Orca Slicer or die!

I’m just going to be honest here. I bought a P1S. I buy Bambu Filament because it’s relatively cheap, came with the RFID tags, and just worked, and I figured I was doing my part to provide ongoing support to the company that made my printing life easy. And I use Orca Slicer.

If I wake up tomorrow and Orca Slicer just stops working and I have to jump through hoops to run middleware (Connect) and other nonsense because Bambu didn’t engage 3rd parties (in any timely manner), doesn’t want to play nice with the OrcaSlicer (and other) projects, and work with them to provide the necessary API/Key/Token/Security access it will 100% be the thing that makes me walk away from the ecosystem. I’m not using Bambu Studio, sorry. I will run through my current filament, switch back to eSun or another filament manufacturer (read stop supporting Bambu) and if/when the Bambu dies or a competent competitor puts out a product without the walled garden approach I will jump ship.

I read the Verge Q/A and while I don’t know what the words and tones in the communications with OrcaSlicer were - the fact that you waited until January 14th to engage them about the Firmware changes you were unleashing on the world on January 16th is telling about who is doing what and how that engagement actually went down. 2 Days… seriously?

I’m not a print farm operator. I’m not anyone special. I’m just a guy who likes to print 3d Terrain to play tabletop games with. I AM an IT guy who knows enough to know that the thin mask of Security these changes are being hidden behind are just that… thin - and that if you actually cared about your customer base then engaging with early, and working to provide access to, an open source project like Orca shouldn’t even be a thing. If you just did those things we wouldn’t be here arguing about, or needing Verge articles that you STILL can’t seem to get totally right with the customer base.

Admit you messed up (it’s ok - we’ll all respect that a heck of a lot more and you’ll get way more traction with your customers) and commit to not screwing over the 3rd party and Open Source communities that have sprung up around you and ultimately DRIVE more customer engagement and more customer trust and loyalty.

For effs sake, don’t be crappy here and make it hard to support you.

I want to be clear—I’m not picking on you, my friend. I hope we can still call each other friends despite this disagreement. But I have to call this out because it’s logically flawed.

Let’s use an analogy. Everyone expects the TSA to keep terrorists off planes. But no one would tolerate mandatory strip searches or two-hour pre-screenings. Now, imagine if those extreme measures were forced on the public and just happened to create opportunities for airlines to charge extra fees down the road. That would never happen, right? At least not at first.

Likewise, Bambu states they would never introduce a feature restricting what filament we can use or forcing LAN-mode to authenticate. They say it’s not in their plans and that we should trust them. But where’s the guarantee? The only way to keep what we have is to avoid upgrading according to them. Conveniently, they leave out the fact that if you do upgrade for troubleshooting, they cut off the ability to roll back more than 2 or 3 minor versions(contrary to industry-wide accepted practice). That’s hypocrisy, plain and simple. And yet, their response has been to dismiss the community as alarmists. If that were true, they’d have no issue allowing firmware rollbacks to 1.01, right? But that’s not their practice, is it?

Bambu refuses to admit missteps, denies users real choices (despite how easy it would be), and—most tellingly—ensures every change benefits them far more than it benefits so-called security.

Ye this and 7b were sad.
If being optimistic, it’s only about locking out the competition. If being a pessimistic it’s self imposed weakness in the implementation and what would be a reason for that.

Well, there is Hanlon’s razor - “Never attribute to malice that which is adequately explained by ignorance” - At this point, I’m quite confident that their software teams handling auxiliary stuff, especially ‘cloud’ operations, have serious competence and/or seniority deficit (esp. in the cybersec arena), which leads to all these half-baked, at best, security measures being thrown left and right and on top of each other in vague hope they’ll somehow find the right recipe. I’ve seen similar things several times in my career when junior teams were given a task way above their abilities with deadlines way short for a reasonable implementation.

I do think that BL’s ultimate aim is to be the man-in-the-middle for all comms to ‘their’ printers and then figure out how to monetize that control - but even with such a goal you can still make a reasonably safe system using run-of-the-mill standard solutions. You can even make one that doesn’t require the added burden and cost of the cloud in order to attribute points or whatever MW branch of their strategy needs. The Connector seems like a very, very poor and misguided attempt at doing just that.

Yes, can fully relate to that, first thought when reading the original post was wow you are good at making printers but should leave this to someone else.
And I’m sure you’re right, though still not clear why they would double down on it.

And ye:

even with such a goal you can still make a reasonably safe system using run-of-the-mill standard solutions. You can even make one that doesn’t require the added burden and cost of the cloud in order to attribute points or whatever MW branch of their strategy needs.

Completely agree with this, it’s possible to provide low friction UX that extracts max value from users in the eco system, while still using battletested protocols and best practices, provided that is the goal.

Also look at the answer to Point 7b of The Verge article:

The answer starts with
“If software communicates and interacts with our cloud system…”
and go on and reason it with security and protection. But never loose a word about LAN mode, where no BL cloud system should be involved at all.

Bambu Labs: Why can’t we have (or keep) the interoperable secure authentication system for LAN mode???

Well, this is what is in fact happening right now. Security is being breached. “Safety and security” just means “bad things do not happen”. “The same bunch here” just object to bad things happening, and the community being opened up to more bad things happening to them in the future.

Oh c’mon, I just bought that X1C 3 months ago. It took quite a while to decide between Prusa, which is european and opensource and the X1C.

First the NFC tags scared me but I thought, nah, this will not happen. Now they start with this BS and soon I’m sure only Bambu authorized filaments will work.

I will advice everyone in my circle to NOT buy a BambuLab. This is NOT acceptable.

apple style, as bbl management have said from day one.

