Based on your argument, same logic should apply to the printet’s switch ON/OFF . That too has to be manually enabled, and according to your own logic, that renders the printer power on/off optional as well. Actually, based on your logic/argument, any and all the other commands ghat require manual activation/deactivation (whether through a physical switch or an electronic one) would be optional and thus not essential.
You seem to have a twisted and strange way of thinking, yet you still manage to be a self-contradicting guy.
I’m not so naive to believe that a business has my best interest at heart. What I do believe is that arguing for the sake of arguing gets you nowhere. Being mad is just that … mad. Bringing constructive criticism to an argument is where progress is made. People spend way too much time worrying about how it hurt their feelings and less about how to solve it. The point of my post was to hopefully get people back on track with outlining how this is effecting them so that Bambu can make a decision.
Everyday I have to make decisions about my companies security. And these decisions sometimes require me to make changes that greatly impact users or customers. I have no time to listen to how it makes people feel, what I want to know is HOW it impacts them. That is literally the only way I can make changes to help mitigate or lessen the burden I placed on my users or customers.
Many problems have been pointed out already. But what the heck, I will try to organize my own thoughts and see if it makes me rethink anything.
Someone please correct me if I’m misunderstanding anything here. Actually I’m not sure about some of these, so please correct if anything is wrong.
“Bambu Connect” is not even available for Linux users. What happens if we get this firmware update? Tough luck I guess? If there’s some Bambu Studio bug and we need (or prefer) to use Orca…?
What happens if the software gets released for Linux some day, and it’s a buggy mess that doesn’t work correctly? Linux support for their software is obviously not prioritized. If it didn’t work well when I first purchased, I could’ve returned it - what now?
Even if it were ready, why should I want to run this Bambu Connect, yet another bloated Electron app taking up resources? And for all we know it’ll be phoning home with who knows what. This is “for our security”, BL is coercing use to use software that we have security concerns about.
LAN users now require Internet/Bambu Cloud access to use the printer for this authentication step? Many of us have LAN mode on for security - because most of the danger is from Internet connectivity. How is this making anything more secure for us? LAN mode is understood to be LAN-only. Not LAN sometimes, but oh we still need to reach out to the Internet, for things, and stuff - trust us, our cloud is secure.
Will it be possible for Bambu’s cloud authentication to be hacked and cause our “LAN mode only” printers to be attacked in some way? I haven’t read up on how that part works yet, so I don’t know. But it sounds less secure than having it not touch the Internet! Have they explained exactly how this process works?
Bambu Cloud outage–or your home Internet has an outage–you’re stuck waiting until that’s fixed? If our Internet goes down, so much for falling back to messing with the X1C during the outage, I guess.
If you look at the wiki documentation for Bambu Connect, it looks like it’s adding extra steps:
Start the bloated Electron Bambu Connect software (Electron is fairly heavyweight)
“Discover LAN printers”, click on your printer and connect to it
Import an Orca 3mf
Then you have to click on the plate to print
Then you do the final steps that we do now right in the slicer. I know it’s not a huge pain point, but it makes the experience worse.
@RandomKhaos This isn’t directed in anger at you or anything so don’t read it that way. I want to ensure my understanding is accurate, first off, and I guess it documents some of my own concerns like you suggested.
But I disagree that this is all fear mongering; there is some speculation, but it’s based on what we’ve seen happen over and over with similar situations.
And it’s all so unnecessary to force on those of us using LAN!
Yah man. Bbl didn’t do anything but increase security. Just jump through more hoops for the same result. Don’t worry, it’s better for everyone. Even you - whether you know it or not. Trust me, I have your best interests at heart. Or, I don’t. Whatever. You’ll be able to upgrade to premium access to your printer in six months for only $11.99 a month, or $112 for a whole year. Look at the savings!!
I agree with you on most of the points you have posed but in this case, the “optional” LAN Mode is not optional. It is a core feature. You didn’t need to add any accessories or parts to get it to work, compile any special firmware, etc. You simply have to toggle an option present in the stock firmware, and bind to it in Bambu Studio (again, no special software or extras needed).
