[HN Gopher] Reverse Engineering Bambu Connect
___________________________________________________________________
Reverse Engineering Bambu Connect
Author : pabs3
Score : 484 points
Date : 2025-01-20 03:08 UTC (19 hours ago)
(HTM) web link (wiki.rossmanngroup.com)
(TXT) w3m dump (wiki.rossmanngroup.com)
| ClassyJacket wrote:
| I'm so happy Bambu is getting what's coming to them after
| screwing us so badly <3
| BWStearns wrote:
| What did they do?
| adenta wrote:
| They are locking down their software so you have to use it
| bradfitz wrote:
| https://hackaday.com/2025/01/17/new-bambu-lab-firmware-
| updat... has a summary that caught me up. I feel like it must
| be missing some of the story though.
| bdcravens wrote:
| They used a plugin to communicate print jobs (and other
| integrations), so that third party software could be used
| pretty seamlessly. Now they're moving to a new authentication
| model, and will be requiring users to send files to a
| separate print app. (Bambu Connect) It adds friction to the
| process, especially for those who were looking to run print
| jobs at scale, using "print farm" software or building their
| own solutions.
| c0nsumer wrote:
| I do wonder how much friction it'll really add, since the
| slicers can send the data to Connect via a protocol
| handler.
|
| It also means that Connect could act as a farm / queueing
| system as well, more like a print driver vs. individual
| printer support within the app.
| intothemild wrote:
| Its pretty much this, nothing seems to be blocking any
| third party slicer like Orca from working with bambu
| printers as they are now.. just the print button would
| now send the file to Bambu Connect, where you would most
| likely only press an extra button..
|
| Getting info from the printer or AMS? MQTT still works.
| They specifically said they are not touching that.
|
| Sadly the usual groups of people are screaming, and the
| open printer people are laughing. But at worst.. this is
| just friction.
|
| Anyone pointing this out seems to get downvoted. But its
| all there in the bambu press statement and subsequent
| pages. Those that are upset seemed to have not read
| those, and instead just read or watched something
| inflammatory.
| c0nsumer wrote:
| Did you happen to see this? Interesting development, they
| are basically going to keep the current wide-open-barely-
| auth'd state and call it a developer mode. And submitted
| a PR to make Orca Slicer work with the new auth:
| https://blog.bambulab.com/updates-and-third-party-
| integratio...
|
| And yeah, I'm realizing that about the downvotes. It's
| sad the state of things, but SKY-IS-FALLING-GET-
| PITCHFORKS wins the day over technical analysis, even on
| purportedly technical forums. But alas, that's an aside.
|
| I'm really looking forward to this rolling out, as I want
| to monitor my printer with Home Assistant but I /really/
| don't like how much control the current (non-beta, non-
| future) state gives HA. I /want/ auth of some sort when
| submitting jobs, and it looks like I'll have that.
|
| (I also really want the slicer decoupled from the print
| management stuff, because I tend to keep a few slicers
| open and experiment.)
| bdcravens wrote:
| My understanding is that the "addition" of the developer
| mode (basically the current status quo) is the result of
| the feedback/pitchforking. I don't believe that was
| originally planned.
| autoexec wrote:
| > just the print button would now send the file to Bambu
| Connect, where you would most likely only press an extra
| button..
|
| Today it's just one extra button press. In 5-10 years
| when they shut down the servers for Bambu Connect nobody
| would be able to print anything at all. It's only because
| people were vocal in their complaints that their
| unsupported dev mode was made an option that would let
| people continue to use what they paid for
| bdcravens wrote:
| I've tried the URL handler (the software is in beta). It
| only sends the print job (sliced file), it doesn't start
| it. You still have to assign it to the printer, etc, and
| press the start button.
| adenta wrote:
| The A1 mini was my first printer and it just works.
|
| Is there another brand that is idiot proof?
| bdcravens wrote:
| Not yet, but other brands are stepping up their quality. I
| just bought a Creality K2 Plus, and it's almost on par with
| my X1C (and has some features I prefer, like the CFS, their
| version of the AMS)
| 0_____0 wrote:
| I've been using a Prusa Mk2 for years no with no real issues.
| Doesn't have the bells and whistles but it does, like,
| consistently work.
|
| Eventually I'll get a used FormLabs setup. Once I have a shop
| space set up.
| sho_hn wrote:
| If you buy a Prusa in non-kit form, it's not any harder to
| unbox or operate, and more reliable, while generally
| achieving somewhat better results. Without phoning home and
| while maintaining the software Bambu forked theirs from.
|
| A recent review coming to a similar conclusion was Maker
| Muse' review of bedslingers.
|
| It's a channel I respect a lot, because he has over the years
| relentlessly disclosed emails of companies trying to bribe or
| lean on him, or threaten him, and refused to play along.
|
| Most other 3D printing content is essentially paid
| advertising -- including, I suspect, the carefully
| constructed brand narrative of Bambu as the first "fire and
| forget" printers, as if they somehow elevated the art form,
| when really the user experience is not substantially
| different.
|
| You do _not_ need to tinker or problem-solve with other
| modern well-reviewing printers, nor do they fail more prints.
| My MK4 hasn 't failed a single print in a year (i.e. since I
| bought it), and I haven't had to do any sort of maintenance.
| MindSpunk wrote:
| And they cost 3x as much. Which is a pretty tough sell IMO.
| hatsunearu wrote:
| Conveniently left out that the Prusa definitely cannot do
| a lot of things that the popular Bambu models can do
| quite well, like filaments beyond PETG and PLA,
| multimaterial printing, etc.
| djaykay wrote:
| Most Prusa models can print a wide range of filaments. I
| regularly print ABS and PC on mine. And there is a MMU
| add-on for Prusa.
| esskay wrote:
| The MMU isn't remotely comparable to the AMS though, it's
| finnicky, regularly breaks and needs a heck of a lot of
| tinkering for most people to get right. One slightly
| different filament and you have to start over.
|
| Not to mention its just a messy product. Heck the new
| Core One doesn't even have support for it at launch which
| is pretty unforgivable.
| phito wrote:
| Maybe bamboo printers were too cheap which lead them
| towards their subscription based model.
|
| Everyone complains about enshittification (YouTube ads,
| subscription models etc..), but then refuse to pay the
| real price premium goods and services cost. You get what
| you pay for.
| MindSpunk wrote:
| What subscription? They're restricting remote access APIs
| in new firmware because they pose a security threat.
| K0balt wrote:
| ...for now....
|
| But yeah, the enshitification economy has made people
| justifiably paranoid that if a product starts exhibiting
| new capabilities or features that would seem to support
| or enable a move towards subscriptions, it's a good bet
| that that is in fact the trajectory of the platform.
|
| But afaik Bambu has neither confirmed nor denied that
| this is in the works.
| Mashimo wrote:
| I don't know the details or if it's true, but someone who
| was in the firmware beta claimed there was //commented-
| out code about different subscription tears. Maybe just a
| test, maybe for print farms .. maybe it was all a lie.
| dns_snek wrote:
| There is no security threat, it's an excuse. I own a
| printer and operate it in LAN mode. It requires
| authentication with 8 digit code.
|
| If you think they care about security, let me remind you
| that this company used to connect to their cloud in
| plaintext. The only security they really care about is
| that of their revenue.
|
| If they actually cared about security, they would let us
| disconnect these printers from the cloud completely and
| allow us to manage our own mTLS certificates.
| zanderwohl wrote:
| > it's not any harder to unbox or operate
|
| I agree with this
|
| > and more reliable
|
| I emphatically disagree with this.
|
| > while generally achieving somewhat better results
|
| I agree with this.
|
| I'd also like to add that my Prusa Mk3s+ is significantly
| slower than my P1S. Also, without the MMU it still cost
| more than my P1S with AMS. Choosing a Prusa is making a
| philosophical choice, because it's certainly not about
| convenience, speed, versatility (considering you need to
| buy a separate enclosure and pricey MMU), bed size, or
| price. It's a choice you make because you're okay with
| spending a lot more to support an open platform where you
| can flash your own firmware without voiding your warranty,
| not because you want a better experience.
| luma wrote:
| The mk4 and mk3 are vastly different machines. If you
| want to compare the P1S, do it against a contemporary
| machine. Of course a machine released several years after
| the mk3 is faster.
| ErneX wrote:
| What are your thoughts on the upcoming Prusa Core One? I
| was thinking about getting a P1S but with this rug pull
| I'm not sure anymore.
| esskay wrote:
| I wouldn't buy any new Prusa printer until it's been in
| the wild at least a year, they tend to be very buggy at
| launch.
|
| They also have no multimaterial support at launch, the
| MMU3 will not work with the Core One until they release
| an update, which they've not yet given a timeline for.
| ErneX wrote:
| Thank you.
| d1str0 wrote:
| I got a MK4 at launch and it worked out of the box with
| no issues, no bugs, and also was my first 3d printer. I
| found it perfectly easy to operate.
|
| Prusa's online documentation (and printed docs for that
| matter) are excellent.
| op00to wrote:
| Is the fact that the printer is slower the main reason
| why you get better results?
| esskay wrote:
| You pay more and lose reliable multicolour printing this
| way though - the MMU is NOT a solution.
| rqtwteye wrote:
| I bought an A1 after years of fiddling with an Ender. It made
| 3D printing fun again.
|
| The whole situation reminds me of drones. DJI is (maybe)
| questionable but their products are without competition when
| you look at price and quality. Bambu products are also
| fantastic.
|
| On second thought TP-Link fits too. My TP-Link mesh network
| just works perfectly. So do their smart plugs.
| EmmEff wrote:
| I did the same- replaced an Ender with an A1.
| Unfortunately, I've had it 10 days and have yet to be able
| to print anything. Won't calibrate and cannot update
| firmware. Seems like a commonly reported issue but tech
| support is still bumbling around with no useful
| suggestions. I foresee it going back.
| mitthrowaway2 wrote:
| I am an idiot, and my Prusa MK3S+ (bought assembled, not as a
| kit) has been me-proof for years, and delivered fantastic
| print quality all along. My wife is not a techie and she gets
| good use out of it too. Their newer printers seem to be even
| better.
| zitsarethecure wrote:
| Out of ignorance and curiosity about 3d printing I bought a
| Prusa Mini a few years ago. My 10 year old (at the time)
| son took to using it immediately and figured out how to use
| it almost entirely on his own. It has been a great
| experience. I was thinking of upgrading to something larger
| and this drama has made the decision an easy one for me.
| Polizeiposaune wrote:
| Based on recommendations here a couple years ago I built a
| Prusa Mk3 from a kit (right before the mk4 came out).
| Building it took a while but I think was a worthwhile
| investment of my time and I think of it as a system I can
| understand rather than as a black box.
|
| I had a little bit of trouble with it maybe six months ago
| (repeatedly tripped offline during prints from a thermal
| issue) but Prusa's online support talked me through
| recalibrating it and it's been trouble-free since then.
| zanderwohl wrote:
| One thing to be said for Prusa is that their support is
| actually knowledgeable and experienced. You're not going to
| get a tier 1 support person who has never touched a printer
| and is just reading from a script.
| Polizeiposaune wrote:
| Yep, my one support chat with Prusa was probably the best
| tech support experience I've had in at least a decade --
| possibly longer.
| nicman23 wrote:
| flashforge is pretty good and by design easy to root.
|
| it is running klipper internally and there are mods to run a
| completely open source stack (with blobs)
| DrBenCarson wrote:
| If you're looking for a CoreXY machine that can handle more
| industrial filaments for reasonable money, check out QIDI
| throwaway48476 wrote:
| If 3D printing isn't kept open source there's going to be laws
| about what you can and can't print that will kill innovation.
| s0rce wrote:
| The bambu printers haven't been open source.
| franga2000 wrote:
| I can't imagine the printers being open source or not mattering
| for that, nor can I see any reasonable government banning
| printing of specific things. If something is illegal to own or
| manufacture, that already applies to 3D printers just as much
| as it did to CNC machines or any other method.
| floating-io wrote:
| Are you so sure?
|
| https://www.nysenate.gov/legislation/bills/2025/A2228?utm_ca.
| ..
|
| Not quite the same, and hopefully likely to fail if it hasn't
| already, but it shows that interest exists in regulating 3D
| printers. When enough interest exists, things will happen.
|
| JMHO.
| kube-system wrote:
| If NY state did require a background check to buy a 3D
| printer, you'd have to get one regardless of whether you're
| buying a prusa or a bambu printer.
| K0balt wrote:
| Yet they have made it so that sophisticated printers must
| include firmware that refuses to print banknotes.
| arduinomancer wrote:
| Doubt it
|
| 2D printers are not open source and you can still print pretty
| much anything
| gaoryrt wrote:
| I don't think you can print cash/paper money.
| mnau wrote:
| That is covered by "pretty much anything." That doesn't
| mean absolutely everything.
| zo1 wrote:
| "Pretty much everything" does include "can't print some
| things" which is pretty much: they control what you can
| and can't print. So technically you are right and they
| are right too, but this conversation path led us back in
| a circle instead of moving the debate forward.
| idunnoman1222 wrote:
| With the 3D printer you can currently print everything on
| the 2-D printer you can print everything minus one.
