Will Bambu ever go open source on their firmware, Creality just did

I have to challenge that opening statement. Who is the arbiter of “the whole truth” here? You? Don’t assume the rest of the community lacks experience or understanding. Some of us have been working in these systems since well before Linus Torvalds entered university.


I don’t disagree that security needed to improve. That is not the point being challenged.

What I am pushing back on is the claim that security required the specific architectural choice Bambu made: inserting a proprietary authorization and licensing layer as the mandatory path between local software and local hardware. Those are two separate decisions.

You are describing real issues around cloud exposure, remote tokens, camera access, and Wi-Fi attack surfaces. None of those inherently require gating local, user-authorized LAN communication behind a vendor-controlled service, nor do they require third-party developers to operate under revocable licensing simply to communicate with hardware the user owns.

Security can be addressed through local authentication, per-device keys, user-managed trust, and hardened LAN-only modes without introducing a centralized gatekeeper.

The existence of an API does not resolve this concern if that API is licensed, permissioned, and revocable at the vendor’s discretion. That is not a neutral security boundary. It is a control point.

So yes, tell the whole story. But the whole story includes distinguishing between improving security and restructuring access in a way that encloses the ecosystem. Unless you can show that this particular design was unavoidable, not merely convenient, conflating the two sidesteps the actual issue under discussion.

2 Likes

I am not the guardian of truth, but I can point it out to you if you leave out large parts of the story, can’t I? Why is that a problem now? I don’t think so. No one here is denying your knowledge. If so, please quote me. And if you find a sentence that denies your knowledge, then I will sincerely apologize for it! :+1:

For anyone else who would like to read up on the subject, here are a few pages as sources:

Malicious G-code: Attacks Hidden in Your Digital Files
https://all3dp.com/1/3d-printer-security/

Kobra 2 Pro 3D printers have been affected, with users having received a startling “hacked_machine_readme.gcode” file.
https://all3dp.com/4/anycubic-users-receive-hacked_machine-g-code-file-revealing-security-vulnerability/

Why 3D Printer Security Matters More Than Ever

Bambu Lab X1E: Why Enhanced Security Matters

Edit: One Link was wrong - fixed

That’s a fair question, and I want to be clear that I’m not claiming infallibility here. There is always room for misinterpretation.

Under normal circumstances I would test this myself, but in this case I’ve chosen not to upgrade firmware or toggle modes that could put me past a point where downgrading is no longer possible. Given how the authorization changes were rolled out, that felt like a reasonable precaution.

My conclusion is based on how the post-1.08 authorization changes were originally introduced, how third-party access was handled at that time, and what Bambu later clarified after user backlash. LAN-only mode did continue, but with explicit caveats attached - including statements that access models could change in the future and that no guarantees were being made going forward.

If there is solid evidence that Orca continues to function exactly as before on current firmware, without Bambu Connect and without relying on grandfathered behavior, I’d genuinely like to see it.

Here are a couple of sources that shaped my understanding, including the original announcement and early reporting before the partial walk-back:

2 Likes

Please don’t make things up. You already have access to RTSP and FTP without lan or dev mode. That’s enough to use the camera and send print files remotely. You just can’t do operations like starting a print remotely. With dev mode enabled you have full access to mqtt requests same as before.

Dev mode is available with every model, including the H2 series and P2S.

1 Like

On the first half of your response, I would ask this; why the personal attack? If I am misinformed, then by all means, this is a discussion forum and you have every opportunity to maturely address my misunderstanding.

On the second part, please show me where RTSP is available on the P1 Series. That would be amazing because so far, that was part of the family jewels (live video feed) that Bambu has specifically blocked us from. Do you know something we don’t know? If so, now’s the time to reveal this.

2 Likes

I like this discussion its already better than most on this topic and also kind of proofs its a grey area. We have to remember that even opensource was a reaction to some of the things going on at the time and had many views on some of these matters (and why we got different licences and lots of discussion even the word opensource means). For example i respect RMS (Richard Stallman) for what he did but as a person he one of the worst people i have ever talked to and some of the actions i have seen him do make him a non grata among many of my friends. Even the giants on which we stand are a mix of grey at best. I am semi new to the area of 3d-printing (compared to other stuff) but from what i understand its history is also mixed and much of the open push came as a result of a closed and patented base so again a grey area. I am a big fan of opensource and sharing and creating common infrastructure and did my time on it. This topic was about bambu going opensource like creality just did and one of my first reactions was to point out i have my doubts. It seems to me that bambu has done more to move us all forward by a mix of methods than creality did over the last few years who also has by now a mixed history with open. One would even argue that Prusa if feeling some pressure in that area and is trying to find a better balance to run a company and comply with laws/rules/licenses and well shareholders. This is kind of why i claim that like many things in life looking at the extreme sides of any balance is probably a bad idea its always complicated and progress in most areas are that way (with all its dangers). Its hard not to become political in this because even in this topic it kind of is and coming from the the netherlands i understand and support the need for shared/common infrastructure it keeps us from downing…

1 Like

That’s a point Olias should note, Prusa just walked away from open source on their new stuff and they were pretty much the open source poster boy.

So no, Bambu will not voluntarily open source their firmware. “Ever” is a bit strong since Dr. T promised they would if they shutdown, and they could be forced to if the firmware turns out to be a derivative of something else.

Im starting to think people believe open source=no software included. Based on some comments, I sense alot of fear of learning. The software as it exists now, could be open source, but also not be locked down for advanced user. Nobody is gonna show up at your house and force you to edit a file. The internet blows my mind