I am angry at the bait-and-switch Bambu is pulling. I bought one of their printers in the Black Friday sale on the understanding it was reasonably hackable and open. Now they're trying to lock it down so I can't print on my own printer without using their approved software and DRM chain. It's outrageous.
bait-and-switch? We, those who advocate for open source 3D printers, saw it coming from miles away. This has very very clearly been their plan all along, they themselves said as much (e.g. they are doing the "apple model"). They have been very transparent about this, yet people still fell for it.
I bought a printer. It had some stuff. I didn't want that stuff to be gone after I bought it. That's a bait-and-switch, because they didn't explicitly say "be aware, that stuff is going away on Jan 2025".
They never officially supported compatibility with Orca, or Home Assistant. Vendors break compatibility with unsupported stuff all the time. Don’t make purchase decisions on unsupported features if you’re gonna get all bent out of shape about it.
Sorry to potentially pour oil into fire here, but I'm curious: did they really?
"Officially support" printing without internet connection?
Was this explicitly documented as a feature or did this just "happen to work" as you expected?
A lawsuit may have some leverage to find that something could have been "reasonably expected" to work in a certain way, but that's quite uncertain territory.
i.e. I would expect an Apple Watch to also work with Android Devices, but this was never officially supported by Apple and it's arguable whether it was reasonable for me to even expect this.
My toilet doesn't officially support crapping without an internet connection either. I'd argue that in both cases it's implicit unless very explicitly disclaimed.
Yes, "lan mode" is an officially supported advertised feature, where you can happily print on an isolated network. (though as of this morning it now sounds like they're backing off after public backlash)
This is the Google model then. Base everything on open source, even allow unofficial builds of your operating system (LineageOS, Graphene), but slowly introduce more and more device attestation and DRM so it becomes de facto impossible to actually use anything but the closed builds because everything from banking apps and electronic identification apps to streaming apps will refuse to run on your "unsafe" operating system.
Currently the only thing which won't run on a non-google blessed android build is google wallet, although a lot of applications rely on google's proprietary services exposed through google play.
I've not ran into any banking applications which won't run on a non-google build of android (as then they would only run on a pixel). That being said, I refuse to seriously bank with any bank which doesn't offer a functioning website. My main bank offers an app but you have to wholesale switch to it.
This is false. List of apps which refuse to run on my old OnePlus 6 which I revived with LineageOS:
- Danish national identity app (MitID). I had to get a hardware token that generates one-time passwords.
- My banking app (still works in the browser though).
- The de facto payment app used for peer-to-peer payments and as a credit card alternative all over Denmark (MobilePay).
- The app for controlling the heating system in my car.
- Revolut.
- The app for showing a digital version of my government issued health insurance card. It's literally just a barcode and a number, so I can get by using a photo of the card instead. This underlines the ridiculousness of requiring Play Integrity attestion.
- The app for showing a digital version of my driver's license. As a bonus this app also doesn't work if you have set your default browser to Firefox instead of Chrome, even on a non-rooted phone.
On top of this, one app for scanning goods in the supermarket stopped working, but without explicitly saying why. I suppose it just silently depends on some Google service, but I have not way of knowing that.
I also cannot get Chromecast to work, but that is perhaps to be expected when replacing the Google services with microg, and not strictly a result of DRM. It is a major inconvenience though.
Denmark is one of the most digitized countries, and in many ways that is good. However, it also means that you are increasingly coerced into the whole Google/Apple ecosystem and that it is very hard to get out. Luckily there are alternatives to all of the above apps, but it is a major inconvenience to have to use them.
I don't know much about LineageOS but GrapheneOS supports attestation (albeit with its own keys) and it works for all the banking apps I have had the displeasure of using here in the UK including revolut.
If LineageOS did support those APIs (which it can support if it wanted to, without any blessing from Google) then presumably most if not all of those should also work.
Try GOS and see if it's broken there. If it works on GOS then you can shout at google for ever exposing the attestation APIs but the apps you're complaining about aren't actually abusing attestation in the way you claim, LineageOS is simply choosing not to implement the features they rely on.
Do you have the sandboxed Play Services installed? It works fine for me on Graphene (just checked).
That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Then you're free to keep your personal phone FOSS and as private as you like, without fear of getting locked out of important stuff due to a crappy Google® SafetyNet® upgrade.
> That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Anything which doesn't support an alternative method (not involving a proprietary blessed google phone) of management should be illegal if it's government related and should be boycotted if it's not.
I certainly agree with the sentiment (I would trust-bust tech giants, and severely restrict advertising as a whole for being a negative-sum game).
Nevertheless, for living in this world while preserving your privacy, my advice stands. Separate the devices that you control, which you will use for personal and private purposes, from the devices that global corporations and institutions control, which you will use to access the services those institutions provide - services which, by definition, you would not control anyway.
It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
(FWIW, I lived in three different European countries over the past decade and so far the governments all offered TOTP-based web alternatives to their apps. When it comes to private banking, only one (Lunar) was available only via app, but it was also the only one that ran without Play Services.)
> It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
What I am saying (and what I do) is that it's far simpler still to just not rely on anything where this might be the case.
If my bank turned around tomorrow and said I can't use their website to manage my account, I would not attempt to get their app working on my phone, I would switch bank.
Anything that depends on the SafetyNet API will not run if your android build does not pass the checks, the list is much much bigger than "just google wallet". Whether a rom passes safetynet or not very much depends on what google considers blessed today, and what they will consider blessed in the future.
None of the unofficial Android builds allows me to access to the secure element in my SIM card to use my e-signature, which works with SIM menu prompts triggered OTA by the application I'm currently using, mostly governmental services.
If I'm on a custom ROM, the notification never pops up.
And they have plenty of experience building walls around a garden. Ask anyone using OSX for the past 15 years and you will see how difficult it has become to write or publish software for Apple.
Alternate description of the same information: “newer upgrades made older devices batteries’ last longer”
They did nerf speed. But they did it for a reason. I get being mad about your phone being slowed down, but i don’t get being mad about it once you understand why.
the keyword being _phone_, not smartphone. Bambulab too will let you print from SD card without logging in their infra, they are just locking the rest of the ecosystem. 1 to 1 analogy.
It's still a smartphone - with web browsing, mail and everything else what's available out-of-the-box. And Bambu will cut out even local network access and, as they stated in "Terms of Use", can lock print jobs until you update firmware. Far from 1:1 analogy...
- Battery Management (iPhone 6, 6s, and SE): In 2017, Apple introduced a battery management feature in iOS 10.2.1 to prevent unexpected shutdowns by throttling the performance of iPhones with degraded batteries. This led to slower device performance without informing users, which is a removal of expected performance functionality.
- 32-bit App Support: With the release of iOS 11 in 2017, Apple dropped support for 32-bit apps. This meant users could no longer use older apps that had not been updated to 64-bit, effectively removing access to those apps on updated devices = You want the new OS? -> you have less functionality.
- Pulse oximetry features were recently removed from new Apple Watches due to Masimo's patent infringement claim.
> This led to slower device performance without informing users, which is a removal of expected performance functionality.
As opposed to the device unexpectedly shutting down due to a degraded battery not being able to push enough energy to support the CPU? They didn't remove expected performance, they prevented crashes which are by definition 0 performance. All Li-ion batteries degrade over time. That's not removing a feature...
It was not overblown. They didn't disclose what they were doing or give the user the option to decide what was best for them. When a company chooses to behave that way, it should hurt them, and it did.
Apple's actions in this case were even worse than Bambu's. At least Bambu documented what the update did and offered the option of declining it.
No, it isn't. If the battery was broken and they knew the battery was broken, they should have informed the user the phone could be fixed with a new battery. They decided to gimp the device and not tell the user so they would be more likely to purchase a new device rather than simply fixing the old one.
Well, they DID remove expected performance by slowing CPU performance, disn't they? People who had bought these iPhones (and not the previous ones) did so also because of the promise of a more powerful CPU, a promise broken by Apple. It is removing a feature (a better CPU) and Apple knew it that's why they did it without informing users.
Just to add, they also got fined by the EU for doing so, so it was ruled to be illegal. Bambu's changes would fall into the same category of altering the product and degrading the experience after its been sold.
Just to let you know that InstaCam360 did the same on their cameras with the smartphone app.
Previously you could directly upload the 360 videos do youtube, now you need to download the film locally on the phone, then host a converted version and only after those loops you are permitted to upload.
Or you can now buy a monthly subscription and get back the feature that was already there before. Quite disappointed with this kind of behavior.
the problem is that user got no choice. Some might prefer degraded performance, others might prefer to charge their devices more often.
Also seller should have no business touching anything that they've already sold - they do might offer support, but it should be up to user to accept it or not.
Indeed; while I've not had this specific issue with the phones, I do still have a mid-2013 MacBook Air lying around (it's now too old to realistically sell), and the battery on that was so worn by the time I got an M-something to replace it that would go from "fine" to "emergency shutdown" during boot if I forgot to plug it in. And then report something like 20% if I plugged it in and immediately booted it again.
No, it was dynamic based on voltage. iPhones with worn batteries had higher performance at full battery and swapping the battery with a fresh replacement restored full performance even at low battery percentage. In fact this is how the slowdown was discovered: someone replaced their iPhone battery with a non-genuine replacement and it got noticeably faster.
Apple (IMO rationally) chose that people would prefer a working phone, one they can use to call emergecy services, for example, to a phone that just suddenly dies.
After the massive hissy fit the Internet threw (along with lawsuits), they added a switch. Now you can choose to have your phone suddenly die.
But the legend lives on that "Appple slowed down phones permanently!!" - even though the fix for that is a 40€ battery swap that takes 30 minutes in any mall phone repair shop.
If you left It hooked up to a charger, their fix would never have affected you. It only slowed down the cpu when the risk of catastrophic shutdown was imminent.
I like a toggle for features like this, but it was a pretty standard user experience / reliability choice imho.
But the way they did it was far from malicious. It only affected users who were actually in danger of an emergency shutdown, during times when the shutdown was imminent. While I don’t want anybody diddling my firmware without giving me a choice, this particular issue was really a nothing burger in the end.
It was discovered when it became apparent that replacing a defective battery made the phone faster. Seems like a standard reliability / user experience fix to me. Not
Many people would choose the “don’t adjust system power consumption to prevent unplanned shutdowns when the battery is about to fail” toggle.
Imagine Ford deciding their cars must drive at 50% their speed when the engine oil is older than 2 years and at the same time forbidding users from changing the oil.
Yet there are always people justifying these type of awful practices as better for users. These aren't, the measures are only good for business.
Forbidding them from changing the oil? I personally changed my battery, I did not feel like it was forbidden.
Not even that hard.
For me, the firmware fix helped me limp through the 2 months before I finally got around to replacing the battery.
It made my phone that was flaky and unreliable below 40percent battery into a phone that worked slightly slower once the battery got low, but didn’t just randomly shut off during calls anymore.
I’d have preferred a toggle, but to be honest I doubt I’d have ever used “reckless disregard for remaining battery capacity” mode.
The big difference is that none of these changes were part of a defined strategy to lock the user in to their products and ultimately generate more profit, as with the Bambu example:
- Battery management was to handle an issue that was encountered as batteries aged
- 32 bit support: Apple is well known for being one of the more aggressive companies when it comes to forcing users (and especially people coding apps for their platforms) to adopt required tech changes. But again, not directly profit-driven.
- Pulse oximetry: probably the closest to a profit-driven-decision, as this was driven by a patent issue, and presumably they calculated less of a hit from removing the feature than paying feed to the patent owner? Not great, but still not directly part of a user-unfriendly Apple-derived strategy, as with Bambu.