| (actually there's probably a whole bunch of currency you
| can't print which is maybe hundreds of things ) those are
| completely different systems of control.
| K0balt wrote:
| No, you can't. Printer manufacturers are required to prevent
| printing certain kinds of images on sophisticated printers.
| And they also print watermarks unique to your printer on
| every page.
| dymk wrote:
| Why would some law being passed depend on open source? If
| anything, that would push some senator to regulate even harder.
| c0nsumer wrote:
| I've been following along with a lot of this, because having
| picked up one of their printers about a month ago, I was
| immediately very nonplussed with the security. It took some work
| to get it running isolated on an IoT VLAN, yet still usable from
| my main machine.
|
| Thus, on first blush, I welcome security improvements from them,
| but I'm also anxious to see what they hold.
|
| I do wonder where this is going with the keys, because I've seen
| a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the
| keys are used for or how they are useful. Or if they are even
| useful.
|
| Hopefully there'll be more interesting news about this soon and
| some solid, technical info.
| lvturner wrote:
| My understanding is that if I want to print via LAN, I have to
| auth against Bambu's internet servers, which is most definitely
| something I don't want.
|
| Actually for my use case this doesn't work at all -- my
| printers are region locked to China, but I'm not currently in
| China so I can't connect to those servers -- meaning (I think!)
| if I upgrade their firmware, I can't print via LAN on my own
| local network... which just leaves a bad taste in my mouth.
|
| These are great printers, but there's no need for that.
| c0nsumer wrote:
| Can you link to some specific detail on that, because I keep
| seeing that claim, but without any technical info.
|
| I have a P1S which currently can print completely isolated
| from the internet. Unfortunately (or maybe not?) the new
| firmware isn't available for my printer, so I can't dig into
| it myself yet.
|
| But I'd really like to see some sort of "when I try to do X
| it tries to connect to Y" or "I used to be able to do X, and
| now Y is required as demonstrated here".
|
| Something more than the current hearsay and pitchforks echo
| chamber.
| lvturner wrote:
| From their blog post: https://blog.bambulab.com/firmware-
| update-introducing-new-au...
|
| "Critical Operations That Require Authorization
|
| The following printer operations will require authorization
| controls: Binding and unbinding the
| printer. Initiating remote video access.
| Performing firmware upgrades. Initiating a print
| job (via LAN or cloud mode). Controlling motion
| system, temperature, fans, AMS settings, calibrations,
| etc."
|
| Now, PERHAPS, I can do that authentication locally... but
| given the plugin required for OrcaSlicer it doesn't seem
| likely
| c0nsumer wrote:
| Yep -- I read that, but that doesn't spell out auth back
| to BBL's servers, just auth.
|
| And keep in mind that OrcaSlicer already used Bambu
| Network Plugin to communicate with their printers. (It
| prompted you to download this on install of OrcaSlicer if
| you picked one of their printers.)
|
| The move to Connect means that OrcaSlicer needs to send
| the print data to Connect via a protocol handler instead
| of to the plugin. Connect will then send it on to the
| printer itself, and from what I've seen it'll do that
| over LAN. (But I can't test because my printer doesn't
| support this yet.) I see this as akin to a print driver
| vs. printer-specific support built into an app. Not a bad
| thing at all, if done right.
|
| The plugin already did (very minimal) auth via the Access
| Code and can do it with the printer and Bambu Network
| Plugin completely isolated from the internet. (I've done
| this.) So I'd like to know specifics of what's changing
| here.
| ghostpepper wrote:
| what else would it be auth'ing against if not Bambu
| servers?
| c0nsumer wrote:
| Perhaps some... other or better way of authenticating to
| the printer? Previously there was just a single,
| essentially fixed, numeric string that gave complete
| access to the printer, and communication was via TLS with
| a self-signed cert.
|
| I don't want to hypothesize about what it could be doing,
| I want to see what it's actually doing (or see some
| actual info from folks about what they've seen) so I can
| decide if I'm comfortable with that or not.
| hatsunearu wrote:
| The bambu cloud service has a very low value-add and they
| are trying to make it mandatory. the speculation is that
| they are trying to add a subscription model for print
| farms, which 3rd party slicers enable.
| jillyboel wrote:
| the printer itself?
| lvturner wrote:
| "Operation Guide for Bambu Connect
|
| Start by logging in to the Bambu Lab account or click
| Discover to find LAN mode printers."
|
| https://wiki.bambulab.com/en/software/bambu-connect
|
| At the very least - it looks like you'd need to log-in to
| the cloud account to print on the LAN, which really begs
| the question.... why?
| krisoft wrote:
| > it looks like you'd need to log-in to the cloud account
| to print on the LAN
|
| The text you quoted directly contradicts what you are
| saying. It says login OR discover to find LAN mode
| printers.
| lvturner wrote:
| You're right! Sorry obviously I was one coffee short of
| comprehension!
| dns_snek wrote:
| I don't have a definitive source readily available, but
| from talking to people who were investigating the technical
| aspects, connection between the printer and slicer software
| will be mutually authenticated using a certificate that
| will issued by Bambu Cloud, issued only to blessed 1st
| party software, and verified by the printer upon connection
| over the local network.
|
| So your blessed Bambu Studio instance connects to Bambu
| Cloud and requests a certificate, the server issues the
| certificate to you (or not), and then Bambu Studio may use
| it to connect to the printer on your LAN.
|
| The certificates have an expiration time of 1 year, meaning
| that the printer functionality would severely degraded
| (missing network connectivity), at most 1 year after they
| take the servers offline or stop issuing certificates for
| any reason.
|
| Not a definitive source for what I said, but it contains
| some information: https://hackaday.com/2025/01/19/bambu-
| connects-authenticatio...
| c0nsumer wrote:
| I sorta get what you're saying, and the flowchart here
| (https://blog.bambulab.com/updates-and-third-party-
| integratio...) somewhat agrees.
|
| But where I disagree is with that cert stuff.
|
| 1) That cert is on the /client/ side, not in the printer.
| It has nothing to do with printer functionality, only
| with talking to the printer.
|
| 2) Expired certs do not mean things automatically get
| rejected. Using and allowing expired or self-signed certs
| is routine in the IoT world where certs on devices can't
| readily be updated. But again, that cert isn't from the
| printer.
|
| 3) Expired certs, just like the self-signed certs that
| are so commonly used, still result in things being
| encrypted on the wire. And often that's the point.
|
| It seems to me that someone found/exported the cert, and
| is trying to make all sorts of WHAT-IF or THIS-COULD-
| MEAN-THE-WORST claims but are lacking some significant
| understanding. Without understanding the architecture and
| the rest of the code, and perhaps seeing that cert be
| used, this is just an artifact found in the distributed
| beta application.
| dns_snek wrote:
| > That cert is on the /client/ side, not in the printer.
| It has nothing to do with printer functionality, only
| with talking to the printer.
|
| What do you mean, if my software can't talk to the
| printer then that affects printing functionality.
| c0nsumer wrote:
| I mean that the extracted cert that's going around is
| from the client (Bambu Connect) side. Everything it would
| get used for is a function of the client and how it talks
| /to/ the printer.
|
| Even if it is used to sign some communications, it
| doesn't matter if it's expired or not on the server side
| (the printer side), unless the server chooses not to
| accept it. And then updating it would be a matter of
| updating Connect; the client.
|
| There's no reason -- other than hyperbole -- to infer
| that a certificate which expires on the client side will
| cause the printer to stop doing anything.
|
| For a web-y example, think of how a website which needs a
| client cert for auth -- like lots of gov't stuff -- would
| handle a client cert expiring. It'd either accept it
| anyway, or reject it. But it wouldn't mean the website
| breaks. And thus claims of that client certificate's
| expiration being a killswitch for printers is simply
| wrong.
| ipv6ipv4 wrote:
| It's vendor lock-in (or DRM), not security. Security would be a
| protocol based on a user specific secret that doesn't
| inherently require locking down anything to Bambu Lab only
| software (think username/password). Vendor lock-in is about
| locking the user into using Bambu Lab software, which is what
| we see here.
|
| You would never allow your bank account to be secured with
| something akin to Bambu Lab's "security fix".
| spaceguillotine wrote:
| Bambu should be working on scaling their consumables and customer
| service, it takes weeks to resolve any tickets, 8 days to a first
| response has been normal for them.
| freefruit wrote:
| What can't you fix? All the issues I've had you could find a
| video on YouTube on what to do.
| dawnerd wrote:
| It's kind of a joke they think they're ready to roll out a
| print farm subscription when they can't even keep basic
| filament in stock, or like you said even provide basic support.
| They've grown far too quickly.
| NelsonMinar wrote:
| I am angry at the bait-and-switch Bambu is pulling. I bought one
| of their printers in the Black Friday sale on the understanding
| it was reasonably hackable and open. Now they're trying to lock
| it down so I can't print on my own printer without using their
| approved software and DRM chain. It's outrageous.
|
| More info on the hacking (the first in what may be a long stupid
| fight): https://hackaday.com/2025/01/19/bambu-connects-
| authenticatio...
| gjsman-1000 wrote:
| > standing it was reasonably hackable and open
|
| Not sure where you got this idea from. Despite the hacking,
| print from SD Card remains an option, and the device does not
| need an internet connection for initial setup. Version
| 01.08.02.00 is the first firmware version that supports offline
| updating, even if it is also the latest version.
| nialv7 wrote:
| bait-and-switch? We, those who advocate for open source 3D
| printers, saw it coming from miles away. This has very very
| clearly been their plan all along, they themselves said as much
| (e.g. they are doing the "apple model"). They have been very
| transparent about this, yet people still fell for it.
| hooverd wrote:
| Open source didn't compete on quality for price. I could pay
| 2k plus 40 hours of my time for a Voron or buy something that
| just works. I think Prusa only put out their CoreXY offering
| after they realized Bambu was eating their lunch. The Apple
| model works because people want to print rather than tinker.
| nialv7 wrote:
| I paid ~$750 for my 350mm Voron 2.4 kit (and, sure, 40
| hours of my time. But look, you want to do 3D printing, 40
| hours are just a small initial investment).
| hooverd wrote:
| Damn that's cheap! What vendor did you use?
| MindSpunk wrote:
| > But look, you want to do 3D printing, 40 hours are just
| a small initial investment
|
| No. None of this crap. I want to 3D print. I don't want
| to service industrial machinery in my spare time. Why
| should 3D printing require spending weekends
| troubleshooting machines just to keep the thing working?
| I want to print models not play repair technician.
|
| Vorons are fantastic printers and a fantastic kit if 3D
| printing itself is your hobby. 3D printing is a fantastic
| hobby. There's tons of fun to be had building up and
| dialing in a printer kit. A well tuned voron can be up
| with the best of the best 3D printers. If that's what you
| want to do go for it!
|
| But for heaven's sake I want to print models, parts and
| other practical things. I have other things to do and
| problems to solve. My 3D printer is a tool. If I have to
| spend just as much time working on the machine as I do
| using to actually print things then I'm not interested.
|
| Bambu is still the best game in town for a turn-key, just
| works printer. Prusa can deliver the same experience at
| double to triple the ticket price. A voron is _not_ a
| replacement for a Bambu printer no matter how good the
| printers actually are.
| nicman23 wrote:
| because 3d printing is not there yet.
|
| the whole process is basically cnc but with z hops and
| extruding instead of removing material.
|
| we do not even have conical slicing yet.
| abtinf wrote:
| > because 3d printing is not there yet
|
| Ya, it is, and it's been there for quite a while now
| thanks to Bambu.
|
| The X1 just works. Coming up on a year of frequent use, I
| can count the number of failed prints on one hand. It's
| incredible.
| nicman23 wrote:
| i do not believe you. it is mostly a material issue not a
| printer issue
| abtinf wrote:
| > it is mostly a material issue not a printer issue
|
| Tell me you don't anything about 3d printing without
| telling me you don't know anything about 3d printing.
| nicman23 wrote:
| if you think that there are not limitations with current
| fdm thermoplastics and software, i do not know what to
| tell you.
| Mashimo wrote:
| Both modern (pre assembled) Prusa and Bambu are very good
| at this. They guide you through the full setup process,
| automate first layer reliable, have decent stock
| profiles.
|
| It's all just much less tinkering then 5 years ago.
| BoorishBears wrote:
| You're saying this yet anyone can buy a random Bambu and
| just print.
|
| I've owned or used probably every major (and some minor)
| printer released in the last 8 years and for most people
| Bambu really will just be "plug and play" (and even if
| something goes wrong they'll hold hands as much as
| needed)
| nicman23 wrote:
| as i said to another reply, it is a material issue.
| bagels wrote:
| That does not match my experience. The printer I have has
| had parts break with light use, and a really poorly
| engineered z-axis homing which results in wildly
| inconsistent zero heights and a very high print failure
| rate.
| imtringued wrote:
| It is. I have no interest in messing around with 3D
| printers and was annoyed by the fact that Bambu lab lied
| about the 15 minute setup time. It was more like 45
| minutes, but after that I never touched the printer again
| and started printing instead.
|
| Also, subtractive manufacturing is much harder than
| additive manufacturing, because you need to position the
| machine around an existing piece of stock and sequence
| your operations manually, instead of letting a generic
| slicing algorithm slice from bottom to top with an offset
| vs the intended printing location only being a problem if
| you accidentally print over the edge of the build plate,
| which is usually not possible mechanically.
