As I have said elsewhere, Bambu is a new company. Like almost every new company that really takes off, they will go through the phase Bambu are going through now. Growing big very rapidly does not allow internal teams and policies to mature, so mistakes are made. For some companies this stage can make or break them. These kinds of growing pains happen. You are right, that they need to hire experts in cloud security, but Bambu seems to be mainly run by nerds. Nerds, myself included, always think we can do it ourselves.
I am willing to see how things play out. I don’t like the methods that Bambu are employing in these updates but I also don’t think things will be as bad as many are making out. I am quite sure that in Europe at least, that people will not be forced to update, as that would be illegal. Same goes for being forced to use OEM media. Even if they could it would be commercial suicide. Certain influencers are as always creating drama for clicks. Many who watch these never do any fact checking often just regurgitate the drama and it becomes fact. That seems to me what is in part going on here. It is good the community are being vocal about these changes and hopefully as a result Bambu will see the light.
It doesn’t need to be for suspicions of nefarious activity. Some business relationships include not sharing things with third parties of any sort. It can be a simple fact of business, confidentiality, secrecy, etc. It can be a legal requirement.
That doesn’t mean there isn’t also risk. There is but that’s a whole other discussion.
You would be, unless you take direct action and isolate your LAN from the internet.
Like with Bambu’s cloud case (trying to patch it by themselves, though admittedly they don’t have neighter the necessary knowledge nor the required competence to do it right), you could also consider doing it by yourself (though you, like with Bambu, do acknowledge knowing absolutely nothing on how internet or the LAN, or even your 3d printer work, or how your 3d printers communicate with your slicer, or what’s needed to safeguard your home against unwanted intrusion when running your appliances).
Doing this by yourself doesn’t cost you a dime…for now. However, if you configured it badly, it might turn out costing you an arm and 2 legs to fix it with a specialist.
So what would the best thing to do? Well, as pointed out earlier, like Bambu, you could try fixing it by yourself, with high chances of screwing things up badly (already happened in Bambu’s case, which is why the backlash), or both of you should hire a proper expert who, for a reasonable fee, will setup and configure a proper and secure cloud environment, or in your case a reliable and secure LAN, ensuring not only that it works, but also no one from the “outside” (which is called “internet”) could possibly get into the “inside” (that’s your LAN) and do…well, let’s say, do inappropriate & unsavory things to your machines without you knowing and allowing for that to happen.
Admittedly, no one among the nerds who have set up and run this company, have any knowledge besides a basic one (though all of their board is made from PhDs holders) on cybersecurity, privacy, information security, data protection, laws and their applicability. So, ya, it’s safe to say (and their most recent “firmware stunt” demonstrates it) both their knowledge and expertise are somehow… very limited. They are good though in other areas (see the printers they came up with)…but they are way over their head into $hiT when doing things they don’t have a clue how those things work.
Malc is just smart. All there is to it. He just spends more time with 3DP and happens to know more. Just like how I help my friends with their printer problems. When you spend more time, you get better. No one’s a nerd cause they are better…
Unclear how much they’ve added network security specialists to their team in the last ~2 years, but the assessment of most other IT/network folks is the announced/proposed changes create more problems than they solve, and that jives with my own experience as a computer scientist, former sysadmin/IT worker as well. It would be security-by-“You have no choice but to trust us, and we can take it away and disable it at any time, but we promise we won’t”.
It’s not that an authorization and authentication system is a bad idea at all. It’s that it makes Bambu the authority who gets to decide who can and can’t use your printer when a proper security system would make you, the owner, the one who decides that. That’s generally not good security. (And then the proposed architecture for the authorization + authentication system isn’t good either.)
The point… The point I was going for is that YOU SHOULD’VE CALLED A PLUMBER instead of doing shoddy fixes.
Also - regarding issues such as this, when “everybody’s an expert” you shouldn’t listen to everybody just because they sound convincing, but instead to actual experts. If people in network security, secure communications etc tell you “your solution sucks and isn’t secure” you ought to listen to them, not to “well security important so doing anything is good” types. Because doing “anything” is bad.
When you send your next print job to your printer, pay more attention… it even “says” on the dialog that it is sending via the cloud! This is why it will upload to the cloud, and then shortly afterwards, your printer will download the print. Whereas if you instead “send” (instead of “print”) the job to your printer, that will try to use your direct LAN connection first, and transfer to the machines SD card, in realtime.
