you should look at it under the same lens for Apple.
For instance did an OS update ever prevent you from doing something that you could before ?
Yes. Countless times. OS updates have breaking changes, older apps lose support etc.
And for iOS these updates are irreversible under supported ways, while the very nature of the "there's an app for this" paradigm means losing a third party app equals losing that functionality for your device when you upgrade (you won't get a translation layer or virtualization to help the transition)
You may like Apple more and feel they communicate better, but fundamentally it's the same situation.
Open source didn't compete on quality for price. I could pay 2k plus 40 hours of my time for a Voron or buy something that just works. I think Prusa only put out their CoreXY offering after they realized Bambu was eating their lunch. The Apple model works because people want to print rather than tinker.
But for 3D printers that worked out of the box under $1000, Prusa had no real competition itself.
The Mk3 came out in 2017 and I swear Prusa just sat on their laurels. I was a Mk3s+ owner (well, still am) and was pretty disappointed how little improved with the Mk4.
Bambu’s competition was Prusa and they clearly strived to improve over what Prusa had accomplished.
I wasn’t really sold on the 4/4S, but I recently upgraded a 3S+ to a 4S and am amazed how much improved. The new touchscreen LCD is a huge improvement over the old two line monochrome LCD. Remote access and wife printing is a nice plus — I don’t even run OctoPi anymore. Automatic bed leveling and no more Live Z tweaking for each sheet has been a major quality of life upgrade and eliminates one of the major pain points in swapping out nozzles. The nozzle is much easier to swap out and is now high flow. Add in Input Shaping and it prints significantly faster.
I hadn’t had any experience with the new platform prior to this upgrade and I skipped over the MK4, but the 4S upgrade is a significant step up over the 3S/3S+. I wouldn’t necessarily recommend the upgrade kit — that took much longer than expected to complete (about two days) and I regret not buying a new printer instead. But, I have a 3S I plan to upgrade to 3.5 just to get the new electronics; that upgrade is far less intensive.
If you haven’t tried out a 4S you might be pleasantly surprised by how much nicer it is than the 3S+.
Similar experience with PRUSA for me -- I had a MK3S+ (which I loved) and paid ~$250 for the upgrade to the MK3.5S. Very, very impressed, for a modest investment I now have the new color LCD, a good chunk of the MK4 features and the print speed is at least 2x improved (if not better, I haven't quantitatively measured it but it's noticeably faster).
I went for the 3.5 upgrade as the upgrade from 3S+ to 4 was almost as much as outright buying a new 4. I'm glad I did it this way because now I'm thinking of getting the CORE One and then I'll have 2 excellent printers.
Heh, whoops. Definitely a typo, but in all seriousness the printer is actually usable by wife now, so that is a huge plus. She could use it before, but hadn’t learned how to adjust Live Z and thus didn’t like changing the sheet. If you do it wrong you can drive the nozzle into the sheet.
The problem is even with Prusas recent efforts to catch up with the Core One, it's expensive, and they still dont have a viable answer to the AMS. The MMU is still a hot mess, requires tinkering, isn't stable and overall just doesnt come close to an out of the box experience.
They still seem to be thinking the primary audience of 3d printers is people who tinker. It's not been that way for a long time. People just want to be able to unbox, plug it in and print. The second you add in the "oh just spend 5 hours tweaking this spaghetti mess of an MMU" you've lost them.
"hot mess" is not a fair assessment. The MMU2 was terribly unreliable, but the MMU3 is OK. It's surely more complicated to set up and requires more space than the AMS, but on the other hand, I think AMS concept is just plain bad. It's incredibly slow and produces a ton of plastic waste.
Bambu Labs printers are not cheap. Even their entry level A1 printer is twice the price of an Ender3.
Sure, it is a better printer, but it is clear that they are going for scale, and most of what makes them better is in the software rather than in using premium hardware.
initially maybe but the way the printers are built makes for cheap mass production. Theres no special sauce in the hardware, it's all low cost off the shelf stuff, it's just optimised very well.
> Open source didn't compete on quality for price.
Well, Open Source did compete on one quality very well: being open, hackable and staying that way. With this being removed from Bambu lab printers it seems as if this is a very much valued aspect for many 3D printing enthusiasts, yet few people were willing to compromise for this aspect.
Apparently it is true, you don’t know how much you value something until you don’t have it anymore
I paid ~$750 for my 350mm Voron 2.4 kit (and, sure, 40 hours of my time. But look, you want to do 3D printing, 40 hours are just a small initial investment).
It really depends upon the target market. That's fine for hobbyists. But I use the Bambu X1 for small-scale prototyping in a company, and it has to be usable out of the box. We can't justify an entire week of labour for each printer we buy.
The Bambu has been ideal for that reason. Every material pretty much just works, and the quality is excellent. The cloud integration and janky LAN mode is the downside, and this current topic even moreso.
Yeah, I've got an A1 that I bought on sale. It's sitting next to a Prusa MK3S. I was doing prints for my nephews for Halloween and the A1 would do a print in 2h and PrusaSlicer estimated 9h for the MK3S. And I have, so far, not had a single failed print on the A1. They're rare on the MK3S too. But... the MK3S is "start the print and it'll be ready in the morning" and the A1 is "start the print and it'll be ready by lunch, and if you need to iterate you can have another one done by 3pm"
> But look, you want to do 3D printing, 40 hours are just a small initial investment
No. None of this crap. I want to 3D print. I don't want to service industrial machinery in my spare time. Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
Vorons are fantastic printers and a fantastic kit if 3D printing itself is your hobby. 3D printing is a fantastic hobby. There's tons of fun to be had building up and dialing in a printer kit. A well tuned voron can be up with the best of the best 3D printers. If that's what you want to do go for it!
But for heaven's sake I want to print models, parts and other practical things. I have other things to do and problems to solve. My 3D printer is a tool. If I have to spend just as much time working on the machine as I do using to actually print things then I'm not interested.
Bambu is still the best game in town for a turn-key, just works printer. Prusa can deliver the same experience at double to triple the ticket price. A voron is not a replacement for a Bambu printer no matter how good the printers actually are.
>Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
Obviously many people don’t care about that. Fair enough. But then you should be prepared to deal with their shenanigans.
Prusa also does things like maintain and develop printables.com and PrusaSlicer (itself forked) which many of these closed printers fork with minimal changes.
People don’t care about this either. So again, get ready to deal with garbage when Prusa goes under.
I think it’s sad since the whole domestic 3D printer thing started as open source.
> I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
No, it's not, and the perception that it is hurts the cause of openness.
Open Source has every ability to be better, to Just Work, to not require constant debugging. Good Open Source systems manage this. The fact that 3D printers apparently have not is the fault of those printers, not any inherent quality of openness.
> Comparing Bambu to Voron is an absurd comparison
I politely disagree. I was in the market for a more modern printer, and it boiled down to either a BL or a Voron - in the end I decided against ease of use and in favor of an open ecosystem. I agree in that they are not universally interchangeable, but for some people either can be an option, each with distinctive advantages and disadvantages.
Both modern (pre assembled) Prusa and Bambu are very good at this. They guide you through the full setup process, automate first layer reliable, have decent stock profiles.
It's all just much less tinkering then 5 years ago.
It is. I have no interest in messing around with 3D printers and was annoyed by the fact that Bambu lab lied about the 15 minute setup time. It was more like 45 minutes, but after that I never touched the printer again and started printing instead.
Also, subtractive manufacturing is much harder than additive manufacturing, because you need to position the machine around an existing piece of stock and sequence your operations manually, instead of letting a generic slicing algorithm slice from bottom to top with an offset vs the intended printing location only being a problem if you accidentally print over the edge of the build plate, which is usually not possible mechanically.
it is not that. i mostly mean that for anything functional that needs to take a load you need at least petg or asa (abs is a bit old now), which require proper storage.
also there are so much stuff that are in open prs and issues for years that are not implemented for slicers.
There are countless firearm receivers that have been printed on pla plus, many with thousands of rounds on them. Sure they may turn into a puddle in a hot vehicle, but they are functional and definitely take a load. Pla + is actually preferred in that community over the others you mentioned, although asa is becoming more popular, along with filled nylon alloys.
"Take a load" = perform mechanically and or structurally at levels of force, temperatures, etc. at levels higher than the properties of PLA allow for.
Don't get me wrong here. PLA is a great polymer, However you can't really expect parts made with it to hold up when compared to other "engineering grade" polymers.
I don't think anyone expects PLA to be used for anything that requires structural stability. There's far better filaments for that application. Some of the carbon fiber infused PETG filaments for example are incredibly strong.
Not many people use 3d printing for applications that require extreme strength though, that's really not the goal many people are aiming for.
I do this for a living and people are always looking for more parts to run through the process and better filaments to see those parts end up performant.
CF-PETG is strong! For a bit more toughness and temp resistance, PA12CF35 is seeing a lot of use. Some companies out there have service departments to keep machinery running. They apply FDM more than you might expect. Alloy 910 for gears, Cf of various kinds for abrasive scenarios, like cardboard handling, in one scenario.
Well for example layer bonding is better compared to some other materials. It's just that load over time it will creep. And of course shite under temperature.
It can be a fantastic material for some functional parts.
But even if not, I don't see how it's invalidates that there are printers out there that are more or less set and forget.
Bambu printers, or at least the one in our shop runs ASA set and forget style.
It is a great machine though it does not always make the strongest parts, and single material builds is geometry limiting. Lack of chamber heat and one nozzle makes some things easy, but does not entirely avoid the trouble with higher performing polymers.
You're saying this yet anyone can buy a random Bambu and just print.
I've owned or used probably every major (and some minor) printer released in the last 8 years and for most people Bambu really will just be "plug and play" (and even if something goes wrong they'll hold hands as much as needed)
That does not match my experience. The printer I have has had parts break with light use, and a really poorly engineered z-axis homing which results in wildly inconsistent zero heights and a very high print failure rate.
> The Apple model works because people want to print rather than tinker.
Entirely this. I bought my A1 mini over the Christmas holidays and couldn't be happier with it, it's my first 3D printer. Searching for models on Makerworld, adjusting tiny bits here and there if needed and print. It just works and I don't really care about anything else, much like my Brother printer.
Curious if anyone has tried the Core XY printers from Creality? I think they use open source software and are generally in the same ballpark as the Bambu printers price-wise. Also saw they have a similar AMS style system as well.
"Fell for it" implies that everyone buying a Bambu printer expected some degree of openness. Maybe some customers actually want an "Apple model", where the device mostly looks after itself and "just works" as much as possible.
I got into 3d printing a few years ago and noticed the same, bambu made me nervous for exactly this.
But the fanboyism and shilling in the 3d printing community is intense. If you mentioned these misgivings you'd get flamed. If you bought or enjoyed another printer people would advise you to sell it and buy Bambu. Lots of people in various threads seemed to defer to that kind of expert advice.
I think there is/was a similar fanaticism for Prusa going on, but it seems a little less at the forefront since Bambu.
As someone who recently bought a bambu printer, I have to agree: I am not surprised. Still disappointed, but in no way surprised.
The "apple experience" is why I went for a bambu device (along with the price, and some excellent recommendations from friends). I was even surpised that the "LAN Mode" actually works somewhat good.
Should have got a prusa...
no, it hasn't been their clear plan all along, and blaming the victims is not advocating for open source 3d printers. Fully open source, DIY 3d printers that are available today suck compared to Bambu. The commercial offerings built on top of Orca (I have a magneto X) suck compared to bambu.
The 3d printing community just slapped down heygears for similar BS to what bambu is pulling right now. Once Bambu hire some better software devs and sort out their issues, open access will return, I bet.
I'm not saying I wouldn't love for an fully open source printer company to have the quality and velocity of development that the bambu has (AMS-compatible TPU, delicious), I'm saying people who are making "It's clearly X... You should have known Y" aren't providing useful perspective nor are they accurate. Looking at your post history shows this.
I don’t understand why you think it was hackable or open?
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
You can print of an SD card without any special software or online services, the same as you can on Prusa printers. It's just the server/internet stuff that's locked down. Which I wish was open too, but it's still has fully unrestricted local printing functionality.
From that link if you continue reading, commenters in the thread point out that LAN mode didn't even exist when the printer came out, and that it's more flexible now than when they first came out on the market.
My other comment on this thread contains the rest of my thoughts. Overall, I think this outrage is overblown.
Yeah this looks to be the case. All of this change was prompted by the fact that malicious software was triggering prints over the network. So now they have locked it down so the printer can verify prints came from the actual account owner.
Printing directly from SD cards via the little touch screen is unchanged since networked computers can’t do that.
> So now they have locked it down so the printer can verify prints came from the actual account owner.
This is inaccurate, the printer already required authentication using an 8 digit code. What they're trying to do now is verify that the print has been started using official Bambu software, i.e. software-only DRM.
I really really hope people saying this is a nothingburger is actually right, because I do have a P1S, use orcaslicer, and would like it to continue to work. Hoping this is just a miscommunication.
Bambu Connect is explicitly about allowing you to continue to use your favorite slicer. They make it less convenient (instead of pressing print you now have to save, load the file in Bambu Connect and then press print), but they don't prevent you from doing it.
Once the update actually rolls out to the P1S obviously. Which may not even happen with the current backlash
> Bambu Connect is explicitly about allowing you to continue to use your favorite slicer.
For now. They're putting themselves in the middleman position where they get the final say over what we can print on the printers that we supposedly "own".
It's naive to think that they won't try to extract revenue from that privileged position, they wouldn't have spent R&D resources on it otherwise.
“Hackable” and “open” were never advertised or officially supported by Bambu. It is foolish to make a purchase decision based on an unsupported and unadvertised feature, and while you can be angry that seems silly.
> on the understanding it was reasonably hackable and open
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
> on the understanding it was reasonably hackable and open
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
Sorry, but if you did research on Bambu's and came away with them being open and hackable, you didn't do enough research.
I dove into 3D printing a year ago. I settled on the P1S because its reputation for "just working" and good for beginners. I wasn't interested in attaching a Pi to it, run Klipper on it, I wasn't interested in steep learning curves and choosing from a myriad of slicers. I wasn't interested in "calibrating more than printing" with the Enders that one friend warned me about. I needed it for one simple, but big project and it worked great.
Since then I expanded to getting the enclosure, AMS, and messing around with Orca. The Bambu is very accomodating to learn and grow more and I don't regret the decision at all.
They were selling at or sometimes below the price point of printers that you build yourself.
They're good products, and they are clearly selling at a low enough price point to push for market capture.
The pricing, special features tied into their own AMS + filaments, special features tied into their own slicer. These all indicate that they were building towards this sort of behaviour.
> on the understanding it was reasonably hackable and open
While this lock down doesn't seem right it is far from unexpected, I question the amount of research done prior to your Black Friday purchase (BF and well-thought-out-decisions often do not go hang-in-hand!)…
I bought one (an A1 with the multi-material add-on) some months before that in full knowledge that the company would prefer to funnel people into a walled garden because if you look anywhere you'll find proponents of other makes warning that exactly this is possible & likely, with the "must take many steps to print without talking to their servers" being the key evidence in those warnings.
Good reasons to buy a BBL machine (at least my reasoning when I did):
* They work out of the box more so than many of the competition (many will say "X is better or better value, if you spend Y amount of time tuning" which while often correct, I wasn't looking to spend that time tuning), certainly more so than others at similar prices.
* QoL features (good auto leveling, dynamic flow control) that weren't exactly ubiquitous on similarly priced or cheaper machines.
* Certainly in the case of the newest A1/A1-Mini line: a working MMU option cheaper than you find in other ranges (some manufacturers have started addressing this and the out-of-box experience, in their product lines, 2025 could be an interesting year), and very easy nozzle changes (useful if you want to both do detailed minis (without going resin) and mostly larger items).
* For me, the handling of the A1 issues early last year (quickly acknowledging a potential safety issue and publishing mitigation guidelines, full recall or fix-at-home options when it became clear the issue was more significant) was a point in their favour wrt after-sales giving-a-shit. Obviously not a point against others as we don't know how they'd react until it happens, of course. There are regular complaints of slow support response more generally, but there are for other printer manufacturers too and, well, pretty much all consumer facing industry these days.
* The official documentation & videos, maintenance & troubleshooting guides etc, seemed to me to be more coherent than some other offerings (though searching for "<my problem> reddit" is still a thing!).
Absolutely terrible reasons to buy into BBL, long before this storm:
* Openness (software). From the get go their offering has the trappings of a more controlled garden than the 3D printing community were used to.
* Openness (hardware). While there are some compatible 3rd party after-market parts, there isn't the able-to-build-your-own feel you see elsewhere with people using different extruder nozzles, cooling options, and so on.
--------
This isn't a great analogy, but: BBL is an Apple (though not quite on price) to the rest of the 3D printing industry's Linux and it only takes a small amount of information to see that before buying.
If I upgrade (or have to replace, or just decide to get a second) then maybe I'll go elsewhere. I'm more confident I could get other others working well, manufacturers are addressing the points that have allowed BBL to take so much of the market & mindshare in a short time, but the key thing against BBL (not being open like much of the rest of 3D printing) is something I was well aware of when buying (it did make me think twice) so I can't be too mad about it.
Now if they try stop people using 3rd party filament, like the traditional printing industry with ink & toner, which is far from impossible, then I'll feel they've conned me.
An extra point that it is too late to edit in, on openness wrt software: unlike some companies we could all mention, they are playing right with the slicer software. It is heavily based on earlier AGPL3 licensed software and their work is correctly licensed also: https://github.com/bambulab/BambuStudio/blob/master/LICENSE
There might be some question as to whether anything like the connectivity layer that sits between BS and the printer that currently isn't open, should also be AGPL. I'll leave discussion of how AGPL and losly linked components do/n't work together to people with more experience in the area…
Bambu has never advertised their printers as hackable or open. Indeed, they advertise the exact opposite: that you won't need to do anything to it to get it to work.
