I am angry at the bait-and-switch Bambu is pulling. I bought one of their printers in the Black Friday sale on the understanding it was reasonably hackable and open. Now they're trying to lock it down so I can't print on my own printer without using their approved software and DRM chain. It's outrageous.
bait-and-switch? We, those who advocate for open source 3D printers, saw it coming from miles away. This has very very clearly been their plan all along, they themselves said as much (e.g. they are doing the "apple model"). They have been very transparent about this, yet people still fell for it.
I bought a printer. It had some stuff. I didn't want that stuff to be gone after I bought it. That's a bait-and-switch, because they didn't explicitly say "be aware, that stuff is going away on Jan 2025".
Open source didn't compete on quality for price. I could pay 2k plus 40 hours of my time for a Voron or buy something that just works. I think Prusa only put out their CoreXY offering after they realized Bambu was eating their lunch. The Apple model works because people want to print rather than tinker.
"Fell for it" implies that everyone buying a Bambu printer expected some degree of openness. Maybe some customers actually want an "Apple model", where the device mostly looks after itself and "just works" as much as possible.
I got into 3d printing a few years ago and noticed the same, bambu made me nervous for exactly this.
But the fanboyism and shilling in the 3d printing community is intense. If you mentioned these misgivings you'd get flamed. If you bought or enjoyed another printer people would advise you to sell it and buy Bambu. Lots of people in various threads seemed to defer to that kind of expert advice.
I think there is/was a similar fanaticism for Prusa going on, but it seems a little less at the forefront since Bambu.
As someone who recently bought a bambu printer, I have to agree: I am not surprised. Still disappointed, but in no way surprised.
The "apple experience" is why I went for a bambu device (along with the price, and some excellent recommendations from friends). I was even surpised that the "LAN Mode" actually works somewhat good.
Should have got a prusa...
no, it hasn't been their clear plan all along, and blaming the victims is not advocating for open source 3d printers. Fully open source, DIY 3d printers that are available today suck compared to Bambu. The commercial offerings built on top of Orca (I have a magneto X) suck compared to bambu.
The 3d printing community just slapped down heygears for similar BS to what bambu is pulling right now. Once Bambu hire some better software devs and sort out their issues, open access will return, I bet.
I don’t understand why you think it was hackable or open?
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
You can print of an SD card without any special software or online services, the same as you can on Prusa printers. It's just the server/internet stuff that's locked down. Which I wish was open too, but it's still has fully unrestricted local printing functionality.
“Hackable” and “open” were never advertised or officially supported by Bambu. It is foolish to make a purchase decision based on an unsupported and unadvertised feature, and while you can be angry that seems silly.
> on the understanding it was reasonably hackable and open
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
> on the understanding it was reasonably hackable and open
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
They were selling at or sometimes below the price point of printers that you build yourself.
They're good products, and they are clearly selling at a low enough price point to push for market capture.
The pricing, special features tied into their own AMS + filaments, special features tied into their own slicer. These all indicate that they were building towards this sort of behaviour.
Sorry, but if you did research on Bambu's and came away with them being open and hackable, you didn't do enough research.
I dove into 3D printing a year ago. I settled on the P1S because its reputation for "just working" and good for beginners. I wasn't interested in attaching a Pi to it, run Klipper on it, I wasn't interested in steep learning curves and choosing from a myriad of slicers. I wasn't interested in "calibrating more than printing" with the Enders that one friend warned me about. I needed it for one simple, but big project and it worked great.
Since then I expanded to getting the enclosure, AMS, and messing around with Orca. The Bambu is very accomodating to learn and grow more and I don't regret the decision at all.
Bambu has never advertised their printers as hackable or open. Indeed, they advertise the exact opposite: that you won't need to do anything to it to get it to work.
That people can hack the Bambu printers is a bonus.
> on the understanding it was reasonably hackable and open
While this lock down doesn't seem right it is far from unexpected, I question the amount of research done prior to your Black Friday purchase (BF and well-thought-out-decisions often do not go hang-in-hand!)…
I bought one (an A1 with the multi-material add-on) some months before that in full knowledge that the company would prefer to funnel people into a walled garden because if you look anywhere you'll find proponents of other makes warning that exactly this is possible & likely, with the "must take many steps to print without talking to their servers" being the key evidence in those warnings.