| nicman23 wrote:
| it is not that. i mostly mean that for anything
| functional that needs to take a load you need at least
| petg or asa (abs is a bit old now), which require proper
| storage.
|
| also there are so much stuff that are in open prs and
| issues for years that are not implemented for slicers.
| Mashimo wrote:
| I think the AMS unit for the Bambu is somewhat sealed and
| has desiccant in it.
|
| "take a load" - I don't know what kind of load, do you
| mean the fact that PLA is creeping under sustained load?
|
| If that is YOUR usecase that is fine, but that does not
| mean that set and forget works just fine for others. Btw
| gun people use PLA plus just fine.
| nicman23 wrote:
| that is just one example of issues with thermoplastics.
| the AMS is great though.
| ddingus wrote:
| "Take a load" = perform mechanically and or structurally
| at levels of force, temperatures, etc. at levels higher
| than the properties of PLA allow for.
|
| Don't get me wrong here. PLA is a great polymer, However
| you can't really expect parts made with it to hold up
| when compared to other "engineering grade" polymers.
| Mashimo wrote:
| Well for example layer bonding is better compared to some
| other materials. It's just that load over time it will
| creep. And of course shite under temperature.
|
| It can be a fantastic material for some functional parts.
|
| But even if not, I don't see how it's invalidates that
| there are printers out there that are more or less set
| and forget.
| ddingus wrote:
| Bambu printers, or at least the one in our shop runs ASA
| set and forget style.
|
| It is a great machine though it does not always make the
| strongest parts, and single material builds is geometry
| limiting. Lack of chamber heat and one nozzle makes some
| things easy, but does not entirely avoid the trouble with
| higher performing polymers.
| esskay wrote:
| I don't think anyone expects PLA to be used for anything
| that requires structural stability. There's far better
| filaments for that application. Some of the carbon fiber
| infused PETG filaments for example are incredibly strong.
|
| Not many people use 3d printing for applications that
| require extreme strength though, that's really not the
| goal many people are aiming for.
| ddingus wrote:
| You would be surprised!
|
| I do this for a living and people are always looking for
| more parts to run through the process and better
| filaments to see those parts end up performant.
|
| CF-PETG is strong! For a bit more toughness and temp
| resistance, PA12CF35 is seeing a lot of use. Some
| companies out there have service departments to keep
| machinery running. They apply FDM more than you might
| expect. Alloy 910 for gears, Cf of various kinds for
| abrasive scenarios, like cardboard handling, in one
| scenario.
| gonzoflip wrote:
| There are countless firearm receivers that have been
| printed on pla plus, many with thousands of rounds on
| them. Sure they may turn into a puddle in a hot vehicle,
| but they are functional and definitely take a load. Pla +
| is actually preferred in that community over the others
| you mentioned, although asa is becoming more popular,
| along with filled nylon alloys.
| DrBenCarson wrote:
| QIDIs might need a slight bit more tinkering with
| settings for new filaments but they're pretty solid and
| offer more than Bambu does for the money
|
| Comparing Bambu to Voron is an absurd comparison
| szundi wrote:
| What do they offer more in your experience?
| archi42 wrote:
| > Comparing Bambu to Voron is an absurd comparison
|
| I politely disagree. I was in the market for a more
| modern printer, and it boiled down to either a BL or a
| Voron - in the end I decided against ease of use and in
| favor of an open ecosystem. I agree in that they are not
| universally interchangeable, but for some people either
| can be an option, each with distinctive advantages and
| disadvantages.
| 2muchcoffeeman wrote:
| > _Why should 3D printing require spending weekends
| troubleshooting machines just to keep the thing working?
| I want to print models not play repair technician._
|
| I'm sympathetic to your POV but the reason you should is
| that's the price to keep things open.
|
| Obviously many people don't care about that. Fair enough.
| But then you should be prepared to deal with their
| shenanigans.
|
| Prusa also does things like maintain and develop
| printables.com and PrusaSlicer (itself forked) which many
| of these closed printers fork with minimal changes.
|
| People don't care about this either. So again, get ready
| to deal with garbage when Prusa goes under.
|
| I think it's sad since the whole domestic 3D printer
| thing started as open source.
| JoshTriplett wrote:
| > I'm sympathetic to your POV but the reason you should
| is that's the price to keep things open.
|
| No, it's not, and the perception that it is _hurts the
| cause of openness_.
|
| Open Source has every ability to be better, to Just Work,
| to not require constant debugging. Good Open Source
| systems manage this. The fact that 3D printers apparently
| have not is the fault of those printers, not any inherent
| quality of openness.
| rleigh wrote:
| It really depends upon the target market. That's fine for
| hobbyists. But I use the Bambu X1 for small-scale
| prototyping in a company, and it has to be usable out of
| the box. We can't justify an entire week of labour for
| each printer we buy.
|
| The Bambu has been ideal for that reason. Every material
| pretty much just works, and the quality is excellent. The
| cloud integration and janky LAN mode is the downside, and
| this current topic even moreso.
| seabird wrote:
| There's a middle ground between the Apple model and
| assembling everything yourself.
| harrall wrote:
| Well Prusa was open and did compete.
|
| But for 3D printers that worked out of the box under $1000,
| Prusa had no real competition itself.
|
| The Mk3 came out in 2017 and I swear Prusa just sat on
| their laurels. I was a Mk3s+ owner (well, still am) and was
| pretty disappointed how little improved with the Mk4.
|
| Bambu's competition was Prusa and they clearly strived to
| improve over what Prusa had accomplished.
| bushbaba wrote:
| I wondered if the bamboo was sold for a loss
| GuB-42 wrote:
| Bambu Labs printers are not cheap. Even their entry level
| A1 printer is twice the price of an Ender3.
|
| Sure, it is a better printer, but it is clear that they
| are going for scale, and most of what makes them better
| is in the software rather than in using premium hardware.
| esskay wrote:
| initially maybe but the way the printers are built makes
| for cheap mass production. Theres no special sauce in the
| hardware, it's all low cost off the shelf stuff, it's
| just optimised very well.
| nirvdrum wrote:
| I wasn't really sold on the 4/4S, but I recently upgraded
| a 3S+ to a 4S and am amazed how much improved. The new
| touchscreen LCD is a huge improvement over the old two
| line monochrome LCD. Remote access and wife printing is a
| nice plus -- I don't even run OctoPi anymore. Automatic
| bed leveling and no more Live Z tweaking for each sheet
| has been a major quality of life upgrade and eliminates
| one of the major pain points in swapping out nozzles. The
| nozzle is much easier to swap out and is now high flow.
| Add in Input Shaping and it prints significantly faster.
|
| I hadn't had any experience with the new platform prior
| to this upgrade and I skipped over the MK4, but the 4S
| upgrade is a significant step up over the 3S/3S+. I
| wouldn't necessarily recommend the upgrade kit -- that
| took much longer than expected to complete (about two
| days) and I regret not buying a new printer instead. But,
| I have a 3S I plan to upgrade to 3.5 just to get the new
| electronics; that upgrade is far less intensive.
|
| If you haven't tried out a 4S you might be pleasantly
| surprised by how much nicer it is than the 3S+.
| cyberax wrote:
| wife printing sounds nice!
| SSLy wrote:
| the future is now
| nunobrito wrote:
| Are those still in PLA or you can print them organic now?
| nirvdrum wrote:
| Heh, whoops. Definitely a typo, but in all seriousness
| the printer is actually usable by wife now, so that is a
| huge plus. She could use it before, but hadn't learned
| how to adjust Live Z and thus didn't like changing the
| sheet. If you do it wrong you can drive the nozzle into
| the sheet.
| lsllc wrote:
| Similar experience with PRUSA for me -- I had a MK3S+
| (which I loved) and paid ~$250 for the upgrade to the
| MK3.5S. Very, very impressed, for a modest investment I
| now have the new color LCD, a good chunk of the MK4
| features and the print speed is at least 2x improved (if
| not better, I haven't quantitatively measured it but it's
| noticeably faster).
|
| I went for the 3.5 upgrade as the upgrade from 3S+ to 4
| was almost as much as outright buying a new 4. I'm glad I
| did it this way because now I'm thinking of getting the
| CORE One and then I'll have 2 excellent printers.
| esskay wrote:
| The problem is even with Prusas recent efforts to catch
| up with the Core One, it's expensive, and they still dont
| have a viable answer to the AMS. The MMU is still a hot
| mess, requires tinkering, isn't stable and overall just
| doesnt come close to an out of the box experience.
|
| They still seem to be thinking the primary audience of 3d
| printers is people who tinker. It's not been that way for
| a long time. People just want to be able to unbox, plug
| it in and print. The second you add in the "oh just spend
| 5 hours tweaking this spaghetti mess of an MMU" you've
| lost them.
| kiba wrote:
| A Prusa MK4, completely factory built, is a reliable
| workhorse for me.
| esskay wrote:
| I didn't suggest otherwise, nor was that even part of my
| point.
| harrall wrote:
| Prusa's primary audience has been people who _don't_ want
| to tinker.
|
| I think they just screwed up the design of the MMU but
| they never went back to the drawing board.
| deng wrote:
| "hot mess" is not a fair assessment. The MMU2 was
| terribly unreliable, but the MMU3 is OK. It's surely more
| complicated to set up and requires more space than the
| AMS, but on the other hand, I think AMS concept is just
| plain bad. It's incredibly slow and produces a ton of
| plastic waste.
| beeflet wrote:
| it just works until it doesn't
| moooo99 wrote:
| > Open source didn't compete on quality for price.
|
| Well, Open Source did compete on one quality very well:
| being open, hackable and staying that way. With this being
| removed from Bambu lab printers it seems as if this is a
| very much valued aspect for many 3D printing enthusiasts,
| yet few people were willing to compromise for this aspect.
|
| Apparently it is true, you don't know how much you value
| something until you don't have it anymore
| kamranjon wrote:
| Curious if anyone has tried the Core XY printers from
| Creality? I think they use open source software and are
| generally in the same ballpark as the Bambu printers price-
| wise. Also saw they have a similar AMS style system as
| well.
| pandemic_region wrote:
| > The Apple model works because people want to print rather
| than tinker.
|
| Entirely this. I bought my A1 mini over the Christmas
| holidays and couldn't be happier with it, it's my first 3D
| printer. Searching for models on Makerworld, adjusting tiny
| bits here and there if needed and print. It just works and
| I don't really care about anything else, much like my
| Brother printer.
| DrBenCarson wrote:
| AFAIK, Apple has never retroactively removed functionality
| from devices people already purchased
|
| Selling a walled garden is one thing, building walls around a
| garden you already bought is another thing entirely
| ulrikrasmussen wrote:
| This is the Google model then. Base everything on open
| source, even allow unofficial builds of your operating
| system (LineageOS, Graphene), but slowly introduce more and
| more device attestation and DRM so it becomes de facto
| impossible to actually use anything but the closed builds
| because everything from banking apps and electronic
| identification apps to streaming apps will refuse to run on
| your "unsafe" operating system.
| Arch-TK wrote:
| Currently the only thing which won't run on a non-google
| blessed android build is google wallet, although a lot of
| applications rely on google's proprietary services
| exposed through google play.
|
| I've not ran into any banking applications which won't
| run on a non-google build of android (as then they would
| only run on a pixel). That being said, I refuse to
| seriously bank with any bank which doesn't offer a
| functioning website. My main bank offers an app but you
| have to wholesale switch to it.
| jumski wrote:
| Revolut stopped working for me on GrapheneOS with an
| official message "Sorry, Revolut is not supported on
| devices with custom firmware".
| piaste wrote:
| Do you have the sandboxed Play Services installed? It
| works fine for me on Graphene (just checked).
|
| That said, the recommendation I always give, and
| personally follow: keep a spare phone in a drawer
| somewhere, with official Android installed, a Google
| account, and use it exclusively for business purposes -
| banking, government services, and the email account you
| use for those (separate from the one you use for
| everything else). Nothing else, no messaging, socials,
| browsing, or games.
|
| Then you're free to keep your personal phone FOSS and as
| private as you like, without fear of getting locked out
| of important stuff due to a crappy Google(r) SafetyNet(r)
| upgrade.
| Arch-TK wrote:
| > That said, the recommendation I always give, and
| personally follow: keep a spare phone in a drawer
| somewhere, with official Android installed, a Google
| account, and use it exclusively for business purposes -
| banking, government services, and the email account you
| use for those (separate from the one you use for
| everything else). Nothing else, no messaging, socials,
| browsing, or games.
|
| Anything which doesn't support an alternative method (not
| involving a proprietary blessed google phone) of
| management should be illegal if it's government related
| and should be boycotted if it's not.
| piaste wrote:
| I certainly agree with the sentiment (I would trust-bust
| tech giants, and severely restrict advertising as a whole
| for being a negative-sum game).
|
| Nevertheless, for living in this world while preserving
| your privacy, my advice stands. Separate the devices that
| _you_ control, which you will use for personal and
| private purposes, from the devices that _global
| corporations and institutions_ control, which you will
| use to access the services those institutions provide -
| services which, by definition, you would not control
| anyway.
