tl;dr: “Fuck You, we’re right, but here’s a crumb from the table” but in PR-speak.

There’ll be a Lan-Mode (still requiring Bambu Connect), and a Dev-Mode (which will continue MQTT, live steam and FTP).

The Writing continues to be on the wall.

  • BennyInc@feddit.org
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    2
    ·
    7 days ago

    Trying to play the devil’s advocate here, and I am really interested in your takes on this (I’m not affiliated with Bambu, and I am shocked about the whole development as well, having bought a P1S recently):

    Bambu currently has printers reachable on LAN and Cloud without much of security. This has one major downside for them and for the customers: if some malware is spread via whatever means, which then identifies whether it can see a Bambu printer on its LAN, it could send random GCode commands to brick the printer and/or waste energy and filament. I don’t think you could set the printer ablaze with this, but you could definitely destroy the printer. If this happens to a lot of printers at the same time, customers wouldn’t be happy.

    So Bambu needs to somehow secure their interfaces in a way that malware cannot exploit easily, while at the same time allowing non-Bambu software to talk to the interface. Their idea seems to be, that Bambu Connect can proxy your requests to the printer, and (hopefully) verify the commands being sent are innocent enough. This will protect their userbase and themselves from financial harm.

    A loud group of users now complain, rightfully, that this will brick their workflows. Also, this will open the doors for Bambu to e.g. move to a subscription model or remove support for non-Bambu filament. Looking at the workflow: They now claimed to allow a local “dev mode”, which basically disables security, but allows skilled users to use their established workflows. They then don’t want to offer too much support for this, which in my opinion is okay. This is similar to how unlocking your Android phone (if done via official means) would void some part of your warranty (not fully, and not for the hardware I think).

    As for the potential subscription model, filament support, etc.: They can and would do this regardless, if they want to. This is always a risk for customers buying a closed-source product. I still bought one, because they are supposed to be the easiest to use and setup for people new to 3d printing, and so far I tend to agree. Would I be happy about open source firmware? Yes, absolutely. But we might not get that, and I was aware of the when buying the printer. I can still hope that some security professionals cleverer than me will figure out a way to install custom firmware at some point, but there is no guarantee (just an increased chance, now that they alienated their users – some hacker might accept this as a challenge).

    Please contradict me and discuss with me, I want to understand if there is anything wrong with my logic.

    • TheYang@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      16
      arrow-down
      2
      ·
      7 days ago

      The Security argument doesn’t hold water when you’re pushed toward the cloud use for transmitting data over your own network cable would suffice.

      Define APIs and API keys (local and cloud).
      Instant safe communication, local and/or cloud.

      • BennyInc@feddit.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        7 days ago

        But don’t they currently allow local connections and also use them if the printer is running in cloud mode? I would assume if the printer can be “seen” by your machine locally, Bambu Studio would connect locally for some of its data transfer? Regardless of printer configuration (LAN only or Cloud) it still has its local ports open, which currently can be used by e.g. Home Assistant without any cloud connection. This is nice, but at the same time can be a security risk, as any local malware might also send commands. So a way to secure the local connections is definitely needed.

        API keys would be nice for any type of connection, but it’s something they’d need to implement, including a way to request/revoke them from either your Bambu account (cloud again, not preferred by the open source community) or directly from the printer (might be a hassle to use with the P1S’ small screen). Instead they decided to go full-throttle by using some form of certificate authentication, possibly using per-device and per-account certs in the future, that might be generated locally and signed by their endpoints using your Bambu account.

    • NuXCOM_90Percent@lemmy.zip
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      edit-2
      7 days ago

      Bambu currently has printers reachable on LAN and Cloud without much of security.

      If your LAN is not secure, you have other problems. Also, the way most printers secure this is through a login and/or a token that you need to provide to your slicer to allow it to communicate.

      And this is WHY so many of us do not want printers (or basically any device) exposed to “The Cloud” without it being opt-in. Because even if this IS “security” related? Bambu is not a cybersecurity company. Just look at the endless shitstorms that is qnap for why that is a problem.