That people can hack the Bambu printers is a bonus.
I was very against Bambu in the beginning for their lack of proper network (not cloud!) support. Then they added LAN mode and I actually considered getting one. Luckily I was lazy and never got around to it. What the fuck Bambu?? Security, really? Not even HP dares to make that excuse...
Bambu Lab have been quite explicit about this. Their consumer-grade printers rely on a cloud service; for people who want or need printing over a private LAN, they offer the X1E.
That hasn't been true for years, the regular X1C has an officially supported lan mode and works fine without any of the cloud stuff. (I believe the smaller ones do too, but I haven't used them so I can't speak to them).
All HP printers still give you the option of paying full price for ink cartridges and owning the printer. The rental model is one they try very hard to steer you into, with lots of dark patterns, but you can still use HP printers with no account and no subscription ink model.
I mean, I technically see why authentication may be something they want to consider, especially for the less technically inclined users that Bambu is very obviously targeting.
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
I wish Prusa weren't asleep at the wheel, then we would have bought a core one (that is, the hypothetical variant with large build volume and same quality as bambulab).
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
Not really asleep at the wheel. More like they invented the wheel, produced the open source slicer (a fork of the original slicer but vastly improved), which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
I ThouYS may have a point. It seems to me that Prusa were tempted to go after the prosumer/pro market and invested a lot of time and engineering horsepower into higher spec machines (Prusa XL, HT90) and resin printers (SL1S).
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
Thing is even with the core one finally releasing...its not a compelling product.
It costs more than the P1S - which lets fact it, thats what it should be compared to, not the X1C as the Core one doesn't have the stronger nozzle, nor any features that would make it a 'pro' level product.
They also still dont have an answer to the AMS, which is a big selling point for the Bambu's. The MMU3 may be better than the previous one but its just like putting lipstick on a pig - it's a mess, with tubes all over the place, spools dotted around, and then you've got to constantly babysit it and tune it.
Side by side the P1S with an AMS is still significantly cheaper and from a marketing perspective a much more visually pleasing offering.
Also worth mentioning that whilst the core one is about to come out, the MMU isnt actually even supported yet, and theres no timeline for when it will be.
Prusa are so far behind at this point and really shouldn't be. Chances are the core one is going to come out and just like the XL and MK4 will be extremely buggy for a good 6 months. How people still accept this is bonkers.
Not at all, you're paying for a bunch of other differences on the X1, none of which the core one has, hence why its more comparable to the p1s but priced as if its comparable to the x1c. The spec sheets don't lie, it's a p1s competitor.
All we've really got to go by is Twitter and Reddit, and I rarely see a photo of a Bambu printer without an AMS on top of it or to the side. With it being cheaper to buy an A1 Mini, A1, or P1 WITH an AMS than a base model Prusa MK4 it's not surprising they've been so popular.
It's what makes me completely baffled how much Prusa have fumbled the Core One release. It should've had an enclosed AMS style product to go along side it. The MMU is utter junk in comparison to the AMS, god knows why they are still burrying their head in the sand over this.
> which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
I sold a mk3s because I could never get it to work to my satisfaction. I tried for weeks, trying everything I could find on the internet, using filament supplied by Prusa.
Eventually the print head crashed into a failed print overnight, fusing nearly the entire head inside a ball of PLA filament that formed after the printer happily carried on shoving out molten plastic.
I didn't have another 3d printer to print the replacement parts. I was so frustrated with it at that point I just got rid of it.
Until I can treat a 3d printer like a Brother laser printer (forget about it for 9 months at a time and then have it work perfectly when I need it with zero maintenance), I don't think I'll invest in another one.
I got my first 3d printer, an MK3S+ a year ago. Pretty late in its lifecycle, but I wanted to spend more time printing than fixing issues.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
Wow, so the actual content is also sent to the cloud? Not just authentication/metadata? Massive overreach. Imagine a inkjet/laser printer company sending every page you printed to their servers? (actually I wouldn't be surprised if HP does this already)
Honestly, the response is not that great. Right off the bat they're just going on the defensive, enumerating "false claims" that printer will require subscription etc. But the concern wasn't that Bambu _will_ do that, but that they _could_ do that, and generally that inserting Bambu's infrastructure as a mandatory step in the printing pipeline is _not great_.
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
it does not make sense: spaghetti can be detected without logging it, just process and evaluate frames, and if necessary accumulate multiple evaluations (not images) to achieve better signal to noise ratio.
I've been following along with a lot of this, because having picked up one of their printers about a month ago, I was immediately very nonplussed with the security. It took some work to get it running isolated on an IoT VLAN, yet still usable from my main machine.
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
My understanding is that if I want to print via LAN, I have to auth against Bambu's internet servers, which is most definitely something I don't want.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
Can you link to some specific detail on that, because I keep seeing that claim, but without any technical info.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
The following printer operations will require authorization controls:
Binding and unbinding the printer.
Initiating remote video access.
Performing firmware upgrades.
Initiating a print job (via LAN or cloud mode).
Controlling motion system, temperature, fans, AMS settings, calibrations, etc."
Now, PERHAPS, I can do that authentication locally... but given the plugin required for OrcaSlicer it doesn't seem likely
Yep -- I read that, but that doesn't spell out auth back to BBL's servers, just auth.
And keep in mind that OrcaSlicer already used Bambu Network Plugin to communicate with their printers. (It prompted you to download this on install of OrcaSlicer if you picked one of their printers.)
The move to Connect means that OrcaSlicer needs to send the print data to Connect via a protocol handler instead of to the plugin. Connect will then send it on to the printer itself, and from what I've seen it'll do that over LAN. (But I can't test because my printer doesn't support this yet.) I see this as akin to a print driver vs. printer-specific support built into an app. Not a bad thing at all, if done right.
The plugin already did (very minimal) auth via the Access Code and can do it with the printer and Bambu Network Plugin completely isolated from the internet. (I've done this.) So I'd like to know specifics of what's changing here.
Perhaps some... other or better way of authenticating to the printer? Previously there was just a single, essentially fixed, numeric string that gave complete access to the printer, and communication was via TLS with a self-signed cert.
I don't want to hypothesize about what it could be doing, I want to see what it's actually doing (or see some actual info from folks about what they've seen) so I can decide if I'm comfortable with that or not.
The bambu cloud service has a very low value-add and they are trying to make it mandatory. the speculation is that they are trying to add a subscription model for print farms, which 3rd party slicers enable.
I don't have a definitive source readily available, but from talking to people who were investigating the technical aspects, connection between the printer and slicer software will be mutually authenticated using a certificate that will issued by Bambu Cloud, issued only to blessed 1st party software, and verified by the printer upon connection over the local network.
So your blessed Bambu Studio instance connects to Bambu Cloud and requests a certificate, the server issues the certificate to you (or not), and then Bambu Studio may use it to connect to the printer on your LAN.
The certificates have an expiration time of 1 year, meaning that the printer functionality would severely degraded (missing network connectivity), at most 1 year after they take the servers offline or stop issuing certificates for any reason.
1) That cert is on the /client/ side, not in the printer. It has nothing to do with printer functionality, only with talking to the printer.
2) Expired certs do not mean things automatically get rejected. Using and allowing expired or self-signed certs is routine in the IoT world where certs on devices can't readily be updated. But again, that cert isn't from the printer.
3) Expired certs, just like the self-signed certs that are so commonly used, still result in things being encrypted on the wire. And often that's the point.
It seems to me that someone found/exported the cert, and is trying to make all sorts of WHAT-IF or THIS-COULD-MEAN-THE-WORST claims but are lacking some significant understanding. Without understanding the architecture and the rest of the code, and perhaps seeing that cert be used, this is just an artifact found in the distributed beta application.
I mean that the extracted cert that's going around is from the client (Bambu Connect) side. Everything it would get used for is a function of the client and how it talks /to/ the printer.
Even if it is used to sign some communications, it doesn't matter if it's expired or not on the server side (the printer side), unless the server chooses not to accept it. And then updating it would be a matter of updating Connect; the client.
There's no reason -- other than hyperbole -- to infer that a certificate which expires on the client side will cause the printer to stop doing anything.
For a web-y example, think of how a website which needs a client cert for auth -- like lots of gov't stuff -- would handle a client cert expiring. It'd either accept it anyway, or reject it. But it wouldn't mean the website breaks. And thus claims of that client certificate's expiration being a killswitch for printers is simply wrong.
It's vendor lock-in (or DRM), not security. Security would be a protocol based on a user specific secret that doesn't inherently require locking down anything to Bambu Lab only software (think username/password). Vendor lock-in is about locking the user into using Bambu Lab software, which is what we see here.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
I'm kinda curious what will this lockdown do to the efforts to replace their controller and/or firmware with something more open. Something like [1]
It's nice to have a private key to their cloud authentication, but ultimately it's the printers firmware that's the issue. While Bambu owns and updates that, they can change the keys basically anytime they decide that they had enough of the alternative Bambu Connect servers that people will inevitably create with the current keys.
Bambu should be working on scaling their consumables and customer service, it takes weeks to resolve any tickets, 8 days to a first response has been normal for them.
It’s kind of a joke they think they’re ready to roll out a print farm subscription when they can’t even keep basic filament in stock, or like you said even provide basic support. They’ve grown far too quickly.
There's so much open source software, firmware, and hardware out there for FDM 3D printers, I doubt they'll ever get as bad as regular printers. It's much more a tinkerers world than 2D printing ever would be.
No direct experience, but I recently read[1] Brother HL-L3220CW counts printed pages, and refuses to print after a set number of pages, even if there's still toner in the cartridge. Some models have a way to reset the page count but this one apparently does not.
Does the printer also refuse to print when using toners not part of the EcoPro subscription, though? Or is this just another case of people expecting their subscription toners/cartridges to last beyond their payment? I can't blame them, the marketing is sneaky about it, I just see it often on threads about HP.
The post did mention the other toners that came with the printer also locked, but I think I remember reading elsewhere that those printers are cheaper precisely because they come with EcoPro-only toners in the box.
I've only made good experiences with laser printers, from very small ones to full-sized copy machines. Some of the more expensive inkjet printers are reportedly also quite good. You are still stuck with the usual horror show that is software from hardware companies, but otherwise it's not so bad. And the occasional paper jam, but 3d printers are no better in terms of reliability
The bad reputation is just from HP's tactic to sell printers cheaper than everyone else, in more stores than anyone else, then make the money back with the scummiest tactics imaginable.
With 3D printing out for a while now, there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens. I'm really shocked the overpriced ink monopolies weren't attacked in this manner, as a young child I distinctly remember a kiosk in a grocery store which 'printed' messages and images on blank cards using colored pencils, for customer order. None of this is remotely new.
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner,
Inkjet and laser printers easily print whole page 300 DPI raster images in seconds. Plotters need vectorial data and their printing speed depends on how complicated what you are printing. These things simply don’t serve the same use case. You can do nice art and heart warming cards with a plotter, but you can’t hit print on your boarding card / dhl label / word document and expect your plotter to give you what you see on your screen.
> None of this is remotely new.
I agree that none of this is remotely new. Plenty of people tinker with plotters for fun and profit. There are even pre-packaged consumer centric solutions where you pay the price of convenience with lack of freedoms. (See the similar debacle around the Cricut plotters.)
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner
Because those of us who understand mostly don't care. Those who know bought a Brother laser printer and got on with life.
When those who understand need genuine inkjet prints, we go to a store that owns a printer that is several orders of magnitude better than we will ever need and pay them a pittance to get it printed.
That having been said, I really do wish we had an open source laser printer because, at some point, Brother is going to pull this same bullshit.
Man, I love my Brother - it is 10-years old this spring, driver updates keep coming for new operating systems in both 32/x64 - and never has a hassle with third-party toner cartridges. While it is intended for a small office (and therefore fairly large and heavy), it has been easily hands-down the best hardware purchase decision I have ever made. (And - it there was a $300 off sale discount when I got it - so $500+tax)
Admittedly, the printing system for 2D Printers is a nightmare. Windows Secured Core PCs, for example, disable all 3rd party printing drivers and only support open driverless standards for printing like Mopria. According to people who have looked at it, let’s just say CUPS in macOS and Linux is not very likely to be a paragon of security, having an RCE scare 3 months ago.
If the printing stacks within operating systems are trash, who knows what horrors your network-connected printer firmware has. (Locking down 3rd party ink cartridges in the name of security - what’s an ink cartridge going to do? Buffer overflow the data it sends to the printer? Oh wait, maybe the printer is that dumb and we’re overthinking this, and it’s more inexcusable than first glance suggests.)
I can't imagine the printers being open source or not mattering for that, nor can I see any reasonable government banning printing of specific things. If something is illegal to own or manufacture, that already applies to 3D printers just as much as it did to CNC machines or any other method.
Not quite the same, and hopefully likely to fail if it hasn't already, but it shows that interest exists in regulating 3D printers. When enough interest exists, things will happen.
Because violent criminals tend to lack wealth, knowledge, and skills. Nobody in the hood about to knock off a 7-11 has a tormach at home and the gcode for a reciever queued up.
"Pretty much everything" does include "can't print some things" which is pretty much: they control what you can and can't print. So technically you are right and they are right too, but this conversation path led us back in a circle instead of moving the debate forward.
With the 3D printer you can currently print everything on the 2-D printer you can print everything minus one. (actually there’s probably a whole bunch of currency you can’t print which is maybe hundreds of things ) those are completely different systems of control.
No, you can’t. Printer manufacturers are required to prevent printing certain kinds of images on sophisticated printers. And they also print watermarks unique to your printer on every page.
I’m not familiar with the 3D printing space, but seems like this reverse engineering was inspired by the companies move to clamp down on security of these devices. [1]
From what I understand, this new auth system would make third party integrations (ie, “OrcaSlicer”) obsolete and users would be limited to controlling the device via Bambu Connect. This update impacts users who control the device via HomeAssistant and “print farm management” users. I guess first party support for users with fleets of these printers is dogshit, thus the need for third party software.
Seems after 3 days of community feedback/outrage, the company is backtracking on the Bambu Connect only route. Instead offering a “Developer Mode” option in firmware which on the surface seems to be what the impacted users need. [2]
> In response, we’ve made the decision to implement an optional LAN mode feature, to provide advanced users with more control and flexibility.
> Standard Mode (Default): By default, LAN mode will include an authorization process that ensures robust security
> Developer Mode (Optional): For advanced users of the X1, P1, A1, and A1 Mini who prefer full control over their network security, an option will be available to leave the MQTT channel, live stream, and FTP open. This feature must be manually enabled on the printer, and users who select this option will assume full responsibility for securing their local network environment. Please note that Bambu Lab will not be able to provide customer support for this mode, as the communication protocols are not officially supported.
Seems this resolves the community concerns. Or am I missing something?
That's a useful step, but the options are still Full Cloud Dependency or DIY with Zero Security.
Why haven't they implemented rudimentary access control with printer-side Basic Auth (or the equivalents auth for MQTT and FTP). Add optional SSL support to prevent tampering/MITM on a potentially hostile network, and the unauthenticated access concerns listed in [1] should disappear.
Any problems related to potentially damaging instructions should be best-effort mitigated by the firmware and otherwise indemnified by a "your own fault for using a third-party slicer" clause in the EULA.
Bambu Labs shouldn't need to be in the authentication/authorization path, unless we're actively using their cloud environment.
As a precaution, I've blocked my A1 mini from Internet access on the router, and will not apply any firmware updates anymore. I will also not update Bambu Studio anymore (or completely switch to Orcaslicer). I was already using LAN mode exclusively.
Kind of annoying, but I'm not desperately waiting for Firmware updates, everything works fine so far.
Maybe I'm the exception here, but I slice my files and then load them to an SD card and walk them over to my printer. It's not high tech, but since you can't clear the build plate without physically being there, I don't see much of a change. If I really wanted to monitor the build I suppose I could just point a webcam at it rather than use the existing one. But since it prints flawlessly most of the time it seems unnecessary.
I got an A1 mini about a month ago and so far it’s been decent as a beginners printer. I transfer models to the printer via the microSD card and refused to install their networking software on my machine because I don’t trust it’s safe enough. Im also very reluctant to get updates whenever they’re pushed. Maybe im spooked by past bricked devices so I keep all my devices dumb and offline as much as I can.
I have Bambu, Qidi and Creality printers.
Qidi is a good compromise between open and 'print-quality-out-of-the-box'. My Q1 pro is easy to hack, but I have not done anything to it because it prints pretty much as well as Bambu.
They disrupted the 3d printer market with printers that just work out-of-the-box at at price points where you typically only get enthusiast products that require a lot of tinkering.
A lot of their business model is seemingly based on making long-term sales from consumables. Their solution for multi-color printing is more convenient to use with filament sold by them because they embed information about the filament on proprietary RFID tags.
A couple days ago they announced locking down the API for their most expensive line of printers, locking most API calls to only their own software because of "security". Users are obviously upset.
Rumours for the reasons range from protecting themselves from user mods that replicate the RFID functionality on any filament by configuring the printer via API calls, to Bambu Labs wanting to launch some kind of subscription service for print farms.
Bambu Lab filament pricing is very similar to Sunlu pricing if you purchase the same minimum quantities as Sunlu, but Bambu Lab has a wider variety of filament that people actually want. The only thing that really helps them make more money is wasteful multi-color printing.
Reportedly it's Sunlu who's supplying filament for Bambu. But Bambu's version still has RFID tags which make it much easier to work with multicolor.
> The only thing that really helps them make more money is wasteful multi-color printing.
They're slow to make improvements in this area, but they recently introduced some options to reduce the waste, like longer retraction before the color change. Plus as a user you can reduce the waste further by tuning flushing amounts, and you're left with the waste inherent to single-extruder multicolor printing.