Open source didn't compete on quality for price. I could pay 2k plus 40 hours of my time for a Voron or buy something that just works. I think Prusa only put out their CoreXY offering after they realized Bambu was eating their lunch. The Apple model works because people want to print rather than tinker.
But for 3D printers that worked out of the box under $1000, Prusa had no real competition itself.
The Mk3 came out in 2017 and I swear Prusa just sat on their laurels. I was a Mk3s+ owner (well, still am) and was pretty disappointed how little improved with the Mk4.
Bambu’s competition was Prusa and they clearly strived to improve over what Prusa had accomplished.
I wasn’t really sold on the 4/4S, but I recently upgraded a 3S+ to a 4S and am amazed how much improved. The new touchscreen LCD is a huge improvement over the old two line monochrome LCD. Remote access and wife printing is a nice plus — I don’t even run OctoPi anymore. Automatic bed leveling and no more Live Z tweaking for each sheet has been a major quality of life upgrade and eliminates one of the major pain points in swapping out nozzles. The nozzle is much easier to swap out and is now high flow. Add in Input Shaping and it prints significantly faster.
I hadn’t had any experience with the new platform prior to this upgrade and I skipped over the MK4, but the 4S upgrade is a significant step up over the 3S/3S+. I wouldn’t necessarily recommend the upgrade kit — that took much longer than expected to complete (about two days) and I regret not buying a new printer instead. But, I have a 3S I plan to upgrade to 3.5 just to get the new electronics; that upgrade is far less intensive.
If you haven’t tried out a 4S you might be pleasantly surprised by how much nicer it is than the 3S+.
Similar experience with PRUSA for me -- I had a MK3S+ (which I loved) and paid ~$250 for the upgrade to the MK3.5S. Very, very impressed, for a modest investment I now have the new color LCD, a good chunk of the MK4 features and the print speed is at least 2x improved (if not better, I haven't quantitatively measured it but it's noticeably faster).
I went for the 3.5 upgrade as the upgrade from 3S+ to 4 was almost as much as outright buying a new 4. I'm glad I did it this way because now I'm thinking of getting the CORE One and then I'll have 2 excellent printers.
The problem is even with Prusas recent efforts to catch up with the Core One, it's expensive, and they still dont have a viable answer to the AMS. The MMU is still a hot mess, requires tinkering, isn't stable and overall just doesnt come close to an out of the box experience.
They still seem to be thinking the primary audience of 3d printers is people who tinker. It's not been that way for a long time. People just want to be able to unbox, plug it in and print. The second you add in the "oh just spend 5 hours tweaking this spaghetti mess of an MMU" you've lost them.
"hot mess" is not a fair assessment. The MMU2 was terribly unreliable, but the MMU3 is OK. It's surely more complicated to set up and requires more space than the AMS, but on the other hand, I think AMS concept is just plain bad. It's incredibly slow and produces a ton of plastic waste.
Bambu Labs printers are not cheap. Even their entry level A1 printer is twice the price of an Ender3.
Sure, it is a better printer, but it is clear that they are going for scale, and most of what makes them better is in the software rather than in using premium hardware.
initially maybe but the way the printers are built makes for cheap mass production. Theres no special sauce in the hardware, it's all low cost off the shelf stuff, it's just optimised very well.
> Open source didn't compete on quality for price.
Well, Open Source did compete on one quality very well: being open, hackable and staying that way. With this being removed from Bambu lab printers it seems as if this is a very much valued aspect for many 3D printing enthusiasts, yet few people were willing to compromise for this aspect.
Apparently it is true, you don’t know how much you value something until you don’t have it anymore
I paid ~$750 for my 350mm Voron 2.4 kit (and, sure, 40 hours of my time. But look, you want to do 3D printing, 40 hours are just a small initial investment).
It really depends upon the target market. That's fine for hobbyists. But I use the Bambu X1 for small-scale prototyping in a company, and it has to be usable out of the box. We can't justify an entire week of labour for each printer we buy.
The Bambu has been ideal for that reason. Every material pretty much just works, and the quality is excellent. The cloud integration and janky LAN mode is the downside, and this current topic even moreso.
> But look, you want to do 3D printing, 40 hours are just a small initial investment
No. None of this crap. I want to 3D print. I don't want to service industrial machinery in my spare time. Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
Vorons are fantastic printers and a fantastic kit if 3D printing itself is your hobby. 3D printing is a fantastic hobby. There's tons of fun to be had building up and dialing in a printer kit. A well tuned voron can be up with the best of the best 3D printers. If that's what you want to do go for it!
But for heaven's sake I want to print models, parts and other practical things. I have other things to do and problems to solve. My 3D printer is a tool. If I have to spend just as much time working on the machine as I do using to actually print things then I'm not interested.
Bambu is still the best game in town for a turn-key, just works printer. Prusa can deliver the same experience at double to triple the ticket price. A voron is not a replacement for a Bambu printer no matter how good the printers actually are.
>Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
Obviously many people don’t care about that. Fair enough. But then you should be prepared to deal with their shenanigans.
Prusa also does things like maintain and develop printables.com and PrusaSlicer (itself forked) which many of these closed printers fork with minimal changes.
People don’t care about this either. So again, get ready to deal with garbage when Prusa goes under.
I think it’s sad since the whole domestic 3D printer thing started as open source.
> I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
No, it's not, and the perception that it is hurts the cause of openness.
Open Source has every ability to be better, to Just Work, to not require constant debugging. Good Open Source systems manage this. The fact that 3D printers apparently have not is the fault of those printers, not any inherent quality of openness.
> Comparing Bambu to Voron is an absurd comparison
I politely disagree. I was in the market for a more modern printer, and it boiled down to either a BL or a Voron - in the end I decided against ease of use and in favor of an open ecosystem. I agree in that they are not universally interchangeable, but for some people either can be an option, each with distinctive advantages and disadvantages.
Both modern (pre assembled) Prusa and Bambu are very good at this. They guide you through the full setup process, automate first layer reliable, have decent stock profiles.
It's all just much less tinkering then 5 years ago.
It is. I have no interest in messing around with 3D printers and was annoyed by the fact that Bambu lab lied about the 15 minute setup time. It was more like 45 minutes, but after that I never touched the printer again and started printing instead.
Also, subtractive manufacturing is much harder than additive manufacturing, because you need to position the machine around an existing piece of stock and sequence your operations manually, instead of letting a generic slicing algorithm slice from bottom to top with an offset vs the intended printing location only being a problem if you accidentally print over the edge of the build plate, which is usually not possible mechanically.
it is not that. i mostly mean that for anything functional that needs to take a load you need at least petg or asa (abs is a bit old now), which require proper storage.
also there are so much stuff that are in open prs and issues for years that are not implemented for slicers.
There are countless firearm receivers that have been printed on pla plus, many with thousands of rounds on them. Sure they may turn into a puddle in a hot vehicle, but they are functional and definitely take a load. Pla + is actually preferred in that community over the others you mentioned, although asa is becoming more popular, along with filled nylon alloys.
"Take a load" = perform mechanically and or structurally at levels of force, temperatures, etc. at levels higher than the properties of PLA allow for.
Don't get me wrong here. PLA is a great polymer, However you can't really expect parts made with it to hold up when compared to other "engineering grade" polymers.
I don't think anyone expects PLA to be used for anything that requires structural stability. There's far better filaments for that application. Some of the carbon fiber infused PETG filaments for example are incredibly strong.
Not many people use 3d printing for applications that require extreme strength though, that's really not the goal many people are aiming for.
I do this for a living and people are always looking for more parts to run through the process and better filaments to see those parts end up performant.
CF-PETG is strong! For a bit more toughness and temp resistance, PA12CF35 is seeing a lot of use. Some companies out there have service departments to keep machinery running. They apply FDM more than you might expect. Alloy 910 for gears, Cf of various kinds for abrasive scenarios, like cardboard handling, in one scenario.
Well for example layer bonding is better compared to some other materials. It's just that load over time it will creep. And of course shite under temperature.
It can be a fantastic material for some functional parts.
But even if not, I don't see how it's invalidates that there are printers out there that are more or less set and forget.
Bambu printers, or at least the one in our shop runs ASA set and forget style.
It is a great machine though it does not always make the strongest parts, and single material builds is geometry limiting. Lack of chamber heat and one nozzle makes some things easy, but does not entirely avoid the trouble with higher performing polymers.
You're saying this yet anyone can buy a random Bambu and just print.
I've owned or used probably every major (and some minor) printer released in the last 8 years and for most people Bambu really will just be "plug and play" (and even if something goes wrong they'll hold hands as much as needed)
That does not match my experience. The printer I have has had parts break with light use, and a really poorly engineered z-axis homing which results in wildly inconsistent zero heights and a very high print failure rate.
Curious if anyone has tried the Core XY printers from Creality? I think they use open source software and are generally in the same ballpark as the Bambu printers price-wise. Also saw they have a similar AMS style system as well.
> The Apple model works because people want to print rather than tinker.
Entirely this. I bought my A1 mini over the Christmas holidays and couldn't be happier with it, it's my first 3D printer. Searching for models on Makerworld, adjusting tiny bits here and there if needed and print. It just works and I don't really care about anything else, much like my Brother printer.
"Fell for it" implies that everyone buying a Bambu printer expected some degree of openness. Maybe some customers actually want an "Apple model", where the device mostly looks after itself and "just works" as much as possible.
As someone who recently bought a bambu printer, I have to agree: I am not surprised. Still disappointed, but in no way surprised.
The "apple experience" is why I went for a bambu device (along with the price, and some excellent recommendations from friends). I was even surpised that the "LAN Mode" actually works somewhat good.
Should have got a prusa...
no, it hasn't been their clear plan all along, and blaming the victims is not advocating for open source 3d printers. Fully open source, DIY 3d printers that are available today suck compared to Bambu. The commercial offerings built on top of Orca (I have a magneto X) suck compared to bambu.
The 3d printing community just slapped down heygears for similar BS to what bambu is pulling right now. Once Bambu hire some better software devs and sort out their issues, open access will return, I bet.
I don’t understand why you think it was hackable or open?
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
You can print of an SD card without any special software or online services, the same as you can on Prusa printers. It's just the server/internet stuff that's locked down. Which I wish was open too, but it's still has fully unrestricted local printing functionality.
Yeah this looks to be the case. All of this change was prompted by the fact that malicious software was triggering prints over the network. So now they have locked it down so the printer can verify prints came from the actual account owner.
Printing directly from SD cards via the little touch screen is unchanged since networked computers can’t do that.
> So now they have locked it down so the printer can verify prints came from the actual account owner.
This is inaccurate, the printer already required authentication using an 8 digit code. What they're trying to do now is verify that the print has been started using official Bambu software, i.e. software-only DRM.
I really really hope people saying this is a nothingburger is actually right, because I do have a P1S, use orcaslicer, and would like it to continue to work. Hoping this is just a miscommunication.
Bambu Connect is explicitly about allowing you to continue to use your favorite slicer. They make it less convenient (instead of pressing print you now have to save, load the file in Bambu Connect and then press print), but they don't prevent you from doing it.
Once the update actually rolls out to the P1S obviously. Which may not even happen with the current backlash
> Bambu Connect is explicitly about allowing you to continue to use your favorite slicer.
For now. They're putting themselves in the middleman position where they get the final say over what we can print on the printers that we supposedly "own".
It's naive to think that they won't try to extract revenue from that privileged position, they wouldn't have spent R&D resources on it otherwise.
From that link if you continue reading, commenters in the thread point out that LAN mode didn't even exist when the printer came out, and that it's more flexible now than when they first came out on the market.