But Apple

• do have a LOT of APIs for external use in their closed garden and
• make a security system really secure and
• if their system is too closed, they will be sued all over the world to open it up

So maybe not always the best role model

So long as the printers will still work offline - I get the security issues have a basis, even if it will brick Orca users (in line with other closed systems). But having to connect to do ANYTHING (even LAN mode) is a no go - for example what if internet/mobile is down in my area (I live in the sticks and it sometimes does), that means without network I’m stuffed and can’t continue to work.

The bigger issue is if they do change how the machines essentially function after purchase - I’m no expert but that then surely becomes a legal issue?

The guys behind bbl afaik, came from making drones. Probably thought that since they use motors and software, it would be a similar business. Hardware and software can be similar within the machines, but there the similarity stops. They appear to be pretty naive when it comes to the way that the world works, maybe because they can ‘get away with things’, but it does not matter, since they are good at making stuff, and folk seem to want what they make. Look at it from our perspective. Then look at it from theirs, if you can.

What matters to them is getting the maximum amount of profit, for the longest period of time, as for any business. They do not spend unnecessarily on customer support, filament manufacture, understanding international regulations wrt consumer goods, other’s patents, registered designs, etc. Produce a good enough product and get it out there, plenty of youtubers/whoever would suck up a free printer.

Sort out problems as they occur. No need to bother with software, do the minimum necessary. Instead, push out another printer, and sell it however you can, folk will buy it because it is new, and the hardware is relatively cheap. There is no need for any loyalty to customers, if there is a problem, pay it off with a few vouchers.

Now, having locked the customer into their cloud, their filament, their maker’s world, scoop up as many as you can of the outliers, then they have their closed system, then it is a game of how much they can get away with subscription/rental charge/whatever.

It doesn’t matter if a few thousand, or even all their customers leave, the chances are they will still buy from China, the overall controller of many 3d printer companies.

They are not you.

Since there is so much discussion about Bambu Connect Beta and how it works, a friend and I figured it out and made some tools for demonstration. Since it is still a beta it will likely change greatly before a full release but at least this gives us an idea.

I am only able to use my printer in LAN mode so I don’t know what is different in Cloud mode.

The first thing we figured out is there is no encrypting or security in LAN mode. A properly formatted URL is all that is needed. Even though I’m forced to use LAN mode the printer is connected to a internet router so that lack of security seems like a big oversight. Even using LAN mode the printer would not connect to a router that did not have internet access, there does seem to be a process in place to make sure every printer is reachable from the internet. If there is a way to connect a printer to a router that does not have internet access I would like that information. Hopefully that encryption step stated on the wiki does apply to Cloud mode.

Second, it does not integrate seamlessly, it adds a lot of steps, way too many steps. There are actually fewer steps with just opening Bambu Connect and dragging a file onto the window than sending a file using a URL. We can only hope that improves as the program is upgraded.

This post contains a small tool for sending files using LAN mode, no encryption or security, and a HTML example that should work in both LAN and Cloud mode. If you are interested in how third party software will integrate to Bambu Connect these examples will show you how it’s currently implemented.

Bambu Connect Example Post

What printer, which firmware version? Can’t say anything for the A series, but P/X series will happily run on a fully isolated VLAN (with the existing, not beta firmware).

There are workarounds - learning a lot this week on this subject.

I am unfamiliar with LAN mode setup on the P1P, but I will have to get it set up sooner than later it appears.

It would be really nice to figure out a way to set up the printer in LAN mode, and have it be able to connect (on the WAN side of the router) with Orca Slicer through a VPN.

I have an A1. I’ll have to go check the version number. I’m glad to find out some printers do work on an isolated LAN. Maybe I’ve been missing something.

That’s how I run mine - plenty of tutorials out there, for example: LAN mode with live view, remote monitoring+control and blocked internet access - a five step guide

There are a few common errors people make when setting this up:

• The printer’s IP/MAC/VLAN still needs to be able to broadcast UDP packages on port 2021 towards the subnet/VPN that has your computer/phone/3rd party accessory that will control it (see example on how to set this up on pfSense w/ VLANs here) in order for discovery (in Bambu Studio or Orca Slicer) to work
• Similarly, your computer/phone/3rd party accessory local firewall must let through these packages (Windows Firewall can be very picky there, if you’re using Windows)
• Your computer/phone/3rd party accessory must be able to send TCP packages to your printer IP/MAC/VLAN on 1883 and/or 8883 ports (pending on version, unencrypted vs encrypted)
• For the RTSP (camera) stream, the device you’re watching the stream from needs TCP access to 322 port on the printer

You can keep everything else closed and it should work flawlessly. I run such a setup (incl HA access for remote monitoring/control) without a hitch - I only don’t bother isolating individual printers from one another (they’re all on the same VLAN) but everything outside of their subnet is super-tightly controlled and I’m fairly certain that they cannot phone home in any shape or form. Again, not sure if something is different on the A series, but from what I read around it shouldn’t be.

Thank you! I will take a look at the link you posted.

I run HA already, but only with LAN access.

I also already have a Wyze PAN v3 pointed at it, as I’ve had my P1P before they allowed the video to be remote.

I mainly want to send print jobs to it remotely, without having to use BL cloud service anymore.

Since I am already running HA on a PI, could that be used as the print(relay) server?

I recently spent about 2k in buying 3 new Bambu printers. I don’t regret it…at all. Bambu has made their printers accessible to hobbyists like me so I can create the things I want. I’m also an Apple user and don’t have any issues with computing in a closed environment. I manage a Windows laptop farm and hate it. I laugh at Windows users and wonder why they want to put themselves through all that trouble. I don’t see Bambu any differently. If they want a closed environment, they can have one. If you don’t like it, you don’t have to buy Bambu printers. If you’re upset that you spent money on a Bambu printer, well…I’ve spent more on crappier products (Windows, for one.)