Overall yes multicolor can be wasteful, but to me it's impressive that it exists in the first place
I've been on the fence about purchasing a Bambu. But given the amount of time I've spent over the past few years having to tweak my ender 3 V2 and CR-10- I was leaning towards finally splurging on a X1C.
Question to those more familiar with the bambu software ecosystem - do these recent changes to authentication require a constant online connection to print anything from a machine on the LAN? I'm assuming printing via microSD will still be possible?
I’m not familiar with Bambu, I’m a Prusa user, but if I had to guess you would always be able to print via microSD. It would be wildly unpopular to disable local printing.
Currently, LAN mode and local SD card printing does not require an internet connection. I have my printer in a bottom of the yard bungalow, without internet, and it works fine.
I'm interested what others think of their existing design and whether there are any fundamental security issues that will be resolved by their proposed change.
They are proposing requiring a secret signed certificate to carry out any actions beyond monitoring for both the cloud and local (on printer) MQTT servers. These certificates would be issued at the discretion of Bambu by their CSR, currently only for "Bambu Studio" their slicer, Bambu Handy (their mobile app) and "Bambu Connect" which will enable upload G-Code generated by third party slicer (a workaround for existing functionality being removed). This "secret" certificate has already been extracted from the Bambu Connect application as per the article as their new security model requires embedded this certificate into desktop applications.
Connecting to their cloud MQTT requires a username and token already. These details are obtained via a HTTPS request to their login server using your bambu account (which requires a valid email & possibly captcha) to obtain a token. The cloud MQTT is TLS secured, although this is just to encrypt the traffic (aka HTTPS), it is not mutual authentication.
Connecting to the MQTT server hosted on the printer (aka LAN mode) requires a fixed username and a local access token (a random 8 digit number). This can be found via the physical display of the printer in a menu (or apparently cloud MQTT!?). This access token can be refreshed via a menu option again physically at the printer. To be clear, this token only allows to you connect directly to the local MQTT server running on the IP address of the printer, so in most environments this should only be the local network. This is also the password for the FTP server that can be used to upload/download sliced 3mf/gcode files.
Personally - this design seems ok to me? With an MQTT service properly configured to isolate user accounts from each other, this is a pattern widely deployed for embedded devices (Azure IoT, AWS IoT etc).
I don't see how the "DDOS" related issues they are claiming would be related to this specific design. If the issue is in the login server - well, that's prior to authentication anyway so nothing they are doing here will fix that.
If it's problems with your cloud MQTT service not being properly isolated - maybe fix that? If the DDOS is at L2, auth isn't going to help.
You require logins tied to an email, you can block clients that misbehave once they are logged in.
Nobody is brute forcing the local MQTT server via XSS or something, because JS doesn't allow for raw TCP connections. Are they concerned about malicious software already on the network? Then rate limiting on the printer side or switch to a random length alphanum LAN token to increase keyspace.
I'm curious what more qualified people think, I cannot see any justications for their proposed design improving security. So either;
a) They've decided they are incapable of properly securing their MQTT cloud stuff and instead of fixing that just want to assume every client connected to their cloud MQTT servers is fully trusted. I'm sure that'll work great. Doesn't justify adding this to the local MQTT servers on the printers - if anything that reduces security, as to roll certificates you now have a long tail of printer firmware updates.
They used a plugin to communicate print jobs (and other integrations), so that third party software could be used pretty seamlessly. Now they're moving to a new authentication model, and will be requiring users to send files to a separate print app. (Bambu Connect) It adds friction to the process, especially for those who were looking to run print jobs at scale, using "print farm" software or building their own solutions.
I've tried the URL handler (the software is in beta). It only sends the print job (sliced file), it doesn't start it. You still have to assign it to the printer, etc, and press the start button.
Its pretty much this, nothing seems to be blocking any third party slicer like Orca from working with bambu printers as they are now.. just the print button would now send the file to Bambu Connect, where you would most likely only press an extra button..
Getting info from the printer or AMS? MQTT still works. They specifically said they are not touching that.
Sadly the usual groups of people are screaming, and the open printer people are laughing. But at worst.. this is just friction.
Anyone pointing this out seems to get downvoted. But its all there in the bambu press statement and subsequent pages. Those that are upset seemed to have not read those, and instead just read or watched something inflammatory.
> just the print button would now send the file to Bambu Connect, where you would most likely only press an extra button..
Today it's just one extra button press. In 5-10 years when they shut down the servers for Bambu Connect nobody would be able to print anything at all. It's only because people were vocal in their complaints that their unsupported dev mode was made an option that would let people continue to use what they paid for
Did you happen to see this? Interesting development, they are basically going to keep the current wide-open-barely-auth'd state and call it a developer mode. And submitted a PR to make Orca Slicer work with the new auth: https://blog.bambulab.com/updates-and-third-party-integratio...
And yeah, I'm realizing that about the downvotes. It's sad the state of things, but SKY-IS-FALLING-GET-PITCHFORKS wins the day over technical analysis, even on purportedly technical forums. But alas, that's an aside.
I'm really looking forward to this rolling out, as I want to monitor my printer with Home Assistant but I /really/ don't like how much control the current (non-beta, non-future) state gives HA. I /want/ auth of some sort when submitting jobs, and it looks like I'll have that.
(I also really want the slicer decoupled from the print management stuff, because I tend to keep a few slicers open and experiment.)
My understanding is that the "addition" of the developer mode (basically the current status quo) is the result of the feedback/pitchforking. I don't believe that was originally planned.
If you buy a Prusa in non-kit form, it's not any harder to unbox or operate, and more reliable, while generally achieving somewhat better results. Without phoning home and while maintaining the software Bambu forked theirs from.
A recent review coming to a similar conclusion was Maker Muse' review of bedslingers.
It's a channel I respect a lot, because he has over the years relentlessly disclosed emails of companies trying to bribe or lean on him, or threaten him, and refused to play along.
Most other 3D printing content is essentially paid advertising -- including, I suspect, the carefully constructed brand narrative of Bambu as the first "fire and forget" printers, as if they somehow elevated the art form, when really the user experience is not substantially different.
You do not need to tinker or problem-solve with other modern well-reviewing printers, nor do they fail more prints. My MK4 hasn't failed a single print in a year (i.e. since I bought it), and I haven't had to do any sort of maintenance.
> while generally achieving somewhat better results
I agree with this.
I'd also like to add that my Prusa Mk3s+ is significantly slower than my P1S. Also, without the MMU it still cost more than my P1S with AMS. Choosing a Prusa is making a philosophical choice, because it's certainly not about convenience, speed, versatility (considering you need to buy a separate enclosure and pricey MMU), bed size, or price. It's a choice you make because you're okay with spending a lot more to support an open platform where you can flash your own firmware without voiding your warranty, not because you want a better experience.
The mk4 and mk3 are vastly different machines. If you want to compare the P1S, do it against a contemporary machine. Of course a machine released several years after the mk3 is faster.
If I were starting today I'd definitely choose the Core One over the P1S (thanks to this rug pull). It's vastly more expensive, and the MMU isn't worth it from what I've heard, and the build volume is significantly smaller, but I don't think I'd go with Bambu after this week.
I wouldn't buy any new Prusa printer until it's been in the wild at least a year, they tend to be very buggy at launch.
They also have no multimaterial support at launch, the MMU3 will not work with the Core One until they release an update, which they've not yet given a timeline for.
Conveniently left out that the Prusa definitely cannot do a lot of things that the popular Bambu models can do quite well, like filaments beyond PETG and PLA, multimaterial printing, etc.
The MMU isn't remotely comparable to the AMS though, it's finnicky, regularly breaks and needs a heck of a lot of tinkering for most people to get right. One slightly different filament and you have to start over.
Not to mention its just a messy product. Heck the new Core One doesn't even have support for it at launch which is pretty unforgivable.
Maybe bamboo printers were too cheap which lead them towards their subscription based model.
Everyone complains about enshittification (YouTube ads, subscription models etc..), but then refuse to pay the real price premium goods and services cost. You get what you pay for.
There is no security threat, it's an excuse. I own a printer and operate it in LAN mode. It requires authentication with 8 digit code.
If you think they care about security, let me remind you that this company used to connect to their cloud in plaintext. The only security they really care about is that of their revenue.
If they actually cared about security, they would let us disconnect these printers from the cloud completely and allow us to manage our own mTLS certificates.
I don't know the details or if it's true, but someone who was in the firmware beta claimed there was //commented-out code about different subscription tears. Maybe just a test, maybe for print farms .. maybe it was all a lie.
But yeah, the enshitification economy has made people justifiably paranoid that if a product starts exhibiting new capabilities or features that would seem to support or enable a move towards subscriptions, it’s a good bet that that is in fact the trajectory of the platform.
But afaik Bambu has neither confirmed nor denied that this is in the works.
I am an idiot, and my Prusa MK3S+ (bought assembled, not as a kit) has been me-proof for years, and delivered fantastic print quality all along. My wife is not a techie and she gets good use out of it too. Their newer printers seem to be even better.
Out of ignorance and curiosity about 3d printing I bought a Prusa Mini a few years ago. My 10 year old (at the time) son took to using it immediately and figured out how to use it almost entirely on his own. It has been a great experience. I was thinking of upgrading to something larger and this drama has made the decision an easy one for me.
Based on recommendations here a couple years ago I built a Prusa Mk3 from a kit (right before the mk4 came out). Building it took a while but I think was a worthwhile investment of my time and I think of it as a system I can understand rather than as a black box.
I had a little bit of trouble with it maybe six months ago (repeatedly tripped offline during prints from a thermal issue) but Prusa's online support talked me through recalibrating it and it's been trouble-free since then.
One thing to be said for Prusa is that their support is actually knowledgeable and experienced. You're not going to get a tier 1 support person who has never touched a printer and is just reading from a script.
I bought an A1 after years of fiddling with an Ender. It made 3D printing fun again.
The whole situation reminds me of drones. DJI is (maybe) questionable but their products are without competition when you look at price and quality. Bambu products are also fantastic.
On second thought TP-Link fits too. My TP-Link mesh network just works perfectly. So do their smart plugs.
I did the same- replaced an Ender with an A1. Unfortunately, I’ve had it 10 days and have yet to be able to print anything. Won’t calibrate and cannot update firmware. Seems like a commonly reported issue but tech support is still bumbling around with no useful suggestions. I foresee it going back.
Not yet, but other brands are stepping up their quality. I just bought a Creality K2 Plus, and it's almost on par with my X1C (and has some features I prefer, like the CFS, their version of the AMS)
I bought a Bambu Lab printer recently, and made the decision that if I did connect it to LAN, I'd make damn sure that it did not have an Internet connection, even though there is a LAN mode toggle in the firmware it shipped with. Although I am definitely paranoid about Internet-of-Shit bait'n'switch techniques, at the time I was mostly thinking in terms of geopolitical bullshit rather than capitalistic shenanigans. No particular reason to distrust Bambu Lab themselves at the time, at least more than any other company.
Obviously, hingsight is 20:20, but it's just a reminder: your cynicism is warranted. Don't trust anyone any more than you absolutely have to.
This is all nonsense. I just got a a1, and its my first 3d printer. I dont have any expertise. Ive been able to use the Bambu App and Maker world and basically control+P. Ive print about 10 things so far in the first week. I dont see why people are mad. They made the apple of printers. It just works(tm). I dont need anything else. People just get so upset over nothing.
I tend to agree. I've built a Prusa previously and my P1S is just so much more reliable, it's the first printer I've been able to recommend to friends and colleagues who I wouldn't expect to enjoy tinkering with a printer but would enjoy printing.
I have simply not had a failed print, it's incredible. I have so much confidence in the unit that I now keep two rolls of the same colour loaded and if I find a cool model while out and about, I just print it with full trust it'll be waiting for me by the time I get home. Amazing progress.
I personally think the outrage I've seen on this issue is generally not justified.
In general people are just scared of change and on top of that are playing telephone on the details of the change, assuming the worst intentions from Bambu like they're trying to be the next HP.
A voice in Bambu's defense on this issue would say:
1. The new firmware isn't out, it's still in beta, and the new connect software is also in beta. This stuff isn't done and nobody has been forced to use it or even had it presented as an OTA update yet. The problems highlighted in this wiki page are very possibly problems that Bambu is aware of and intends to fix before release.
2. Bambu in their blog article stated that they are working on integration code so that third party slicers like Orca Slicer can more directly interface with Bambu Connect (see the FAQ section)
3. There are multiple statements on this blog page where Bambu acknowledges the workflow disruption and emphasizes the things they intend to do and do not intend to do, such as "It’s important to note that this update is not intended to restrict third-party software use. In fact, we’ve actively collaborated with third-party print farm management software providers in the past and continue to support such partnerships. To further improve the user experience, we are introducing a new software solution that will address these limitations and enhance overall print farm management capabilities."
4. People who don't run huge print farms don't seem to be impacted by this. Remember that Bambu claims to be a consumer tech company, right there in the "About Us" section. They are trying to make printers that are easy to use and require minimal tinkering. For a normal person, sending a slice file from Orca Slicer to a separate app (adding literally one step) is not a big deal, you're doing that once per print in a world where typical prints take hours to complete. And with that in mind, Bambu is still saying they intend to provide an integration solution to Orca Slicer in the future to streamline that process.
Whether not the software design is a good architecture is an entirely different issue, and as a beta product I'm not sure we can judge that quite yet. Perhaps they should have hardened their network API more rather than introducing a new app? Perhaps they shouldn't have announced this so publicly before they had a solution for third-party integrations ready?
They broke the security of a beta product. That’s why it’s beta and not a released product.
LAN mode didn’t exist when this product was first sold, and it was never implemented through the SD card. It was meant to be used through Bambu Studio over your local network.
Someone who bought a Bambu Lab printer early on actually has more ability to use it without a cloud service now than they did when the product was new. Just about everyone who owns a Bambu Lab printer already signed up for a cloud-connected printer.
Their "update" is a bunch of hand wavy corporate PR bullshit.
Their idea of "working with" the people impacted by this change is just give them a couple of days notice that they are about to be fucked over.
Also the whole "it's just a beta" is such a stupid point I don't even want to respond to it. Truly idiotic.
They are positioning themselves to build a proper walled garden.
That entire blog post could be sumed up as "We know we are doing a shit thing but We. Don't. Care. So it would be great if y'all could just shut up about it until it's more ready."
What do you mean "a couple days notice?" A couple days notice for optional beta firmware availability for only one model with other models having completely undefined release dates. This supposed "short notice" is factually inaccurate.
You can read the blog post that way if you want and insinuate the most negative possible interpretation, but I'm just going through why I choose not to do that.
For one thing, I'm failing to see how this supposed "walled garden" is going to magically materialize and benefit them financially. The best answer I get from all the alarmed people surrounding this subject is that they'll want to charge monthly fees for premium features in the software, especially to print farm owners.
But they don't operate in a competitive vacuum and that would instantly shift users to their competition. Print farm users pay off their equipment very quickly. I've seen cost breakdowns done by actual print farm operators online and the initial and ongoing machine cost is essentially the smallest part of the cost of doing business. Print farmers would pretty much switch away to other brands instantly if Bambu started charging fees for print farm scale.
If they charge even a Netflix-like fee of someting like $20/month, that essentially pays for a $1000 Prusa printer minus the cost of a Bambu printer in only 3 years. They have no room to charge monthly fees against comptetition.
I think people are making a big nothing burger out of this.
Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Could this lead to completely locking it down in the future? Yes. But they could do that anyways.
I think this is a way to stop getting their pants sued off.
If they really wanted to lock it down they could just make it so everything has to go through their servers and require files to be signed before being read from SD cards.
"Security" on behalf of the user is a complete red herring. You can't print to my 2d printer or my 3d printer, but I can, with "any old device or application". Because they're on my network, not public on the internet.
I disagree. These devices can easily burn down people's homes if given bad G-code. Then they would be sued into the dirt for a security whole a mile wide. Looking at the changes this is about liability.
How is an electron app that just adds another step solving the problem? They should have just secured their api properly instead of using security as an excuse to cut out third party software that will get around an inevitable subscription.
Because authenticated commands removes the liability issue. Hacking the device vs we knowingly let anything send g-code.
This is basically the equivalent to having passwords on a MySQL database or redis server.
Why on earth would they add a subscription? That makes absolutely no sense business wise. No one would buy their printers, and they don't have a captured market to strong arm anyone.
Why would they add a subscription? Uhm print farms already have subscription based software. Bambu would just be an easier entry. They already have screenshots of it on their wiki.
You mean like when Bambu issues a firmware update remotely and many printers which were sitting idle just start printing without being commanded by the user? [1]
I personally do not want my printer connected to any vendor's server in any way...IMHO, there is no reason for it.
This isn't a security fix. As a security protocol, it wouldn't pass any kind of security audit. A security fix would be something based on a per user credential, not on obscurity.
> Personally I don't want any device or application to send any old G-code to my printer.
Username/password over TLS would do that better than what Bambu Lab is proposing, as an extremely simplistic example.
And LAN-only mode should work without any external connections yet it looks like it'll require it for authentication. That defeats the whole idea of LAN-only!
> Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Why not implement some kind of open authentication? One that other slicers can implement.
What I don't get...BambuSlicer is open source. And, not only is it open source, it's a fork of PrussaSlicer, so Bambu doesn't have the ability to re-license it.
It's licensed under the Affero GPL which is very strict about the licensing of derived works. That license requires Bambu to include the source code to any additions they make, including all of the logic, keys, etc. that they're baking into any binary distributions. If they don't, they're violating the copyright rights of Prussa and many others.
So, either Bambu has to open source all of this, which defeats the purpose (given that it's already leaked, that's gonna happen anyway) or they have to route everything through a separate program for their own slicer.