Good reasons to buy a BBL machine (at least my reasoning when I did):
* They work out of the box more so than many of the competition (many will say "X is better or better value, if you spend Y amount of time tuning" which while often correct, I wasn't looking to spend that time tuning), certainly more so than others at similar prices.
* QoL features (good auto leveling, dynamic flow control) that weren't exactly ubiquitous on similarly priced or cheaper machines.
* Certainly in the case of the newest A1/A1-Mini line: a working MMU option cheaper than you find in other ranges (some manufacturers have started addressing this and the out-of-box experience, in their product lines, 2025 could be an interesting year), and very easy nozzle changes (useful if you want to both do detailed minis (without going resin) and mostly larger items).
* For me, the handling of the A1 issues early last year (quickly acknowledging a potential safety issue and publishing mitigation guidelines, full recall or fix-at-home options when it became clear the issue was more significant) was a point in their favour wrt after-sales giving-a-shit. Obviously not a point against others as we don't know how they'd react until it happens, of course. There are regular complaints of slow support response more generally, but there are for other printer manufacturers too and, well, pretty much all consumer facing industry these days.
* The official documentation & videos, maintenance & troubleshooting guides etc, seemed to me to be more coherent than some other offerings (though searching for "<my problem> reddit" is still a thing!).
Absolutely terrible reasons to buy into BBL, long before this storm:
* Openness (software). From the get go their offering has the trappings of a more controlled garden than the 3D printing community were used to.
* Openness (hardware). While there are some compatible 3rd party after-market parts, there isn't the able-to-build-your-own feel you see elsewhere with people using different extruder nozzles, cooling options, and so on.
--------
This isn't a great analogy, but: BBL is an Apple (though not quite on price) to the rest of the 3D printing industry's Linux and it only takes a small amount of information to see that before buying.
If I upgrade (or have to replace, or just decide to get a second) then maybe I'll go elsewhere. I'm more confident I could get other others working well, manufacturers are addressing the points that have allowed BBL to take so much of the market & mindshare in a short time, but the key thing against BBL (not being open like much of the rest of 3D printing) is something I was well aware of when buying (it did make me think twice) so I can't be too mad about it.
Now if they try stop people using 3rd party filament, like the traditional printing industry with ink & toner, which is far from impossible, then I'll feel they've conned me.
An extra point that it is too late to edit in, on openness wrt software: unlike some companies we could all mention, they are playing right with the slicer software. It is heavily based on earlier AGPL3 licensed software and their work is correctly licensed also: https://github.com/bambulab/BambuStudio/blob/master/LICENSE
There might be some question as to whether anything like the connectivity layer that sits between BS and the printer that currently isn't open, should also be AGPL. I'll leave discussion of how AGPL and losly linked components do/n't work together to people with more experience in the area…
What I don't get...BambuSlicer is open source. And, not only is it open source, it's a fork of PrussaSlicer, so Bambu doesn't have the ability to re-license it.
It's licensed under the Affero GPL which is very strict about the licensing of derived works. That license requires Bambu to include the source code to any additions they make, including all of the logic, keys, etc. that they're baking into any binary distributions. If they don't, they're violating the copyright rights of Prussa and many others.
So, either Bambu has to open source all of this, which defeats the purpose (given that it's already leaked, that's gonna happen anyway) or they have to route everything through a separate program for their own slicer.
I don't know AGPL well enough to know if a plugin is considered a derived work but it sure seems to imply it:
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
I was very against Bambu in the beginning for their lack of proper network (not cloud!) support. Then they added LAN mode and I actually considered getting one. Luckily I was lazy and never got around to it. What the fuck Bambu?? Security, really? Not even HP dares to make that excuse...
Bambu Lab have been quite explicit about this. Their consumer-grade printers rely on a cloud service; for people who want or need printing over a private LAN, they offer the X1E.
That hasn't been true for years, the regular X1C has an officially supported lan mode and works fine without any of the cloud stuff. (I believe the smaller ones do too, but I haven't used them so I can't speak to them).
All HP printers still give you the option of paying full price for ink cartridges and owning the printer. The rental model is one they try very hard to steer you into, with lots of dark patterns, but you can still use HP printers with no account and no subscription ink model.
I mean, I technically see why authentication may be something they want to consider, especially for the less technically inclined users that Bambu is very obviously targeting.
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
I wish Prusa weren't asleep at the wheel, then we would have bought a core one (that is, the hypothetical variant with large build volume and same quality as bambulab).
