tl;dr: “Fuck You, we’re right, but here’s a crumb from the table” but in PR-speak.
There’ll be a Lan-Mode (still requiring Bambu Connect), and a Dev-Mode (which will continue MQTT, live steam and FTP).
The Writing continues to be on the wall.
So, have BambuLab explained how this new “security” will stop them from accidentally pushing a global print job from the cloud
This does not change the legal position they have maneuvered themselves in within the EU.
Also,they are basically lying in their post:
We want to make it absolutely clear that all of these claims are entirely false: Bambu Lab will remotely disable your printer (“brick” it). Firmware updates will block your printer’s ability to print.
While:
Due to the importance of these updates, your product may block new print job before the updates is installed, and will immediately provide update notifications to help you understand the related information.
(TOS 7.4)
Additionally the required certificates of course have a expiry date and after that you won’t be able to connect outside of developer mode.
Legally, they are also in hot water with their “no support” developer mode at least within the EU. First of all they can’t remove support for functions that were present at the time of the sale. Additionally denying support within the warranty period for use that is within the normal use even if developer modes,etc. are used is considered illegal - they can ask Samsung, Google and Sony about their experience in court for those cases, they all failed.
It does not brick anything, you can still use dev mode and so everything you are used to, except using their cloud.
Not the same as one does include working in offline mode,your examples do not. Legally they are not the same. Neither is the developer mode comparable with the current feature set.
They claim so. While their TOS say something else. Legally speaking the TOS are what counts.
Shit like that is in EVERY ToS ever created. Steam can shut you off for any reason. PlayStation can shut you out. Meta can wave a hand and you day goodbye to your accounts. If you don’t want to update then disconnect from the internet and use dev mode. Which they have provided. Problem solved.
Trying to play the devil’s advocate here, and I am really interested in your takes on this (I’m not affiliated with Bambu, and I am shocked about the whole development as well, having bought a P1S recently):
Bambu currently has printers reachable on LAN and Cloud without much of security. This has one major downside for them and for the customers: if some malware is spread via whatever means, which then identifies whether it can see a Bambu printer on its LAN, it could send random GCode commands to brick the printer and/or waste energy and filament. I don’t think you could set the printer ablaze with this, but you could definitely destroy the printer. If this happens to a lot of printers at the same time, customers wouldn’t be happy.
So Bambu needs to somehow secure their interfaces in a way that malware cannot exploit easily, while at the same time allowing non-Bambu software to talk to the interface. Their idea seems to be, that Bambu Connect can proxy your requests to the printer, and (hopefully) verify the commands being sent are innocent enough. This will protect their userbase and themselves from financial harm.
A loud group of users now complain, rightfully, that this will brick their workflows. Also, this will open the doors for Bambu to e.g. move to a subscription model or remove support for non-Bambu filament. Looking at the workflow: They now claimed to allow a local “dev mode”, which basically disables security, but allows skilled users to use their established workflows. They then don’t want to offer too much support for this, which in my opinion is okay. This is similar to how unlocking your Android phone (if done via official means) would void some part of your warranty (not fully, and not for the hardware I think).
As for the potential subscription model, filament support, etc.: They can and would do this regardless, if they want to. This is always a risk for customers buying a closed-source product. I still bought one, because they are supposed to be the easiest to use and setup for people new to 3d printing, and so far I tend to agree. Would I be happy about open source firmware? Yes, absolutely. But we might not get that, and I was aware of the when buying the printer. I can still hope that some security professionals cleverer than me will figure out a way to install custom firmware at some point, but there is no guarantee (just an increased chance, now that they alienated their users – some hacker might accept this as a challenge).
Please contradict me and discuss with me, I want to understand if there is anything wrong with my logic.
Bambu currently has printers reachable on LAN and Cloud without much of security.
If your LAN is not secure, you have other problems. Also, the way most printers secure this is through a login and/or a token that you need to provide to your slicer to allow it to communicate.
And this is WHY so many of us do not want printers (or basically any device) exposed to “The Cloud” without it being opt-in. Because even if this IS “security” related? Bambu is not a cybersecurity company. Just look at the endless shitstorms that is qnap for why that is a problem.
So Bambu needs to somehow secure their interfaces in a way that malware cannot exploit easily, while at the same time allowing non-Bambu software to talk to the interface.
LAN is already secure. And the solution for Cloud/WAN is to make that opt-in.
Their idea seems to be, that Bambu Connect can proxy your requests to the printer, and (hopefully) verify the commands being sent are innocent enough. This will protect their userbase and themselves from financial harm.
You are SO close. Yes, this DOES give Bambu a LOT more control over what commands can be sent to a printer. No, that is not about security.
It is about controlling The Models.
A couple years back there was the big NFT rush and folk were making arguments about it being used to protect (corporate) IP. We were immediately laughed out because people are stupid.
But imagine if every single printer had a module that analyzed what you were trying to print. And if something in the database were detected, it would refuse to print without confirming you have a license.
But nah, that would be impossible. I mean, it isn’t like Twitch and Youtube can do exactly that to detect music and even video…
But hey, keep on keeping on with the caping for corporations leading the way to fuck over the industry because you like their logo or whatever.
Like I said, I’m just playing devils advocate to understand the full picture better.
The LAN being secure might not be an issue for you and me, but the average user might not be so skilled. Though I understand your point that LAN security should not be Bambu‘s concern.
Regarding your NFT argument: I agree this is a valid concern, especially with the proxy being able to see everything sent to the printer. Though I hope the dev mode they promised would be enough to avoid that for now.
The devil doesn’t need you to defend it. So not going to speculate on why you are so eager.
And, again: if your LAN is compromised then someone sending a Ding Ding to your printer is the least of your worries. You might as well argue they are trying to protect you in the event someone breaks into your house.