|
| It is far, far simpler than having to get proprietary,
| frequently-updated software to play nice inside a secure
| sandbox. If they do, great, but separate devices ensures
| it isn't a capital-P Problem for you if they stop.
|
| (FWIW, I lived in three different European countries over
| the past decade and so far the governments all offered
| TOTP-based web alternatives to their apps. When it comes
| to private banking, only one (Lunar) was available only
| via app, but it was also the only one that ran without
| Play Services.)
| Arch-TK wrote:
| > It is far, far simpler than having to get proprietary,
| frequently-updated software to play nice inside a secure
| sandbox. If they do, great, but separate devices ensures
| it isn't a capital-P Problem for you if they stop.
|
| What I am saying (and what I do) is that it's far simpler
| still to just not rely on anything where this might be
| the case.
|
| If my bank turned around tomorrow and said I can't use
| their website to manage my account, I would not attempt
| to get their app working on my phone, I would switch
| bank.
| 63stack wrote:
| Anything that depends on the SafetyNet API will not run
| if your android build does not pass the checks, the list
| is much much bigger than "just google wallet". Whether a
| rom passes safetynet or not very much depends on what
| google considers blessed today, and what they will
| consider blessed in the future.
| Arch-TK wrote:
| SafetyNet can be implemented by non-google-blessed ROMs
| (and is implemented by all non-google vendor roms without
| google's keys).
|
| It works on GrapehenOS with their own keys (or you can,
| if you want, probably use your own keys).
| ulrikrasmussen wrote:
| This is false. List of apps which refuse to run on my old
| OnePlus 6 which I revived with LineageOS:
|
| - Danish national identity app (MitID). I had to get a
| hardware token that generates one-time passwords.
|
| - My banking app (still works in the browser though).
|
| - The de facto payment app used for peer-to-peer payments
| and as a credit card alternative all over Denmark
| (MobilePay).
|
| - The app for controlling the heating system in my car.
|
| - Revolut.
|
| - The app for showing a digital version of my government
| issued health insurance card. It's literally just a
| barcode and a number, so I can get by using a photo of
| the card instead. This underlines the ridiculousness of
| requiring Play Integrity attestion.
|
| - The app for showing a digital version of my driver's
| license. As a bonus this app also doesn't work if you
| have set your default browser to Firefox instead of
| Chrome, even on a non-rooted phone.
|
| On top of this, one app for scanning goods in the
| supermarket stopped working, but without explicitly
| saying why. I suppose it just silently depends on some
| Google service, but I have not way of knowing that.
|
| I also cannot get Chromecast to work, but that is perhaps
| to be expected when replacing the Google services with
| microg, and not strictly a result of DRM. It is a major
| inconvenience though.
|
| Denmark is one of the most digitized countries, and in
| many ways that is good. However, it also means that you
| are increasingly coerced into the whole Google/Apple
| ecosystem and that it is very hard to get out. Luckily
| there are alternatives to all of the above apps, but it
| is a major inconvenience to have to use them.
| Arch-TK wrote:
| I don't know much about LineageOS but GrapheneOS supports
| attestation (albeit with its own keys) and it works for
| all the banking apps I have had the displeasure of using
| here in the UK including revolut.
|
| If LineageOS did support those APIs (which it can support
| if it wanted to, without any blessing from Google) then
| presumably most if not all of those should also work.
|
| Try GOS and see if it's broken there. If it works on GOS
| then you can shout at google for ever exposing the
| attestation APIs but the apps you're complaining about
| aren't actually abusing attestation in the way you claim,
| LineageOS is simply choosing not to implement the
| features they rely on.
| bayindirh wrote:
| None of the unofficial Android builds allows me to access
| to the secure element in my SIM card to use my
| e-signature, which works with SIM menu prompts triggered
| OTA by the application I'm currently using, mostly
| governmental services.
|
| If I'm on a custom ROM, the notification never pops up.
| Arch-TK wrote:
| That's not an attestation issue.
|
| But have you checked if GrapheneOS handles it?
| bayindirh wrote:
| > That's not an attestation issue.
|
| Yes, but see my other comment in the thread. It's not
| something trivial. It's not I didn't dig.
|
| > But have you checked if GrapheneOS handles it?
|
| I jumped the platform soon after, so I don't have the
| hardware anymore, so I can't.
| immibis wrote:
| You have to have evidence that this is because of
| attestation, though - lots of open source software is
| missing lots of features because they are just missing
| features.
| bayindirh wrote:
| It's not an attestation problem, but a trusted pipeline
| problem. Yes, the required files are missing, but
| carrying them from official builds doesn't work either,
| because all pipeline from modem to kernel has to be
| signed, and the chain breaks somewhere, and you can't
| build it without the private keys Google/OEM has.
|
| It's like Trusted HDCP pipeline. Every part has to be
| signed properly, and no open distribution of Android can
| do that, period.
| saidinesh5 wrote:
| Did Google ever introduce more device attestation and DRM
| into an already released device though?
| askariwa wrote:
| Just some of them:
|
| - Battery Management (iPhone 6, 6s, and SE): In 2017, Apple
| introduced a battery management feature in iOS 10.2.1 to
| prevent unexpected shutdowns by throttling the performance
| of iPhones with degraded batteries. This led to slower
| device performance without informing users, which is a
| removal of expected performance functionality.
|
| - 32-bit App Support: With the release of iOS 11 in 2017,
| Apple dropped support for 32-bit apps. This meant users
| could no longer use older apps that had not been updated to
| 64-bit, effectively removing access to those apps on
| updated devices = You want the new OS? -> you have less
| functionality.
|
| - Pulse oximetry features were recently removed from new
| Apple Watches due to Masimo's patent infringement claim.
| least wrote:
| The last one doesn't really hold up since the feature is
| still available on devices that they were delivered on.
| My watch has the feature still.
| Iulioh wrote:
| I remember one guy ranting a lot about navigation with
| the apple pen
| po wrote:
| > This led to slower device performance without informing
| users, which is a removal of expected performance
| functionality.
|
| As opposed to the device unexpectedly shutting down due
| to a degraded battery not being able to push enough
| energy to support the CPU? They didn't remove expected
| performance, they prevented crashes which are by
| definition 0 performance. All Li-ion batteries degrade
| over time. That's not removing a feature...
|
| This whole thing was totally overblown.
| askariwa wrote:
| Well, they DID remove expected performance by slowing CPU
| performance, disn't they? People who had bought these
| iPhones (and not the previous ones) did so also because
| of the promise of a more powerful CPU, a promise broken
| by Apple. It is removing a feature (a better CPU) and
| Apple knew it that's why they did it without informing
| users.
| esskay wrote:
| Just to add, they also got fined by the EU for doing so,
| so it was ruled to be illegal. Bambu's changes would fall
| into the same category of altering the product and
| degrading the experience after its been sold.
| nunobrito wrote:
| Just to let you know that InstaCam360 did the same on
| their cameras with the smartphone app.
|
| Previously you could directly upload the 360 videos do
| youtube, now you need to download the film locally on the
| phone, then host a converted version and only after those
| loops you are permitted to upload.
|
| Or you can now buy a monthly subscription and get back
| the feature that was already there before. Quite
| disappointed with this kind of behavior.
| Xelbair wrote:
| the problem isn't that they've done it.
|
| the problem is that user got no choice. Some might prefer
| degraded performance, others might prefer to charge their
| devices more often.
|
| Also seller should have no business touching anything
| that they've already sold - they do might offer support,
| but it should be up to user to accept it or not.
| theshrike79 wrote:
| It's not a matter of "charging more often". The phone
| just shut down when the battery was somewhere between
| 0-40%
|
| Source: had two 6S's in the family. In the cold it could
| just suddenly shut down mid-call from 60% battery.
| mavhc wrote:
| However they applied it to all phones of that model, not
| just ones with degraded batteries
| sehansen wrote:
| No, it was dynamic based on voltage. iPhones with worn
| batteries had higher performance at full battery and
| swapping the battery with a fresh replacement restored
| full performance even at low battery percentage. In fact
| this is how the slowdown was discovered: someone replaced
| their iPhone battery with a non-genuine replacement and
| it got noticeably faster.
| Xelbair wrote:
| you are still missing the point.
|
| USER should chose that. not apple.
|
| not all of them shut down, someone might get a battery
| replacement.
|
| What apple should've do is to introduce a toggle, give a
| warning in notification. and in case of crash, display it
| again.
| theshrike79 wrote:
| Apple (IMO rationally) chose that people would prefer a
| working phone, one they can use to call emergecy
| services, for example, to a phone that just suddenly
| dies.
|
| After the massive hissy fit the Internet threw (along
| with lawsuits), they added a switch. Now you can choose
| to have your phone suddenly die.
|
| But the legend lives on that "Appple slowed down phones
| permanently!!" - even though the fix for that is a 40EUR
| battery swap that takes 30 minutes in any mall phone
| repair shop.
| Xelbair wrote:
| Again, let user chose. apple sold a product, it's out of
| their hands to decide what users do with it.
|
| Maybe i want to use the device in a way that's 100%
| connected to the charger and repurpose it.
|
| It's not apple's business what I'm doing with it
| K0balt wrote:
| If you left It hooked up to a charger, their fix would
| never have affected you. It only slowed down the cpu when
| the risk of catastrophic shutdown was imminent.
|
| I like a toggle for features like this, but it was a
| pretty standard user experience / reliability choice
| imho.
| K0balt wrote:
| Yes this would have been better.
|
| But the way they did it was far from malicious. It only
| affected users who were actually in danger of an
| emergency shutdown, during times when the shutdown was
| imminent. While I don't want anybody diddling my firmware
| without giving me a choice, this particular issue was
| really a nothing burger in the end.
|
| It was discovered when it became apparent that replacing
| a defective battery made the phone faster. Seems like a
| standard reliability / user experience fix to me. Not
| Many people would choose the "don't adjust system power
| consumption to prevent unplanned shutdowns when the
| battery is about to fail" toggle.
| ben_w wrote:
| Indeed; while I've not had this specific issue with the
| phones, I do still have a mid-2013 MacBook Air lying
| around (it's now too old to realistically sell), and the
| battery on that was so worn by the time I got an
| M-something to replace it that would go from "fine" to
| "emergency shutdown" during boot if I forgot to plug it
| in. And then report something like 20% if I plugged it in
| and immediately booted it again.
| immibis wrote:
| Then the battery percentage is miscalibrated. The
| solution to that is to recalibrate the battery level, so
| that the old 40% is the new 0%.
| Dylan16807 wrote:
| It's not like the battery is actually empty. The phone is
| still able to run at 40% if it limits CPU power draw. As
| long as the throttling curve is accurate to the battery
| quality, it's all upside. A slow device is better than a
| turned off device. And if you want to keep your phone
| above 40% charge so it runs faster, go for it.
|
| The root problem was not the throttling, it was the
| phone's inability to run at expected speed after a couple
| years.
| jillyboel wrote:
| > All Li-ion batteries degrade over time
|
| So they know this yet they refuse to let users swap the
| battery?
| theshrike79 wrote:
| Users can swap the battery? 1) open phone
| 2) remove battery 3) replace battery 4) close
| phone
|
| It just requires more tools than your fingers, like every
| single mainstream phone.
| jillyboel wrote:
| Not sure what kind of users you're dealing with, but your
| typical iphone user can absolutely not do that
| theshrike79 wrote:
| A typical car driver can't change the oil in their car,
| nor can they do a headgasket swap either.
|
| People don't go telling that Ford "refuses users to let
| their change their oil".
|
| It's all perfectly doable, but you do need the tools and
| an ability to follow a step by step guide with pictures.
| nunobrito wrote:
| Imagine Ford deciding their cars must drive at 50% their
| speed when the engine oil is older than 2 years and at
| the same time forbidding users from changing the oil.
|
| Yet there are always people justifying these type of
| awful practices as better for users. These aren't, the
| measures are only good for business.
| theshrike79 wrote:
| Have you driven a German car ever?
|
| They are SO LOUD if you don't service them at regular
| intervals. They're even doing fancy tricks to make sure
| you're not faking the service.
| K0balt wrote:
| Forbidding them from changing the oil? I personally
| changed my battery, I did not feel like it was forbidden.
|
| Not even that hard.
|
| For me, the firmware fix helped me limp through the 2
| months before I finally got around to replacing the
| battery.
|
| It made my phone that was flaky and unreliable below
| 40percent battery into a phone that worked slightly
| slower once the battery got low, but didn't just randomly
| shut off during calls anymore.
|
| I'd have preferred a toggle, but to be honest I doubt I'd
| have ever used "reckless disregard for remaining battery
| capacity" mode.
| dghlsakjg wrote:
| Ford actually does this. They have something called limp
| mode for when sensors detect degraded conditions. They
| won't honor the warranty if you clear the code manually
| and continue operating the vehicle.
|
| Many cars enter limp mode for when the ECU senses a
| possibly damaging condition. This limits the performance
| and capabilities until someone with a diagnostic computer
| can plug it in. Many times these diagnostic computers are
| entirely proprietary.
|
| I'm not saying it is justified, but to pretend that other
| businesses don't do this is silly.
| meragrin_ wrote:
| > This whole thing was totally overblown.