My other comment on this thread contains the rest of my thoughts. Overall, I think this outrage is overblown.
They were selling at or sometimes below the price point of printers that you build yourself.
They're good products, and they are clearly selling at a low enough price point to push for market capture.
The pricing, special features tied into their own AMS + filaments, special features tied into their own slicer. These all indicate that they were building towards this sort of behaviour.
“Hackable” and “open” were never advertised or officially supported by Bambu. It is foolish to make a purchase decision based on an unsupported and unadvertised feature, and while you can be angry that seems silly.
> on the understanding it was reasonably hackable and open
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
> on the understanding it was reasonably hackable and open
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
> on the understanding it was reasonably hackable and open
While this lock down doesn't seem right it is far from unexpected, I question the amount of research done prior to your Black Friday purchase (BF and well-thought-out-decisions often do not go hang-in-hand!)…
I bought one (an A1 with the multi-material add-on) some months before that in full knowledge that the company would prefer to funnel people into a walled garden because if you look anywhere you'll find proponents of other makes warning that exactly this is possible & likely, with the "must take many steps to print without talking to their servers" being the key evidence in those warnings.
Good reasons to buy a BBL machine (at least my reasoning when I did):
* They work out of the box more so than many of the competition (many will say "X is better or better value, if you spend Y amount of time tuning" which while often correct, I wasn't looking to spend that time tuning), certainly more so than others at similar prices.
* QoL features (good auto leveling, dynamic flow control) that weren't exactly ubiquitous on similarly priced or cheaper machines.
* Certainly in the case of the newest A1/A1-Mini line: a working MMU option cheaper than you find in other ranges (some manufacturers have started addressing this and the out-of-box experience, in their product lines, 2025 could be an interesting year), and very easy nozzle changes (useful if you want to both do detailed minis (without going resin) and mostly larger items).
* For me, the handling of the A1 issues early last year (quickly acknowledging a potential safety issue and publishing mitigation guidelines, full recall or fix-at-home options when it became clear the issue was more significant) was a point in their favour wrt after-sales giving-a-shit. Obviously not a point against others as we don't know how they'd react until it happens, of course. There are regular complaints of slow support response more generally, but there are for other printer manufacturers too and, well, pretty much all consumer facing industry these days.
* The official documentation & videos, maintenance & troubleshooting guides etc, seemed to me to be more coherent than some other offerings (though searching for "<my problem> reddit" is still a thing!).
Absolutely terrible reasons to buy into BBL, long before this storm:
* Openness (software). From the get go their offering has the trappings of a more controlled garden than the 3D printing community were used to.
* Openness (hardware). While there are some compatible 3rd party after-market parts, there isn't the able-to-build-your-own feel you see elsewhere with people using different extruder nozzles, cooling options, and so on.
--------
This isn't a great analogy, but: BBL is an Apple (though not quite on price) to the rest of the 3D printing industry's Linux and it only takes a small amount of information to see that before buying.
If I upgrade (or have to replace, or just decide to get a second) then maybe I'll go elsewhere. I'm more confident I could get other others working well, manufacturers are addressing the points that have allowed BBL to take so much of the market & mindshare in a short time, but the key thing against BBL (not being open like much of the rest of 3D printing) is something I was well aware of when buying (it did make me think twice) so I can't be too mad about it.
Now if they try stop people using 3rd party filament, like the traditional printing industry with ink & toner, which is far from impossible, then I'll feel they've conned me.
An extra point that it is too late to edit in, on openness wrt software: unlike some companies we could all mention, they are playing right with the slicer software. It is heavily based on earlier AGPL3 licensed software and their work is correctly licensed also: https://github.com/bambulab/BambuStudio/blob/master/LICENSE
There might be some question as to whether anything like the connectivity layer that sits between BS and the printer that currently isn't open, should also be AGPL. I'll leave discussion of how AGPL and losly linked components do/n't work together to people with more experience in the area…
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
I was very against Bambu in the beginning for their lack of proper network (not cloud!) support. Then they added LAN mode and I actually considered getting one. Luckily I was lazy and never got around to it. What the fuck Bambu?? Security, really? Not even HP dares to make that excuse...
All HP printers still give you the option of paying full price for ink cartridges and owning the printer. The rental model is one they try very hard to steer you into, with lots of dark patterns, but you can still use HP printers with no account and no subscription ink model.
Bambu Lab have been quite explicit about this. Their consumer-grade printers rely on a cloud service; for people who want or need printing over a private LAN, they offer the X1E.
That hasn't been true for years, the regular X1C has an officially supported lan mode and works fine without any of the cloud stuff. (I believe the smaller ones do too, but I haven't used them so I can't speak to them).
I mean, I technically see why authentication may be something they want to consider, especially for the less technically inclined users that Bambu is very obviously targeting.
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
Honestly, the response is not that great. Right off the bat they're just going on the defensive, enumerating "false claims" that printer will require subscription etc. But the concern wasn't that Bambu _will_ do that, but that they _could_ do that, and generally that inserting Bambu's infrastructure as a mandatory step in the printing pipeline is _not great_.
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
I wish Prusa weren't asleep at the wheel, then we would have bought a core one (that is, the hypothetical variant with large build volume and same quality as bambulab).
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
Not really asleep at the wheel. More like they invented the wheel, produced the open source slicer (a fork of the original slicer but vastly improved), which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
I ThouYS may have a point. It seems to me that Prusa were tempted to go after the prosumer/pro market and invested a lot of time and engineering horsepower into higher spec machines (Prusa XL, HT90) and resin printers (SL1S).
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
Thing is even with the core one finally releasing...its not a compelling product.
It costs more than the P1S - which lets fact it, thats what it should be compared to, not the X1C as the Core one doesn't have the stronger nozzle, nor any features that would make it a 'pro' level product.
They also still dont have an answer to the AMS, which is a big selling point for the Bambu's. The MMU3 may be better than the previous one but its just like putting lipstick on a pig - it's a mess, with tubes all over the place, spools dotted around, and then you've got to constantly babysit it and tune it.
Side by side the P1S with an AMS is still significantly cheaper and from a marketing perspective a much more visually pleasing offering.
Also worth mentioning that whilst the core one is about to come out, the MMU isnt actually even supported yet, and theres no timeline for when it will be.
Prusa are so far behind at this point and really shouldn't be. Chances are the core one is going to come out and just like the XL and MK4 will be extremely buggy for a good 6 months. How people still accept this is bonkers.
> which was then used by Bambu who could manufacture a printer for less in China rather than in the EU.
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
I got my first 3d printer, an MK3S+ a year ago. Pretty late in its lifecycle, but I wanted to spend more time printing than fixing issues.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
I'm kinda curious what will this lockdown do to the efforts to replace their controller and/or firmware with something more open. Something like [1]
It's nice to have a private key to their cloud authentication, but ultimately it's the printers firmware that's the issue. While Bambu owns and updates that, they can change the keys basically anytime they decide that they had enough of the alternative Bambu Connect servers that people will inevitably create with the current keys.
I've been following along with a lot of this, because having picked up one of their printers about a month ago, I was immediately very nonplussed with the security. It took some work to get it running isolated on an IoT VLAN, yet still usable from my main machine.
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
My understanding is that if I want to print via LAN, I have to auth against Bambu's internet servers, which is most definitely something I don't want.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
Can you link to some specific detail on that, because I keep seeing that claim, but without any technical info.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
The following printer operations will require authorization controls:
Binding and unbinding the printer.
Initiating remote video access.
Performing firmware upgrades.
Initiating a print job (via LAN or cloud mode).
Controlling motion system, temperature, fans, AMS settings, calibrations, etc."
Now, PERHAPS, I can do that authentication locally... but given the plugin required for OrcaSlicer it doesn't seem likely
Yep -- I read that, but that doesn't spell out auth back to BBL's servers, just auth.
And keep in mind that OrcaSlicer already used Bambu Network Plugin to communicate with their printers. (It prompted you to download this on install of OrcaSlicer if you picked one of their printers.)
The move to Connect means that OrcaSlicer needs to send the print data to Connect via a protocol handler instead of to the plugin. Connect will then send it on to the printer itself, and from what I've seen it'll do that over LAN. (But I can't test because my printer doesn't support this yet.) I see this as akin to a print driver vs. printer-specific support built into an app. Not a bad thing at all, if done right.
The plugin already did (very minimal) auth via the Access Code and can do it with the printer and Bambu Network Plugin completely isolated from the internet. (I've done this.) So I'd like to know specifics of what's changing here.
Perhaps some... other or better way of authenticating to the printer? Previously there was just a single, essentially fixed, numeric string that gave complete access to the printer, and communication was via TLS with a self-signed cert.
I don't want to hypothesize about what it could be doing, I want to see what it's actually doing (or see some actual info from folks about what they've seen) so I can decide if I'm comfortable with that or not.
The bambu cloud service has a very low value-add and they are trying to make it mandatory. the speculation is that they are trying to add a subscription model for print farms, which 3rd party slicers enable.
I don't have a definitive source readily available, but from talking to people who were investigating the technical aspects, connection between the printer and slicer software will be mutually authenticated using a certificate that will issued by Bambu Cloud, issued only to blessed 1st party software, and verified by the printer upon connection over the local network.
So your blessed Bambu Studio instance connects to Bambu Cloud and requests a certificate, the server issues the certificate to you (or not), and then Bambu Studio may use it to connect to the printer on your LAN.
The certificates have an expiration time of 1 year, meaning that the printer functionality would severely degraded (missing network connectivity), at most 1 year after they take the servers offline or stop issuing certificates for any reason.
1) That cert is on the /client/ side, not in the printer. It has nothing to do with printer functionality, only with talking to the printer.
2) Expired certs do not mean things automatically get rejected. Using and allowing expired or self-signed certs is routine in the IoT world where certs on devices can't readily be updated. But again, that cert isn't from the printer.
3) Expired certs, just like the self-signed certs that are so commonly used, still result in things being encrypted on the wire. And often that's the point.
It seems to me that someone found/exported the cert, and is trying to make all sorts of WHAT-IF or THIS-COULD-MEAN-THE-WORST claims but are lacking some significant understanding. Without understanding the architecture and the rest of the code, and perhaps seeing that cert be used, this is just an artifact found in the distributed beta application.
It's vendor lock-in (or DRM), not security. Security would be a protocol based on a user specific secret that doesn't inherently require locking down anything to Bambu Lab only software (think username/password). Vendor lock-in is about locking the user into using Bambu Lab software, which is what we see here.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
Bambu should be working on scaling their consumables and customer service, it takes weeks to resolve any tickets, 8 days to a first response has been normal for them.
It’s kind of a joke they think they’re ready to roll out a print farm subscription when they can’t even keep basic filament in stock, or like you said even provide basic support. They’ve grown far too quickly.
There's so much open source software, firmware, and hardware out there for FDM 3D printers, I doubt they'll ever get as bad as regular printers. It's much more a tinkerers world than 2D printing ever would be.
No direct experience, but I recently read[1] Brother HL-L3220CW counts printed pages, and refuses to print after a set number of pages, even if there's still toner in the cartridge. Some models have a way to reset the page count but this one apparently does not.
Does the printer also refuse to print when using toners not part of the EcoPro subscription, though? Or is this just another case of people expecting their subscription toners/cartridges to last beyond their payment? I can't blame them, the marketing is sneaky about it, I just see it often on threads about HP.
The post did mention the other toners that came with the printer also locked, but I think I remember reading elsewhere that those printers are cheaper precisely because they come with EcoPro-only toners in the box.