BambuConnect is not part of BambuStudio - That's intentional, so BambuLab does not need to share/open-source it.
The current implementation (the Bambu network plugin thingy) isn't a part of it either, it's downloaded by the client when BambuStudio is opened.
They claimed that studio wouldn't need connect.
I don't know AGPL well enough to know if a plugin is considered a derived work but it sure seems to imply it:
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
I am angry at the bait-and-switch Bambu is pulling. I bought one of their printers in the Black Friday sale on the understanding it was reasonably hackable and open. Now they're trying to lock it down so I can't print on my own printer without using their approved software and DRM chain. It's outrageous.
More info on the hacking (the first in what may be a long stupid fight): https://hackaday.com/2025/01/19/bambu-connects-authenticatio...
bait-and-switch? We, those who advocate for open source 3D printers, saw it coming from miles away. This has very very clearly been their plan all along, they themselves said as much (e.g. they are doing the "apple model"). They have been very transparent about this, yet people still fell for it.
I bought a printer. It had some stuff. I didn't want that stuff to be gone after I bought it. That's a bait-and-switch, because they didn't explicitly say "be aware, that stuff is going away on Jan 2025".
I don't know how I feel about this. I hear your frustration about this. OTOH, Bambu is a walled garden approach. I also know the Prusa Core 1 is going to be less open to keep the cheap aliexpress knock-offs at bay. This could be an issue with Bambu labs as well if cheap knockoffs start appearing using reverse engineered P1Ps with modified P1P firmware.
https://hackaday.com/2024/11/20/with-core-one-prusas-open-so...
They never officially supported compatibility with Orca, or Home Assistant. Vendors break compatibility with unsupported stuff all the time. Don’t make purchase decisions on unsupported features if you’re gonna get all bent out of shape about it.
They officially supported me printing without an Internet connection, which is stopping now.
Where do you see that? Seems one can still print via SD cards without any issue.
It says:
Operations That Do Not Require Authorization The following actions will remain unaffected by the authorization mechanism:
Sending status information from the printer (e.g., MQTT status push for tools like HomeAssistant).
Starting a print job using SD cards.
General operations outside the listed authorization controls.
https://blog.bambulab.com/firmware-update-introducing-new-au...
You could still print without an internet connection, even before Bambu’s backpedaling.
Sorry to potentially pour oil into fire here, but I'm curious: did they really?
"Officially support" printing without internet connection?
Was this explicitly documented as a feature or did this just "happen to work" as you expected?
A lawsuit may have some leverage to find that something could have been "reasonably expected" to work in a certain way, but that's quite uncertain territory.
i.e. I would expect an Apple Watch to also work with Android Devices, but this was never officially supported by Apple and it's arguable whether it was reasonable for me to even expect this.
My toilet doesn't officially support crapping without an internet connection either. I'd argue that in both cases it's implicit unless very explicitly disclaimed.
How would a toilet with no electronics require an internet connection?
[the point] <-------------------------------------------------------> [you]
It wouldn't, but, if the vendor somehow made it require one, despite the very impressive technical feat, I'd feel cheated. Robbed, even.
Why does a 3d printer need internet?
They specifically advertise connectivity for a mobile app.
Worst user experience ever idk why but I miss being able to plug a cable from a printer to a device and then printing
Had the new requires phone app workflow and it was so buggy had to just resort to UPS/Fedex
My Oral B toothbrush advertises connectivity for a mobile app. That doesn’t mean they can arbitrarily impose an internet access requirement.
The way things are going though, I wouldn't be surprised if they did.
I mean, as a snarky hyperbole about how ridiculous consumer products have become, sure. In reality, I would be very surprised if Oral B decided I needed Internet access to use my toothbrush.
Yes, "lan mode" is an officially supported advertised feature, where you can happily print on an isolated network. (though as of this morning it now sounds like they're backing off after public backlash)
Interesting, this somewhat implies that outside of this "land mode" an Internet connection is otherwise required for printing
Well yeah if you're not using LAN you're using WAN which means internet. But the option is there to use either one if you want, or even just put a physical SD card into the printer directly if you want, no network needed at all then, LAN or WAN.
Yes, the default workflow on the product is that all prints go via their cloud service. For the first year or two of the X1C's existence this was the only way to print, but they later introduced lan mode.
Leading to obvious speculation as to why they have stuck themselves processing megabyte g-code streams between your desktop and the printer on the same network...
But since cloud use is optional anyone with the security/reliability/longevity concerns just don't have to use it.
Personally I don't see the cloud stuff as providing any value at all though I know people whose kids print stuff from their makerworld site via their phone app that consider it useful.
I have absolutely no insight into their operations or requirements, but when I see someone forcing traffic to their servers, I immediately think they’re looking for metadata, or training NN models on your data. NN generating 3D models is pretty valuable at the moment, and taking users data to train models without informing them is for some inexplicable reason considered ok even by many people that get foaming-at-the-mouth-mad over other privacy violations. Like I said, I’m just spitballing and have no knowledge of this operation, but it would give me pause before using it as a professional 3D artist.
AFAIK, Apple has never retroactively removed functionality from devices people already purchased
Selling a walled garden is one thing, building walls around a garden you already bought is another thing entirely
This is the Google model then. Base everything on open source, even allow unofficial builds of your operating system (LineageOS, Graphene), but slowly introduce more and more device attestation and DRM so it becomes de facto impossible to actually use anything but the closed builds because everything from banking apps and electronic identification apps to streaming apps will refuse to run on your "unsafe" operating system.
Currently the only thing which won't run on a non-google blessed android build is google wallet, although a lot of applications rely on google's proprietary services exposed through google play.
I've not ran into any banking applications which won't run on a non-google build of android (as then they would only run on a pixel). That being said, I refuse to seriously bank with any bank which doesn't offer a functioning website. My main bank offers an app but you have to wholesale switch to it.
This is false. List of apps which refuse to run on my old OnePlus 6 which I revived with LineageOS:
- Danish national identity app (MitID). I had to get a hardware token that generates one-time passwords.
- My banking app (still works in the browser though).
- The de facto payment app used for peer-to-peer payments and as a credit card alternative all over Denmark (MobilePay).
- The app for controlling the heating system in my car.
- Revolut.
- The app for showing a digital version of my government issued health insurance card. It's literally just a barcode and a number, so I can get by using a photo of the card instead. This underlines the ridiculousness of requiring Play Integrity attestion.
- The app for showing a digital version of my driver's license. As a bonus this app also doesn't work if you have set your default browser to Firefox instead of Chrome, even on a non-rooted phone.
On top of this, one app for scanning goods in the supermarket stopped working, but without explicitly saying why. I suppose it just silently depends on some Google service, but I have not way of knowing that.
I also cannot get Chromecast to work, but that is perhaps to be expected when replacing the Google services with microg, and not strictly a result of DRM. It is a major inconvenience though.
Denmark is one of the most digitized countries, and in many ways that is good. However, it also means that you are increasingly coerced into the whole Google/Apple ecosystem and that it is very hard to get out. Luckily there are alternatives to all of the above apps, but it is a major inconvenience to have to use them.
I don't know much about LineageOS but GrapheneOS supports attestation (albeit with its own keys) and it works for all the banking apps I have had the displeasure of using here in the UK including revolut.
If LineageOS did support those APIs (which it can support if it wanted to, without any blessing from Google) then presumably most if not all of those should also work.
Try GOS and see if it's broken there. If it works on GOS then you can shout at google for ever exposing the attestation APIs but the apps you're complaining about aren't actually abusing attestation in the way you claim, LineageOS is simply choosing not to implement the features they rely on.
Pretty sure this also requires the banks to then accept those attestation keys. Graphene pushes for them to do this, so you can't simply run whatever open OS you want on your device (like on desktop where you can also do online banking), you need to specifically use some third party service that then tells the banking software it's really okay to run on your device. I do find this to be a bit crappy, but at the same time it's quite amazing that Graphene has enough traction to convince many app vendors they should support an open/secure OS!
Revolut stopped working for me on GrapheneOS with an official message "Sorry, Revolut is not supported on devices with custom firmware".
Do you have the sandboxed Play Services installed? It works fine for me on Graphene (just checked).
That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Then you're free to keep your personal phone FOSS and as private as you like, without fear of getting locked out of important stuff due to a crappy Google® SafetyNet® upgrade.
> That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Anything which doesn't support an alternative method (not involving a proprietary blessed google phone) of management should be illegal if it's government related and should be boycotted if it's not.
I certainly agree with the sentiment (I would trust-bust tech giants, and severely restrict advertising as a whole for being a negative-sum game).
Nevertheless, for living in this world while preserving your privacy, my advice stands. Separate the devices that you control, which you will use for personal and private purposes, from the devices that global corporations and institutions control, which you will use to access the services those institutions provide - services which, by definition, you would not control anyway.
It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
(FWIW, I lived in three different European countries over the past decade and so far the governments all offered TOTP-based web alternatives to their apps. When it comes to private banking, only one (Lunar) was available only via app, but it was also the only one that ran without Play Services.)
> It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
What I am saying (and what I do) is that it's far simpler still to just not rely on anything where this might be the case.
If my bank turned around tomorrow and said I can't use their website to manage my account, I would not attempt to get their app working on my phone, I would switch bank.
Yes I have. I'm on Pixel 6, just verified again and still no luck for me :-(
Thanks for the recommendation tho - you reminded me that I have some old Xiaomi phone that should be able to run it still!
Anything that depends on the SafetyNet API will not run if your android build does not pass the checks, the list is much much bigger than "just google wallet". Whether a rom passes safetynet or not very much depends on what google considers blessed today, and what they will consider blessed in the future.
SafetyNet can be implemented by non-google-blessed ROMs (and is implemented by all non-google vendor roms without google's keys).
It works on GrapehenOS with their own keys (or you can, if you want, probably use your own keys).
None of the unofficial Android builds allows me to access to the secure element in my SIM card to use my e-signature, which works with SIM menu prompts triggered OTA by the application I'm currently using, mostly governmental services.
If I'm on a custom ROM, the notification never pops up.
That's not an attestation issue.
But have you checked if GrapheneOS handles it?
> That's not an attestation issue.
Yes, but see my other comment in the thread. It's not something trivial. It's not I didn't dig.
> But have you checked if GrapheneOS handles it?
I jumped the platform soon after, so I don't have the hardware anymore, so I can't.
You have to have evidence that this is because of attestation, though - lots of open source software is missing lots of features because they are just missing features.
It's not an attestation problem, but a trusted pipeline problem. Yes, the required files are missing, but carrying them from official builds doesn't work either, because all pipeline from modem to kernel has to be signed, and the chain breaks somewhere, and you can't build it without the private keys Google/OEM has.
It's like Trusted HDCP pipeline. Every part has to be signed properly, and no open distribution of Android can do that, period.
Okay but I'd like to see evidence of this because most missing features are just missing features.
SIM services is an integral part of the GSM stack, and all custom ROMs I used had SIM services menu, and I was able to see and utilize the functions in the menu, sans the ones requiring accessing the secure element.
There was one missing file (which I don't remember its name now, it's long gone), but I always carried over that one from the official ROM (same Android version, mind you), but while everything still worked, this was not enabling me to use the secure element based SIM services (namely e-signature).
The problem was not "not being able to access secure element", it was visible, but making it do (secure/verifiable) things, which require an "operator message" to trigger the right process on the phone. Even if the system which I'm trying to login said that the process should start, the phone just didn't respond/started the e-signature process. In my country, if your SIM is blocked for any reason from using these services (e.g. when you change your SIM and not-activate e-sig again), you SHALL and WILL (in RFC sense) get a message detailing what went wrong.
Again, the moment I flashed the original image, secure element based SIM services started working, I didn't need to do anything on the other side. Different ROM, it's working. Flash the custom one, reboot, it's gone. Add the required files back, no luck. That simple.
BTW, I was not mad that it was not working. It's a legally binding wet signature equivalent. I don't want that pipeline to be peek/poke enabled.
Did Google ever introduce more device attestation and DRM into an already released device though?
They did even worse.
New firmware upgrades made older devices slower and painfully unusable: https://www.techradar.com/news/apple-might-be-slowing-down-y...
And they have plenty of experience building walls around a garden. Ask anyone using OSX for the past 15 years and you will see how difficult it has become to write or publish software for Apple.
Alternate description of the same information: “newer upgrades made older devices batteries’ last longer”
They did nerf speed. But they did it for a reason. I get being mad about your phone being slowed down, but i don’t get being mad about it once you understand why.
> They did nerf speed. But they did it for a reason.
That reason was to incentivize people to replace their old "slow" phones with faster new phones. If Apple actually cared about the problem of older phones having limited battery life they'd have made the batteries in their phones replaceable.
There are conflicting priorities in every product. Apple tends to optimize look and feel over practicality. So they’ve drawn a hard line at user-serviceable battery. I agree with you that’d a bad call, but I also understand that once you’ve made that call the next best option is what they did.
They are replaceable. I've replaced batteries in older iPhones plenty of times, had Apple replace the battery in a few, and I'm probably going to use the Self Service program to get the parts for my 14 Pro Max soon as it's getting a bit tired out.
I suppose that anything is "replaceable" if you're willing to involve things like soldering irons, heat guns, or specialized tools, but replacing a battery on an iphone is not something that the vast majority of the population would be equipped to do or be comfortable doing.
Just some of them:
- Battery Management (iPhone 6, 6s, and SE): In 2017, Apple introduced a battery management feature in iOS 10.2.1 to prevent unexpected shutdowns by throttling the performance of iPhones with degraded batteries. This led to slower device performance without informing users, which is a removal of expected performance functionality.
- 32-bit App Support: With the release of iOS 11 in 2017, Apple dropped support for 32-bit apps. This meant users could no longer use older apps that had not been updated to 64-bit, effectively removing access to those apps on updated devices = You want the new OS? -> you have less functionality.
- Pulse oximetry features were recently removed from new Apple Watches due to Masimo's patent infringement claim.
> This led to slower device performance without informing users, which is a removal of expected performance functionality.
As opposed to the device unexpectedly shutting down due to a degraded battery not being able to push enough energy to support the CPU? They didn't remove expected performance, they prevented crashes which are by definition 0 performance. All Li-ion batteries degrade over time. That's not removing a feature...
This whole thing was totally overblown.
Well, they DID remove expected performance by slowing CPU performance, disn't they? People who had bought these iPhones (and not the previous ones) did so also because of the promise of a more powerful CPU, a promise broken by Apple. It is removing a feature (a better CPU) and Apple knew it that's why they did it without informing users.
Just to add, they also got fined by the EU for doing so, so it was ruled to be illegal. Bambu's changes would fall into the same category of altering the product and degrading the experience after its been sold.
Just to let you know that InstaCam360 did the same on their cameras with the smartphone app.
Previously you could directly upload the 360 videos do youtube, now you need to download the film locally on the phone, then host a converted version and only after those loops you are permitted to upload.
Or you can now buy a monthly subscription and get back the feature that was already there before. Quite disappointed with this kind of behavior.
the problem isn't that they've done it.
the problem is that user got no choice. Some might prefer degraded performance, others might prefer to charge their devices more often.
Also seller should have no business touching anything that they've already sold - they do might offer support, but it should be up to user to accept it or not.
It's not a matter of "charging more often". The phone just shut down when the battery was somewhere between 0-40%
Source: had two 6S's in the family. In the cold it could just suddenly shut down mid-call from 60% battery.
Indeed; while I've not had this specific issue with the phones, I do still have a mid-2013 MacBook Air lying around (it's now too old to realistically sell), and the battery on that was so worn by the time I got an M-something to replace it that would go from "fine" to "emergency shutdown" during boot if I forgot to plug it in. And then report something like 20% if I plugged it in and immediately booted it again.
Then the battery percentage is miscalibrated. The solution to that is to recalibrate the battery level, so that the old 40% is the new 0%.
It's not like the battery is actually empty. The phone is still able to run at 40% if it limits CPU power draw. As long as the throttling curve is accurate to the battery quality, it's all upside. A slow device is better than a turned off device. And if you want to keep your phone above 40% charge so it runs faster, go for it.
The root problem was not the throttling, it was the phone's inability to run at expected speed after a couple years.
The root problem is that Apple won't let you replace your battery.
However they applied it to all phones of that model, not just ones with degraded batteries
No, it was dynamic based on voltage. iPhones with worn batteries had higher performance at full battery and swapping the battery with a fresh replacement restored full performance even at low battery percentage. In fact this is how the slowdown was discovered: someone replaced their iPhone battery with a non-genuine replacement and it got noticeably faster.
you are still missing the point.
USER should chose that. not apple.
not all of them shut down, someone might get a battery replacement.
What apple should've do is to introduce a toggle, give a warning in notification. and in case of crash, display it again.
Apple (IMO rationally) chose that people would prefer a working phone, one they can use to call emergecy services, for example, to a phone that just suddenly dies.
After the massive hissy fit the Internet threw (along with lawsuits), they added a switch. Now you can choose to have your phone suddenly die.
But the legend lives on that "Appple slowed down phones permanently!!" - even though the fix for that is a 40€ battery swap that takes 30 minutes in any mall phone repair shop.
Again, let user chose. apple sold a product, it's out of their hands to decide what users do with it.
Maybe i want to use the device in a way that's 100% connected to the charger and repurpose it.
It's not apple's business what I'm doing with it
If you left It hooked up to a charger, their fix would never have affected you. It only slowed down the cpu when the risk of catastrophic shutdown was imminent.
I like a toggle for features like this, but it was a pretty standard user experience / reliability choice imho.
what if i want to do that AFTER fix was applied?
what if you replace battery AFTER the fix was applied? you can't rollback.
again, it's about user's choice. it's not apple's device, but whoever bought it. they shouldn't be even allowed to DECIDE which option is better. user should be able to pick whichever they want to go with.