      So Bambu needs to somehow secure their interfaces in a way that malware cannot exploit easily, while at the same time allowing non-Bambu software to talk to the interface.

      LAN is already secure. And the solution for Cloud/WAN is to make that opt-in.

      Their idea seems to be, that Bambu Connect can proxy your requests to the printer, and (hopefully) verify the commands being sent are innocent enough. This will protect their userbase and themselves from financial harm.

      You are SO close. Yes, this DOES give Bambu a LOT more control over what commands can be sent to a printer. No, that is not about security.

      It is about controlling The Models.

      A couple years back there was the big NFT rush and folk were making arguments about it being used to protect (corporate) IP. We were immediately laughed out because people are stupid.

      But imagine if every single printer had a module that analyzed what you were trying to print. And if something in the database were detected, it would refuse to print without confirming you have a license.

      But nah, that would be impossible. I mean, it isn’t like Twitch and Youtube can do exactly that to detect music and even video…

      But hey, keep on keeping on with the caping for corporations leading the way to fuck over the industry because you like their logo or whatever.

      • BennyInc@feddit.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        2
        ·
        7 days ago

        Like I said, I’m just playing devils advocate to understand the full picture better.

        The LAN being secure might not be an issue for you and me, but the average user might not be so skilled. Though I understand your point that LAN security should not be Bambu‘s concern.

        Regarding your NFT argument: I agree this is a valid concern, especially with the proxy being able to see everything sent to the printer. Though I hope the dev mode they promised would be enough to avoid that for now.

        • NuXCOM_90Percent@lemmy.zip
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          7 days ago

          The devil doesn’t need you to defend it. So not going to speculate on why you are so eager.

          And, again: if your LAN is compromised then someone sending a Ding Ding to your printer is the least of your worries. You might as well argue they are trying to protect you in the event someone breaks into your house.

    • Steamymoomilk
      link
      fedilink
      English
      arrow-up
      9
      ·
      7 days ago

      Stay with me here, you could just implement some public key signing with the printer and include it in the setup in the slicer. Then set it on the printer to only except said public key commands. Problem solved, no cloud. No malware talking to your printer. No EULA roofy, just utter bullshit another company wants to force users into there cloud account.

      • BennyInc@feddit.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        7 days ago

        Hm… like some „press button in printer now to initiate key exchange“? Sounds like a good idea, and pretty straightforward. I like it.

  • Marvelicious@fedia.io
    link
    fedilink
    arrow-up
    12
    ·
    7 days ago

    Their big defense seems to be, “We haven’t even done anything yet.”

    Sorry Bambu, but you’re late to the enshittification game. Setting up a situation where you CAN do these things is a Chekhov gun: sooner or later, we know you’ll put them to use.

  • philpo@feddit.org
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    2
    ·
    7 days ago

    This does not change the legal position they have maneuvered themselves in within the EU.

    Also,they are basically lying in their post:

    We want to make it absolutely clear that all of these claims are entirely false: Bambu Lab will remotely disable your printer (“brick” it). Firmware updates will block your printer’s ability to print.

    While:

    Due to the importance of these updates, your product may block new print job before the updates is installed, and will immediately provide update notifications to help you understand the related information.

    (TOS 7.4)

    Additionally the required certificates of course have a expiry date and after that you won’t be able to connect outside of developer mode.

    Legally, they are also in hot water with their “no support” developer mode at least within the EU. First of all they can’t remove support for functions that were present at the time of the sale. Additionally denying support within the warranty period for use that is within the normal use even if developer modes,etc. are used is considered illegal - they can ask Samsung, Google and Sony about their experience in court for those cases, they all failed.

    • Cavemanfreak@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      8
      ·
      7 days ago

      It does not brick anything, you can still use dev mode and so everything you are used to, except using their cloud.