I've only made good experiences with laser printers, from very small ones to full-sized copy machines. Some of the more expensive inkjet printers are reportedly also quite good. You are still stuck with the usual horror show that is software from hardware companies, but otherwise it's not so bad. And the occasional paper jam, but 3d printers are no better in terms of reliability
The bad reputation is just from HP's tactic to sell printers cheaper than everyone else, in more stores than anyone else, then make the money back with the scummiest tactics imaginable.
With 3D printing out for a while now, there's zero good reason IMHO that there isn't a 2D-plotter retrofit which allows someone to attach one or more [colored] pencils or pens. I'm really shocked the overpriced ink monopolies weren't attacked in this manner, as a young child I distinctly remember a kiosk in a grocery store which 'printed' messages and images on blank cards using colored pencils, for customer order. None of this is remotely new.
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner,
Inkjet and laser printers easily print whole page 300 DPI raster images in seconds. Plotters need vectorial data and their printing speed depends on how complicated what you are printing. These things simply don’t serve the same use case. You can do nice art and heart warming cards with a plotter, but you can’t hit print on your boarding card / dhl label / word document and expect your plotter to give you what you see on your screen.
> None of this is remotely new.
I agree that none of this is remotely new. Plenty of people tinker with plotters for fun and profit. There are even pre-packaged consumer centric solutions where you pay the price of convenience with lack of freedoms. (See the similar debacle around the Cricut plotters.)
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner
Because those of us who understand mostly don't care. Those who know bought a Brother laser printer and got on with life.
When those who understand need genuine inkjet prints, we go to a store that owns a printer that is several orders of magnitude better than we will ever need and pay them a pittance to get it printed.
That having been said, I really do wish we had an open source laser printer because, at some point, Brother is going to pull this same bullshit.
Admittedly, the printing system for 2D Printers is a nightmare. Windows Secured Core PCs, for example, disable all 3rd party printing drivers and only support open driverless standards for printing like Mopria. According to people who have looked at it, let’s just say CUPS in macOS and Linux is not very likely to be a paragon of security, having an RCE scare 3 months ago.
If the printing stacks within operating systems are trash, who knows what horrors your network-connected printer firmware has. (Locking down 3rd party ink cartridges in the name of security - what’s an ink cartridge going to do? Buffer overflow the data it sends to the printer? Oh wait, maybe the printer is that dumb and we’re overthinking this, and it’s more inexcusable than first glance suggests.)
I can't imagine the printers being open source or not mattering for that, nor can I see any reasonable government banning printing of specific things. If something is illegal to own or manufacture, that already applies to 3D printers just as much as it did to CNC machines or any other method.
Not quite the same, and hopefully likely to fail if it hasn't already, but it shows that interest exists in regulating 3D printers. When enough interest exists, things will happen.
With the 3D printer you can currently print everything on the 2-D printer you can print everything minus one. (actually there’s probably a whole bunch of currency you can’t print which is maybe hundreds of things ) those are completely different systems of control.
"Pretty much everything" does include "can't print some things" which is pretty much: they control what you can and can't print. So technically you are right and they are right too, but this conversation path led us back in a circle instead of moving the debate forward.
No, you can’t. Printer manufacturers are required to prevent printing certain kinds of images on sophisticated printers. And they also print watermarks unique to your printer on every page.
I've been on the fence about purchasing a Bambu. But given the amount of time I've spent over the past few years having to tweak my ender 3 V2 and CR-10- I was leaning towards finally splurging on a X1C.
Question to those more familiar with the bambu software ecosystem - do these recent changes to authentication require a constant online connection to print anything from a machine on the LAN? I'm assuming printing via microSD will still be possible?
I’m not familiar with Bambu, I’m a Prusa user, but if I had to guess you would always be able to print via microSD. It would be wildly unpopular to disable local printing.
As a precaution, I've blocked my A1 mini from Internet access on the router, and will not apply any firmware updates anymore. I will also not update Bambu Studio anymore (or completely switch to Orcaslicer). I was already using LAN mode exclusively.
Kind of annoying, but I'm not desperately waiting for Firmware updates, everything works fine so far.
I got an A1 mini about a month ago and so far it’s been decent as a beginners printer. I transfer models to the printer via the microSD card and refused to install their networking software on my machine because I don’t trust it’s safe enough. Im also very reluctant to get updates whenever they’re pushed. Maybe im spooked by past bricked devices so I keep all my devices dumb and offline as much as I can.
I have Bambu, Qidi and Creality printers.
Qidi is a good compromise between open and 'print-quality-out-of-the-box'. My Q1 pro is easy to hack, but I have not done anything to it because it prints pretty much as well as Bambu.
They disrupted the 3d printer market with printers that just work out-of-the-box at at price points where you typically only get enthusiast products that require a lot of tinkering.
A lot of their business model is seemingly based on making long-term sales from consumables. Their solution for multi-color printing is more convenient to use with filament sold by them because they embed information about the filament on proprietary RFID tags.
A couple days ago they announced locking down the API for their most expensive line of printers, locking most API calls to only their own software because of "security". Users are obviously upset.
Rumours for the reasons range from protecting themselves from user mods that replicate the RFID functionality on any filament by configuring the printer via API calls, to Bambu Labs wanting to launch some kind of subscription service for print farms.
Bambu Lab filament pricing is very similar to Sunlu pricing if you purchase the same minimum quantities as Sunlu, but Bambu Lab has a wider variety of filament that people actually want. The only thing that really helps them make more money is wasteful multi-color printing.
Reportedly it's Sunlu who's supplying filament for Bambu. But Bambu's version still has RFID tags which make it much easier to work with multicolor.
> The only thing that really helps them make more money is wasteful multi-color printing.
They're slow to make improvements in this area, but they recently introduced some options to reduce the waste, like longer retraction before the color change. Plus as a user you can reduce the waste further by tuning flushing amounts, and you're left with the waste inherent to single-extruder multicolor printing.
Overall yes multicolor can be wasteful, but to me it's impressive that it exists in the first place
I'm interested what others think of their existing design and whether there are any fundamental security issues that will be resolved by their proposed change.
They are proposing requiring a secret signed certificate to carry out any actions beyond monitoring for both the cloud and local (on printer) MQTT servers. These certificates would be issued at the discretion of Bambu by their CSR, currently only for "Bambu Studio" their slicer, Bambu Handy (their mobile app) and "Bambu Connect" which will enable upload G-Code generated by third party slicer (a workaround for existing functionality being removed). This "secret" certificate has already been extracted from the Bambu Connect application as per the article as their new security model requires embedded this certificate into desktop applications.
Connecting to their cloud MQTT requires a username and token already. These details are obtained via a HTTPS request to their login server using your bambu account (which requires a valid email & possibly captcha) to obtain a token. The cloud MQTT is TLS secured, although this is just to encrypt the traffic (aka HTTPS), it is not mutual authentication.
Connecting to the MQTT server hosted on the printer (aka LAN mode) requires a fixed username and a local access token (a random 8 digit number). This can be found via the physical display of the printer in a menu (or apparently cloud MQTT!?). This access token can be refreshed via a menu option again physically at the printer. To be clear, this token only allows to you connect directly to the local MQTT server running on the IP address of the printer, so in most environments this should only be the local network. This is also the password for the FTP server that can be used to upload/download sliced 3mf/gcode files.
Personally - this design seems ok to me? With an MQTT service properly configured to isolate user accounts from each other, this is a pattern widely deployed for embedded devices (Azure IoT, AWS IoT etc).
I don't see how the "DDOS" related issues they are claiming would be related to this specific design. If the issue is in the login server - well, that's prior to authentication anyway so nothing they are doing here will fix that.
If it's problems with your cloud MQTT service not being properly isolated - maybe fix that? If the DDOS is at L2, auth isn't going to help.
You require logins tied to an email, you can block clients that misbehave once they are logged in.
Nobody is brute forcing the local MQTT server via XSS or something, because JS doesn't allow for raw TCP connections. Are they concerned about malicious software already on the network? Then rate limiting on the printer side or switch to a random length alphanum LAN token to increase keyspace.
I'm curious what more qualified people think, I cannot see any justications for their proposed design improving security. So either;
a) They've decided they are incapable of properly securing their MQTT cloud stuff and instead of fixing that just want to assume every client connected to their cloud MQTT servers is fully trusted. I'm sure that'll work great. Doesn't justify adding this to the local MQTT servers on the printers - if anything that reduces security, as to roll certificates you now have a long tail of printer firmware updates.
This is all nonsense. I just got a a1, and its my first 3d printer. I dont have any expertise. Ive been able to use the Bambu App and Maker world and basically control+P. Ive print about 10 things so far in the first week. I dont see why people are mad. They made the apple of printers. It just works(tm). I dont need anything else. People just get so upset over nothing.
I’m not familiar with the 3D printing space, but seems like this reverse engineering was inspired by the companies move to clamp down on security of these devices. [1]
From what I understand, this new auth system would make third party integrations (ie, “OrcaSlicer”) obsolete and users would be limited to controlling the device via Bambu Connect. This update impacts users who control the device via HomeAssistant and “print farm management” users. I guess first party support for users with fleets of these printers is dogshit, thus the need for third party software.
Seems after 3 days of community feedback/outrage, the company is backtracking on the Bambu Connect only route. Instead offering a “Developer Mode” option in firmware which on the surface seems to be what the impacted users need. [2]
> In response, we’ve made the decision to implement an optional LAN mode feature, to provide advanced users with more control and flexibility.
> Standard Mode (Default): By default, LAN mode will include an authorization process that ensures robust security
> Developer Mode (Optional): For advanced users of the X1, P1, A1, and A1 Mini who prefer full control over their network security, an option will be available to leave the MQTT channel, live stream, and FTP open. This feature must be manually enabled on the printer, and users who select this option will assume full responsibility for securing their local network environment. Please note that Bambu Lab will not be able to provide customer support for this mode, as the communication protocols are not officially supported.
Seems this resolves the community concerns. Or am I missing something?
That's a useful step, but the options are still Full Cloud Dependency or DIY with Zero Security.
Why haven't they implemented rudimentary access control with printer-side Basic Auth (or the equivalents auth for MQTT and FTP). Add optional SSL support to prevent tampering/MITM on a potentially hostile network, and the unauthenticated access concerns listed in [1] should disappear.
Any problems related to potentially damaging instructions should be best-effort mitigated by the firmware and otherwise indemnified by a "your own fault for using a third-party slicer" clause in the EULA.
Bambu Labs shouldn't need to be in the authentication/authorization path, unless we're actively using their cloud environment.
They used a plugin to communicate print jobs (and other integrations), so that third party software could be used pretty seamlessly. Now they're moving to a new authentication model, and will be requiring users to send files to a separate print app. (Bambu Connect) It adds friction to the process, especially for those who were looking to run print jobs at scale, using "print farm" software or building their own solutions.
Its pretty much this, nothing seems to be blocking any third party slicer like Orca from working with bambu printers as they are now.. just the print button would now send the file to Bambu Connect, where you would most likely only press an extra button..
Getting info from the printer or AMS? MQTT still works. They specifically said they are not touching that.
Sadly the usual groups of people are screaming, and the open printer people are laughing. But at worst.. this is just friction.
Anyone pointing this out seems to get downvoted. But its all there in the bambu press statement and subsequent pages. Those that are upset seemed to have not read those, and instead just read or watched something inflammatory.
Did you happen to see this? Interesting development, they are basically going to keep the current wide-open-barely-auth'd state and call it a developer mode. And submitted a PR to make Orca Slicer work with the new auth: https://blog.bambulab.com/updates-and-third-party-integratio...