With a new battery, the throttling goes away. The cpu throttling only kicks in if your battery condition is poor, and then only at lower charge levels where the risk of unplanned power loss is imminent.
I get it, but if you’re going to accept binary blob updates from a manufacturer at all, this one wasn’t bad.
If there was a toggle, Would you really run your phone in “reckless disregard for battery condition” mode?
Because that is what this fixed, a flaw in the firmware where the power management subsystem made incorrect assumptions about the battery condition. All new phones come with this baked in and working properly, so your phone doesn’t randomly die in the middle of calls when your battery gets old.
People pitchforked over this update without understanding what it was designed to do. If your phone has a good battery, it does not throttle the cpu. It just adjusts the power management profiles to reflect battery aging.
Yes this would have been better.
But the way they did it was far from malicious. It only affected users who were actually in danger of an emergency shutdown, during times when the shutdown was imminent. While I don’t want anybody diddling my firmware without giving me a choice, this particular issue was really a nothing burger in the end.
It was discovered when it became apparent that replacing a defective battery made the phone faster. Seems like a standard reliability / user experience fix to me. Not Many people would choose the “don’t adjust system power consumption to prevent unplanned shutdowns when the battery is about to fail” toggle.
> This whole thing was totally overblown.
No, it isn't. If the battery was broken and they knew the battery was broken, they should have informed the user the phone could be fixed with a new battery. They decided to gimp the device and not tell the user so they would be more likely to purchase a new device rather than simply fixing the old one.
> All Li-ion batteries degrade over time
So they know this yet they refuse to let users swap the battery?
Users can swap the battery?
It just requires more tools than your fingers, like every single mainstream phone.Not sure what kind of users you're dealing with, but your typical iphone user can absolutely not do that
A typical car driver can't change the oil in their car, nor can they do a headgasket swap either.
People don't go telling that Ford "refuses users to let their change their oil".
It's all perfectly doable, but you do need the tools and an ability to follow a step by step guide with pictures.
Imagine Ford deciding their cars must drive at 50% their speed when the engine oil is older than 2 years and at the same time forbidding users from changing the oil.
Yet there are always people justifying these type of awful practices as better for users. These aren't, the measures are only good for business.
Ford actually does this. They have something called limp mode for when sensors detect degraded conditions. They won't honor the warranty if you clear the code manually and continue operating the vehicle.
Many cars enter limp mode for when the ECU senses a possibly damaging condition. This limits the performance and capabilities until someone with a diagnostic computer can plug it in. Many times these diagnostic computers are entirely proprietary.
I'm not saying it is justified, but to pretend that other businesses don't do this is silly.
Well, that still wouldn't reduce your car speed by 50%.
And even for that case there would be a warning on the console and a mechanic would be able to inform what is happening. On this iphone case, there was no warning at all on the device nor there was any disclosure that they would be doing this to the phones.
You know this. In either case, thank you for the ECU info.
Have you driven a German car ever?
They are SO LOUD if you don't service them at regular intervals. They're even doing fancy tricks to make sure you're not faking the service.
Yes. I live in Germany, drive German cars and know the tech.
Regular service is indeed a bother. You know what I hate the most? In my oldish Mercedes it isn't even possible to change/update the hour without using a proprietary tool only available at official Mercedes mechanics. Since I refuse to pay premium cost for attending their mechanics, the clock on my car is always with wrong time.
And let's not even get into new business models like charging you a subscription to unlock the car to move faster or to unblock the heated seats. Indeed they also have quite "creative" ways to squeeze money and force to get new models.
Forbidding them from changing the oil? I personally changed my battery, I did not feel like it was forbidden.
Not even that hard.
For me, the firmware fix helped me limp through the 2 months before I finally got around to replacing the battery.
It made my phone that was flaky and unreliable below 40percent battery into a phone that worked slightly slower once the battery got low, but didn’t just randomly shut off during calls anymore.
I’d have preferred a toggle, but to be honest I doubt I’d have ever used “reckless disregard for remaining battery capacity” mode.
It was not overblown. Apple didn't disclose what they were doing or give the user the option to decide what was best for them. When a company chooses to behave that way, it should hurt them, and it did.
Apple's actions in this case were even worse than Bambu's. At least Bambu documented what the update did and offered the option of declining it.
The last one doesn’t really hold up since the feature is still available on devices that they were delivered on. My watch has the feature still.
The big difference is that none of these changes were part of a defined strategy to lock the user in to their products and ultimately generate more profit, as with the Bambu example:
- Battery management was to handle an issue that was encountered as batteries aged
- 32 bit support: Apple is well known for being one of the more aggressive companies when it comes to forcing users (and especially people coding apps for their platforms) to adopt required tech changes. But again, not directly profit-driven.
- Pulse oximetry: probably the closest to a profit-driven-decision, as this was driven by a patent issue, and presumably they calculated less of a hit from removing the feature than paying feed to the patent owner? Not great, but still not directly part of a user-unfriendly Apple-derived strategy, as with Bambu.
I remember one guy ranting a lot about navigation with the apple pen
And main difference with Apple is that you don't have to log in to their services on iPhone yet still have full _phone_ functionality.
the keyword being _phone_, not smartphone. Bambulab too will let you print from SD card without logging in their infra, they are just locking the rest of the ecosystem. 1 to 1 analogy.
It's still a smartphone - with web browsing, mail and everything else what's available out-of-the-box. And Bambu will cut out even local network access and, as they stated in "Terms of Use", can lock print jobs until you update firmware. Far from 1:1 analogy...
They are actually adding in LAN modes (standard and developer) with these changes so I'm not sure what you're talking about with them cutting out local network access. Neither will require auth.
As the issue here came through software update, you should look at it under the same lens for Apple.
For instance did an OS update ever prevent you from doing something that you could before ?
Yes. Countless times. OS updates have breaking changes, older apps lose support etc.
And for iOS these updates are irreversible under supported ways, while the very nature of the "there's an app for this" paradigm means losing a third party app equals losing that functionality for your device when you upgrade (you won't get a translation layer or virtualization to help the transition)
You may like Apple more and feel they communicate better, but fundamentally it's the same situation.
[flagged]
Open source didn't compete on quality for price. I could pay 2k plus 40 hours of my time for a Voron or buy something that just works. I think Prusa only put out their CoreXY offering after they realized Bambu was eating their lunch. The Apple model works because people want to print rather than tinker.
Well Prusa was open and did compete.
But for 3D printers that worked out of the box under $1000, Prusa had no real competition itself.
The Mk3 came out in 2017 and I swear Prusa just sat on their laurels. I was a Mk3s+ owner (well, still am) and was pretty disappointed how little improved with the Mk4.
Bambu’s competition was Prusa and they clearly strived to improve over what Prusa had accomplished.
I wasn’t really sold on the 4/4S, but I recently upgraded a 3S+ to a 4S and am amazed how much improved. The new touchscreen LCD is a huge improvement over the old two line monochrome LCD. Remote access and wife printing is a nice plus — I don’t even run OctoPi anymore. Automatic bed leveling and no more Live Z tweaking for each sheet has been a major quality of life upgrade and eliminates one of the major pain points in swapping out nozzles. The nozzle is much easier to swap out and is now high flow. Add in Input Shaping and it prints significantly faster.
I hadn’t had any experience with the new platform prior to this upgrade and I skipped over the MK4, but the 4S upgrade is a significant step up over the 3S/3S+. I wouldn’t necessarily recommend the upgrade kit — that took much longer than expected to complete (about two days) and I regret not buying a new printer instead. But, I have a 3S I plan to upgrade to 3.5 just to get the new electronics; that upgrade is far less intensive.
If you haven’t tried out a 4S you might be pleasantly surprised by how much nicer it is than the 3S+.
Similar experience with PRUSA for me -- I had a MK3S+ (which I loved) and paid ~$250 for the upgrade to the MK3.5S. Very, very impressed, for a modest investment I now have the new color LCD, a good chunk of the MK4 features and the print speed is at least 2x improved (if not better, I haven't quantitatively measured it but it's noticeably faster).
I went for the 3.5 upgrade as the upgrade from 3S+ to 4 was almost as much as outright buying a new 4. I'm glad I did it this way because now I'm thinking of getting the CORE One and then I'll have 2 excellent printers.
wife printing sounds nice!
Heh, whoops. Definitely a typo, but in all seriousness the printer is actually usable by wife now, so that is a huge plus. She could use it before, but hadn’t learned how to adjust Live Z and thus didn’t like changing the sheet. If you do it wrong you can drive the nozzle into the sheet.
the future is now
Are those still in PLA or you can print them organic now?
The problem is even with Prusas recent efforts to catch up with the Core One, it's expensive, and they still dont have a viable answer to the AMS. The MMU is still a hot mess, requires tinkering, isn't stable and overall just doesnt come close to an out of the box experience.
They still seem to be thinking the primary audience of 3d printers is people who tinker. It's not been that way for a long time. People just want to be able to unbox, plug it in and print. The second you add in the "oh just spend 5 hours tweaking this spaghetti mess of an MMU" you've lost them.
"hot mess" is not a fair assessment. The MMU2 was terribly unreliable, but the MMU3 is OK. It's surely more complicated to set up and requires more space than the AMS, but on the other hand, I think AMS concept is just plain bad. It's incredibly slow and produces a ton of plastic waste.
Prusa’s primary audience has been people who don’t want to tinker.
I think they just screwed up the design of the MMU but they never went back to the drawing board.
A Prusa MK4, completely factory built, is a reliable workhorse for me.
I didn't suggest otherwise, nor was that even part of my point.
I wondered if the bamboo was sold for a loss
Bambu Labs printers are not cheap. Even their entry level A1 printer is twice the price of an Ender3.
Sure, it is a better printer, but it is clear that they are going for scale, and most of what makes them better is in the software rather than in using premium hardware.
initially maybe but the way the printers are built makes for cheap mass production. Theres no special sauce in the hardware, it's all low cost off the shelf stuff, it's just optimised very well.
> Open source didn't compete on quality for price.
Well, Open Source did compete on one quality very well: being open, hackable and staying that way. With this being removed from Bambu lab printers it seems as if this is a very much valued aspect for many 3D printing enthusiasts, yet few people were willing to compromise for this aspect.
Apparently it is true, you don’t know how much you value something until you don’t have it anymore
I paid ~$750 for my 350mm Voron 2.4 kit (and, sure, 40 hours of my time. But look, you want to do 3D printing, 40 hours are just a small initial investment).
It really depends upon the target market. That's fine for hobbyists. But I use the Bambu X1 for small-scale prototyping in a company, and it has to be usable out of the box. We can't justify an entire week of labour for each printer we buy.
The Bambu has been ideal for that reason. Every material pretty much just works, and the quality is excellent. The cloud integration and janky LAN mode is the downside, and this current topic even moreso.
Yeah, I've got an A1 that I bought on sale. It's sitting next to a Prusa MK3S. I was doing prints for my nephews for Halloween and the A1 would do a print in 2h and PrusaSlicer estimated 9h for the MK3S. And I have, so far, not had a single failed print on the A1. They're rare on the MK3S too. But... the MK3S is "start the print and it'll be ready in the morning" and the A1 is "start the print and it'll be ready by lunch, and if you need to iterate you can have another one done by 3pm"
> But look, you want to do 3D printing, 40 hours are just a small initial investment
No. None of this crap. I want to 3D print. I don't want to service industrial machinery in my spare time. Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
Vorons are fantastic printers and a fantastic kit if 3D printing itself is your hobby. 3D printing is a fantastic hobby. There's tons of fun to be had building up and dialing in a printer kit. A well tuned voron can be up with the best of the best 3D printers. If that's what you want to do go for it!
But for heaven's sake I want to print models, parts and other practical things. I have other things to do and problems to solve. My 3D printer is a tool. If I have to spend just as much time working on the machine as I do using to actually print things then I'm not interested.
Bambu is still the best game in town for a turn-key, just works printer. Prusa can deliver the same experience at double to triple the ticket price. A voron is not a replacement for a Bambu printer no matter how good the printers actually are.
>Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
Obviously many people don’t care about that. Fair enough. But then you should be prepared to deal with their shenanigans.
Prusa also does things like maintain and develop printables.com and PrusaSlicer (itself forked) which many of these closed printers fork with minimal changes.
People don’t care about this either. So again, get ready to deal with garbage when Prusa goes under.
I think it’s sad since the whole domestic 3D printer thing started as open source.
> I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
No, it's not, and the perception that it is hurts the cause of openness.
Open Source has every ability to be better, to Just Work, to not require constant debugging. Good Open Source systems manage this. The fact that 3D printers apparently have not is the fault of those printers, not any inherent quality of openness.
QIDIs might need a slight bit more tinkering with settings for new filaments but they’re pretty solid and offer more than Bambu does for the money
Comparing Bambu to Voron is an absurd comparison
> Comparing Bambu to Voron is an absurd comparison
I politely disagree. I was in the market for a more modern printer, and it boiled down to either a BL or a Voron - in the end I decided against ease of use and in favor of an open ecosystem. I agree in that they are not universally interchangeable, but for some people either can be an option, each with distinctive advantages and disadvantages.
What do they offer more in your experience?
Chamber heater is really nice for ABS
because 3d printing is not there yet.
the whole process is basically cnc but with z hops and extruding instead of removing material.
we do not even have conical slicing yet.
> because 3d printing is not there yet
Ya, it is, and it’s been there for quite a while now thanks to Bambu.
The X1 just works. Coming up on a year of frequent use, I can count the number of failed prints on one hand. It’s incredible.
i do not believe you. it is mostly a material issue not a printer issue
Both modern (pre assembled) Prusa and Bambu are very good at this. They guide you through the full setup process, automate first layer reliable, have decent stock profiles.
It's all just much less tinkering then 5 years ago.
> it is mostly a material issue not a printer issue
Tell me you don’t anything about 3d printing without telling me you don’t know anything about 3d printing.
if you think that there are not limitations with current fdm thermoplastics and software, i do not know what to tell you.
It is. I have no interest in messing around with 3D printers and was annoyed by the fact that Bambu lab lied about the 15 minute setup time. It was more like 45 minutes, but after that I never touched the printer again and started printing instead.
Also, subtractive manufacturing is much harder than additive manufacturing, because you need to position the machine around an existing piece of stock and sequence your operations manually, instead of letting a generic slicing algorithm slice from bottom to top with an offset vs the intended printing location only being a problem if you accidentally print over the edge of the build plate, which is usually not possible mechanically.
it is not that. i mostly mean that for anything functional that needs to take a load you need at least petg or asa (abs is a bit old now), which require proper storage.
also there are so much stuff that are in open prs and issues for years that are not implemented for slicers.
There are countless firearm receivers that have been printed on pla plus, many with thousands of rounds on them. Sure they may turn into a puddle in a hot vehicle, but they are functional and definitely take a load. Pla + is actually preferred in that community over the others you mentioned, although asa is becoming more popular, along with filled nylon alloys.
I think the AMS unit for the Bambu is somewhat sealed and has desiccant in it.
"take a load" - I don't know what kind of load, do you mean the fact that PLA is creeping under sustained load?
If that is YOUR usecase that is fine, but that does not mean that set and forget works just fine for others. Btw gun people use PLA plus just fine.
"Take a load" = perform mechanically and or structurally at levels of force, temperatures, etc. at levels higher than the properties of PLA allow for.
Don't get me wrong here. PLA is a great polymer, However you can't really expect parts made with it to hold up when compared to other "engineering grade" polymers.
I don't think anyone expects PLA to be used for anything that requires structural stability. There's far better filaments for that application. Some of the carbon fiber infused PETG filaments for example are incredibly strong.
Not many people use 3d printing for applications that require extreme strength though, that's really not the goal many people are aiming for.
You would be surprised!
I do this for a living and people are always looking for more parts to run through the process and better filaments to see those parts end up performant.
CF-PETG is strong! For a bit more toughness and temp resistance, PA12CF35 is seeing a lot of use. Some companies out there have service departments to keep machinery running. They apply FDM more than you might expect. Alloy 910 for gears, Cf of various kinds for abrasive scenarios, like cardboard handling, in one scenario.
Well for example layer bonding is better compared to some other materials. It's just that load over time it will creep. And of course shite under temperature.
It can be a fantastic material for some functional parts.
But even if not, I don't see how it's invalidates that there are printers out there that are more or less set and forget.
Bambu printers, or at least the one in our shop runs ASA set and forget style.
It is a great machine though it does not always make the strongest parts, and single material builds is geometry limiting. Lack of chamber heat and one nozzle makes some things easy, but does not entirely avoid the trouble with higher performing polymers.
that is just one example of issues with thermoplastics. the AMS is great though.
You're saying this yet anyone can buy a random Bambu and just print.
I've owned or used probably every major (and some minor) printer released in the last 8 years and for most people Bambu really will just be "plug and play" (and even if something goes wrong they'll hold hands as much as needed)
as i said to another reply, it is a material issue.
That does not match my experience. The printer I have has had parts break with light use, and a really poorly engineered z-axis homing which results in wildly inconsistent zero heights and a very high print failure rate.
Damn that's cheap! What vendor did you use?
> The Apple model works because people want to print rather than tinker.
Entirely this. I bought my A1 mini over the Christmas holidays and couldn't be happier with it, it's my first 3D printer. Searching for models on Makerworld, adjusting tiny bits here and there if needed and print. It just works and I don't really care about anything else, much like my Brother printer.
Curious if anyone has tried the Core XY printers from Creality? I think they use open source software and are generally in the same ballpark as the Bambu printers price-wise. Also saw they have a similar AMS style system as well.
There's a middle ground between the Apple model and assembling everything yourself.
it just works until it doesn't
"Fell for it" implies that everyone buying a Bambu printer expected some degree of openness. Maybe some customers actually want an "Apple model", where the device mostly looks after itself and "just works" as much as possible.