|
| No, it isn't. If the battery was broken and they knew the
| battery was broken, they should have informed the user
| the phone could be fixed with a new battery. They decided
| to gimp the device and not tell the user so they would be
| more likely to purchase a new device rather than simply
| fixing the old one.
| CamperBob2 wrote:
| It was not overblown. Apple didn't disclose what they
| were doing or give the user the option to decide what was
| best for them. When a company chooses to behave that way,
| it should hurt them, and it did.
|
| Apple's actions in this case were even worse than
| Bambu's. At least Bambu documented what the update did
| and offered the option of declining it.
| mft_ wrote:
| The big difference is that none of these changes were
| part of a defined strategy to lock the user in to their
| products and ultimately generate more profit, as with the
| Bambu example:
|
| - Battery management was to handle an issue that was
| encountered as batteries aged
|
| - 32 bit support: Apple is well known for being one of
| the more aggressive companies when it comes to forcing
| users (and especially people coding apps for their
| platforms) to adopt required tech changes. But again, not
| directly profit-driven.
|
| - Pulse oximetry: probably the closest to a profit-
| driven-decision, as this was driven by a patent issue,
| and presumably they calculated less of a hit from
| removing the feature than paying feed to the patent
| owner? Not great, but still not directly part of a user-
| unfriendly Apple-derived strategy, as with Bambu.
| mls-pl wrote:
| And main difference with Apple is that you don't have to
| log in to their services on iPhone yet still have full
| _phone_ functionality.
| cowl wrote:
| the keyword being _phone_, not smartphone. Bambulab too
| will let you print from SD card without logging in their
| infra, they are just locking the rest of the ecosystem. 1
| to 1 analogy.
| mls-pl wrote:
| It's still a smartphone - with web browsing, mail and
| everything else what's available out-of-the-box. And
| Bambu will cut out even local network access and, as they
| stated in "Terms of Use", can lock print jobs until you
| update firmware. Far from 1:1 analogy...
| nunobrito wrote:
| They did even worse.
|
| New firmware upgrades made older devices slower and
| painfully unusable: https://www.techradar.com/news/apple-
| might-be-slowing-down-y...
|
| And they have plenty of experience building walls around a
| garden. Ask anyone using OSX for the past 15 years and you
| will see how difficult it has become to write or publish
| software for Apple.
| kennywinker wrote:
| Alternate description of the same information: "newer
| upgrades made older devices batteries' last longer"
|
| They did nerf speed. But they did it for a reason. I get
| being mad about your phone being slowed down, but i don't
| get being mad about it once you understand why.
| autoexec wrote:
| > They did nerf speed. But they did it for a reason.
|
| That reason was to incentivize people to replace their
| old "slow" phones with faster new phones. If Apple
| actually cared about the problem of older phones having
| limited battery life they'd have made the batteries in
| their phones replaceable.
| cap11235 wrote:
| Retard
| maverwa wrote:
| As someone who recently bought a bambu printer, I have to
| agree: I am not surprised. Still disappointed, but in no way
| surprised. The "apple experience" is why I went for a bambu
| device (along with the price, and some excellent
| recommendations from friends). I was even surpised that the
| "LAN Mode" actually works somewhat good. Should have got a
| prusa...
| 42lux wrote:
| Come on even makerbot wasn't that blatant. I believe a lot of
| us haven't seen it coming.
| LeoPanthera wrote:
| "Fell for it" implies that everyone buying a Bambu printer
| expected some degree of openness. Maybe some customers
| actually _want_ an "Apple model", where the device mostly
| looks after itself and "just works" as much as possible.
| stavros wrote:
| I bought a printer. It had some stuff. I didn't want that
| stuff to be gone after I bought it. That's a bait-and-switch,
| because they didn't explicitly say "be aware, that stuff is
| going away on Jan 2025".
| op00to wrote:
| They never officially supported compatibility with Orca, or
| Home Assistant. Vendors break compatibility with
| unsupported stuff all the time. Don't make purchase
| decisions on unsupported features if you're gonna get all
| bent out of shape about it.
| stavros wrote:
| They officially supported me printing without an Internet
| connection, which is stopping now.
| rickdeckard wrote:
| Sorry to potentially pour oil into fire here, but I'm
| curious: did they really?
|
| "Officially support" printing without internet
| connection?
|
| Was this explicitly documented as a feature or did this
| just "happen to work" as you expected?
|
| A lawsuit may have some leverage to find that something
| could have been "reasonably expected" to work in a
| certain way, but that's quite uncertain territory.
|
| i.e. I would expect an Apple Watch to also work with
| Android Devices, but this was never officially supported
| by Apple and it's arguable whether it was reasonable for
| me to even expect this.
| nullc wrote:
| Yes, "lan mode" is an officially supported advertised
| feature, where you can happily print on an isolated
| network. (though as of this morning it now sounds like
| they're backing off after public backlash)
| rickdeckard wrote:
| Interesting, this somewhat implies that outside of this
| "land mode" an Internet connection is otherwise required
| for printing
| nullc wrote:
| Yes, the default workflow on the product is that all
| prints go via their cloud service. For the first year or
| two of the X1C's existence this was the only way to
| print, but they later introduced lan mode.
|
| Leading to obvious speculation as to why they have stuck
| themselves processing megabyte g-code streams between
| your desktop and the printer on the same network...
|
| But since cloud use is optional anyone with the
| security/reliability/longevity concerns just don't have
| to use it.
|
| Personally I don't see the cloud stuff as providing any
| value at all though I know people whose kids print stuff
| from their makerworld site via their phone app that
| consider it useful.
| emiliobumachar wrote:
| My toilet doesn't officially support crapping without an
| internet connection either. I'd argue that in both cases
| it's implicit unless very explicitly disclaimed.
| op00to wrote:
| How would a toilet with no electronics require an
| internet connection?
| cap11235 wrote:
| Why does a 3d printer need internet?
| op00to wrote:
| They specifically advertise connectivity for a mobile
| app.
| op00to wrote:
| You could still print without an internet connection,
| even before Bambu's backpedaling.
| bb88 wrote:
| I don't know how I feel about this. I hear your frustration
| about this. OTOH, Bambu is a walled garden approach. I also
| know the Prusa Core 1 is going to be less open to keep the
| cheap aliexpress knock-offs at bay. This could be an issue
| with Bambu labs as well if cheap knockoffs start appearing
| using reverse engineered P1Ps with modified P1P firmware.
|
| https://hackaday.com/2024/11/20/with-core-one-prusas-open-
| so...
| junon wrote:
| Good for you. Kind of a non sequitur, though, and gaslight-ey
| at that.
| nullstyle wrote:
| no, it hasn't been their clear plan all along, and blaming
| the victims is not advocating for open source 3d printers.
| Fully open source, DIY 3d printers that are available today
| suck compared to Bambu. The commercial offerings built on top
| of Orca (I have a magneto X) suck compared to bambu.
|
| The 3d printing community just slapped down heygears for
| similar BS to what bambu is pulling right now. Once Bambu
| hire some better software devs and sort out their issues,
| open access will return, I bet.
| cap11235 wrote:
| Apologists are crazy. It's clearly shit
| nullstyle wrote:
| Its clearly shit, but you're delusional if you think I'm
| an apologist.
| nullstyle wrote:
| oh, and look, the backlash is already starting:
| https://www.youtube.com/watch?v=91kfolYkRNM
|
| I'm not saying I wouldn't love for an fully open source
| printer company to have the quality and velocity of
| development that the bambu has (AMS-compatible TPU,
| delicious), I'm saying people who are making "It's
| clearly X... You should have known Y" aren't providing
| useful perspective nor are they accurate. Looking at your
| post history shows this.
| asveikau wrote:
| I got into 3d printing a few years ago and noticed the same,
| bambu made me nervous for exactly this.
|
| But the fanboyism and shilling in the 3d printing community
| is intense. If you mentioned these misgivings you'd get
| flamed. If you bought or enjoyed another printer people would
| advise you to sell it and buy Bambu. Lots of people in
| various threads seemed to defer to that kind of expert
| advice.
|
| I think there is/was a similar fanaticism for Prusa going on,
| but it seems a little less at the forefront since Bambu.
| Gigachad wrote:
| You can print of an SD card without any special software or
| online services, the same as you can on Prusa printers. It's
| just the server/internet stuff that's locked down. Which I wish
| was open too, but it's still has fully unrestricted local
| printing functionality.
| hatsunearu wrote:
| https://www.reddit.com/r/BambuLab/comments/1i548m9/this_is_p.
| ..
|
| Looks like it's not true?
| Aaron2222 wrote:
| I _think_ that's browsing the SD card from Bambu Studio
| when the printer's set to LAN Mode, not printing from SD on
| the printer itself.
| Gigachad wrote:
| Yeah this looks to be the case. All of this change was
| prompted by the fact that malicious software was
| triggering prints over the network. So now they have
| locked it down so the printer can verify prints came from
| the actual account owner.
|
| Printing directly from SD cards via the little touch
| screen is unchanged since networked computers can't do
| that.
| hatsunearu wrote:
| I really really hope people saying this is a
| nothingburger is actually right, because I do have a P1S,
| use orcaslicer, and would like it to continue to work.
| Hoping this is just a miscommunication.
| wongarsu wrote:
| Bambu Connect is explicitly about allowing you to
| continue to use your favorite slicer. They make it less
| convenient (instead of pressing print you now have to
| save, load the file in Bambu Connect and then press
| print), but they don't prevent you from doing it.
|
| Once the update actually rolls out to the P1S obviously.
| Which may not even happen with the current backlash
| dns_snek wrote:
| > Bambu Connect is explicitly about allowing you to
| continue to use your favorite slicer.
|
| For now. They're putting themselves in the middleman
| position where they get the final say over what we can
| print on the printers that we supposedly "own".
|
| It's naive to think that they won't try to extract
| revenue from that privileged position, they wouldn't have
| spent R&D resources on it otherwise.
| madeofpalk wrote:
| I think this is pretty shitty. Not being able to print
| directly from the slicer is a big pain.
|
| Imagine if this limitation existed with Bambu's first-
| party slicer. It would obviously be considered a pretty
| big downside.
| dns_snek wrote:
| > So now they have locked it down so the printer can
| verify prints came from the actual account owner.
|
| This is inaccurate, the printer already required
| authentication using an 8 digit code. What they're trying
| to do now is verify that the print has been started using
| official Bambu software, i.e. software-only DRM.
| madeofpalk wrote:
| > All of this change was prompted by the fact that
| malicious software was triggering prints over the
| network.
|
| Was it actually? Is there a source for this?
|
| I'm not so upset about this change (it doesn't affect me,
| so far), but I'm skeptical this was a widespread problem.
| dangus wrote:
| From that link if you continue reading, commenters in the
| thread point out that LAN mode didn't even exist when the
| printer came out, and that it's more flexible now than when
| they first came out on the market.
|
| My other comment on this thread contains the rest of my
| thoughts. Overall, I think this outrage is overblown.
| mattclarkdotnet wrote:
| That makes as much sense as saying you bought an Apple laptop
| expecting it to be hackable
| i5heu wrote:
| Is this a defect under the EU law?
|
| If so one could get a refund :)
| NietTim wrote:
| > on the understanding it was reasonably hackable and open
|
| I, honestly, have no idea why you thought that. Bambulab has
| been under fire from the very beginning about not being open at
| all and not contributing back to the open source community
| they're build on.
|
| I bought one of their printers during black friday too, it took
| me a long time to get over the fact that it isn't an open
| printer, and I never want to go back to tinkering for hours to
| get meh quality prints.
| mls-pl wrote:
| And let them be closed-source as long as they give you
| ability to print without calling home or even without
| internet connection.
| btreecat wrote:
| I didn't realize that closed source means you the end user
| get to dictate how the manufacturer implements features.
| madeofpalk wrote:
| > on the understanding it was reasonably hackable and open
|
| Where did this understanding come from? I'm pretty happy with
| my Bambu printer, but I was never under any understanding that
| it was hackable, let alone open. Since the beginning I was
| slightly frustrated at the RFID fillament spools not being
| open-enough for others.
| nico wrote:
| If you are looking for alternatives, I highly recommend the
| Qidi q1 pro
|
| Despite an initial issue with the hot end (which was easy and
| fast enough to fix with help from support). I've been really
| happy with it
|
| It prints pretty much anything. Fast, reliable and very cheap
| compared to equivalent printers in the market
| ActionHank wrote:
| Voron for life
| dspillett wrote:
| _> on the understanding it was reasonably hackable and open_
|
| While this lock down doesn't seem right it is far from
| unexpected, I question the amount of research done prior to
| your Black Friday purchase (BF and well-thought-out-decisions
| often do not go hang-in-hand!)...
|
| I bought one (an A1 with the multi-material add-on) some months
| before that _in full knowledge that the company would prefer to
| funnel people into a walled garden_ because if you look
| anywhere you 'll find proponents of other makes warning that
| exactly this is possible & likely, with the "must take many
| steps to print without talking to their servers" being the key
| evidence in those warnings.
|
| Good reasons to buy a BBL machine (at least my reasoning when I
| did):
|
| * They work out of the box more so than many of the competition
| (many will say "X is better or better value, if you spend Y
| amount of time tuning" which while often correct, I wasn't
| looking to spend that time tuning), certainly more so than
| others at similar prices.