And yeah, I'm realizing that about the downvotes. It's sad the state of things, but SKY-IS-FALLING-GET-PITCHFORKS wins the day over technical analysis, even on purportedly technical forums. But alas, that's an aside.
I'm really looking forward to this rolling out, as I want to monitor my printer with Home Assistant but I /really/ don't like how much control the current (non-beta, non-future) state gives HA. I /want/ auth of some sort when submitting jobs, and it looks like I'll have that.
(I also really want the slicer decoupled from the print management stuff, because I tend to keep a few slicers open and experiment.)
If you buy a Prusa in non-kit form, it's not any harder to unbox or operate, and more reliable, while generally achieving somewhat better results. Without phoning home and while maintaining the software Bambu forked theirs from.
A recent review coming to a similar conclusion was Maker Muse' review of bedslingers.
It's a channel I respect a lot, because he has over the years relentlessly disclosed emails of companies trying to bribe or lean on him, or threaten him, and refused to play along.
Most other 3D printing content is essentially paid advertising -- including, I suspect, the carefully constructed brand narrative of Bambu as the first "fire and forget" printers, as if they somehow elevated the art form, when really the user experience is not substantially different.
You do not need to tinker or problem-solve with other modern well-reviewing printers, nor do they fail more prints. My MK4 hasn't failed a single print in a year (i.e. since I bought it), and I haven't had to do any sort of maintenance.
> while generally achieving somewhat better results
I agree with this.
I'd also like to add that my Prusa Mk3s+ is significantly slower than my P1S. Also, without the MMU it still cost more than my P1S with AMS. Choosing a Prusa is making a philosophical choice, because it's certainly not about convenience, speed, versatility (considering you need to buy a separate enclosure and pricey MMU), bed size, or price. It's a choice you make because you're okay with spending a lot more to support an open platform where you can flash your own firmware without voiding your warranty, not because you want a better experience.
The mk4 and mk3 are vastly different machines. If you want to compare the P1S, do it against a contemporary machine. Of course a machine released several years after the mk3 is faster.
I wouldn't buy any new Prusa printer until it's been in the wild at least a year, they tend to be very buggy at launch.
They also have no multimaterial support at launch, the MMU3 will not work with the Core One until they release an update, which they've not yet given a timeline for.
Conveniently left out that the Prusa definitely cannot do a lot of things that the popular Bambu models can do quite well, like filaments beyond PETG and PLA, multimaterial printing, etc.
The MMU isn't remotely comparable to the AMS though, it's finnicky, regularly breaks and needs a heck of a lot of tinkering for most people to get right. One slightly different filament and you have to start over.
Not to mention its just a messy product. Heck the new Core One doesn't even have support for it at launch which is pretty unforgivable.
Maybe bamboo printers were too cheap which lead them towards their subscription based model.
Everyone complains about enshittification (YouTube ads, subscription models etc..), but then refuse to pay the real price premium goods and services cost. You get what you pay for.
There is no security threat, it's an excuse. I own a printer and operate it in LAN mode. It requires authentication with 8 digit code.
If you think they care about security, let me remind you that this company used to connect to their cloud in plaintext. The only security they really care about is that of their revenue.
If they actually cared about security, they would let us disconnect these printers from the cloud completely and allow us to manage our own mTLS certificates.
I don't know the details or if it's true, but someone who was in the firmware beta claimed there was //commented-out code about different subscription tears. Maybe just a test, maybe for print farms .. maybe it was all a lie.
But yeah, the enshitification economy has made people justifiably paranoid that if a product starts exhibiting new capabilities or features that would seem to support or enable a move towards subscriptions, it’s a good bet that that is in fact the trajectory of the platform.
But afaik Bambu has neither confirmed nor denied that this is in the works.
I am an idiot, and my Prusa MK3S+ (bought assembled, not as a kit) has been me-proof for years, and delivered fantastic print quality all along. My wife is not a techie and she gets good use out of it too. Their newer printers seem to be even better.
Out of ignorance and curiosity about 3d printing I bought a Prusa Mini a few years ago. My 10 year old (at the time) son took to using it immediately and figured out how to use it almost entirely on his own. It has been a great experience. I was thinking of upgrading to something larger and this drama has made the decision an easy one for me.
Based on recommendations here a couple years ago I built a Prusa Mk3 from a kit (right before the mk4 came out). Building it took a while but I think was a worthwhile investment of my time and I think of it as a system I can understand rather than as a black box.
I had a little bit of trouble with it maybe six months ago (repeatedly tripped offline during prints from a thermal issue) but Prusa's online support talked me through recalibrating it and it's been trouble-free since then.
One thing to be said for Prusa is that their support is actually knowledgeable and experienced. You're not going to get a tier 1 support person who has never touched a printer and is just reading from a script.
I bought an A1 after years of fiddling with an Ender. It made 3D printing fun again.
The whole situation reminds me of drones. DJI is (maybe) questionable but their products are without competition when you look at price and quality. Bambu products are also fantastic.
On second thought TP-Link fits too. My TP-Link mesh network just works perfectly. So do their smart plugs.
I did the same- replaced an Ender with an A1. Unfortunately, I’ve had it 10 days and have yet to be able to print anything. Won’t calibrate and cannot update firmware. Seems like a commonly reported issue but tech support is still bumbling around with no useful suggestions. I foresee it going back.
Not yet, but other brands are stepping up their quality. I just bought a Creality K2 Plus, and it's almost on par with my X1C (and has some features I prefer, like the CFS, their version of the AMS)
I personally think the outrage I've seen on this issue is generally not justified.
In general people are just scared of change and on top of that are playing telephone on the details of the change, assuming the worst intentions from Bambu like they're trying to be the next HP.
A voice in Bambu's defense on this issue would say:
1. The new firmware isn't out, it's still in beta, and the new connect software is also in beta. This stuff isn't done and nobody has been forced to use it or even had it presented as an OTA update yet. The problems highlighted in this wiki page are very possibly problems that Bambu is aware of and intends to fix before release.
2. Bambu in their blog article stated that they are working on integration code so that third party slicers like Orca Slicer can more directly interface with Bambu Connect (see the FAQ section)
3. There are multiple statements on this blog page where Bambu acknowledges the workflow disruption and emphasizes the things they intend to do and do not intend to do, such as "It’s important to note that this update is not intended to restrict third-party software use. In fact, we’ve actively collaborated with third-party print farm management software providers in the past and continue to support such partnerships. To further improve the user experience, we are introducing a new software solution that will address these limitations and enhance overall print farm management capabilities."
4. People who don't run huge print farms don't seem to be impacted by this. Remember that Bambu claims to be a consumer tech company, right there in the "About Us" section. They are trying to make printers that are easy to use and require minimal tinkering. For a normal person, sending a slice file from Orca Slicer to a separate app (adding literally one step) is not a big deal, you're doing that once per print in a world where typical prints take hours to complete. And with that in mind, Bambu is still saying they intend to provide an integration solution to Orca Slicer in the future to streamline that process.
Whether not the software design is a good architecture is an entirely different issue, and as a beta product I'm not sure we can judge that quite yet. Perhaps they should have hardened their network API more rather than introducing a new app? Perhaps they shouldn't have announced this so publicly before they had a solution for third-party integrations ready?
They broke the security of a beta product. That’s why it’s beta and not a released product.
LAN mode didn’t exist when this product was first sold, and it was never implemented through the SD card. It was meant to be used through Bambu Studio over your local network.
Someone who bought a Bambu Lab printer early on actually has more ability to use it without a cloud service now than they did when the product was new. Just about everyone who owns a Bambu Lab printer already signed up for a cloud-connected printer.
Their "update" is a bunch of hand wavy corporate PR bullshit.
Their idea of "working with" the people impacted by this change is just give them a couple of days notice that they are about to be fucked over.
Also the whole "it's just a beta" is such a stupid point I don't even want to respond to it. Truly idiotic.
They are positioning themselves to build a proper walled garden.
That entire blog post could be sumed up as "We know we are doing a shit thing but We. Don't. Care. So it would be great if y'all could just shut up about it until it's more ready."
I think people are making a big nothing burger out of this.
Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Could this lead to completely locking it down in the future? Yes. But they could do that anyways.
I think this is a way to stop getting their pants sued off.
If they really wanted to lock it down they could just make it so everything has to go through their servers and require files to be signed before being read from SD cards.
"Security" on behalf of the user is a complete red herring. You can't print to my 2d printer or my 3d printer, but I can, with "any old device or application". Because they're on my network, not public on the internet.
I disagree. These devices can easily burn down people's homes if given bad G-code. Then they would be sued into the dirt for a security whole a mile wide. Looking at the changes this is about liability.
How is an electron app that just adds another step solving the problem? They should have just secured their api properly instead of using security as an excuse to cut out third party software that will get around an inevitable subscription.
Because authenticated commands removes the liability issue. Hacking the device vs we knowingly let anything send g-code.
This is basically the equivalent to having passwords on a MySQL database or redis server.
Why on earth would they add a subscription? That makes absolutely no sense business wise. No one would buy their printers, and they don't have a captured market to strong arm anyone.
Why would they add a subscription? Uhm print farms already have subscription based software. Bambu would just be an easier entry. They already have screenshots of it on their wiki.
This isn't a security fix. As a security protocol, it wouldn't pass any kind of security audit. A security fix would be something based on a per user credential, not on obscurity.
> Personally I don't want any device or application to send any old G-code to my printer.
Username/password over TLS would do that better than what Bambu Lab is proposing, as an extremely simplistic example.
And LAN-only mode should work without any external connections yet it looks like it'll require it for authentication. That defeats the whole idea of LAN-only!
> Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Why not implement some kind of open authentication? One that other slicers can implement.
More info on the hacking (the first in what may be a long stupid fight): https://hackaday.com/2025/01/19/bambu-connects-authenticatio...
"Officially support" printing without internet connection?
Was this explicitly documented as a feature or did this just "happen to work" as you expected?
A lawsuit may have some leverage to find that something could have been "reasonably expected" to work in a certain way, but that's quite uncertain territory.
i.e. I would expect an Apple Watch to also work with Android Devices, but this was never officially supported by Apple and it's arguable whether it was reasonable for me to even expect this.
Selling a walled garden is one thing, building walls around a garden you already bought is another thing entirely
I've not ran into any banking applications which won't run on a non-google build of android (as then they would only run on a pixel). That being said, I refuse to seriously bank with any bank which doesn't offer a functioning website. My main bank offers an app but you have to wholesale switch to it.
- Danish national identity app (MitID). I had to get a hardware token that generates one-time passwords.
- My banking app (still works in the browser though).
- The de facto payment app used for peer-to-peer payments and as a credit card alternative all over Denmark (MobilePay).
- The app for controlling the heating system in my car.
- Revolut.
- The app for showing a digital version of my government issued health insurance card. It's literally just a barcode and a number, so I can get by using a photo of the card instead. This underlines the ridiculousness of requiring Play Integrity attestion.
- The app for showing a digital version of my driver's license. As a bonus this app also doesn't work if you have set your default browser to Firefox instead of Chrome, even on a non-rooted phone.
On top of this, one app for scanning goods in the supermarket stopped working, but without explicitly saying why. I suppose it just silently depends on some Google service, but I have not way of knowing that.
I also cannot get Chromecast to work, but that is perhaps to be expected when replacing the Google services with microg, and not strictly a result of DRM. It is a major inconvenience though.
Denmark is one of the most digitized countries, and in many ways that is good. However, it also means that you are increasingly coerced into the whole Google/Apple ecosystem and that it is very hard to get out. Luckily there are alternatives to all of the above apps, but it is a major inconvenience to have to use them.