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
Not really asleep at the wheel. More like they invented the wheel, produced the open source slicer (a fork of the original slicer but vastly improved), which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
I ThouYS may have a point. It seems to me that Prusa were tempted to go after the prosumer/pro market and invested a lot of time and engineering horsepower into higher spec machines (Prusa XL, HT90) and resin printers (SL1S).
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
> which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
I got my first 3d printer, an MK3S+ a year ago. Pretty late in its lifecycle, but I wanted to spend more time printing than fixing issues.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
I sold a mk3s because I could never get it to work to my satisfaction. I tried for weeks, trying everything I could find on the internet, using filament supplied by Prusa.
Eventually the print head crashed into a failed print overnight, fusing nearly the entire head inside a ball of PLA filament that formed after the printer happily carried on shoving out molten plastic.
I didn't have another 3d printer to print the replacement parts. I was so frustrated with it at that point I just got rid of it.
Until I can treat a 3d printer like a Brother laser printer (forget about it for 9 months at a time and then have it work perfectly when I need it with zero maintenance), I don't think I'll invest in another one.
Wow, so the actual content is also sent to the cloud? Not just authentication/metadata? Massive overreach. Imagine a inkjet/laser printer company sending every page you printed to their servers? (actually I wouldn't be surprised if HP does this already)
I've been following along with a lot of this, because having picked up one of their printers about a month ago, I was immediately very nonplussed with the security. It took some work to get it running isolated on an IoT VLAN, yet still usable from my main machine.
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
My understanding is that if I want to print via LAN, I have to auth against Bambu's internet servers, which is most definitely something I don't want.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
Can you link to some specific detail on that, because I keep seeing that claim, but without any technical info.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
It's vendor lock-in (or DRM), not security. Security would be a protocol based on a user specific secret that doesn't inherently require locking down anything to Bambu Lab only software (think username/password). Vendor lock-in is about locking the user into using Bambu Lab software, which is what we see here.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
Honestly, the response is not that great. Right off the bat they're just going on the defensive, enumerating "false claims" that printer will require subscription etc. But the concern wasn't that Bambu _will_ do that, but that they _could_ do that, and generally that inserting Bambu's infrastructure as a mandatory step in the printing pipeline is _not great_.
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
Readit News
More info on the hacking (the first in what may be a long stupid fight): https://hackaday.com/2025/01/19/bambu-connects-authenticatio...
Selling a walled garden is one thing, building walls around a garden you already bought is another thing entirely
But the fanboyism and shilling in the 3d printing community is intense. If you mentioned these misgivings you'd get flamed. If you bought or enjoyed another printer people would advise you to sell it and buy Bambu. Lots of people in various threads seemed to defer to that kind of expert advice.
I think there is/was a similar fanaticism for Prusa going on, but it seems a little less at the forefront since Bambu.
The 3d printing community just slapped down heygears for similar BS to what bambu is pulling right now. Once Bambu hire some better software devs and sort out their issues, open access will return, I bet.
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
Looks like it's not true?
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
Despite an initial issue with the hot end (which was easy and fast enough to fix with help from support). I’ve been really happy with it
It prints pretty much anything. Fast, reliable and very cheap compared to equivalent printers in the market
They're good products, and they are clearly selling at a low enough price point to push for market capture.
The pricing, special features tied into their own AMS + filaments, special features tied into their own slicer. These all indicate that they were building towards this sort of behaviour.
I dove into 3D printing a year ago. I settled on the P1S because its reputation for "just working" and good for beginners. I wasn't interested in attaching a Pi to it, run Klipper on it, I wasn't interested in steep learning curves and choosing from a myriad of slicers. I wasn't interested in "calibrating more than printing" with the Enders that one friend warned me about. I needed it for one simple, but big project and it worked great.
Since then I expanded to getting the enclosure, AMS, and messing around with Orca. The Bambu is very accomodating to learn and grow more and I don't regret the decision at all.
If so one could get a refund :)
That people can hack the Bambu printers is a bonus.
While this lock down doesn't seem right it is far from unexpected, I question the amount of research done prior to your Black Friday purchase (BF and well-thought-out-decisions often do not go hang-in-hand!)…
I bought one (an A1 with the multi-material add-on) some months before that in full knowledge that the company would prefer to funnel people into a walled garden because if you look anywhere you'll find proponents of other makes warning that exactly this is possible & likely, with the "must take many steps to print without talking to their servers" being the key evidence in those warnings.