In fact, the very nature of switching to LAN mode may explain why the proposed authentication scheme applies to it… as you would normally have first activated your printer, and then be switching it to LAN mode… so at that point and that point only would it be disconnected from the Bambu Labs servers entirely…
Then again… all of this is supposition and gossip IMO… as we haven’t had a proper technical breakdown on exactly what is happening… just why it is bad… the most (still opinionated rather than just the technical discussion on how this all works / what it all means) is the hackaday article linked above… This new auth system will make me sell my printers - #625 by CRracer712
And if it is all bad, at least the X series owners probably have the X1Plus firmware as an option…
I appreciate you taking the time to outline your concerns. There’s so many unknowns right now that it’s pretty hard to know how these are even going to be handled. I don’t personally agree with how Bambu is handling this and they haven’t communicated near enough for me to feel comfortable with knowing their next step.
This one I’m thinking is a bit misunderstood. I’ve used their Bambu Connect software and you can use it with LAN only configuration without authenticating your Bambu cloud account. Where the authentication is happening is with Bambu Connect itself. If the decompiled code is real, then it looks like it’s doing that via certificates. I didn’t look at the code in depth, but I do believe the only connection to the internet would potentially be to validate the certificate and its revocation status. I may be mistaken, but that’s my best understanding at the moment.
I just tested this and it appears to be serious concern. Removing access to the internet makes Bambu Connect not start until internet is restored. That’s a serious flaw in the software.
I agree that it’s a concern when people see trends repeat themselves. But speculating on what hasn’t happened yet can sometimes distract from solving the problems that currently exist. It can lead down a rabbit hole of negativity that people feed into. This is really only my personal take since it’s how I live my life; I try not to let speculation, rumors, conspiracy theories dictate my decision making if I can help it.
That is exactly what is on the horizon. Security is the pretext behind which pay-to-print or subscription-only features will be rolled out. Next printer will be a Prusa if they keep this ■■■■ up. As it stands, I have purchased my last roll of BBL filament (until they use the RFID to lock the user into only using BBL filament).
I hope Bambu Labs changes their position on rolling out these changes.
Respectfully as a long time Apple developer, there is something your point fails to take into consideration. Apple permits a great deal of 3rd party developers to create software for their systems. While not nearly as open as others, there are many things I can do on Apple systems with Apple’s APIs. While the software does have to go through a review at Apple (for inclusion on the various App Stores) or be deployed via Enterprise solutions, Apple does not force it to use their collection or endpoints for most things.
This comparison heads a bit off into Apples & Oranges.
Interesting to think Bambu would not be in the situation they’re now if they hadn’t been transparent with their changes. Companies watching this will learn to make the changes first, don’t disclose and see if you get caught. Ironically the transparency has backfired and that’s sad in a way because we want more companies to be transparent.
I did assume when I first heard this news that it was the printer itself reaching out. I agree it’s probably the (still quite unwanted) Connect software thing that is doing so. Now I’m starting to wonder how this could even work.
But regarding your quote above - if all it’s doing is checking that a certificate is valid and not revoked, why does it need to hit BL’s cloud? It can’t just use a regular Certificate Authority, who actually knows what they’re doing, instead of slapping together their own thing? (Not that this would make everything okay for me.)
I’m also not putting together why it would even be doing that. But it’s late and the brain is switching off for the night.
This is what i was hoping for! Now another company which already makes upgrades for Bambu printer could collaborate with the developers.
It will cost the end user few 100$ but stil cheaper than getting new printer.
And in 1 year i believe it will be possible to get something good out - this is the time which I have if i switch to LAN mode now. As i have read few comments earlier.
I think that’s part of the problem here … there’s not enough information that’s been provided to help us understand what’s really going on. I honestly didn’t even consider that the printer might be doing the communication to the cloud. You can see how two different people could read the same thing and see it differently. If this were true, I could understand the serious concern LAN only mode users would have.
I’d guess they would be going this route so that they can easily revoke a certificate at will. That would give them the freedom to remove a software’s authentication/approval from Bambu whenever they deemed it necessary.
Have they explained exactly how this process works?