If LineageOS did support those APIs (which it can support if it wanted to, without any blessing from Google) then presumably most if not all of those should also work.
Try GOS and see if it's broken there. If it works on GOS then you can shout at google for ever exposing the attestation APIs but the apps you're complaining about aren't actually abusing attestation in the way you claim, LineageOS is simply choosing not to implement the features they rely on.
That said, the recommendation I always give, and personally follow: keep a spare phone in a drawer somewhere, with official Android installed, a Google account, and use it exclusively for business purposes - banking, government services, and the email account you use for those (separate from the one you use for everything else). Nothing else, no messaging, socials, browsing, or games.
Then you're free to keep your personal phone FOSS and as private as you like, without fear of getting locked out of important stuff due to a crappy Google® SafetyNet® upgrade.
Anything which doesn't support an alternative method (not involving a proprietary blessed google phone) of management should be illegal if it's government related and should be boycotted if it's not.
Nevertheless, for living in this world while preserving your privacy, my advice stands. Separate the devices that you control, which you will use for personal and private purposes, from the devices that global corporations and institutions control, which you will use to access the services those institutions provide - services which, by definition, you would not control anyway.
It is far, far simpler than having to get proprietary, frequently-updated software to play nice inside a secure sandbox. If they do, great, but separate devices ensures it isn't a capital-P Problem for you if they stop.
(FWIW, I lived in three different European countries over the past decade and so far the governments all offered TOTP-based web alternatives to their apps. When it comes to private banking, only one (Lunar) was available only via app, but it was also the only one that ran without Play Services.)
What I am saying (and what I do) is that it's far simpler still to just not rely on anything where this might be the case.
If my bank turned around tomorrow and said I can't use their website to manage my account, I would not attempt to get their app working on my phone, I would switch bank.
It works on GrapehenOS with their own keys (or you can, if you want, probably use your own keys).
If I'm on a custom ROM, the notification never pops up.
But have you checked if GrapheneOS handles it?
New firmware upgrades made older devices slower and painfully unusable: https://www.techradar.com/news/apple-might-be-slowing-down-y...
And they have plenty of experience building walls around a garden. Ask anyone using OSX for the past 15 years and you will see how difficult it has become to write or publish software for Apple.
They did nerf speed. But they did it for a reason. I get being mad about your phone being slowed down, but i don’t get being mad about it once you understand why.
- Battery Management (iPhone 6, 6s, and SE): In 2017, Apple introduced a battery management feature in iOS 10.2.1 to prevent unexpected shutdowns by throttling the performance of iPhones with degraded batteries. This led to slower device performance without informing users, which is a removal of expected performance functionality.
- 32-bit App Support: With the release of iOS 11 in 2017, Apple dropped support for 32-bit apps. This meant users could no longer use older apps that had not been updated to 64-bit, effectively removing access to those apps on updated devices = You want the new OS? -> you have less functionality.
- Pulse oximetry features were recently removed from new Apple Watches due to Masimo's patent infringement claim.
As opposed to the device unexpectedly shutting down due to a degraded battery not being able to push enough energy to support the CPU? They didn't remove expected performance, they prevented crashes which are by definition 0 performance. All Li-ion batteries degrade over time. That's not removing a feature...
This whole thing was totally overblown.
Apple's actions in this case were even worse than Bambu's. At least Bambu documented what the update did and offered the option of declining it.
No, it isn't. If the battery was broken and they knew the battery was broken, they should have informed the user the phone could be fixed with a new battery. They decided to gimp the device and not tell the user so they would be more likely to purchase a new device rather than simply fixing the old one.
Previously you could directly upload the 360 videos do youtube, now you need to download the film locally on the phone, then host a converted version and only after those loops you are permitted to upload.
Or you can now buy a monthly subscription and get back the feature that was already there before. Quite disappointed with this kind of behavior.
the problem is that user got no choice. Some might prefer degraded performance, others might prefer to charge their devices more often.
Also seller should have no business touching anything that they've already sold - they do might offer support, but it should be up to user to accept it or not.
Source: had two 6S's in the family. In the cold it could just suddenly shut down mid-call from 60% battery.
USER should chose that. not apple.
not all of them shut down, someone might get a battery replacement.
What apple should've do is to introduce a toggle, give a warning in notification. and in case of crash, display it again.
After the massive hissy fit the Internet threw (along with lawsuits), they added a switch. Now you can choose to have your phone suddenly die.
But the legend lives on that "Appple slowed down phones permanently!!" - even though the fix for that is a 40€ battery swap that takes 30 minutes in any mall phone repair shop.
Maybe i want to use the device in a way that's 100% connected to the charger and repurpose it.
It's not apple's business what I'm doing with it
I like a toggle for features like this, but it was a pretty standard user experience / reliability choice imho.
But the way they did it was far from malicious. It only affected users who were actually in danger of an emergency shutdown, during times when the shutdown was imminent. While I don’t want anybody diddling my firmware without giving me a choice, this particular issue was really a nothing burger in the end.
It was discovered when it became apparent that replacing a defective battery made the phone faster. Seems like a standard reliability / user experience fix to me. Not Many people would choose the “don’t adjust system power consumption to prevent unplanned shutdowns when the battery is about to fail” toggle.
So they know this yet they refuse to let users swap the battery?
People don't go telling that Ford "refuses users to let their change their oil".
It's all perfectly doable, but you do need the tools and an ability to follow a step by step guide with pictures.
Yet there are always people justifying these type of awful practices as better for users. These aren't, the measures are only good for business.
They are SO LOUD if you don't service them at regular intervals. They're even doing fancy tricks to make sure you're not faking the service.
Not even that hard.
For me, the firmware fix helped me limp through the 2 months before I finally got around to replacing the battery.
It made my phone that was flaky and unreliable below 40percent battery into a phone that worked slightly slower once the battery got low, but didn’t just randomly shut off during calls anymore.
I’d have preferred a toggle, but to be honest I doubt I’d have ever used “reckless disregard for remaining battery capacity” mode.
- Battery management was to handle an issue that was encountered as batteries aged
- 32 bit support: Apple is well known for being one of the more aggressive companies when it comes to forcing users (and especially people coding apps for their platforms) to adopt required tech changes. But again, not directly profit-driven.
- Pulse oximetry: probably the closest to a profit-driven-decision, as this was driven by a patent issue, and presumably they calculated less of a hit from removing the feature than paying feed to the patent owner? Not great, but still not directly part of a user-unfriendly Apple-derived strategy, as with Bambu.
But for 3D printers that worked out of the box under $1000, Prusa had no real competition itself.
The Mk3 came out in 2017 and I swear Prusa just sat on their laurels. I was a Mk3s+ owner (well, still am) and was pretty disappointed how little improved with the Mk4.
Bambu’s competition was Prusa and they clearly strived to improve over what Prusa had accomplished.
I hadn’t had any experience with the new platform prior to this upgrade and I skipped over the MK4, but the 4S upgrade is a significant step up over the 3S/3S+. I wouldn’t necessarily recommend the upgrade kit — that took much longer than expected to complete (about two days) and I regret not buying a new printer instead. But, I have a 3S I plan to upgrade to 3.5 just to get the new electronics; that upgrade is far less intensive.
If you haven’t tried out a 4S you might be pleasantly surprised by how much nicer it is than the 3S+.
I went for the 3.5 upgrade as the upgrade from 3S+ to 4 was almost as much as outright buying a new 4. I'm glad I did it this way because now I'm thinking of getting the CORE One and then I'll have 2 excellent printers.
They still seem to be thinking the primary audience of 3d printers is people who tinker. It's not been that way for a long time. People just want to be able to unbox, plug it in and print. The second you add in the "oh just spend 5 hours tweaking this spaghetti mess of an MMU" you've lost them.
I think they just screwed up the design of the MMU but they never went back to the drawing board.
Sure, it is a better printer, but it is clear that they are going for scale, and most of what makes them better is in the software rather than in using premium hardware.
Well, Open Source did compete on one quality very well: being open, hackable and staying that way. With this being removed from Bambu lab printers it seems as if this is a very much valued aspect for many 3D printing enthusiasts, yet few people were willing to compromise for this aspect.
Apparently it is true, you don’t know how much you value something until you don’t have it anymore
The Bambu has been ideal for that reason. Every material pretty much just works, and the quality is excellent. The cloud integration and janky LAN mode is the downside, and this current topic even moreso.
No. None of this crap. I want to 3D print. I don't want to service industrial machinery in my spare time. Why should 3D printing require spending weekends troubleshooting machines just to keep the thing working? I want to print models not play repair technician.
Vorons are fantastic printers and a fantastic kit if 3D printing itself is your hobby. 3D printing is a fantastic hobby. There's tons of fun to be had building up and dialing in a printer kit. A well tuned voron can be up with the best of the best 3D printers. If that's what you want to do go for it!
But for heaven's sake I want to print models, parts and other practical things. I have other things to do and problems to solve. My 3D printer is a tool. If I have to spend just as much time working on the machine as I do using to actually print things then I'm not interested.
Bambu is still the best game in town for a turn-key, just works printer. Prusa can deliver the same experience at double to triple the ticket price. A voron is not a replacement for a Bambu printer no matter how good the printers actually are.
I’m sympathetic to your POV but the reason you should is that’s the price to keep things open.
Obviously many people don’t care about that. Fair enough. But then you should be prepared to deal with their shenanigans.
Prusa also does things like maintain and develop printables.com and PrusaSlicer (itself forked) which many of these closed printers fork with minimal changes.
People don’t care about this either. So again, get ready to deal with garbage when Prusa goes under.
I think it’s sad since the whole domestic 3D printer thing started as open source.
No, it's not, and the perception that it is hurts the cause of openness.
Open Source has every ability to be better, to Just Work, to not require constant debugging. Good Open Source systems manage this. The fact that 3D printers apparently have not is the fault of those printers, not any inherent quality of openness.
Comparing Bambu to Voron is an absurd comparison
I politely disagree. I was in the market for a more modern printer, and it boiled down to either a BL or a Voron - in the end I decided against ease of use and in favor of an open ecosystem. I agree in that they are not universally interchangeable, but for some people either can be an option, each with distinctive advantages and disadvantages.
the whole process is basically cnc but with z hops and extruding instead of removing material.
we do not even have conical slicing yet.
Ya, it is, and it’s been there for quite a while now thanks to Bambu.
The X1 just works. Coming up on a year of frequent use, I can count the number of failed prints on one hand. It’s incredible.
It's all just much less tinkering then 5 years ago.
Tell me you don’t anything about 3d printing without telling me you don’t know anything about 3d printing.
Also, subtractive manufacturing is much harder than additive manufacturing, because you need to position the machine around an existing piece of stock and sequence your operations manually, instead of letting a generic slicing algorithm slice from bottom to top with an offset vs the intended printing location only being a problem if you accidentally print over the edge of the build plate, which is usually not possible mechanically.
also there are so much stuff that are in open prs and issues for years that are not implemented for slicers.
"take a load" - I don't know what kind of load, do you mean the fact that PLA is creeping under sustained load?
If that is YOUR usecase that is fine, but that does not mean that set and forget works just fine for others. Btw gun people use PLA plus just fine.
Don't get me wrong here. PLA is a great polymer, However you can't really expect parts made with it to hold up when compared to other "engineering grade" polymers.
Not many people use 3d printing for applications that require extreme strength though, that's really not the goal many people are aiming for.
I do this for a living and people are always looking for more parts to run through the process and better filaments to see those parts end up performant.
CF-PETG is strong! For a bit more toughness and temp resistance, PA12CF35 is seeing a lot of use. Some companies out there have service departments to keep machinery running. They apply FDM more than you might expect. Alloy 910 for gears, Cf of various kinds for abrasive scenarios, like cardboard handling, in one scenario.