I got into 3d printing a few years ago and noticed the same, bambu made me nervous for exactly this.
But the fanboyism and shilling in the 3d printing community is intense. If you mentioned these misgivings you'd get flamed. If you bought or enjoyed another printer people would advise you to sell it and buy Bambu. Lots of people in various threads seemed to defer to that kind of expert advice.
I think there is/was a similar fanaticism for Prusa going on, but it seems a little less at the forefront since Bambu.
As someone who recently bought a bambu printer, I have to agree: I am not surprised. Still disappointed, but in no way surprised. The "apple experience" is why I went for a bambu device (along with the price, and some excellent recommendations from friends). I was even surpised that the "LAN Mode" actually works somewhat good. Should have got a prusa...
Come on even makerbot wasn’t that blatant. I believe a lot of us haven’t seen it coming.
Good for you. Kind of a non sequitur, though, and gaslight-ey at that.
no, it hasn't been their clear plan all along, and blaming the victims is not advocating for open source 3d printers. Fully open source, DIY 3d printers that are available today suck compared to Bambu. The commercial offerings built on top of Orca (I have a magneto X) suck compared to bambu.
The 3d printing community just slapped down heygears for similar BS to what bambu is pulling right now. Once Bambu hire some better software devs and sort out their issues, open access will return, I bet.
Apologists are crazy. It's clearly shit
oh, and look, the backlash is already starting: https://www.youtube.com/watch?v=91kfolYkRNM
I'm not saying I wouldn't love for an fully open source printer company to have the quality and velocity of development that the bambu has (AMS-compatible TPU, delicious), I'm saying people who are making "It's clearly X... You should have known Y" aren't providing useful perspective nor are they accurate. Looking at your post history shows this.
Its clearly shit, but you're delusional if you think I'm an apologist.
I don’t understand why you think it was hackable or open?
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
You can print of an SD card without any special software or online services, the same as you can on Prusa printers. It's just the server/internet stuff that's locked down. Which I wish was open too, but it's still has fully unrestricted local printing functionality.
https://www.reddit.com/r/BambuLab/comments/1i548m9/this_is_p...
Looks like it's not true?
From that link if you continue reading, commenters in the thread point out that LAN mode didn't even exist when the printer came out, and that it's more flexible now than when they first came out on the market.
My other comment on this thread contains the rest of my thoughts. Overall, I think this outrage is overblown.
I _think_ that's browsing the SD card from Bambu Studio when the printer's set to LAN Mode, not printing from SD on the printer itself.
Yeah this looks to be the case. All of this change was prompted by the fact that malicious software was triggering prints over the network. So now they have locked it down so the printer can verify prints came from the actual account owner.
Printing directly from SD cards via the little touch screen is unchanged since networked computers can’t do that.
> So now they have locked it down so the printer can verify prints came from the actual account owner.
This is inaccurate, the printer already required authentication using an 8 digit code. What they're trying to do now is verify that the print has been started using official Bambu software, i.e. software-only DRM.
The ONLY problem I have ever heard of Bambu printers starting on their own was when Bambu itself had a problem with cloud:
https://www.notebookcheck.net/Bambu-3D-printers-start-printi...
I have owned one since November 2023 - and it has never been hacked or powned by an outside actor.
> All of this change was prompted by the fact that malicious software was triggering prints over the network.
Was it actually? Is there a source for this?
I'm not so upset about this change (it doesn't affect me, so far), but I'm skeptical this was a widespread problem.
I really really hope people saying this is a nothingburger is actually right, because I do have a P1S, use orcaslicer, and would like it to continue to work. Hoping this is just a miscommunication.
Bambu Connect is explicitly about allowing you to continue to use your favorite slicer. They make it less convenient (instead of pressing print you now have to save, load the file in Bambu Connect and then press print), but they don't prevent you from doing it.
Once the update actually rolls out to the P1S obviously. Which may not even happen with the current backlash
> Bambu Connect is explicitly about allowing you to continue to use your favorite slicer.
For now. They're putting themselves in the middleman position where they get the final say over what we can print on the printers that we supposedly "own".
It's naive to think that they won't try to extract revenue from that privileged position, they wouldn't have spent R&D resources on it otherwise.
I think this is pretty shitty. Not being able to print directly from the slicer is a big pain.
Imagine if this limitation existed with Bambu's first-party slicer. It would obviously be considered a pretty big downside.
“Hackable” and “open” were never advertised or officially supported by Bambu. It is foolish to make a purchase decision based on an unsupported and unadvertised feature, and while you can be angry that seems silly.
> on the understanding it was reasonably hackable and open
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
> on the understanding it was reasonably hackable and open
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
And let them be closed-source as long as they give you ability to print without calling home or even without internet connection.
I didn't realize that closed source means you the end user get to dictate how the manufacturer implements features.
If you are looking for alternatives, I highly recommend the Qidi q1 pro
Despite an initial issue with the hot end (which was easy and fast enough to fix with help from support). I’ve been really happy with it
It prints pretty much anything. Fast, reliable and very cheap compared to equivalent printers in the market
Voron for life
> standing it was reasonably hackable and open
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
Sorry, but if you did research on Bambu's and came away with them being open and hackable, you didn't do enough research.
I dove into 3D printing a year ago. I settled on the P1S because its reputation for "just working" and good for beginners. I wasn't interested in attaching a Pi to it, run Klipper on it, I wasn't interested in steep learning curves and choosing from a myriad of slicers. I wasn't interested in "calibrating more than printing" with the Enders that one friend warned me about. I needed it for one simple, but big project and it worked great.
Since then I expanded to getting the enclosure, AMS, and messing around with Orca. The Bambu is very accomodating to learn and grow more and I don't regret the decision at all.
They were selling at or sometimes below the price point of printers that you build yourself.
They're good products, and they are clearly selling at a low enough price point to push for market capture.
The pricing, special features tied into their own AMS + filaments, special features tied into their own slicer. These all indicate that they were building towards this sort of behaviour.
Is this a defect under the EU law?
If so one could get a refund :)
> on the understanding it was reasonably hackable and open
While this lock down doesn't seem right it is far from unexpected, I question the amount of research done prior to your Black Friday purchase (BF and well-thought-out-decisions often do not go hang-in-hand!)…
I bought one (an A1 with the multi-material add-on) some months before that in full knowledge that the company would prefer to funnel people into a walled garden because if you look anywhere you'll find proponents of other makes warning that exactly this is possible & likely, with the "must take many steps to print without talking to their servers" being the key evidence in those warnings.
Good reasons to buy a BBL machine (at least my reasoning when I did):
* They work out of the box more so than many of the competition (many will say "X is better or better value, if you spend Y amount of time tuning" which while often correct, I wasn't looking to spend that time tuning), certainly more so than others at similar prices.
* QoL features (good auto leveling, dynamic flow control) that weren't exactly ubiquitous on similarly priced or cheaper machines.
* Certainly in the case of the newest A1/A1-Mini line: a working MMU option cheaper than you find in other ranges (some manufacturers have started addressing this and the out-of-box experience, in their product lines, 2025 could be an interesting year), and very easy nozzle changes (useful if you want to both do detailed minis (without going resin) and mostly larger items).
* For me, the handling of the A1 issues early last year (quickly acknowledging a potential safety issue and publishing mitigation guidelines, full recall or fix-at-home options when it became clear the issue was more significant) was a point in their favour wrt after-sales giving-a-shit. Obviously not a point against others as we don't know how they'd react until it happens, of course. There are regular complaints of slow support response more generally, but there are for other printer manufacturers too and, well, pretty much all consumer facing industry these days.
* The official documentation & videos, maintenance & troubleshooting guides etc, seemed to me to be more coherent than some other offerings (though searching for "<my problem> reddit" is still a thing!).
Absolutely terrible reasons to buy into BBL, long before this storm:
* Openness (software). From the get go their offering has the trappings of a more controlled garden than the 3D printing community were used to.
* Openness (hardware). While there are some compatible 3rd party after-market parts, there isn't the able-to-build-your-own feel you see elsewhere with people using different extruder nozzles, cooling options, and so on.
--------
This isn't a great analogy, but: BBL is an Apple (though not quite on price) to the rest of the 3D printing industry's Linux and it only takes a small amount of information to see that before buying.
If I upgrade (or have to replace, or just decide to get a second) then maybe I'll go elsewhere. I'm more confident I could get other others working well, manufacturers are addressing the points that have allowed BBL to take so much of the market & mindshare in a short time, but the key thing against BBL (not being open like much of the rest of 3D printing) is something I was well aware of when buying (it did make me think twice) so I can't be too mad about it.
Now if they try stop people using 3rd party filament, like the traditional printing industry with ink & toner, which is far from impossible, then I'll feel they've conned me.
An extra point that it is too late to edit in, on openness wrt software: unlike some companies we could all mention, they are playing right with the slicer software. It is heavily based on earlier AGPL3 licensed software and their work is correctly licensed also: https://github.com/bambulab/BambuStudio/blob/master/LICENSE
There might be some question as to whether anything like the connectivity layer that sits between BS and the printer that currently isn't open, should also be AGPL. I'll leave discussion of how AGPL and losly linked components do/n't work together to people with more experience in the area…
Bambu has never advertised their printers as hackable or open. Indeed, they advertise the exact opposite: that you won't need to do anything to it to get it to work.
That people can hack the Bambu printers is a bonus.
[dead]
That makes as much sense as saying you bought an Apple laptop expecting it to be hackable
I was very against Bambu in the beginning for their lack of proper network (not cloud!) support. Then they added LAN mode and I actually considered getting one. Luckily I was lazy and never got around to it. What the fuck Bambu?? Security, really? Not even HP dares to make that excuse...
Bambu Lab have been quite explicit about this. Their consumer-grade printers rely on a cloud service; for people who want or need printing over a private LAN, they offer the X1E.
https://store.bambulab.com/products/x1e
That hasn't been true for years, the regular X1C has an officially supported lan mode and works fine without any of the cloud stuff. (I believe the smaller ones do too, but I haven't used them so I can't speak to them).
Yup, P1S does as well. Well, did.
HP just straight locks you out of your printer unless you pay ransom every month..
All HP printers still give you the option of paying full price for ink cartridges and owning the printer. The rental model is one they try very hard to steer you into, with lots of dark patterns, but you can still use HP printers with no account and no subscription ink model.
I mean, I technically see why authentication may be something they want to consider, especially for the less technically inclined users that Bambu is very obviously targeting.
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
I wish Prusa weren't asleep at the wheel, then we would have bought a core one (that is, the hypothetical variant with large build volume and same quality as bambulab).
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
Not really asleep at the wheel. More like they invented the wheel, produced the open source slicer (a fork of the original slicer but vastly improved), which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
I ThouYS may have a point. It seems to me that Prusa were tempted to go after the prosumer/pro market and invested a lot of time and engineering horsepower into higher spec machines (Prusa XL, HT90) and resin printers (SL1S).
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
Thing is even with the core one finally releasing...its not a compelling product.
It costs more than the P1S - which lets fact it, thats what it should be compared to, not the X1C as the Core one doesn't have the stronger nozzle, nor any features that would make it a 'pro' level product.
They also still dont have an answer to the AMS, which is a big selling point for the Bambu's. The MMU3 may be better than the previous one but its just like putting lipstick on a pig - it's a mess, with tubes all over the place, spools dotted around, and then you've got to constantly babysit it and tune it.
Side by side the P1S with an AMS is still significantly cheaper and from a marketing perspective a much more visually pleasing offering.
Also worth mentioning that whilst the core one is about to come out, the MMU isnt actually even supported yet, and theres no timeline for when it will be.
Prusa are so far behind at this point and really shouldn't be. Chances are the core one is going to come out and just like the XL and MK4 will be extremely buggy for a good 6 months. How people still accept this is bonkers.
> not the X1C as the Core one doesn't have the stronger nozzle
Swapping nozzles makes the machine worth double?
Not at all, you're paying for a bunch of other differences on the X1, none of which the core one has, hence why its more comparable to the p1s but priced as if its comparable to the x1c. The spec sheets don't lie, it's a p1s competitor.
It would be interesting to know how many people buy printers with AMS or other multi-material capability. How big of a selling point is it really?
All we've really got to go by is Twitter and Reddit, and I rarely see a photo of a Bambu printer without an AMS on top of it or to the side. With it being cheaper to buy an A1 Mini, A1, or P1 WITH an AMS than a base model Prusa MK4 it's not surprising they've been so popular.
It's what makes me completely baffled how much Prusa have fumbled the Core One release. It should've had an enclosed AMS style product to go along side it. The MMU is utter junk in comparison to the AMS, god knows why they are still burrying their head in the sand over this.
> which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
I sold a mk3s because I could never get it to work to my satisfaction. I tried for weeks, trying everything I could find on the internet, using filament supplied by Prusa.
Eventually the print head crashed into a failed print overnight, fusing nearly the entire head inside a ball of PLA filament that formed after the printer happily carried on shoving out molten plastic.
I didn't have another 3d printer to print the replacement parts. I was so frustrated with it at that point I just got rid of it.
Until I can treat a 3d printer like a Brother laser printer (forget about it for 9 months at a time and then have it work perfectly when I need it with zero maintenance), I don't think I'll invest in another one.
You just described Bambu printers with your last paragraph. They just work.
I got my first 3d printer, an MK3S+ a year ago. Pretty late in its lifecycle, but I wanted to spend more time printing than fixing issues.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
Wow, so the actual content is also sent to the cloud? Not just authentication/metadata? Massive overreach. Imagine a inkjet/laser printer company sending every page you printed to their servers? (actually I wouldn't be surprised if HP does this already)
Commentary on the situation from Louis Rossmann https://www.youtube.com/watch?v=aIyaDD8onIE
Their response:
https://blog.bambulab.com/updates-and-third-party-integratio...
Honestly, the response is not that great. Right off the bat they're just going on the defensive, enumerating "false claims" that printer will require subscription etc. But the concern wasn't that Bambu _will_ do that, but that they _could_ do that, and generally that inserting Bambu's infrastructure as a mandatory step in the printing pipeline is _not great_.
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
[0] https://github.com/SoftFever/OrcaSlicer/issues/8063#issuecom...
[1] https://old.reddit.com/r/BIGTREETECH/comments/1i5lzzf/latest...
according to [0] the ipcam is logging video even when the camera is disabled.
I suggest we collectively print Tiananmen Square Tank Man scenes.
[0] https://www.reddit.com/r/BambuLab/comments/1i548m9/comment/m...
these printers have spaghetti detection so it actually makes sense the camera is always on
Spaghetti detection is supposed to happen on-device.
Yes? the reddit guy is saying the device is always saving pictures on the device.
it does not make sense: spaghetti can be detected without logging it, just process and evaluate frames, and if necessary accumulate multiple evaluations (not images) to achieve better signal to noise ratio.
> I suggest we collectively print Tiananmen Square Tank Man scenes.
Anyone got a link to a good .stl?
we will have to make one, I suggest we also use machine translation to include the historical background into the print in their own language.
I've been following along with a lot of this, because having picked up one of their printers about a month ago, I was immediately very nonplussed with the security. It took some work to get it running isolated on an IoT VLAN, yet still usable from my main machine.
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
My understanding is that if I want to print via LAN, I have to auth against Bambu's internet servers, which is most definitely something I don't want.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
Can you link to some specific detail on that, because I keep seeing that claim, but without any technical info.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
From their blog post: https://blog.bambulab.com/firmware-update-introducing-new-au...
"Critical Operations That Require Authorization
The following printer operations will require authorization controls:
Now, PERHAPS, I can do that authentication locally... but given the plugin required for OrcaSlicer it doesn't seem likelyYep -- I read that, but that doesn't spell out auth back to BBL's servers, just auth.
And keep in mind that OrcaSlicer already used Bambu Network Plugin to communicate with their printers. (It prompted you to download this on install of OrcaSlicer if you picked one of their printers.)
The move to Connect means that OrcaSlicer needs to send the print data to Connect via a protocol handler instead of to the plugin. Connect will then send it on to the printer itself, and from what I've seen it'll do that over LAN. (But I can't test because my printer doesn't support this yet.) I see this as akin to a print driver vs. printer-specific support built into an app. Not a bad thing at all, if done right.
The plugin already did (very minimal) auth via the Access Code and can do it with the printer and Bambu Network Plugin completely isolated from the internet. (I've done this.) So I'd like to know specifics of what's changing here.
"Operation Guide for Bambu Connect
Start by logging in to the Bambu Lab account or click Discover to find LAN mode printers."
https://wiki.bambulab.com/en/software/bambu-connect
At the very least - it looks like you'd need to log-in to the cloud account to print on the LAN, which really begs the question.... why?
> it looks like you'd need to log-in to the cloud account to print on the LAN
The text you quoted directly contradicts what you are saying. It says login OR discover to find LAN mode printers.
You’re right! Sorry obviously I was one coffee short of comprehension!
what else would it be auth'ing against if not Bambu servers?
Perhaps some... other or better way of authenticating to the printer? Previously there was just a single, essentially fixed, numeric string that gave complete access to the printer, and communication was via TLS with a self-signed cert.
I don't want to hypothesize about what it could be doing, I want to see what it's actually doing (or see some actual info from folks about what they've seen) so I can decide if I'm comfortable with that or not.
The bambu cloud service has a very low value-add and they are trying to make it mandatory. the speculation is that they are trying to add a subscription model for print farms, which 3rd party slicers enable.
the printer itself?
I don't have a definitive source readily available, but from talking to people who were investigating the technical aspects, connection between the printer and slicer software will be mutually authenticated using a certificate that will issued by Bambu Cloud, issued only to blessed 1st party software, and verified by the printer upon connection over the local network.
So your blessed Bambu Studio instance connects to Bambu Cloud and requests a certificate, the server issues the certificate to you (or not), and then Bambu Studio may use it to connect to the printer on your LAN.