Good reasons to buy a BBL machine (at least my reasoning when I did):
* They work out of the box more so than many of the competition (many will say "X is better or better value, if you spend Y amount of time tuning" which while often correct, I wasn't looking to spend that time tuning), certainly more so than others at similar prices.
* QoL features (good auto leveling, dynamic flow control) that weren't exactly ubiquitous on similarly priced or cheaper machines.
* Certainly in the case of the newest A1/A1-Mini line: a working MMU option cheaper than you find in other ranges (some manufacturers have started addressing this and the out-of-box experience, in their product lines, 2025 could be an interesting year), and very easy nozzle changes (useful if you want to both do detailed minis (without going resin) and mostly larger items).
* For me, the handling of the A1 issues early last year (quickly acknowledging a potential safety issue and publishing mitigation guidelines, full recall or fix-at-home options when it became clear the issue was more significant) was a point in their favour wrt after-sales giving-a-shit. Obviously not a point against others as we don't know how they'd react until it happens, of course. There are regular complaints of slow support response more generally, but there are for other printer manufacturers too and, well, pretty much all consumer facing industry these days.
* The official documentation & videos, maintenance & troubleshooting guides etc, seemed to me to be more coherent than some other offerings (though searching for "<my problem> reddit" is still a thing!).
Absolutely terrible reasons to buy into BBL, long before this storm:
* Openness (software). From the get go their offering has the trappings of a more controlled garden than the 3D printing community were used to.
* Openness (hardware). While there are some compatible 3rd party after-market parts, there isn't the able-to-build-your-own feel you see elsewhere with people using different extruder nozzles, cooling options, and so on.
--------
This isn't a great analogy, but: BBL is an Apple (though not quite on price) to the rest of the 3D printing industry's Linux and it only takes a small amount of information to see that before buying.
If I upgrade (or have to replace, or just decide to get a second) then maybe I'll go elsewhere. I'm more confident I could get other others working well, manufacturers are addressing the points that have allowed BBL to take so much of the market & mindshare in a short time, but the key thing against BBL (not being open like much of the rest of 3D printing) is something I was well aware of when buying (it did make me think twice) so I can't be too mad about it.
Now if they try stop people using 3rd party filament, like the traditional printing industry with ink & toner, which is far from impossible, then I'll feel they've conned me.
There might be some question as to whether anything like the connectivity layer that sits between BS and the printer that currently isn't open, should also be AGPL. I'll leave discussion of how AGPL and losly linked components do/n't work together to people with more experience in the area…
Dead Comment
It's licensed under the Affero GPL which is very strict about the licensing of derived works. That license requires Bambu to include the source code to any additions they make, including all of the logic, keys, etc. that they're baking into any binary distributions. If they don't, they're violating the copyright rights of Prussa and many others.
So, either Bambu has to open source all of this, which defeats the purpose (given that it's already leaked, that's gonna happen anyway) or they have to route everything through a separate program for their own slicer.
The current implementation (the Bambu network plugin thingy) isn't a part of it either, it's downloaded by the client when BambuStudio is opened.
I don't know AGPL well enough to know if a plugin is considered a derived work but it sure seems to imply it:
> For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work.
https://store.bambulab.com/products/x1e
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
Eventually the print head crashed into a failed print overnight, fusing nearly the entire head inside a ball of PLA filament that formed after the printer happily carried on shoving out molten plastic.
I didn't have another 3d printer to print the replacement parts. I was so frustrated with it at that point I just got rid of it.
Until I can treat a 3d printer like a Brother laser printer (forget about it for 9 months at a time and then have it work perfectly when I need it with zero maintenance), I don't think I'll invest in another one.
Deleted Comment
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
- what the firmware does: verify these operations, meaning it can reject MQTT messages with an invalid/missing signature from third party software
- the big flaw with that approach: by extracting the key, third party software can get full access again
- improvement to security: none (that obfuscation layer doesn't prevent anything if the printer/cloud were vulnerable)
authentication stays the same as before: https://git.devminer.xyz/archive/bambu-connect/src/commit/47...
https://blog.bambulab.com/updates-and-third-party-integratio...
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
[0] https://github.com/SoftFever/OrcaSlicer/issues/8063#issuecom...
[1] https://old.reddit.com/r/BIGTREETECH/comments/1i5lzzf/latest...
I know it's not exactly a zip bomb, but it's kinda close, and goddamn, that's obnoxious.