|
| * QoL features (good auto leveling, dynamic flow control) that
| weren't exactly ubiquitous on similarly priced or cheaper
| machines.
|
| * Certainly in the case of the newest A1/A1-Mini line: a
| working MMU option cheaper than you find in other ranges (some
| manufacturers have started addressing this and the out-of-box
| experience, in their product lines, 2025 could be an
| interesting year), and very easy nozzle changes (useful if you
| want to both do detailed minis (without going resin) and mostly
| larger items).
|
| * For me, the handling of the A1 issues early last year
| (quickly acknowledging a potential safety issue and publishing
| mitigation guidelines, full recall or fix-at-home options when
| it became clear the issue was more significant) was a point in
| their favour wrt after-sales giving-a-shit. Obviously not a
| point _against_ others as we don 't know how they'd react until
| it happens, of course. There are regular complaints of slow
| support response more generally, but there are for other
| printer manufacturers too and, well, pretty much all consumer
| facing industry these days.
|
| * The official documentation & videos, maintenance &
| troubleshooting guides etc, seemed to me to be more coherent
| than some other offerings (though searching for "<my problem>
| reddit" is still a thing!).
|
| Absolutely terrible reasons to buy into BBL, long before this
| storm:
|
| * Openness (software). From the get go their offering has the
| trappings of a more controlled garden than the 3D printing
| community were used to.
|
| * Openness (hardware). While there are some compatible 3rd
| party after-market parts, there isn't the able-to-build-your-
| own feel you see elsewhere with people using different extruder
| nozzles, cooling options, and so on.
|
| --------
|
| This isn't a _great_ analogy, but: BBL is an Apple (though not
| quite on price) to the rest of the 3D printing industry 's
| Linux and it only takes a small amount of information to see
| that before buying.
|
| If I upgrade (or have to replace, or just decide to get a
| second) then maybe I'll go elsewhere. I'm more confident I
| could get other others working well, manufacturers are
| addressing the points that have allowed BBL to take so much of
| the market & mindshare in a short time, but the key thing
| against BBL (not being open like much of the rest of 3D
| printing) is something I was well aware of when buying (it did
| make me think twice) so I can't be too mad about it.
|
| Now if they try stop people using 3rd party filament, like the
| traditional printing industry with ink & toner, which is far
| from impossible, _then_ I 'll feel they've conned me.
| dspillett wrote:
| An extra point that it is too late to edit in, on openness
| wrt software: unlike some companies we could all mention,
| they are playing right with the slicer software. It is
| heavily based on earlier AGPL3 licensed software and their
| work is correctly licensed also:
| https://github.com/bambulab/BambuStudio/blob/master/LICENSE
|
| There might be some question as to whether anything like the
| connectivity layer that sits between BS and the printer that
| currently isn't open, should also be AGPL. I'll leave
| discussion of how AGPL and losly linked components do/n't
| work together to people with more experience in the area...
| op00to wrote:
| "Hackable" and "open" were never advertised or officially
| supported by Bambu. It is foolish to make a purchase decision
| based on an unsupported and unadvertised feature, and while you
| can be angry that seems silly.
| dagmx wrote:
| I don't understand why you think it was hackable or open?
|
| Since the launch of the X1, it's been closed firmware and
| tightly controlled. That's always been the compromise people
| make to get one.
|
| I'd really like to understand what bait and switch you think
| has happened, and what you could do before with officially
| sanctioned methods that you can't now?
| ActionHank wrote:
| They were selling at or sometimes below the price point of
| printers that you build yourself.
|
| They're good products, and they are clearly selling at a low
| enough price point to push for market capture.
|
| The pricing, special features tied into their own AMS +
| filaments, special features tied into their own slicer. These
| all indicate that they were building towards this sort of
| behaviour.
| gamblor956 wrote:
| Bambu has never advertised their printers as hackable or open.
| Indeed, they advertise the exact opposite: that you won't need
| to do anything to it to get it to work.
|
| That people can hack the Bambu printers is a bonus.
| snapetom wrote:
| Sorry, but if you did research on Bambu's and came away with
| them being open and hackable, you didn't do enough research.
|
| I dove into 3D printing a year ago. I settled on the P1S
| because its reputation for "just working" and good for
| beginners. I wasn't interested in attaching a Pi to it, run
| Klipper on it, I wasn't interested in steep learning curves and
| choosing from a myriad of slicers. I wasn't interested in
| "calibrating more than printing" with the Enders that one
| friend warned me about. I needed it for one simple, but big
| project and it worked great.
|
| Since then I expanded to getting the enclosure, AMS, and
| messing around with Orca. The Bambu is very accomodating to
| learn and grow more and I don't regret the decision at all.
| bhhaskin wrote:
| I think people are making a big nothing burger out of this.
|
| Bambu is patching a security issue. Personally I don't want any
| device or application to send any old G-code to my printer. Like
| say command the printer to basically destroy itself.
|
| Could this lead to completely locking it down in the future? Yes.
| But they could do that anyways.
|
| I think this is a way to stop getting their pants sued off.
|
| If they really wanted to lock it down they could just make it so
| everything has to go through their servers and require files to
| be signed before being read from SD cards.
|
| But instead we really have a half ass attempt.
| myself248 wrote:
| "Security" on behalf of the user is a complete red herring. You
| can't print to my 2d printer or my 3d printer, but I can, with
| "any old device or application". Because they're on my network,
| not public on the internet.
| bhhaskin wrote:
| I disagree. These devices can easily burn down people's homes
| if given bad G-code. Then they would be sued into the dirt
| for a security whole a mile wide. Looking at the changes this
| is about liability.
| dawnerd wrote:
| How is an electron app that just adds another step solving
| the problem? They should have just secured their api
| properly instead of using security as an excuse to cut out
| third party software that will get around an inevitable
| subscription.
| bhhaskin wrote:
| Because authenticated commands removes the liability
| issue. Hacking the device vs we knowingly let anything
| send g-code.
|
| This is basically the equivalent to having passwords on a
| MySQL database or redis server.
|
| Why on earth would they add a subscription? That makes
| absolutely no sense business wise. No one would buy their
| printers, and they don't have a captured market to strong
| arm anyone.
| dawnerd wrote:
| Why would they add a subscription? Uhm print farms
| already have subscription based software. Bambu would
| just be an easier entry. They already have screenshots of
| it on their wiki.
| CamperBob2 wrote:
| If it can burn down your house with the wrong G-code,
| adding a cloud service is not the way to fix that.
| asyx wrote:
| There shouldn't be a single printer on the market that
| doesn't come with basic emergency cutoff features.
| myself248 wrote:
| And a firmware hack could burn down my house with my laser
| printer. Yet that's not possible, because neither printer
| talks outside my network, at all.
| Ccecil wrote:
| You mean like when Bambu issues a firmware update remotely
| and many printers which were sitting idle just start
| printing without being commanded by the user? [1]
|
| I personally do not want my printer connected to any
| vendor's server in any way...IMHO, there is no reason for
| it.
|
| [1] https://www.reddit.com/r/3Dprinting/comments/15sfisq/ba
| mbula...
| ipv6ipv4 wrote:
| > Bambu is patching a security issue.
|
| This isn't a security fix. As a security protocol, it wouldn't
| pass any kind of security audit. A security fix would be
| something based on a per user credential, not on obscurity.
|
| > Personally I don't want any device or application to send any
| old G-code to my printer.
|
| Username/password over TLS would do that better than what Bambu
| Lab is proposing, as an extremely simplistic example.
| mls-pl wrote:
| And LAN-only mode should work without any external
| connections yet it looks like it'll require it for
| authentication. That defeats the whole idea of LAN-only!
| Mashimo wrote:
| > Bambu is patching a security issue. Personally I don't want
| any device or application to send any old G-code to my printer.
| Like say command the printer to basically destroy itself.
|
| Why not implement some kind of open authentication? One that
| other slicers can implement.
| userbinator wrote:
| I'm not surprised that 3D printers are turning out to be as
| hostile as 2D ones. As usual these days, "security" is the
| excuse.
| goda90 wrote:
| There's so much open source software, firmware, and hardware
| out there for FDM 3D printers, I doubt they'll ever get as bad
| as regular printers. It's much more a tinkerers world than 2D
| printing ever would be.
| jopsen wrote:
| Are regular printers that bad, if buy brother?
|
| I bought a B/W laser printer and have been generally
| impressed with the lack of BS that came a long with it.
|
| It did ask for toner once, so I bought something from a
| third-party.
| DrBenCarson wrote:
| Yep laser printers are the equivalent of modern CoreXY
| printers with solid auto calibration
| Filligree wrote:
| Could you name one? Other than the X1. I think I might be
| in the market for a new printer, but I don't want to lose
| quality.
| wongarsu wrote:
| I've only made good experiences with laser printers, from
| very small ones to full-sized copy machines. Some of the
| more expensive inkjet printers are reportedly also quite
| good. You are still stuck with the usual horror show that
| is software from hardware companies, but otherwise it's not
| so bad. And the occasional paper jam, but 3d printers are
| no better in terms of reliability
|
| The bad reputation is just from HP's tactic to sell
| printers cheaper than everyone else, in more stores than
| anyone else, then make the money back with the scummiest
| tactics imaginable.
| cuu508 wrote:
| Some are good, some are bad, buyer beware.
|
| No direct experience, but I recently read[1] Brother
| HL-L3220CW counts printed pages, and refuses to print after
| a set number of pages, even if there's still toner in the
| cartridge. Some models have a way to reset the page count
| but this one apparently does not.
|
| [1] https://spicausis-
| lv.translate.goog/2025/01-brother/?_x_tr_s...
|
| (I also use a Brother B/W laser printer, got it second hand
| for almost nothing, works fine)
| debugnik wrote:
| Does the printer also refuse to print when using toners
| not part of the EcoPro subscription, though? Or is this
| just another case of people expecting their subscription
| toners/cartridges to last beyond their payment? I can't
| blame them, the marketing is sneaky about it, I just see
| it often on threads about HP.
|
| The post did mention the other toners that came with the
| printer also locked, but I think I remember reading
| elsewhere that those printers are cheaper precisely
| because they come with EcoPro-only toners in the box.
| ddingus wrote:
| I have a L2395DW and its factory cartridge just ran out!
|
| Factory setting is to stop printing. It can be changed to
| basically print anyway.
|
| That worked, delivering increasingly crappy prints until
| replacement toner cartridges arrived.
|
| Swapped one in and the machine is back to printing fine.
|
| I did buy aftermarket, cheap as I could find for
| replacement.
|
| The factory cart still had 5 percent or so, when compared
| to the new ones, of toner in it.
|
| Haven't had the sam
|
| All said and done I am pretty happy. Toner got well used,
| replacement was cheap.
| gjsman-1000 wrote:
| Admittedly, the printing system for 2D Printers _is_ a
| nightmare. Windows Secured Core PCs, for example, disable all
| 3rd party printing drivers and only support open driverless
| standards for printing like Mopria. According to people who
| have looked at it, let's just say CUPS in macOS and Linux is
| not very likely to be a paragon of security, having an RCE
| scare 3 months ago.
|
| If the printing stacks within operating systems are trash, who
| knows what horrors your network-connected printer firmware has.
| (Locking down 3rd party ink cartridges in the name of security
| - what's an ink cartridge going to do? Buffer overflow the data
| it sends to the printer? Oh wait, maybe the printer is that
| dumb and we're overthinking this, and it's more inexcusable
| than first glance suggests.)
| rustcleaner wrote:
| With 3D printing out for a while now, there's zero good reason
| IMHO that there isn't a 2D-plotter retrofit which allows
| someone to attach one or more [colored] pencils or pens. I'm
| really shocked the overpriced ink monopolies weren't attacked
| in this manner, as a young child I distinctly remember a kiosk
| in a grocery store which 'printed' messages and images on blank
| cards using colored pencils, for customer order. None of this
| is remotely new.
| krisoft wrote:
| > there's zero good reason IMHO that there isn't a 2D-plotter
| retrofit which allows someone to attach one or more [colored]
| pencils or pens
|
| This is a thing. Obviously.
|
| https://urish.medium.com/how-to-turn-your-3d-printer-
| into-a-...
|
| Only a randomly selected tutorial.
|
| > I'm really shocked the overpriced ink monopolies weren't
| attacked in this manner,
|
| Inkjet and laser printers easily print whole page 300 DPI
| raster images in seconds. Plotters need vectorial data and
| their printing speed depends on how complicated what you are
| printing. These things simply don't serve the same use case.
| You can do nice art and heart warming cards with a plotter,
| but you can't hit print on your boarding card / dhl label /
| word document and expect your plotter to give you what you
| see on your screen.
|
| > None of this is remotely new.
|
| I agree that none of this is remotely new. Plenty of people
| tinker with plotters for fun and profit. There are even pre-
| packaged consumer centric solutions where you pay the price
| of convenience with lack of freedoms. (See the similar
| debacle around the Cricut plotters.)
| bsder wrote:
| > I'm really shocked the overpriced ink monopolies weren't
| attacked in this manner
|
| Because those of us who understand mostly don't care. Those
| who know bought a Brother laser printer and got on with life.