Just what to weigh in real quick, for background, I used to be a customer of xyz (unfortunately) those who do not know, their printers were locked down so that you could only use it with their filament by nfc tag.
I used to help an xyz customer, and had bought one of their $1000 printers, and had to only use xyz filament because they locked down their printers so much. Then they went out of business… I’m left with a $1000 printer now that I can’t print with. Will it be the same story with bambu?
It’s really simple. You have bought a printer with proprietary parts and eco system… BBL can do what they like, eg subscriptions or enforcing use of Bamboo connect. They don’t have to justify anything, to anybody, apart from of course shareholders and investors.
Looks to me like BBL are being more than generous to users, not mandating firmware update to accommodate print farms etc, etc. They undoubtedly developed and produced a very fine product, crediting the open-source community that paved the way, raising the whole game for the consumer printer markets and likely have an ROI based on their very healthy sales. They allow third party filaments + software, with no paid subscription model, and have stated no plans to change that.
Enjoy it while you can, or they are bought-out & licensed by Stratasys or similar, who would then try to extract every last cent.
I’m not familiar with Orca to be able to say but don’t think it uses any cloud services (I don’t know that though). Just like the sky, there are lots of “clouds” out there but all they are is someone else’s computer with all the good and bad on how they are maintained, protected from hackers, etc. Cloud services cost somebody money. Orca is open source so I would think is unlikely to use services that cost money.
It’s not really if you are “exposed” to the cloud. The “cloud” is out there. The question is if you use the cloud. If you use cloud services, it’s important to think about what data you are sharing with the cloud and if there are consequences for that data getting out, how it is protected, if it is protected, etc.
To my understanding, orca still uses cloud to send print job or query printer status, the same way BambuStudio and BambuHandy does, using BBL cloud API.
When the printer is in LAN mode, Orca can access FTP server and MQTT of the printer directly, regardless the traffic is inside LAN or access from WAN.
My opinion is this LAN mode is half baked. Not working fully in the first place. Because BL’s main audience is vast majority of people without knowledge of techology. Just like how your grandma will find openning facebook on ipad is easier than to open facebook via edge on surface laptop/tablet. Hence, 99% BL users would choose cloud over LAN mode.
And of course, LAN mode totally cripples BambuHandy. I think this so call LAN mode is just disable communication to the cloud to live control the printer. The printer itself doesn’t have CMOS battery to keep the time running so it would need internet access to update datetime in order to work correctly, like FTP server needs timestamp of the file uploaded, or MQTT uses TLS and TLS require correct datetime on both client and server to agree on handshake.
Sound too much complicated to explain this to average Joe. So why would spend time/money/resource to make it work fully just for the very small minority group of nerds? Why not just force them all use cloud for their own convenience?
Seems as though you may have searched until you found a youtuber that made you feel better. You had to have passed by the 100 videos telling you the opposite. sus.
Edit:
This was moved by a mod and is now out of context.
“What did I pay for that’s going to be taken away?” Very good question. Let’s give a partial answer. Today, if you or anyone else chooses to use whatever software you choose to send a print job to your printer, you can. In the analogy, as the apartment renter, I can buy whatever appliances I want to use in my apartment.
With Bambu’s new Connect approach, only software pre-approved by Bambu can be used. Like your landlord issuing a list of just 2 appliance brands that can be placed in the apartment going forward.
Oh, and one of the brands your landlord said could be used going forward? They already stated they won’t jump through the landlord’s hoops to be on the approved list.
And should you landlord change, no new appliances will ever be added to the approved list, while today, you can hook up whatever appliance brands you want.
Edit - Thanks Jon and I apologize for the link I posted. Like I said I’m not familiar with Orca and had no idea there is danger afoot in some links around Orca.
As to original post, the page that I had found said some cloud service was a new thing.
I think not. Around this time last year, I used Orca to login BBL account to monitor printer at work while I was at home, just the same way I used BambuStudio
I took your comment to mean Orca had their own cloud service and not discussing how Orca allowed talking to Bambu printers. We were apparently talking about two different things.
The only reason I was even talking about Orca was Bill made it part of a question and I was clear that I was only guessing. I don’t know much at all about it and regret even trying to discuss it.
This is why it will upload to the cloud, and then shortly afterwards, your printer will download the print. Whereas if you instead “send” (instead of “print”) the job to your printer, that will try to use your direct LAN connection first, and transfer to the machines SD card, in realtime.