It can be a fantastic material for some functional parts.
But even if not, I don't see how it's invalidates that there are printers out there that are more or less set and forget.
It is a great machine though it does not always make the strongest parts, and single material builds is geometry limiting. Lack of chamber heat and one nozzle makes some things easy, but does not entirely avoid the trouble with higher performing polymers.
I've owned or used probably every major (and some minor) printer released in the last 8 years and for most people Bambu really will just be "plug and play" (and even if something goes wrong they'll hold hands as much as needed)
Entirely this. I bought my A1 mini over the Christmas holidays and couldn't be happier with it, it's my first 3D printer. Searching for models on Makerworld, adjusting tiny bits here and there if needed and print. It just works and I don't really care about anything else, much like my Brother printer.
The 3d printing community just slapped down heygears for similar BS to what bambu is pulling right now. Once Bambu hire some better software devs and sort out their issues, open access will return, I bet.
Since the launch of the X1, it’s been closed firmware and tightly controlled. That’s always been the compromise people make to get one.
I’d really like to understand what bait and switch you think has happened, and what you could do before with officially sanctioned methods that you can’t now?
Looks like it's not true?
Printing directly from SD cards via the little touch screen is unchanged since networked computers can’t do that.
This is inaccurate, the printer already required authentication using an 8 digit code. What they're trying to do now is verify that the print has been started using official Bambu software, i.e. software-only DRM.
Was it actually? Is there a source for this?
I'm not so upset about this change (it doesn't affect me, so far), but I'm skeptical this was a widespread problem.
Once the update actually rolls out to the P1S obviously. Which may not even happen with the current backlash
For now. They're putting themselves in the middleman position where they get the final say over what we can print on the printers that we supposedly "own".
It's naive to think that they won't try to extract revenue from that privileged position, they wouldn't have spent R&D resources on it otherwise.
Imagine if this limitation existed with Bambu's first-party slicer. It would obviously be considered a pretty big downside.
My other comment on this thread contains the rest of my thoughts. Overall, I think this outrage is overblown.
They're good products, and they are clearly selling at a low enough price point to push for market capture.
The pricing, special features tied into their own AMS + filaments, special features tied into their own slicer. These all indicate that they were building towards this sort of behaviour.
Despite an initial issue with the hot end (which was easy and fast enough to fix with help from support). I’ve been really happy with it
It prints pretty much anything. Fast, reliable and very cheap compared to equivalent printers in the market
Where did this understanding come from? I'm pretty happy with my Bambu printer, but I was never under any understanding that it was hackable, let alone open. Since the beginning I was slightly frustrated at the RFID fillament spools not being open-enough for others.
I, honestly, have no idea why you thought that. Bambulab has been under fire from the very beginning about not being open at all and not contributing back to the open source community they're build on.
I bought one of their printers during black friday too, it took me a long time to get over the fact that it isn't an open printer, and I never want to go back to tinkering for hours to get meh quality prints.
If so one could get a refund :)
While this lock down doesn't seem right it is far from unexpected, I question the amount of research done prior to your Black Friday purchase (BF and well-thought-out-decisions often do not go hang-in-hand!)…
I bought one (an A1 with the multi-material add-on) some months before that in full knowledge that the company would prefer to funnel people into a walled garden because if you look anywhere you'll find proponents of other makes warning that exactly this is possible & likely, with the "must take many steps to print without talking to their servers" being the key evidence in those warnings.
Good reasons to buy a BBL machine (at least my reasoning when I did):
* They work out of the box more so than many of the competition (many will say "X is better or better value, if you spend Y amount of time tuning" which while often correct, I wasn't looking to spend that time tuning), certainly more so than others at similar prices.
* QoL features (good auto leveling, dynamic flow control) that weren't exactly ubiquitous on similarly priced or cheaper machines.
* Certainly in the case of the newest A1/A1-Mini line: a working MMU option cheaper than you find in other ranges (some manufacturers have started addressing this and the out-of-box experience, in their product lines, 2025 could be an interesting year), and very easy nozzle changes (useful if you want to both do detailed minis (without going resin) and mostly larger items).
* For me, the handling of the A1 issues early last year (quickly acknowledging a potential safety issue and publishing mitigation guidelines, full recall or fix-at-home options when it became clear the issue was more significant) was a point in their favour wrt after-sales giving-a-shit. Obviously not a point against others as we don't know how they'd react until it happens, of course. There are regular complaints of slow support response more generally, but there are for other printer manufacturers too and, well, pretty much all consumer facing industry these days.
* The official documentation & videos, maintenance & troubleshooting guides etc, seemed to me to be more coherent than some other offerings (though searching for "<my problem> reddit" is still a thing!).
Absolutely terrible reasons to buy into BBL, long before this storm:
* Openness (software). From the get go their offering has the trappings of a more controlled garden than the 3D printing community were used to.
* Openness (hardware). While there are some compatible 3rd party after-market parts, there isn't the able-to-build-your-own feel you see elsewhere with people using different extruder nozzles, cooling options, and so on.
--------
This isn't a great analogy, but: BBL is an Apple (though not quite on price) to the rest of the 3D printing industry's Linux and it only takes a small amount of information to see that before buying.
If I upgrade (or have to replace, or just decide to get a second) then maybe I'll go elsewhere. I'm more confident I could get other others working well, manufacturers are addressing the points that have allowed BBL to take so much of the market & mindshare in a short time, but the key thing against BBL (not being open like much of the rest of 3D printing) is something I was well aware of when buying (it did make me think twice) so I can't be too mad about it.
Now if they try stop people using 3rd party filament, like the traditional printing industry with ink & toner, which is far from impossible, then I'll feel they've conned me.
There might be some question as to whether anything like the connectivity layer that sits between BS and the printer that currently isn't open, should also be AGPL. I'll leave discussion of how AGPL and losly linked components do/n't work together to people with more experience in the area…
Not sure where you got this idea from. Despite the hacking, print from SD Card remains an option, and the device does not need an internet connection for initial setup. Version 01.08.02.00 is the first firmware version that supports offline updating, even if it is also the latest version.
https://store.bambulab.com/products/x1e
However, this can be easily achieved without bricking every single third party integration. That should simple be a toggle in the settings that works entirely local
https://blog.bambulab.com/updates-and-third-party-integratio...
Then, the first point in their `truth about the update` section:
> This is NOT about limiting third-party software. We're creating Bambu Connect specifically to ensure continued third-party integration while enhancing security. We're actively working with developers like Orca Slicer to implement this integration.
The `we're actively working` with Orca was already addressed by the OrcaSlicer developer [0]
> Bambu informed me of this change two days before their announcement.
and Bambu's idea of "working with" is helping to implement redirect from Orca to their own software that would actually start the print. Seems like limiting third-party software to me.
> This is beta testing, not a forced update. The choice is yours.
This is bizarre, surely beta firmware is intended to be release firmware at some point? If anything, the community outrage proved beta track to work as intended.
> About Panda Touch. We reached out to BTT as soon as we became aware of their product. We warned them that using exploited MQTT protocols...
Also addressed by BQ in [1], tl;dr they tried to work with Bambu but didn't get much response, only a warning that the MQTT might stop working in a future update. So technically Bambu _reached out_, but only to say "don't improve our product". In the end, Bambu is screwing over their customers more than BQ
Further down they still go and defend their decision
> When using third-party slicing software like Orca Slicer, the difference in users experience is not much.
and proceed to demonstrate that Orca Slicer will _easily_ open the new app which will be able to start the printing. Which is exactly what the community complained about, and doesn't address things like missing Linux support.
Finally, they're presenting a diagram showing how the new flow looks like. Except the diagram is missing any details about what the new software does — it doesn't show how, when and why the new software communicates with the cloud.
For someone with even cursory understanding of security, the changes just don't make much sense, and Bambu is not doing much to explain the security protocols they're trying to implement. For all I know they just slapped a private certificate somewhere in the Bambu Connect app and started signing requests to the printer, which doesn't improve security at all if the private key is already public
[0] https://github.com/SoftFever/OrcaSlicer/issues/8063#issuecom...
[1] https://old.reddit.com/r/BIGTREETECH/comments/1i5lzzf/latest...
Instead, we bought a P1S, which is, technically speaking, a fantastic machine.
Prusa themselves run 600 printers. They are commercial grade. If I was using a printer for commercial design or prototyping I would go with Prusa. Not only because I would prefer my designs were not sent overseas by an always cloud connected printer.
A lot of 3D printer companies have tried to go this route. It is not a strategy that tends to succeed.
I don't know their sales numbers, but I would be willing to bet that the ROI on those printers is nowhere near their bread-and-butter, high volume, mass market models.
I think their priority should have been to build something like the Core One (a P1S killer) rather than these expensive and risky forays into pro/prosumer land. The Core one is, realistically speaking, at least 24 months late to market. This was avoidable.
Everyone who operates a 3D printing farm, and who isn't a complete muppet, knows that closed down products like those of Bambu Labs are risky. Both because some 3D printer manufacturers kind of have a history of being dickish, and because the big boys are coming after Bambu labs with their patent lawsuits and whatnot. There are clear risks in dealing with companies like Bambu.
Dealing with Prusa involves significantly less risk. This reduced risk has value. You can charge a bit more for Prusa products due to the reputation of the company.
Most people I know who own 3D printers would rather have done business with Prusa. But Prusa only had the MK4 on offer and were burning cash on, let's be frank, irrelevant vanity projects.
Yes, Prusa were very much asleep at the wheel. Or at least, they had some strategic lapses in judgement. Let's hope they understand their customer base better now. I'd be happy to be a bit patient with them if it means we can get something that performs like Bambu printers, but from Prusa.
I'll even be willing to pay perhaps as much as 20% more just because I trust Prusa more than Bambu.
It costs more than the P1S - which lets fact it, thats what it should be compared to, not the X1C as the Core one doesn't have the stronger nozzle, nor any features that would make it a 'pro' level product.
They also still dont have an answer to the AMS, which is a big selling point for the Bambu's. The MMU3 may be better than the previous one but its just like putting lipstick on a pig - it's a mess, with tubes all over the place, spools dotted around, and then you've got to constantly babysit it and tune it.
Side by side the P1S with an AMS is still significantly cheaper and from a marketing perspective a much more visually pleasing offering.
Also worth mentioning that whilst the core one is about to come out, the MMU isnt actually even supported yet, and theres no timeline for when it will be.
Prusa are so far behind at this point and really shouldn't be. Chances are the core one is going to come out and just like the XL and MK4 will be extremely buggy for a good 6 months. How people still accept this is bonkers.
Swapping nozzles makes the machine worth double?
I'm not at all convinced that Prusa's main issue is the cost. Yes, cost is a huge part of it, but the other one is also just usability. When the X1C launched and later the A1, there was a huge difference in usability between what Prusa and Bambu had. Prusa is catching up and that is good. But they will have to do more on that front still, and the higher cost is less of a concern. It becomes a problem when the more expensive printer is worse too.
And it definitely worked! I got the kit and built it within 10h or so (very enjoyable time actually, like building LEGO as a kid) and have printed lots of stuff ever since. During that entire year I only had a clogged extruder one time and had to take that apart a bit. Any other issues I've had were either due to bad filaments or my own errors (not taking long overhangs or low adhesion seriously while slicing).
And all this time I have been using it completely offline with OctoPrint on an RPi.
It's nice to have a private key to their cloud authentication, but ultimately it's the printers firmware that's the issue. While Bambu owns and updates that, they can change the keys basically anytime they decide that they had enough of the alternative Bambu Connect servers that people will inevitably create with the current keys.