|
| When those who understand need genuine inkjet prints, we go
| to a store that owns a printer that is several orders of
| magnitude better than we will ever need and pay them a
| pittance to get it printed.
|
| That having been said, I really do wish we had an open source
| laser printer because, at some point, Brother is going to
| pull this same bullshit.
| lucasoshiro wrote:
| Well, at least you can build a 3D printer at home. I built mine
| years ago (https://lucasoshiro.github.io/hardware-
| en/2020-06-14-3d_prin...) nowadays you can even build a better
| one.
| whatever1 wrote:
| You thought you would be able to print copies of commercial
| things in the comfort of your home? RIAA would like a word with
| you.
| mvdtnz wrote:
| Author could start with what this actually is. "An Electron App
| with Security through Obscurity principles" doesn't tell me much.
| dangus wrote:
| I personally think the outrage I've seen on this issue is
| generally not justified.
|
| In general people are just scared of change and on top of that
| are playing telephone on the details of the change, assuming the
| worst intentions from Bambu like they're trying to be the next
| HP.
|
| I have seen a lot of misinformation on this topic, and I think
| that in that sense it's a good idea to read the actual
| announcement details to get a better read on Bambu's intentions:
| https://blog.bambulab.com/firmware-update-introducing-new-au...
|
| A voice in Bambu's defense on this issue would say:
|
| 1. The new firmware isn't out, it's still in beta, and the new
| connect software is also in beta. This stuff isn't done and
| nobody has been forced to use it or even had it presented as an
| OTA update yet. The problems highlighted in this wiki page are
| very possibly problems that Bambu is aware of and intends to fix
| before release.
|
| 2. Bambu in their blog article stated that they are working on
| integration code so that third party slicers like Orca Slicer can
| more directly interface with Bambu Connect (see the FAQ section)
|
| 3. There are multiple statements on this blog page where Bambu
| acknowledges the workflow disruption and emphasizes the things
| they intend to do and do not intend to do, such as "It's
| important to note that this update is not intended to restrict
| third-party software use. In fact, we've actively collaborated
| with third-party print farm management software providers in the
| past and continue to support such partnerships. To further
| improve the user experience, we are introducing a new software
| solution that will address these limitations and enhance overall
| print farm management capabilities."
|
| 4. People who don't run huge print farms don't seem to be
| impacted by this. Remember that Bambu claims to be a consumer
| tech company, right there in the "About Us" section. They are
| trying to make printers that are easy to use and require minimal
| tinkering. For a normal person, sending a slice file from Orca
| Slicer to a separate app (adding literally one step) is not a big
| deal, you're doing that once per print in a world where typical
| prints take hours to complete. And with that in mind, Bambu is
| still saying they intend to provide an integration solution to
| Orca Slicer in the future to streamline that process.
|
| Whether not the software design is a good architecture is an
| entirely different issue, and as a beta product I'm not sure we
| can judge that quite yet. Perhaps they should have hardened their
| network API more rather than introducing a new app? Perhaps they
| shouldn't have announced this so publicly before they had a
| solution for third-party integrations ready?
| hatsunearu wrote:
| I mean a reasonable ask would be why can't they push this off
| until all of that is taken care of?
| dangus wrote:
| I think to be fair to them that's literally what they're
| doing? They're just announcing it ahead of time while it's in
| beta so we all know about it.
|
| "Starting January 17th, users will have access to the beta
| firmware"
|
| "Launching first for X Series printers, with P and A Series
| updates planned for future release"
| Szpadel wrote:
| well, it's they really meant improving security they didn't do
| great job, as you can see people broke this security in a day
|
| blocking printing from sdcard in Lan mode basically deny any
| claims that this change was poorly communicated improvement
| dangus wrote:
| They broke the security of a beta product. That's why it's
| beta and not a released product.
|
| LAN mode didn't exist when this product was first sold, and
| it was never implemented through the SD card. It was meant to
| be used through Bambu Studio over your local network.
|
| "Not implemented/not yet implemented" != "blocked"
|
| Someone who bought a Bambu Lab printer early on actually has
| more ability to use it without a cloud service now than they
| did when the product was new. Just about everyone who owns a
| Bambu Lab printer already signed up for a cloud-connected
| printer.
|
| https://wiki.bambulab.com/en/p1/manual/p1p-firmware-
| release-...
| Spunkie wrote:
| Their "update" is a bunch of hand wavy corporate PR bullshit.
|
| Their idea of "working with" the people impacted by this change
| is just give them a couple of days notice that they are about
| to be fucked over.
|
| Also the whole "it's just a beta" is such a stupid point I
| don't even want to respond to it. Truly idiotic.
|
| They are positioning themselves to build a proper walled
| garden.
|
| That entire blog post could be sumed up as "We know we are
| doing a shit thing but We. Don't. Care. So it would be great if
| y'all could just shut up about it until it's more ready."
| dangus wrote:
| What do you mean "a couple days notice?" A couple days notice
| for optional beta firmware availability for only one model
| with other models having completely undefined release dates.
| This supposed "short notice" is factually inaccurate.
|
| You can read the blog post that way if you want and insinuate
| the most negative possible interpretation, but I'm just going
| through why I choose not to do that.
|
| For one thing, I'm failing to see how this supposed "walled
| garden" is going to magically materialize and benefit them
| financially. The best answer I get from all the alarmed
| people surrounding this subject is that they'll want to
| charge monthly fees for premium features in the software,
| especially to print farm owners.
|
| But they don't operate in a competitive vacuum and that would
| instantly shift users to their competition. Print farm users
| pay off their equipment very quickly. I've seen cost
| breakdowns done by actual print farm operators online and the
| initial and ongoing machine cost is essentially the smallest
| part of the cost of doing business. Print farmers would
| pretty much switch away to other brands instantly if Bambu
| started charging fees for print farm scale.
|
| If they charge even a Netflix-like fee of someting like
| $20/month, that essentially pays for a $1000 Prusa printer
| minus the cost of a Bambu printer in only 3 years. They have
| no room to charge monthly fees against comptetition.
| hamandcheese wrote:
| Does anyone know what this key is actually used for, and what it
| enables?
| onemoresoop wrote:
| I got an A1 mini about a month ago and so far it's been decent as
| a beginners printer. I transfer models to the printer via the
| microSD card and refused to install their networking software on
| my machine because I don't trust it's safe enough. Im also very
| reluctant to get updates whenever they're pushed. Maybe im
| spooked by past bricked devices so I keep all my devices dumb and
| offline as much as I can.
| franga2000 wrote:
| I was very against Bambu in the beginning for their lack of
| proper network (not cloud!) support. Then they added LAN mode and
| I actually considered getting one. Luckily I was lazy and never
| got around to it. What the fuck Bambu?? Security, really? Not
| even HP dares to make that excuse...
| moooo99 wrote:
| I mean, I technically see why authentication may be something
| they want to consider, especially for the less technically
| inclined users that Bambu is very obviously targeting.
|
| However, this can be easily achieved without bricking every
| single third party integration. That should simple be a toggle
| in the settings that works entirely local
| iamsaitam wrote:
| HP just straight locks you out of your printer unless you pay
| ransom every month..
| JoshTriplett wrote:
| All HP printers still give you the option of paying full
| price for ink cartridges and owning the printer. The rental
| model is one they try very hard to steer you into, with lots
| of dark patterns, but you can still use HP printers with no
| account and no subscription ink model.
| jdietrich wrote:
| Bambu Lab have been quite explicit about this. Their consumer-
| grade printers rely on a cloud service; for people who want or
| need printing over a private LAN, they offer the X1E.
|
| https://store.bambulab.com/products/x1e
| nullc wrote:
| That hasn't been true for years, the regular X1C has an
| officially supported lan mode and works fine without any of
| the cloud stuff. (I believe the smaller ones do too, but I
| haven't used them so I can't speak to them).
| flutas wrote:
| Yup, P1S does as well. Well, did.
| ChrisArchitect wrote:
| > _Bambu Lab is a Chinese tech company that designs and
| manufactures 3D printers_
|
| https://en.wikipedia.org/wiki/Bambu_Lab
| wongarsu wrote:
| They disrupted the 3d printer market with printers that just
| work out-of-the-box at at price points where you typically only
| get enthusiast products that require a lot of tinkering.
|
| A lot of their business model is seemingly based on making
| long-term sales from consumables. Their solution for multi-
| color printing is more convenient to use with filament sold by
| them because they embed information about the filament on
| proprietary RFID tags.
|
| A couple days ago they announced locking down the API for their
| most expensive line of printers, locking most API calls to only
| their own software because of "security". Users are obviously
| upset.
|
| Rumours for the reasons range from protecting themselves from
| user mods that replicate the RFID functionality on any filament
| by configuring the printer via API calls, to Bambu Labs wanting
| to launch some kind of subscription service for print farms.
| imtringued wrote:
| Bambu Lab filament pricing is very similar to Sunlu pricing
| if you purchase the same minimum quantities as Sunlu, but
| Bambu Lab has a wider variety of filament that people
| actually want. The only thing that really helps them make
| more money is wasteful multi-color printing.
| hn8726 wrote:
| Reportedly it's Sunlu who's supplying filament for Bambu.
| But Bambu's version still has RFID tags which make it much
| easier to work with multicolor.
|
| > The only thing that really helps them make more money is
| wasteful multi-color printing.
|
| They're slow to make improvements in this area, but they
| recently introduced some options to reduce the waste, like
| longer retraction before the color change. Plus as a user
| you can reduce the waste further by tuning flushing
| amounts, and you're left with the waste inherent to single-
| extruder multicolor printing.
|
| Overall yes multicolor can be wasteful, but to me it's
| impressive that it exists in the first place
| ThouYS wrote:
| I wish Prusa weren't asleep at the wheel, then we would have
| bought a core one (that is, the hypothetical variant with large
| build volume and same quality as bambulab).
|
| Instead, we bought a P1S, which is, technically speaking, a
| fantastic machine.
| teruakohatu wrote:
| Not really asleep at the wheel. More like they invented the
| wheel, produced the open source slicer (a fork of the original
| slicer but vastly improved), which was then used by Bambu who
| could manufacture a printer for less in China rather than in
| the EU.
|
| Prusa themselves run 600 printers. They are commercial grade.
| If I was using a printer for commercial design or prototyping I
| would go with Prusa. Not only because I would prefer my designs
| were not sent overseas by an always cloud connected printer.
| Netcob wrote:
| I got my first 3d printer, an MK3S+ a year ago. Pretty late
| in its lifecycle, but I wanted to spend more time printing
| than fixing issues.
|
| And it definitely worked! I got the kit and built it within
| 10h or so (very enjoyable time actually, like building LEGO
| as a kid) and have printed lots of stuff ever since. During
| that entire year I only had a clogged extruder one time and
| had to take that apart a bit. Any other issues I've had were
| either due to bad filaments or my own errors (not taking long
| overhangs or low adhesion seriously while slicing).
|
| And all this time I have been using it completely offline
| with OctoPrint on an RPi.
| the_mitsuhiko wrote:
| > which was then used by Bambu who could manufacture a
| printer for less in China rather than in the EU.
|
| I'm not at all convinced that Prusa's main issue is the cost.
| Yes, cost is a huge part of it, but the other one is also
| just usability. When the X1C launched and later the A1, there
| was a huge difference in usability between what Prusa and
| Bambu had. Prusa is catching up and that is good. But they
| will have to do more on that front still, and the higher cost
| is less of a concern. It becomes a problem when the more
| expensive printer is worse too.
| bborud wrote:
| I ThouYS may have a point. It seems to me that Prusa were
| tempted to go after the prosumer/pro market and invested a
| lot of time and engineering horsepower into higher spec
| machines (Prusa XL, HT90) and resin printers (SL1S).
|
| A lot of 3D printer companies have tried to go this route. It
| is not a strategy that tends to succeed.
|
| I don't know their sales numbers, but I would be willing to
| bet that the ROI on those printers is nowhere near their
| bread-and-butter, high volume, mass market models.
|
| I think their priority should have been to build something
| like the Core One (a P1S killer) rather than these expensive
| and risky forays into pro/prosumer land. The Core one is,
| realistically speaking, at least 24 months late to market.
| This was avoidable.
|
| Everyone who operates a 3D printing farm, and who isn't a
| complete muppet, knows that closed down products like those
| of Bambu Labs are risky. Both because some 3D printer
| manufacturers kind of have a history of being dickish, and
| because the big boys are coming after Bambu labs with their
| patent lawsuits and whatnot. There are clear risks in dealing
| with companies like Bambu.
|
| Dealing with Prusa involves significantly less risk. This
| reduced risk has value. You can charge a bit more for Prusa
| products due to the reputation of the company.
|
| Most people I know who own 3D printers would rather have done
| business with Prusa. But Prusa only had the MK4 on offer and
| were burning cash on, let's be frank, irrelevant vanity
| projects.
|
| Yes, Prusa were very much asleep at the wheel. Or at least,
| they had some strategic lapses in judgement. Let's hope they
| understand their customer base better now. I'd be happy to be
| a bit patient with them if it means we can get something that
| performs like Bambu printers, but from Prusa.
|
| I'll even be willing to pay perhaps as much as 20% more just
| because I trust Prusa more than Bambu.
