Here’s what Bambu will — and won’t — promise after its controversial 3D printer update

Spread the love

Bambu Lab, the company behind my favorite 3D printers, has given itself a hell of a week. Now, I have answers to some of my burning questions, answers that I hope you’ll appreciate too. But first, some backstory.

Since last Thursday, some creators have vowed not to buy Bambu printers anymore, even removing some of their 3D models from their online inventory, after the company… It revealed that it will add a new private authentication mechanism This may prevent you from using external tools to control the printer remotely.

While you can still paste a file onto an SD card and physically put it in your printer or use Bambu’s cloud, the old method of printing remotely from a third-party slicer won’t exist — unless you download the new Bambu Connect desktop app ” for Windows and Mac to act as an intermediary between the slicer and Bambu devices.

“Unauthorized third-party software will be prevented from performing critical operations” – Bamboo

While Bamboo was clear early on that this was going to be great My choice The update, which you can simply choose not to install, is also marked by the company as a necessary One for securing printers against remote hacks. Some owners immediately saw this as a potential bridge Activationbut.

They note how Bambu printers can already detect if you’re using an official filament roll and imagine a future where Bambu can prevent you from using third-party filament at all. They note how it appears that Bambu is already planning to offer a subscription service for its print farm software, which is a service as well Requires regular cloud activations She imagined a future where Bambu’s printer would stop working if she didn’t pay up.

Bamboo dismissed these concerns and many others In a later blog post titled “Putting the record straight.”explained that its new tool doesn’t require Internet access or a user account — and it also backed down quite a bit, pledging to offer an at-your-own-risk “developer mode” that maintains local access to your printer without any new proprietary authentication at all. Unfortunately, This situation may also disable your ability to access the printer via the cloud.

Meanwhile, Bamboo didn’t do himself any favors Prevent people from using the Wayback Machine to scrutinize its changed statements, by allegedly censoring criticism of the company on its subreddit, and by claiming that the Orca Slicer developer was working with Bambu to seamlessly continue printing directly from the popular third-party slicer when they They haven’t actually pledged their support.

See also  The best Xbox controllers: Microsoft, Scuf, PowerA, and more

It also didn’t help confidence that Bambu’s security around its new Bambu Connect app is such that hackers She has already extracted her private key and authentication certificateOr users have discovered that Bambu gives itself the right to block new print jobs until the printer finishes automatically downloading firmware updates In its terms of use.

Anyway, I think the real question here is: We are These changes are a starting point for more revitalization, or at least more of a walled garden, or not?

Here are the questions I sent to Bamboo and the answers I got via spokesperson Nadia Yaqoubi:

1) Will Bambu publicly commit to never requiring a subscription to control and print from its printers over a home network?

For our current product line, yes. We’ll never require a subscription to control or print from our printers over your home network. However, there may be specific business scenarios in the future that require exceptions, for example, a 3D vending machine, but they apply to completely different applications and customer needs. If this production line is introduced, we will inform you clearly before launching it.

1c) Will Bambu publicly commit to never putting any of its current printer functionality behind a subscription?

2) Will Bamboo publicly commit to not restricting the use of third party threads in any way, shape or form?

For our current product line, yes. We have no plans to restrict the use of third party threads in any way.

3) Will Bambu publicly commit to never monitoring files and printouts transferred between users and their printers over the home network?

Let’s be clear about how this works:

  • LAN Mode: Nothing is transmitted through our servers.
  • Cloud Mode: Users control their privacy with “Incognito Printing.” When enabled, no printing history is recorded, and files are not stored in the cloud.
  • Cloud features: For features like reprint, files are temporarily stored in the cloud to allow users to access their print history. Under no circumstances do we consider the printed file/form without the express consent of our clients.
See also  Weight loss drugs like Ozempic are all over the news. Here's what I'm reading to keep up as a health reporter.

Bambu has also agreed to add a new developer mode. Some users are concerned that the move is only temporary and that Bambu could simply remove developer mode and claim that it represents a significant security risk or say that not enough users have chosen to use it to justify keeping it.

4) Will Bambu publicly commit to permanently keeping developer mode with native MQTT, streaming, and FTP and never removing it in any future update or shipping batch for the X1, P1, A1, and A1 Mini?

Yes. However, if a serious security issue arises in the future, we may need to make adjustments to address it. Users can always choose whether they want to update the printer firmware or not.

5) Will Bambu publicly commit to offering and keeping native developer mode available on any future printers it releases?

We cannot commit to features for future printers that do not exist. However, we will clearly communicate all relevant details before customers make their purchasing decisions.

6) Will Bambu publicly commit to making its current and future printers permanently controllable remotely via LAN without the need for a user account or Internet access?

For current models: Yes. For future products, while we aim to retain this functionality, we believe that sticking to a specific technical approach indefinitely is not responsible. However, we will clearly communicate all relevant details before customers make their purchasing decisions.

Bambu has announced that Bambu Connect will integrate with third-party slicers like Orca, but some users are confused as to why an app like Bambu Connect is needed at all when you can instead add more secure authentication to the printer itself, with standard industry practices like The printer generates a secure token/API key instead of creating a special intermediary authentication application.

7) Has Bamboo considered and rejected interoperable ways to secure its printers, such as tokens?

7b) Will Bambu commit to changing its authentication system to an interoperable system? If Bamboo rejects secure, interoperable authentication systems, why?

If software communicates and interacts with our cloud system, it is reasonable for us to have a say in how it operates. As highlighted In our blog postUnauthorized third-party software has created ongoing challenges to the stability of our cloud services and devices for a long time.

See also  Snap says New Mexico intentionally friended alleged child predators, then blamed the company

Although we trust that most developers act with good intentions, users are often unaware of the hidden complexities within these programs and their security requirements. This lack of transparency for all software makes secure, interoperable authentication systems insufficient to fully solve these problems. Our goal is to protect the entire Bambu Lab product ecosystem, providing every user with confidence that our products are secure, easy to use, and free from concerns about complex network configurations. With the changes made, we are one step closer to integrating third-party access in a secure way.

8) Is it true that the developer of Orca Slicer was not actually working with Bambu on the integration and that Bambu announced his involvement without approval?

We have been in ongoing discussions with SoftFever, the developer of the Orca Slicer, since January 14th regarding a firmware update and potential integration into the new version. “Working with” can be ambiguous. To clarify further, messages were exchanged, files were sent, and receipt was confirmed, indicating that they would be reviewed.

9) Will Panda Touch And similar extensions continue to work under developer mode?

We guarantee to keep the port/channel open, but implementations are left to third-party developers.

9b) Does Bamboo answer that company’s questions?

Since release, we have received numerous inquiries from third-party software developers, including BigTreeTech, via devpartners@bambulab.com. We are currently finalizing our response. It should be noted that we have warned third-party developers in the Blog post From March 2024: “If you are developing a device that controls the entire printer, including heating elements and motion systems, please do not expect long-term support unless it has been previously approved by us. This is especially true for for-profit organizations.”

10) Will you allow users to revert to old firmware, for reasons such as if they accidentally upgraded without understanding the limitations?

Yes. Firmware rollback has been available and will always be available.

11) Would a private key leak change any of your plans?

No, this does not change our plans, and we have taken immediate action.

Source link