The certificates have an expiration time of 1 year, meaning that the printer functionality would severely degraded (missing network connectivity), at most 1 year after they take the servers offline or stop issuing certificates for any reason.
Not a definitive source for what I said, but it contains some information: https://hackaday.com/2025/01/19/bambu-connects-authenticatio...
I sorta get what you're saying, and the flowchart here (https://blog.bambulab.com/updates-and-third-party-integratio...) somewhat agrees.
But where I disagree is with that cert stuff.
1) That cert is on the /client/ side, not in the printer. It has nothing to do with printer functionality, only with talking to the printer.
2) Expired certs do not mean things automatically get rejected. Using and allowing expired or self-signed certs is routine in the IoT world where certs on devices can't readily be updated. But again, that cert isn't from the printer.
3) Expired certs, just like the self-signed certs that are so commonly used, still result in things being encrypted on the wire. And often that's the point.
It seems to me that someone found/exported the cert, and is trying to make all sorts of WHAT-IF or THIS-COULD-MEAN-THE-WORST claims but are lacking some significant understanding. Without understanding the architecture and the rest of the code, and perhaps seeing that cert be used, this is just an artifact found in the distributed beta application.
> That cert is on the /client/ side, not in the printer. It has nothing to do with printer functionality, only with talking to the printer.
What do you mean, if my software can't talk to the printer then that affects printing functionality.
I mean that the extracted cert that's going around is from the client (Bambu Connect) side. Everything it would get used for is a function of the client and how it talks /to/ the printer.
Even if it is used to sign some communications, it doesn't matter if it's expired or not on the server side (the printer side), unless the server chooses not to accept it. And then updating it would be a matter of updating Connect; the client.
There's no reason -- other than hyperbole -- to infer that a certificate which expires on the client side will cause the printer to stop doing anything.
For a web-y example, think of how a website which needs a client cert for auth -- like lots of gov't stuff -- would handle a client cert expiring. It'd either accept it anyway, or reject it. But it wouldn't mean the website breaks. And thus claims of that client certificate's expiration being a killswitch for printers is simply wrong.
It's vendor lock-in (or DRM), not security. Security would be a protocol based on a user specific secret that doesn't inherently require locking down anything to Bambu Lab only software (think username/password). Vendor lock-in is about locking the user into using Bambu Lab software, which is what we see here.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
> Unpacking app.asar without fixing it first will result in an encrypted main.js file and 100 GB of decoy files generated, don't try it.
I know it's not exactly a zip bomb, but it's kinda close, and goddamn, that's obnoxious.
I'm kinda curious what will this lockdown do to the efforts to replace their controller and/or firmware with something more open. Something like [1]
It's nice to have a private key to their cloud authentication, but ultimately it's the printers firmware that's the issue. While Bambu owns and updates that, they can change the keys basically anytime they decide that they had enough of the alternative Bambu Connect servers that people will inevitably create with the current keys.
[1] https://github.com/ChazLayyd/Bambu-Lab-Klipper-Conversion
Bambu should be working on scaling their consumables and customer service, it takes weeks to resolve any tickets, 8 days to a first response has been normal for them.
It’s kind of a joke they think they’re ready to roll out a print farm subscription when they can’t even keep basic filament in stock, or like you said even provide basic support. They’ve grown far too quickly.
What can't you fix? All the issues I've had you could find a video on YouTube on what to do.
I'm not surprised that 3D printers are turning out to be as hostile as 2D ones. As usual these days, "security" is the excuse.
There's so much open source software, firmware, and hardware out there for FDM 3D printers, I doubt they'll ever get as bad as regular printers. It's much more a tinkerers world than 2D printing ever would be.
Are regular printers that bad, if buy brother?
I bought a B/W laser printer and have been generally impressed with the lack of BS that came a long with it.
It did ask for toner once, so I bought something from a third-party.
Some are good, some are bad, buyer beware.
No direct experience, but I recently read[1] Brother HL-L3220CW counts printed pages, and refuses to print after a set number of pages, even if there's still toner in the cartridge. Some models have a way to reset the page count but this one apparently does not.
[1] https://spicausis-lv.translate.goog/2025/01-brother/?_x_tr_s...
(I also use a Brother B/W laser printer, got it second hand for almost nothing, works fine)
Does the printer also refuse to print when using toners not part of the EcoPro subscription, though? Or is this just another case of people expecting their subscription toners/cartridges to last beyond their payment? I can't blame them, the marketing is sneaky about it, I just see it often on threads about HP.
The post did mention the other toners that came with the printer also locked, but I think I remember reading elsewhere that those printers are cheaper precisely because they come with EcoPro-only toners in the box.
I have a L2395DW and its factory cartridge just ran out!
Factory setting is to stop printing. It can be changed to basically print anyway.
That worked, delivering increasingly crappy prints until replacement toner cartridges arrived.
Swapped one in and the machine is back to printing fine.
I did buy aftermarket, cheap as I could find for replacement.
The factory cart still had 5 percent or so, when compared to the new ones, of toner in it.
Haven't had the sam
All said and done I am pretty happy. Toner got well used, replacement was cheap.
I've only made good experiences with laser printers, from very small ones to full-sized copy machines. Some of the more expensive inkjet printers are reportedly also quite good. You are still stuck with the usual horror show that is software from hardware companies, but otherwise it's not so bad. And the occasional paper jam, but 3d printers are no better in terms of reliability
The bad reputation is just from HP's tactic to sell printers cheaper than everyone else, in more stores than anyone else, then make the money back with the scummiest tactics imaginable.
Yep laser printers are the equivalent of modern CoreXY printers with solid auto calibration
Could you name one? Other than the X1. I think I might be in the market for a new printer, but I don’t want to lose quality.
Prusa core one, but given the lack of features I can see why people might choose X1.
Well, at least you can build a 3D printer at home. I built mine years ago (https://lucasoshiro.github.io/hardware-en/2020-06-14-3d_prin...) nowadays you can even build a better one.
With 3D printing out for a while now, there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens. I'm really shocked the overpriced ink monopolies weren't attacked in this manner, as a young child I distinctly remember a kiosk in a grocery store which 'printed' messages and images on blank cards using colored pencils, for customer order. None of this is remotely new.
> there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens
This is a thing. Obviously.
https://urish.medium.com/how-to-turn-your-3d-printer-into-a-...
Only a randomly selected tutorial.
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner,
Inkjet and laser printers easily print whole page 300 DPI raster images in seconds. Plotters need vectorial data and their printing speed depends on how complicated what you are printing. These things simply don’t serve the same use case. You can do nice art and heart warming cards with a plotter, but you can’t hit print on your boarding card / dhl label / word document and expect your plotter to give you what you see on your screen.
> None of this is remotely new.
I agree that none of this is remotely new. Plenty of people tinker with plotters for fun and profit. There are even pre-packaged consumer centric solutions where you pay the price of convenience with lack of freedoms. (See the similar debacle around the Cricut plotters.)
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner
Because those of us who understand mostly don't care. Those who know bought a Brother laser printer and got on with life.
When those who understand need genuine inkjet prints, we go to a store that owns a printer that is several orders of magnitude better than we will ever need and pay them a pittance to get it printed.
That having been said, I really do wish we had an open source laser printer because, at some point, Brother is going to pull this same bullshit.
Man, I love my Brother - it is 10-years old this spring, driver updates keep coming for new operating systems in both 32/x64 - and never has a hassle with third-party toner cartridges. While it is intended for a small office (and therefore fairly large and heavy), it has been easily hands-down the best hardware purchase decision I have ever made. (And - it there was a $300 off sale discount when I got it - so $500+tax)
Admittedly, the printing system for 2D Printers is a nightmare. Windows Secured Core PCs, for example, disable all 3rd party printing drivers and only support open driverless standards for printing like Mopria. According to people who have looked at it, let’s just say CUPS in macOS and Linux is not very likely to be a paragon of security, having an RCE scare 3 months ago.
If the printing stacks within operating systems are trash, who knows what horrors your network-connected printer firmware has. (Locking down 3rd party ink cartridges in the name of security - what’s an ink cartridge going to do? Buffer overflow the data it sends to the printer? Oh wait, maybe the printer is that dumb and we’re overthinking this, and it’s more inexcusable than first glance suggests.)
If 3D printing isn't kept open source there's going to be laws about what you can and can't print that will kill innovation.
I can't imagine the printers being open source or not mattering for that, nor can I see any reasonable government banning printing of specific things. If something is illegal to own or manufacture, that already applies to 3D printers just as much as it did to CNC machines or any other method.
Are you so sure?
https://www.nysenate.gov/legislation/bills/2025/A2228?utm_ca...
Not quite the same, and hopefully likely to fail if it hasn't already, but it shows that interest exists in regulating 3D printers. When enough interest exists, things will happen.
JMHO.
If NY state did require a background check to buy a 3D printer, you'd have to get one regardless of whether you're buying a prusa or a bambu printer.
...and?
Applying to all brands equally doesn't make it okay.
I am saying it doesn’t matter whether it is open source or not.
... well... stepper motors, motherboards and v/t-slot extrusion can be used for many other things than 3d printers...
If they are going to regulate this, then why not CNC machines? Lathes? Drill presses? Pipes and lumber?
Because violent criminals tend to lack wealth, knowledge, and skills. Nobody in the hood about to knock off a 7-11 has a tormach at home and the gcode for a reciever queued up.
Yet they have made it so that sophisticated printers must include firmware that refuses to print banknotes.
The bambu printers haven't been open source.
Why would some law being passed depend on open source? If anything, that would push some senator to regulate even harder.
Doubt it
2D printers are not open source and you can still print pretty much anything
I don't think you can print cash/paper money.
That is covered by "pretty much anything." That doesn't mean absolutely everything.
"Pretty much everything" does include "can't print some things" which is pretty much: they control what you can and can't print. So technically you are right and they are right too, but this conversation path led us back in a circle instead of moving the debate forward.
With the 3D printer you can currently print everything on the 2-D printer you can print everything minus one. (actually there’s probably a whole bunch of currency you can’t print which is maybe hundreds of things ) those are completely different systems of control.
No, you can’t. Printer manufacturers are required to prevent printing certain kinds of images on sophisticated printers. And they also print watermarks unique to your printer on every page.
I’m not familiar with the 3D printing space, but seems like this reverse engineering was inspired by the companies move to clamp down on security of these devices. [1]
From what I understand, this new auth system would make third party integrations (ie, “OrcaSlicer”) obsolete and users would be limited to controlling the device via Bambu Connect. This update impacts users who control the device via HomeAssistant and “print farm management” users. I guess first party support for users with fleets of these printers is dogshit, thus the need for third party software.
Seems after 3 days of community feedback/outrage, the company is backtracking on the Bambu Connect only route. Instead offering a “Developer Mode” option in firmware which on the surface seems to be what the impacted users need. [2]
> In response, we’ve made the decision to implement an optional LAN mode feature, to provide advanced users with more control and flexibility.
> Standard Mode (Default): By default, LAN mode will include an authorization process that ensures robust security
> Developer Mode (Optional): For advanced users of the X1, P1, A1, and A1 Mini who prefer full control over their network security, an option will be available to leave the MQTT channel, live stream, and FTP open. This feature must be manually enabled on the printer, and users who select this option will assume full responsibility for securing their local network environment. Please note that Bambu Lab will not be able to provide customer support for this mode, as the communication protocols are not officially supported.
Seems this resolves the community concerns. Or am I missing something?
[1] https://blog.bambulab.com/firmware-update-introducing-new-au...
[2] https://blog.bambulab.com/updates-and-third-party-integratio...
That's a useful step, but the options are still Full Cloud Dependency or DIY with Zero Security.
Why haven't they implemented rudimentary access control with printer-side Basic Auth (or the equivalents auth for MQTT and FTP). Add optional SSL support to prevent tampering/MITM on a potentially hostile network, and the unauthenticated access concerns listed in [1] should disappear.
Any problems related to potentially damaging instructions should be best-effort mitigated by the firmware and otherwise indemnified by a "your own fault for using a third-party slicer" clause in the EULA.
Bambu Labs shouldn't need to be in the authentication/authorization path, unless we're actively using their cloud environment.
As a precaution, I've blocked my A1 mini from Internet access on the router, and will not apply any firmware updates anymore. I will also not update Bambu Studio anymore (or completely switch to Orcaslicer). I was already using LAN mode exclusively.
Kind of annoying, but I'm not desperately waiting for Firmware updates, everything works fine so far.
Maybe I'm the exception here, but I slice my files and then load them to an SD card and walk them over to my printer. It's not high tech, but since you can't clear the build plate without physically being there, I don't see much of a change. If I really wanted to monitor the build I suppose I could just point a webcam at it rather than use the existing one. But since it prints flawlessly most of the time it seems unnecessary.
I got an A1 mini about a month ago and so far it’s been decent as a beginners printer. I transfer models to the printer via the microSD card and refused to install their networking software on my machine because I don’t trust it’s safe enough. Im also very reluctant to get updates whenever they’re pushed. Maybe im spooked by past bricked devices so I keep all my devices dumb and offline as much as I can.
Does anyone know what this key is actually used for, and what it enables?
I have Bambu, Qidi and Creality printers. Qidi is a good compromise between open and 'print-quality-out-of-the-box'. My Q1 pro is easy to hack, but I have not done anything to it because it prints pretty much as well as Bambu.
> Bambu Lab is a Chinese tech company that designs and manufactures 3D printers
https://en.wikipedia.org/wiki/Bambu_Lab
They disrupted the 3d printer market with printers that just work out-of-the-box at at price points where you typically only get enthusiast products that require a lot of tinkering.
A lot of their business model is seemingly based on making long-term sales from consumables. Their solution for multi-color printing is more convenient to use with filament sold by them because they embed information about the filament on proprietary RFID tags.
A couple days ago they announced locking down the API for their most expensive line of printers, locking most API calls to only their own software because of "security". Users are obviously upset.
Rumours for the reasons range from protecting themselves from user mods that replicate the RFID functionality on any filament by configuring the printer via API calls, to Bambu Labs wanting to launch some kind of subscription service for print farms.
Bambu Lab filament pricing is very similar to Sunlu pricing if you purchase the same minimum quantities as Sunlu, but Bambu Lab has a wider variety of filament that people actually want. The only thing that really helps them make more money is wasteful multi-color printing.
Reportedly it's Sunlu who's supplying filament for Bambu. But Bambu's version still has RFID tags which make it much easier to work with multicolor.
> The only thing that really helps them make more money is wasteful multi-color printing.
They're slow to make improvements in this area, but they recently introduced some options to reduce the waste, like longer retraction before the color change. Plus as a user you can reduce the waste further by tuning flushing amounts, and you're left with the waste inherent to single-extruder multicolor printing.
Overall yes multicolor can be wasteful, but to me it's impressive that it exists in the first place
I've been on the fence about purchasing a Bambu. But given the amount of time I've spent over the past few years having to tweak my ender 3 V2 and CR-10- I was leaning towards finally splurging on a X1C.
Question to those more familiar with the bambu software ecosystem - do these recent changes to authentication require a constant online connection to print anything from a machine on the LAN? I'm assuming printing via microSD will still be possible?
I’m not familiar with Bambu, I’m a Prusa user, but if I had to guess you would always be able to print via microSD. It would be wildly unpopular to disable local printing.
Currently, LAN mode and local SD card printing does not require an internet connection. I have my printer in a bottom of the yard bungalow, without internet, and it works fine.
RMS was right
You thought you would be able to print copies of commercial things in the comfort of your home? RIAA would like a word with you.
I'm interested what others think of their existing design and whether there are any fundamental security issues that will be resolved by their proposed change.
They are proposing requiring a secret signed certificate to carry out any actions beyond monitoring for both the cloud and local (on printer) MQTT servers. These certificates would be issued at the discretion of Bambu by their CSR, currently only for "Bambu Studio" their slicer, Bambu Handy (their mobile app) and "Bambu Connect" which will enable upload G-Code generated by third party slicer (a workaround for existing functionality being removed). This "secret" certificate has already been extracted from the Bambu Connect application as per the article as their new security model requires embedded this certificate into desktop applications.
The current design:
https://github.com/Doridian/OpenBambuAPI/blob/main/mqtt.md
Connecting to their cloud MQTT requires a username and token already. These details are obtained via a HTTPS request to their login server using your bambu account (which requires a valid email & possibly captcha) to obtain a token. The cloud MQTT is TLS secured, although this is just to encrypt the traffic (aka HTTPS), it is not mutual authentication.
Connecting to the MQTT server hosted on the printer (aka LAN mode) requires a fixed username and a local access token (a random 8 digit number). This can be found via the physical display of the printer in a menu (or apparently cloud MQTT!?). This access token can be refreshed via a menu option again physically at the printer. To be clear, this token only allows to you connect directly to the local MQTT server running on the IP address of the printer, so in most environments this should only be the local network. This is also the password for the FTP server that can be used to upload/download sliced 3mf/gcode files.
Personally - this design seems ok to me? With an MQTT service properly configured to isolate user accounts from each other, this is a pattern widely deployed for embedded devices (Azure IoT, AWS IoT etc).
I don't see how the "DDOS" related issues they are claiming would be related to this specific design. If the issue is in the login server - well, that's prior to authentication anyway so nothing they are doing here will fix that.
If it's problems with your cloud MQTT service not being properly isolated - maybe fix that? If the DDOS is at L2, auth isn't going to help. You require logins tied to an email, you can block clients that misbehave once they are logged in.
Nobody is brute forcing the local MQTT server via XSS or something, because JS doesn't allow for raw TCP connections. Are they concerned about malicious software already on the network? Then rate limiting on the printer side or switch to a random length alphanum LAN token to increase keyspace.