| esskay wrote:
| Thing is even with the core one finally releasing...its not
| a compelling product.
|
| It costs more than the P1S - which lets fact it, thats what
| it should be compared to, not the X1C as the Core one
| doesn't have the stronger nozzle, nor any features that
| would make it a 'pro' level product.
|
| They also still dont have an answer to the AMS, which is a
| big selling point for the Bambu's. The MMU3 may be better
| than the previous one but its just like putting lipstick on
| a pig - it's a mess, with tubes all over the place, spools
| dotted around, and then you've got to constantly babysit it
| and tune it.
|
| Side by side the P1S with an AMS is still significantly
| cheaper and from a marketing perspective a much more
| visually pleasing offering.
|
| Also worth mentioning that whilst the core one is about to
| come out, the MMU isnt actually even supported yet, and
| theres no timeline for when it will be.
|
| Prusa are so far behind at this point and really shouldn't
| be. Chances are the core one is going to come out and just
| like the XL and MK4 will be extremely buggy for a good 6
| months. How people still accept this is bonkers.
| CarVac wrote:
| > not the X1C as the Core one doesn't have the stronger
| nozzle
|
| Swapping nozzles makes the machine worth double?
| animex wrote:
| Wow, so the actual content is also sent to the cloud? Not
| just authentication/metadata? Massive overreach. Imagine a
| inkjet/laser printer company sending every page you printed
| to their servers? (actually I wouldn't be surprised if HP
| does this already)
| KennyBlanken wrote:
| > Unpacking app.asar without fixing it first will result in an
| encrypted main.js file and 100 GB of decoy files generated, don't
| try it.
|
| I know it's not _exactly_ a zip bomb, but it 's kinda close, and
| goddamn, that's obnoxious.
| mikelovenotwar wrote:
| Commentary on the situation from Louis Rossmann
| https://www.youtube.com/watch?v=aIyaDD8onIE
| dgrabla wrote:
| I have Bambu, Qidi and Creality printers. Qidi is a good
| compromise between open and 'print-quality-out-of-the-box'. My Q1
| pro is easy to hack, but I have not done anything to it because
| it prints pretty much as well as Bambu.
| MezzoDelCammin wrote:
| I'm kinda curious what will this lockdown do to the efforts to
| replace their controller and/or firmware with something more
| open. Something like [1]
|
| It's nice to have a private key to their cloud authentication,
| but ultimately it's the printers firmware that's the issue. While
| Bambu owns and updates that, they can change the keys basically
| anytime they decide that they had enough of the alternative Bambu
| Connect servers that people will inevitably create with the
| current keys.
|
| [1] https://github.com/ChazLayyd/Bambu-Lab-Klipper-Conversion
| xyst wrote:
| I'm not familiar with the 3D printing space, but seems like this
| reverse engineering was inspired by the companies move to clamp
| down on security of these devices. [1]
|
| From what I understand, this new auth system would make third
| party integrations (ie, "OrcaSlicer") obsolete and users would be
| limited to controlling the device via Bambu Connect. This update
| impacts users who control the device via HomeAssistant and "print
| farm management" users. I guess first party support for users
| with fleets of these printers is dogshit, thus the need for third
| party software.
|
| Seems after 3 days of community feedback/outrage, the company is
| backtracking on the Bambu Connect only route. Instead offering a
| "Developer Mode" option in firmware which on the surface seems to
| be what the impacted users need. [2]
|
| > In response, we've made the decision to implement an optional
| LAN mode feature, to provide advanced users with more control and
| flexibility.
|
| > Standard Mode (Default): By default, LAN mode will include an
| authorization process that ensures robust security
|
| > Developer Mode (Optional): For advanced users of the X1, P1,
| A1, and A1 Mini who prefer full control over their network
| security, an option will be available to leave the MQTT channel,
| live stream, and FTP open. This feature must be manually enabled
| on the printer, and users who select this option will assume full
| responsibility for securing their local network environment.
| Please note that Bambu Lab will not be able to provide customer
| support for this mode, as the communication protocols are not
| officially supported.
|
| Seems this resolves the community concerns. Or am I missing
| something?
|
| [1] https://blog.bambulab.com/firmware-update-introducing-new-
| au...
|
| [2] https://blog.bambulab.com/updates-and-third-party-
| integratio...
| modderation wrote:
| That's a useful step, but the options are still Full Cloud
| Dependency or DIY with Zero Security.
|
| Why haven't they implemented rudimentary access control with
| printer-side Basic Auth (or the equivalents auth for MQTT and
| FTP). Add optional SSL support to prevent tampering/MITM on a
| potentially hostile network, and the unauthenticated access
| concerns listed in [1] should disappear.
|
| Any problems related to potentially damaging instructions
| should be best-effort mitigated by the firmware and otherwise
| indemnified by a "your own fault for using a third-party
| slicer" clause in the EULA.
|
| Bambu Labs shouldn't need to be in the
| authentication/authorization path, unless we're actively using
| their cloud environment.
| asah wrote:
| Their response:
|
| https://blog.bambulab.com/updates-and-third-party-integratio...
| hn8726 wrote:
| Honestly, the response is not that great. Right off the bat
| they're just going on the defensive, enumerating "false claims"
| that printer will require subscription etc. But the concern
| wasn't that Bambu _will_ do that, but that they _could_ do
| that, and generally that inserting Bambu's infrastructure as a
| mandatory step in the printing pipeline is _not great_.
|
| Then, the first point in their `truth about the update`
| section:
|
| > This is NOT about limiting third-party software. We're
| creating Bambu Connect specifically to ensure continued third-
| party integration while enhancing security. We're actively
| working with developers like Orca Slicer to implement this
| integration.
|
| The `we're actively working` with Orca was already addressed by
| the OrcaSlicer developer [0]
|
| > Bambu informed me of this change two days before their
| announcement.
|
| and Bambu's idea of "working with" is helping to implement
| redirect from Orca to their own software that would actually
| start the print. Seems like limiting third-party software to
| me.
|
| > This is beta testing, not a forced update. The choice is
| yours.
|
| This is bizarre, surely beta firmware is intended to be release
| firmware at some point? If anything, the community outrage
| proved beta track to work as intended.
|
| > About Panda Touch. We reached out to BTT as soon as we became
| aware of their product. We warned them that using exploited
| MQTT protocols...
|
| Also addressed by BQ in [1], tl;dr they tried to work with
| Bambu but didn't get much response, only a warning that the
| MQTT might stop working in a future update. So technically
| Bambu _reached out_, but only to say "don't improve our
| product". In the end, Bambu is screwing over their customers
| more than BQ
|
| Further down they still go and defend their decision
|
| > When using third-party slicing software like Orca Slicer, the
| difference in users experience is not much.
|
| and proceed to demonstrate that Orca Slicer will _easily_ open
| the new app which will be able to start the printing. Which is
| exactly what the community complained about, and doesn't
| address things like missing Linux support.
|
| Finally, they're presenting a diagram showing how the new flow
| looks like. Except the diagram is missing any details about
| what the new software does -- it doesn't show how, when and why
| the new software communicates with the cloud.
|
| For someone with even cursory understanding of security, the
| changes just don't make much sense, and Bambu is not doing much
| to explain the security protocols they're trying to implement.
| For all I know they just slapped a private certificate
| somewhere in the Bambu Connect app and started signing requests
| to the printer, which doesn't improve security at all if the
| private key is already public
|
| [0]
| https://github.com/SoftFever/OrcaSlicer/issues/8063#issuecom...
|
| [1]
| https://old.reddit.com/r/BIGTREETECH/comments/1i5lzzf/latest...
| elcapitan wrote:
| As a precaution, I've blocked my A1 mini from Internet access on
| the router, and will not apply any firmware updates anymore. I
| will also not update Bambu Studio anymore (or completely switch
| to Orcaslicer). I was already using LAN mode exclusively.
|
| Kind of annoying, but I'm not desperately waiting for Firmware
| updates, everything works fine so far.
| 05 wrote:
| RMS was right
| shul wrote:
| Bambu sent out a clarification in their blog, you should read it
| broadsidepicnic wrote:
| no need linking it, tho
| blutack wrote:
| I'm interested what others think of their existing design and
| whether there are any fundamental security issues that will be
| resolved by their proposed change.
|
| They are proposing requiring a secret signed certificate to carry
| out any actions beyond monitoring for both the cloud and local
| (on printer) MQTT servers. These certificates would be issued at
| the discretion of Bambu by their CSR, currently only for "Bambu
| Studio" their slicer, Bambu Handy (their mobile app) and "Bambu
| Connect" which will enable upload G-Code generated by third party
| slicer (a workaround for existing functionality being removed).
| This "secret" certificate has already been extracted from the
| Bambu Connect application as per the article as their new
| security model requires embedded this certificate into desktop
| applications.
|
| The current design:
|
| https://github.com/Doridian/OpenBambuAPI/blob/main/mqtt.md
|
| Connecting to their cloud MQTT requires a username and token
| already. These details are obtained via a HTTPS request to their
| login server using your bambu account (which requires a valid
| email & possibly captcha) to obtain a token. The cloud MQTT is
| TLS secured, although this is just to encrypt the traffic (aka
| HTTPS), it is not mutual authentication.
|
| Connecting to the MQTT server hosted on the printer (aka LAN
| mode) requires a fixed username and a local access token (a
| random 8 digit number). This can be found via the physical
| display of the printer in a menu (or apparently cloud MQTT!?).
| This access token can be refreshed via a menu option again
| physically at the printer. To be clear, this token only allows to
| you connect directly to the local MQTT server running on the IP
| address of the printer, so in most environments this should only
| be the local network. This is also the password for the FTP
| server that can be used to upload/download sliced 3mf/gcode
| files.
|
| Personally - this design seems ok to me? With an MQTT service
| properly configured to isolate user accounts from each other,
| this is a pattern widely deployed for embedded devices (Azure
| IoT, AWS IoT etc).
|
| I don't see how the "DDOS" related issues they are claiming would
| be related to this specific design. If the issue is in the login
| server - well, that's prior to authentication anyway so nothing
| they are doing here will fix that.
|
| If it's problems with your cloud MQTT service not being properly
| isolated - maybe fix that? If the DDOS is at L2, auth isn't going
| to help. You require logins tied to an email, you can block
| clients that misbehave once they are logged in.
|
| Nobody is brute forcing the local MQTT server via XSS or
| something, because JS doesn't allow for raw TCP connections. Are
| they concerned about malicious software already on the network?
| Then rate limiting on the printer side or switch to a random
| length alphanum LAN token to increase keyspace.
|
| I'm curious what more qualified people think, I cannot see any
| justications for their proposed design improving security. So
| either;
|
| a) They've decided they are incapable of properly securing their
| MQTT cloud stuff and instead of fixing that just want to assume
| every client connected to their cloud MQTT servers is fully
| trusted. I'm sure that'll work great. Doesn't justify adding this
| to the local MQTT servers on the printers - if anything that
| reduces security, as to roll certificates you now have a long
| tail of printer firmware updates.
|
| b) It's not about security
| vanillax wrote:
| This is all nonsense. I just got a a1, and its my first 3d
| printer. I dont have any expertise. Ive been able to use the
| Bambu App and Maker world and basically control+P. Ive print
| about 10 things so far in the first week. I dont see why people
| are mad. They made the apple of printers. It just works(tm). I
| dont need anything else. People just get so upset over nothing.
| nirav72 wrote:
| I've been on the fence about purchasing a Bambu. But given the
| amount of time I've spent over the past few years having to tweak
| my ender 3 V2 and CR-10- I was leaning towards finally splurging
| on a X1C.
|
| Question to those more familiar with the bambu software ecosystem
| - do these recent changes to authentication require a constant
| online connection to print anything from a machine on the LAN?
| I'm assuming printing via microSD will still be possible?
| d1str0 wrote:
| I'm not familiar with Bambu, I'm a Prusa user, but if I had to
| guess you would always be able to print via microSD. It would
| be wildly unpopular to disable local printing.
| mmorriso wrote:
| Currently, LAN mode and local SD card printing does not require
| an internet connection. I have my printer in a bottom of the
| yard bungalow, without internet, and it works fine.
| jchw wrote:
| I bought a Bambu Lab printer recently, and made the decision that
| if I _did_ connect it to LAN, I 'd make damn sure that it did not
| have an Internet connection, even though there is a LAN mode
| toggle in the firmware it shipped with. Although I am definitely
| paranoid about Internet-of-Shit bait'n'switch techniques, at the
| time I was mostly thinking in terms of geopolitical bullshit
| rather than capitalistic shenanigans. No particular reason to
| distrust Bambu Lab themselves at the time, at least more than any
| other company.
|
| Obviously, hingsight is 20:20, but it's just a reminder: your
| cynicism _is_ warranted. Don 't trust anyone any more than you
| absolutely have to.
| DoctorOetker wrote:
| according to [0] the ipcam is logging video even when the camera
| is disabled.
|
| I suggest we collectively print Tiananmen Square Tank Man scenes.
|
| [0]
| https://www.reddit.com/r/BambuLab/comments/1i548m9/comment/m...
___________________________________________________________________
(page generated 2025-01-20 23:01 UTC)