You’re a bit late to the party, there were a couple of things that BambuLab backtracked on from the original announcement that started this whole debacle:
- They announced upcoming changes to the X1 firmware (and P/A series to follow) which introduce an additional middleware that one must use to talk with their printers regardless of mode they’re running - this effectively breaks every 3rd party tool commonly used with their printers including Orca Slicer which is, arguably, used more than their own Bambu Studio (and for a good reason).
- They said that they are working with 3rd party tool developers to address this, where we got back from Orca Slicer devs that they were downright denied to implement the new protocol (allegedly, BL did create a PR which embeds their Connector in Orca but that wasn’t available at the time)
- BL TOS explicitly said (and still says) that your printing requests might be denied until a firmware update is applied - where BL in their follow-up tried to gaslight everybody that this is not the case
- BL edited the original announcement to add that you don’t have to update your firmware (which kind-of contradicts the aforementioned TOS) - but then say goodbye to the promised 5 years of updates
- The middleware itself wasn’t explained well leading to people wondering what all this ‘authorization’ means and leading to a very valid conclusion that their printers alongside with the said Connector will need to, at least occasionally, speak with BL servers to establish this authorization - this effectively means no real LAN-only mode
- It was cleared up later (in posting the authorization pathway diagram and post-factum adding a so-called Developer Mode) that in LAN-only mode the printer will not have to speak with BL servers - but then this raises a valid question - how does then this new middleware improve security? (which it doesn’t)
This all happened in the span of 5 days so sure, the situation is a bit clearer now, but there are still many, many unanswered questions. All BL got out of this is a severely broken trust.
No matter how you slice it [ha!], this is both a PR and technological disaster - PR because they even to this day cannot come up with coherent message and seem to only do reactive damage control using gaslighting, vague promises and assurances (which do not work all that well when the trust is lost), and technological because everything we found out both from BambuLab’s own posts and disassembling of their new Connector screams: amateur hour. They’re literally attempting to pull security-through-obscurity, a very badly implemented one at that, and are alienating their loyal user base in the process without increasing their security whatsoever.
This whole disaster could’ve been easily mitigated with a ~$20k cybersec consultant fee. Of course, I’m still coming from the good-will argument that their goal here was to actually increase security, not to further tighten down control over the pathways to talk with their printers in the hope of putting everything through one funnel - and then figuring out how to monetize their control over that funnel.