I'm curious what more qualified people think, I cannot see any justications for their proposed design improving security. So either;
a) They've decided they are incapable of properly securing their MQTT cloud stuff and instead of fixing that just want to assume every client connected to their cloud MQTT servers is fully trusted. I'm sure that'll work great. Doesn't justify adding this to the local MQTT servers on the printers - if anything that reduces security, as to roll certificates you now have a long tail of printer firmware updates.
b) It's not about security
I'm so happy Bambu is getting what's coming to them after screwing us so badly <3
What did they do?
They used a plugin to communicate print jobs (and other integrations), so that third party software could be used pretty seamlessly. Now they're moving to a new authentication model, and will be requiring users to send files to a separate print app. (Bambu Connect) It adds friction to the process, especially for those who were looking to run print jobs at scale, using "print farm" software or building their own solutions.
I do wonder how much friction it'll really add, since the slicers can send the data to Connect via a protocol handler.
It also means that Connect could act as a farm / queueing system as well, more like a print driver vs. individual printer support within the app.
I've tried the URL handler (the software is in beta). It only sends the print job (sliced file), it doesn't start it. You still have to assign it to the printer, etc, and press the start button.
That doesn't seem any harder because you have to do that with the Network Plugin via a popup window. Or am I missing something else?
Its pretty much this, nothing seems to be blocking any third party slicer like Orca from working with bambu printers as they are now.. just the print button would now send the file to Bambu Connect, where you would most likely only press an extra button..
Getting info from the printer or AMS? MQTT still works. They specifically said they are not touching that.
Sadly the usual groups of people are screaming, and the open printer people are laughing. But at worst.. this is just friction.
Anyone pointing this out seems to get downvoted. But its all there in the bambu press statement and subsequent pages. Those that are upset seemed to have not read those, and instead just read or watched something inflammatory.
> just the print button would now send the file to Bambu Connect, where you would most likely only press an extra button..
Today it's just one extra button press. In 5-10 years when they shut down the servers for Bambu Connect nobody would be able to print anything at all. It's only because people were vocal in their complaints that their unsupported dev mode was made an option that would let people continue to use what they paid for
Did you happen to see this? Interesting development, they are basically going to keep the current wide-open-barely-auth'd state and call it a developer mode. And submitted a PR to make Orca Slicer work with the new auth: https://blog.bambulab.com/updates-and-third-party-integratio...
And yeah, I'm realizing that about the downvotes. It's sad the state of things, but SKY-IS-FALLING-GET-PITCHFORKS wins the day over technical analysis, even on purportedly technical forums. But alas, that's an aside.
I'm really looking forward to this rolling out, as I want to monitor my printer with Home Assistant but I /really/ don't like how much control the current (non-beta, non-future) state gives HA. I /want/ auth of some sort when submitting jobs, and it looks like I'll have that.
(I also really want the slicer decoupled from the print management stuff, because I tend to keep a few slicers open and experiment.)
My understanding is that the "addition" of the developer mode (basically the current status quo) is the result of the feedback/pitchforking. I don't believe that was originally planned.
https://hackaday.com/2025/01/17/new-bambu-lab-firmware-updat... has a summary that caught me up. I feel like it must be missing some of the story though.
They are locking down their software so you have to use it
The A1 mini was my first printer and it just works.
Is there another brand that is idiot proof?
If you buy a Prusa in non-kit form, it's not any harder to unbox or operate, and more reliable, while generally achieving somewhat better results. Without phoning home and while maintaining the software Bambu forked theirs from.
A recent review coming to a similar conclusion was Maker Muse' review of bedslingers.
It's a channel I respect a lot, because he has over the years relentlessly disclosed emails of companies trying to bribe or lean on him, or threaten him, and refused to play along.
Most other 3D printing content is essentially paid advertising -- including, I suspect, the carefully constructed brand narrative of Bambu as the first "fire and forget" printers, as if they somehow elevated the art form, when really the user experience is not substantially different.
You do not need to tinker or problem-solve with other modern well-reviewing printers, nor do they fail more prints. My MK4 hasn't failed a single print in a year (i.e. since I bought it), and I haven't had to do any sort of maintenance.
> it's not any harder to unbox or operate
I agree with this
> and more reliable
I emphatically disagree with this.
> while generally achieving somewhat better results
I agree with this.
I'd also like to add that my Prusa Mk3s+ is significantly slower than my P1S. Also, without the MMU it still cost more than my P1S with AMS. Choosing a Prusa is making a philosophical choice, because it's certainly not about convenience, speed, versatility (considering you need to buy a separate enclosure and pricey MMU), bed size, or price. It's a choice you make because you're okay with spending a lot more to support an open platform where you can flash your own firmware without voiding your warranty, not because you want a better experience.
The mk4 and mk3 are vastly different machines. If you want to compare the P1S, do it against a contemporary machine. Of course a machine released several years after the mk3 is faster.
What are your thoughts on the upcoming Prusa Core One? I was thinking about getting a P1S but with this rug pull I’m not sure anymore.
If I were starting today I'd definitely choose the Core One over the P1S (thanks to this rug pull). It's vastly more expensive, and the MMU isn't worth it from what I've heard, and the build volume is significantly smaller, but I don't think I'd go with Bambu after this week.
I wouldn't buy any new Prusa printer until it's been in the wild at least a year, they tend to be very buggy at launch.
They also have no multimaterial support at launch, the MMU3 will not work with the Core One until they release an update, which they've not yet given a timeline for.
Thank you.
I got a MK4 at launch and it worked out of the box with no issues, no bugs, and also was my first 3d printer. I found it perfectly easy to operate.
Prusa’s online documentation (and printed docs for that matter) are excellent.
Is the fact that the printer is slower the main reason why you get better results?
And they cost 3x as much. Which is a pretty tough sell IMO.
Conveniently left out that the Prusa definitely cannot do a lot of things that the popular Bambu models can do quite well, like filaments beyond PETG and PLA, multimaterial printing, etc.
Most Prusa models can print a wide range of filaments. I regularly print ABS and PC on mine. And there is a MMU add-on for Prusa.
The MMU isn't remotely comparable to the AMS though, it's finnicky, regularly breaks and needs a heck of a lot of tinkering for most people to get right. One slightly different filament and you have to start over.
Not to mention its just a messy product. Heck the new Core One doesn't even have support for it at launch which is pretty unforgivable.
Maybe bamboo printers were too cheap which lead them towards their subscription based model.
Everyone complains about enshittification (YouTube ads, subscription models etc..), but then refuse to pay the real price premium goods and services cost. You get what you pay for.
What subscription? They're restricting remote access APIs in new firmware because they pose a security threat.
There is no security threat, it's an excuse. I own a printer and operate it in LAN mode. It requires authentication with 8 digit code.
If you think they care about security, let me remind you that this company used to connect to their cloud in plaintext. The only security they really care about is that of their revenue.
If they actually cared about security, they would let us disconnect these printers from the cloud completely and allow us to manage our own mTLS certificates.
I don't know the details or if it's true, but someone who was in the firmware beta claimed there was //commented-out code about different subscription tears. Maybe just a test, maybe for print farms .. maybe it was all a lie.
…for now….
But yeah, the enshitification economy has made people justifiably paranoid that if a product starts exhibiting new capabilities or features that would seem to support or enable a move towards subscriptions, it’s a good bet that that is in fact the trajectory of the platform.
But afaik Bambu has neither confirmed nor denied that this is in the works.
You pay more and lose reliable multicolour printing this way though - the MMU is NOT a solution.
I am an idiot, and my Prusa MK3S+ (bought assembled, not as a kit) has been me-proof for years, and delivered fantastic print quality all along. My wife is not a techie and she gets good use out of it too. Their newer printers seem to be even better.
Out of ignorance and curiosity about 3d printing I bought a Prusa Mini a few years ago. My 10 year old (at the time) son took to using it immediately and figured out how to use it almost entirely on his own. It has been a great experience. I was thinking of upgrading to something larger and this drama has made the decision an easy one for me.
Based on recommendations here a couple years ago I built a Prusa Mk3 from a kit (right before the mk4 came out). Building it took a while but I think was a worthwhile investment of my time and I think of it as a system I can understand rather than as a black box.
I had a little bit of trouble with it maybe six months ago (repeatedly tripped offline during prints from a thermal issue) but Prusa's online support talked me through recalibrating it and it's been trouble-free since then.
One thing to be said for Prusa is that their support is actually knowledgeable and experienced. You're not going to get a tier 1 support person who has never touched a printer and is just reading from a script.
Yep, my one support chat with Prusa was probably the best tech support experience I've had in at least a decade -- possibly longer.
I've been using a Prusa Mk2 for years no with no real issues. Doesn't have the bells and whistles but it does, like, consistently work.
Eventually I'll get a used FormLabs setup. Once I have a shop space set up.
I bought an A1 after years of fiddling with an Ender. It made 3D printing fun again.
The whole situation reminds me of drones. DJI is (maybe) questionable but their products are without competition when you look at price and quality. Bambu products are also fantastic.
On second thought TP-Link fits too. My TP-Link mesh network just works perfectly. So do their smart plugs.
I did the same- replaced an Ender with an A1. Unfortunately, I’ve had it 10 days and have yet to be able to print anything. Won’t calibrate and cannot update firmware. Seems like a commonly reported issue but tech support is still bumbling around with no useful suggestions. I foresee it going back.
Not yet, but other brands are stepping up their quality. I just bought a Creality K2 Plus, and it's almost on par with my X1C (and has some features I prefer, like the CFS, their version of the AMS)
flashforge is pretty good and by design easy to root.
it is running klipper internally and there are mods to run a completely open source stack (with blobs)
If you’re looking for a CoreXY machine that can handle more industrial filaments for reasonable money, check out QIDI
Bambu sent out a clarification in their blog, you should read it
no need linking it, tho
I bought a Bambu Lab printer recently, and made the decision that if I did connect it to LAN, I'd make damn sure that it did not have an Internet connection, even though there is a LAN mode toggle in the firmware it shipped with. Although I am definitely paranoid about Internet-of-Shit bait'n'switch techniques, at the time I was mostly thinking in terms of geopolitical bullshit rather than capitalistic shenanigans. No particular reason to distrust Bambu Lab themselves at the time, at least more than any other company.
Obviously, hingsight is 20:20, but it's just a reminder: your cynicism is warranted. Don't trust anyone any more than you absolutely have to.
This is all nonsense. I just got a a1, and its my first 3d printer. I dont have any expertise. Ive been able to use the Bambu App and Maker world and basically control+P. Ive print about 10 things so far in the first week. I dont see why people are mad. They made the apple of printers. It just works(tm). I dont need anything else. People just get so upset over nothing.
I tend to agree. I've built a Prusa previously and my P1S is just so much more reliable, it's the first printer I've been able to recommend to friends and colleagues who I wouldn't expect to enjoy tinkering with a printer but would enjoy printing.
I have simply not had a failed print, it's incredible. I have so much confidence in the unit that I now keep two rolls of the same colour loaded and if I find a cool model while out and about, I just print it with full trust it'll be waiting for me by the time I get home. Amazing progress.
I personally think the outrage I've seen on this issue is generally not justified.
In general people are just scared of change and on top of that are playing telephone on the details of the change, assuming the worst intentions from Bambu like they're trying to be the next HP.
I have seen a lot of misinformation on this topic, and I think that in that sense it's a good idea to read the actual announcement details to get a better read on Bambu's intentions: https://blog.bambulab.com/firmware-update-introducing-new-au...
A voice in Bambu's defense on this issue would say:
1. The new firmware isn't out, it's still in beta, and the new connect software is also in beta. This stuff isn't done and nobody has been forced to use it or even had it presented as an OTA update yet. The problems highlighted in this wiki page are very possibly problems that Bambu is aware of and intends to fix before release.
2. Bambu in their blog article stated that they are working on integration code so that third party slicers like Orca Slicer can more directly interface with Bambu Connect (see the FAQ section)
3. There are multiple statements on this blog page where Bambu acknowledges the workflow disruption and emphasizes the things they intend to do and do not intend to do, such as "It’s important to note that this update is not intended to restrict third-party software use. In fact, we’ve actively collaborated with third-party print farm management software providers in the past and continue to support such partnerships. To further improve the user experience, we are introducing a new software solution that will address these limitations and enhance overall print farm management capabilities."
4. People who don't run huge print farms don't seem to be impacted by this. Remember that Bambu claims to be a consumer tech company, right there in the "About Us" section. They are trying to make printers that are easy to use and require minimal tinkering. For a normal person, sending a slice file from Orca Slicer to a separate app (adding literally one step) is not a big deal, you're doing that once per print in a world where typical prints take hours to complete. And with that in mind, Bambu is still saying they intend to provide an integration solution to Orca Slicer in the future to streamline that process.
Whether not the software design is a good architecture is an entirely different issue, and as a beta product I'm not sure we can judge that quite yet. Perhaps they should have hardened their network API more rather than introducing a new app? Perhaps they shouldn't have announced this so publicly before they had a solution for third-party integrations ready?
well, it's they really meant improving security they didn't do great job, as you can see people broke this security in a day
blocking printing from sdcard in Lan mode basically deny any claims that this change was poorly communicated improvement
They broke the security of a beta product. That’s why it’s beta and not a released product.
LAN mode didn’t exist when this product was first sold, and it was never implemented through the SD card. It was meant to be used through Bambu Studio over your local network.
“Not implemented/not yet implemented” != “blocked”
Someone who bought a Bambu Lab printer early on actually has more ability to use it without a cloud service now than they did when the product was new. Just about everyone who owns a Bambu Lab printer already signed up for a cloud-connected printer.
https://wiki.bambulab.com/en/p1/manual/p1p-firmware-release-...
I mean a reasonable ask would be why can't they push this off until all of that is taken care of?
I think to be fair to them that's literally what they're doing? They're just announcing it ahead of time while it's in beta so we all know about it.
"Starting January 17th, users will have access to the beta firmware"
"Launching first for X Series printers, with P and A Series updates planned for future release"
Their "update" is a bunch of hand wavy corporate PR bullshit.
Their idea of "working with" the people impacted by this change is just give them a couple of days notice that they are about to be fucked over.
Also the whole "it's just a beta" is such a stupid point I don't even want to respond to it. Truly idiotic.
They are positioning themselves to build a proper walled garden.
That entire blog post could be sumed up as "We know we are doing a shit thing but We. Don't. Care. So it would be great if y'all could just shut up about it until it's more ready."
What do you mean "a couple days notice?" A couple days notice for optional beta firmware availability for only one model with other models having completely undefined release dates. This supposed "short notice" is factually inaccurate.
You can read the blog post that way if you want and insinuate the most negative possible interpretation, but I'm just going through why I choose not to do that.
For one thing, I'm failing to see how this supposed "walled garden" is going to magically materialize and benefit them financially. The best answer I get from all the alarmed people surrounding this subject is that they'll want to charge monthly fees for premium features in the software, especially to print farm owners.
But they don't operate in a competitive vacuum and that would instantly shift users to their competition. Print farm users pay off their equipment very quickly. I've seen cost breakdowns done by actual print farm operators online and the initial and ongoing machine cost is essentially the smallest part of the cost of doing business. Print farmers would pretty much switch away to other brands instantly if Bambu started charging fees for print farm scale.
If they charge even a Netflix-like fee of someting like $20/month, that essentially pays for a $1000 Prusa printer minus the cost of a Bambu printer in only 3 years. They have no room to charge monthly fees against comptetition.
I think people are making a big nothing burger out of this.
Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Could this lead to completely locking it down in the future? Yes. But they could do that anyways.
I think this is a way to stop getting their pants sued off.
If they really wanted to lock it down they could just make it so everything has to go through their servers and require files to be signed before being read from SD cards.
But instead we really have a half ass attempt.
"Security" on behalf of the user is a complete red herring. You can't print to my 2d printer or my 3d printer, but I can, with "any old device or application". Because they're on my network, not public on the internet.
I disagree. These devices can easily burn down people's homes if given bad G-code. Then they would be sued into the dirt for a security whole a mile wide. Looking at the changes this is about liability.
How is an electron app that just adds another step solving the problem? They should have just secured their api properly instead of using security as an excuse to cut out third party software that will get around an inevitable subscription.
Because authenticated commands removes the liability issue. Hacking the device vs we knowingly let anything send g-code.
This is basically the equivalent to having passwords on a MySQL database or redis server.
Why on earth would they add a subscription? That makes absolutely no sense business wise. No one would buy their printers, and they don't have a captured market to strong arm anyone.
Why would they add a subscription? Uhm print farms already have subscription based software. Bambu would just be an easier entry. They already have screenshots of it on their wiki.
You mean like when Bambu issues a firmware update remotely and many printers which were sitting idle just start printing without being commanded by the user? [1]
I personally do not want my printer connected to any vendor's server in any way...IMHO, there is no reason for it.
[1] https://www.reddit.com/r/3Dprinting/comments/15sfisq/bambula...
If it can burn down your house with the wrong G-code, adding a cloud service is not the way to fix that.
And a firmware hack could burn down my house with my laser printer. Yet that's not possible, because neither printer talks outside my network, at all.
There shouldn’t be a single printer on the market that doesn’t come with basic emergency cutoff features.
> Bambu is patching a security issue.
This isn't a security fix. As a security protocol, it wouldn't pass any kind of security audit. A security fix would be something based on a per user credential, not on obscurity.
> Personally I don't want any device or application to send any old G-code to my printer.
Username/password over TLS would do that better than what Bambu Lab is proposing, as an extremely simplistic example.
And LAN-only mode should work without any external connections yet it looks like it'll require it for authentication. That defeats the whole idea of LAN-only!
> Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Why not implement some kind of open authentication? One that other slicers can implement.
Author could start with what this actually is. "An Electron App with Security through Obscurity principles" doesn't tell me much.