      • philpo@feddit.org
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        7 days ago

        They claim so. While their TOS say something else. Legally speaking the TOS are what counts.

        • Cavemanfreak@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          6
          ·
          7 days ago

          Shit like that is in EVERY ToS ever created. Steam can shut you off for any reason. PlayStation can shut you out. Meta can wave a hand and you day goodbye to your accounts. If you don’t want to update then disconnect from the internet and use dev mode. Which they have provided. Problem solved.

      • philpo@feddit.org
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        7 days ago

        Not the same as one does include working in offline mode,your examples do not. Legally they are not the same. Neither is the developer mode comparable with the current feature set.

  • Steamymoomilk
    link
    fedilink
    English
    arrow-up
    8
    ·
    7 days ago

    This just pisses me off! Are they aware we can read?

    Supposed lies people told

    “Firmware updates will block your printer’s ability to print.”

    Which they then contradict themselfs and tried to cover it up. “Please be aware with this new version of firmware, print jobs may be blocked when using LAN mode. this is for security”

    “Partners can maintain or downgrade their firmware versions until technical updates are fully implemented.”

    There was never an option to downgrade, they changed the webiste to say it can be downgraded. When i know yesterday it said it wasnt eversible which was covered by many news outlets.

    “All future Bambu Lab printer models will integrate authorization control technology as standard to ensure the highest levels of user security and printer protection moving forward. We acknowledge that these changes may introduce additional effort and workload. However, through our joint efforts and cooperation, we believe we can improve the security, quality, and user experience of Bambu Lab’s 3D printing products and services.”

    “This is beta testing, not a forced update. The choice is yours. You can participate in the beta program to help us refine these features, or continue using your current firmware.”

    Its optional in the same way of you dont need to eat today! You can just go without eating, its totally optional nobody is saying you half to eat! It OPTIONAL. What the fuck are they smoking, it never says “beta channel” Own up to your mistakes

  • dfyx@lemmy.helios42.de
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    5
    ·
    edit-2
    7 days ago

    Actually, isn’t this the optimal outcome? The new “security” features are now optional for those who want them. Everyone else can choose developer mode, has all the old features and is responsible for securing their network. We could argue if opt-in or opt-out is better but I see the argument for having “security” features enabled by default.

    • quixotic120@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      1
      ·
      7 days ago

      Except using developer mode means you trade away support. Why pay all that money for a bambu if you’re not going to get support? Might as well build your own printer at that point if you’re going to have to problem solve all the issues yourself anyway

      Also “This is beta testing, not a forced update”

      Beta implies that at some point this will no longer be beta and will a mandatory update.

      They’re testing the waters, thankfully the pushback may have them reconsidering. It probably just has them reconsidering the rollout/timing though. they may do something like Philips did with hue: announce the cloud integration into a product that did not require an internet connection or cloud integration for over a decade, get a bunch of backlash, then not implement the cloud part while the heat dies off while still fully intending to do so. The hue cloud was announced as a mandatory change in September of 2023 and still hasn’t been implemented but there is a reminder with each app update reminding you it’s eventually going to be necessary if you have not done it yet.

    • TheYang@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      3
      ·
      edit-2
      7 days ago

      I don’t see it this way, for multiple reasons.
      If my understanding is correct, they are (imho) misleading if not lying in this post, when they say:

      these claims are entirely false:

      Bambu Lab will remotely disable your printer (“brick” it).
      Firmware updates will block your printer’s ability to print

      But they integrate a certificate which has a validity date.

      Once that update is on, you’re kind of locked to their releases. Yes they now, after the backlash have realized that they are putting up the walls a bit too quick. But I do not see anything in there that says “we were wrong to do it this way” - which they are.
      There is little reason to - by default - put the cloud inbetween your PC and your Printer, which may sit 2m or less apart. That never makes anything more secure.

  • lwe@feddit.org
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    7 days ago

    I see it positive in that this gives me some leeway to upgrade to a different printer. Hopefully before Enshitification also hits Prusa.