[1] https://github.com/ChazLayyd/Bambu-Lab-Klipper-Conversion
Thus, on first blush, I welcome security improvements from them, but I'm also anxious to see what they hold.
I do wonder where this is going with the keys, because I've seen a lot of "OH LOOK WE HAVE THE KEYS" but nothing about what the keys are used for or how they are useful. Or if they are even useful.
Hopefully there'll be more interesting news about this soon and some solid, technical info.
Actually for my use case this doesn't work at all -- my printers are region locked to China, but I'm not currently in China so I can't connect to those servers -- meaning (I think!) if I upgrade their firmware, I can't print via LAN on my own local network... which just leaves a bad taste in my mouth.
These are great printers, but there's no need for that.
I have a P1S which currently can print completely isolated from the internet. Unfortunately (or maybe not?) the new firmware isn't available for my printer, so I can't dig into it myself yet.
But I'd really like to see some sort of "when I try to do X it tries to connect to Y" or "I used to be able to do X, and now Y is required as demonstrated here".
Something more than the current hearsay and pitchforks echo chamber.
"Critical Operations That Require Authorization
The following printer operations will require authorization controls:
Now, PERHAPS, I can do that authentication locally... but given the plugin required for OrcaSlicer it doesn't seem likelyAnd keep in mind that OrcaSlicer already used Bambu Network Plugin to communicate with their printers. (It prompted you to download this on install of OrcaSlicer if you picked one of their printers.)
The move to Connect means that OrcaSlicer needs to send the print data to Connect via a protocol handler instead of to the plugin. Connect will then send it on to the printer itself, and from what I've seen it'll do that over LAN. (But I can't test because my printer doesn't support this yet.) I see this as akin to a print driver vs. printer-specific support built into an app. Not a bad thing at all, if done right.
The plugin already did (very minimal) auth via the Access Code and can do it with the printer and Bambu Network Plugin completely isolated from the internet. (I've done this.) So I'd like to know specifics of what's changing here.
Start by logging in to the Bambu Lab account or click Discover to find LAN mode printers."
https://wiki.bambulab.com/en/software/bambu-connect
At the very least - it looks like you'd need to log-in to the cloud account to print on the LAN, which really begs the question.... why?
The text you quoted directly contradicts what you are saying. It says login OR discover to find LAN mode printers.
I don't want to hypothesize about what it could be doing, I want to see what it's actually doing (or see some actual info from folks about what they've seen) so I can decide if I'm comfortable with that or not.
So your blessed Bambu Studio instance connects to Bambu Cloud and requests a certificate, the server issues the certificate to you (or not), and then Bambu Studio may use it to connect to the printer on your LAN.
The certificates have an expiration time of 1 year, meaning that the printer functionality would severely degraded (missing network connectivity), at most 1 year after they take the servers offline or stop issuing certificates for any reason.
Not a definitive source for what I said, but it contains some information: https://hackaday.com/2025/01/19/bambu-connects-authenticatio...
But where I disagree is with that cert stuff.
1) That cert is on the /client/ side, not in the printer. It has nothing to do with printer functionality, only with talking to the printer.
2) Expired certs do not mean things automatically get rejected. Using and allowing expired or self-signed certs is routine in the IoT world where certs on devices can't readily be updated. But again, that cert isn't from the printer.
3) Expired certs, just like the self-signed certs that are so commonly used, still result in things being encrypted on the wire. And often that's the point.
It seems to me that someone found/exported the cert, and is trying to make all sorts of WHAT-IF or THIS-COULD-MEAN-THE-WORST claims but are lacking some significant understanding. Without understanding the architecture and the rest of the code, and perhaps seeing that cert be used, this is just an artifact found in the distributed beta application.
What do you mean, if my software can't talk to the printer then that affects printing functionality.
You would never allow your bank account to be secured with something akin to Bambu Lab's "security fix".
I bought a B/W laser printer and have been generally impressed with the lack of BS that came a long with it.
It did ask for toner once, so I bought something from a third-party.
No direct experience, but I recently read[1] Brother HL-L3220CW counts printed pages, and refuses to print after a set number of pages, even if there's still toner in the cartridge. Some models have a way to reset the page count but this one apparently does not.
[1] https://spicausis-lv.translate.goog/2025/01-brother/?_x_tr_s...
(I also use a Brother B/W laser printer, got it second hand for almost nothing, works fine)
The post did mention the other toners that came with the printer also locked, but I think I remember reading elsewhere that those printers are cheaper precisely because they come with EcoPro-only toners in the box.
Factory setting is to stop printing. It can be changed to basically print anyway.
That worked, delivering increasingly crappy prints until replacement toner cartridges arrived.
Swapped one in and the machine is back to printing fine.
I did buy aftermarket, cheap as I could find for replacement.
The factory cart still had 5 percent or so, when compared to the new ones, of toner in it.
Haven't had the sam
All said and done I am pretty happy. Toner got well used, replacement was cheap.
The bad reputation is just from HP's tactic to sell printers cheaper than everyone else, in more stores than anyone else, then make the money back with the scummiest tactics imaginable.
This is a thing. Obviously.
https://urish.medium.com/how-to-turn-your-3d-printer-into-a-...
Only a randomly selected tutorial.
> I'm really shocked the overpriced ink monopolies weren't attacked in this manner,
Inkjet and laser printers easily print whole page 300 DPI raster images in seconds. Plotters need vectorial data and their printing speed depends on how complicated what you are printing. These things simply don’t serve the same use case. You can do nice art and heart warming cards with a plotter, but you can’t hit print on your boarding card / dhl label / word document and expect your plotter to give you what you see on your screen.
> None of this is remotely new.
I agree that none of this is remotely new. Plenty of people tinker with plotters for fun and profit. There are even pre-packaged consumer centric solutions where you pay the price of convenience with lack of freedoms. (See the similar debacle around the Cricut plotters.)
Because those of us who understand mostly don't care. Those who know bought a Brother laser printer and got on with life.
When those who understand need genuine inkjet prints, we go to a store that owns a printer that is several orders of magnitude better than we will ever need and pay them a pittance to get it printed.
That having been said, I really do wish we had an open source laser printer because, at some point, Brother is going to pull this same bullshit.
If the printing stacks within operating systems are trash, who knows what horrors your network-connected printer firmware has. (Locking down 3rd party ink cartridges in the name of security - what’s an ink cartridge going to do? Buffer overflow the data it sends to the printer? Oh wait, maybe the printer is that dumb and we’re overthinking this, and it’s more inexcusable than first glance suggests.)
https://www.nysenate.gov/legislation/bills/2025/A2228?utm_ca...
Not quite the same, and hopefully likely to fail if it hasn't already, but it shows that interest exists in regulating 3D printers. When enough interest exists, things will happen.
JMHO.
2D printers are not open source and you can still print pretty much anything
Question to those more familiar with the bambu software ecosystem - do these recent changes to authentication require a constant online connection to print anything from a machine on the LAN? I'm assuming printing via microSD will still be possible?
Kind of annoying, but I'm not desperately waiting for Firmware updates, everything works fine so far.
https://en.wikipedia.org/wiki/Bambu_Lab
A lot of their business model is seemingly based on making long-term sales from consumables. Their solution for multi-color printing is more convenient to use with filament sold by them because they embed information about the filament on proprietary RFID tags.
A couple days ago they announced locking down the API for their most expensive line of printers, locking most API calls to only their own software because of "security". Users are obviously upset.
Rumours for the reasons range from protecting themselves from user mods that replicate the RFID functionality on any filament by configuring the printer via API calls, to Bambu Labs wanting to launch some kind of subscription service for print farms.
> The only thing that really helps them make more money is wasteful multi-color printing.
They're slow to make improvements in this area, but they recently introduced some options to reduce the waste, like longer retraction before the color change. Plus as a user you can reduce the waste further by tuning flushing amounts, and you're left with the waste inherent to single-extruder multicolor printing.
Overall yes multicolor can be wasteful, but to me it's impressive that it exists in the first place
I know it's not exactly a zip bomb, but it's kinda close, and goddamn, that's obnoxious.
They are proposing requiring a secret signed certificate to carry out any actions beyond monitoring for both the cloud and local (on printer) MQTT servers. These certificates would be issued at the discretion of Bambu by their CSR, currently only for "Bambu Studio" their slicer, Bambu Handy (their mobile app) and "Bambu Connect" which will enable upload G-Code generated by third party slicer (a workaround for existing functionality being removed). This "secret" certificate has already been extracted from the Bambu Connect application as per the article as their new security model requires embedded this certificate into desktop applications.
The current design:
https://github.com/Doridian/OpenBambuAPI/blob/main/mqtt.md
Connecting to their cloud MQTT requires a username and token already. These details are obtained via a HTTPS request to their login server using your bambu account (which requires a valid email & possibly captcha) to obtain a token. The cloud MQTT is TLS secured, although this is just to encrypt the traffic (aka HTTPS), it is not mutual authentication.
Connecting to the MQTT server hosted on the printer (aka LAN mode) requires a fixed username and a local access token (a random 8 digit number). This can be found via the physical display of the printer in a menu (or apparently cloud MQTT!?). This access token can be refreshed via a menu option again physically at the printer. To be clear, this token only allows to you connect directly to the local MQTT server running on the IP address of the printer, so in most environments this should only be the local network. This is also the password for the FTP server that can be used to upload/download sliced 3mf/gcode files.
Personally - this design seems ok to me? With an MQTT service properly configured to isolate user accounts from each other, this is a pattern widely deployed for embedded devices (Azure IoT, AWS IoT etc).
I don't see how the "DDOS" related issues they are claiming would be related to this specific design. If the issue is in the login server - well, that's prior to authentication anyway so nothing they are doing here will fix that.
If it's problems with your cloud MQTT service not being properly isolated - maybe fix that? If the DDOS is at L2, auth isn't going to help. You require logins tied to an email, you can block clients that misbehave once they are logged in.
Nobody is brute forcing the local MQTT server via XSS or something, because JS doesn't allow for raw TCP connections. Are they concerned about malicious software already on the network? Then rate limiting on the printer side or switch to a random length alphanum LAN token to increase keyspace.
I'm curious what more qualified people think, I cannot see any justications for their proposed design improving security. So either;
a) They've decided they are incapable of properly securing their MQTT cloud stuff and instead of fixing that just want to assume every client connected to their cloud MQTT servers is fully trusted. I'm sure that'll work great. Doesn't justify adding this to the local MQTT servers on the printers - if anything that reduces security, as to roll certificates you now have a long tail of printer firmware updates.
b) It's not about security
From what I understand, this new auth system would make third party integrations (ie, “OrcaSlicer”) obsolete and users would be limited to controlling the device via Bambu Connect. This update impacts users who control the device via HomeAssistant and “print farm management” users. I guess first party support for users with fleets of these printers is dogshit, thus the need for third party software.
Seems after 3 days of community feedback/outrage, the company is backtracking on the Bambu Connect only route. Instead offering a “Developer Mode” option in firmware which on the surface seems to be what the impacted users need. [2]
> In response, we’ve made the decision to implement an optional LAN mode feature, to provide advanced users with more control and flexibility.
> Standard Mode (Default): By default, LAN mode will include an authorization process that ensures robust security
> Developer Mode (Optional): For advanced users of the X1, P1, A1, and A1 Mini who prefer full control over their network security, an option will be available to leave the MQTT channel, live stream, and FTP open. This feature must be manually enabled on the printer, and users who select this option will assume full responsibility for securing their local network environment. Please note that Bambu Lab will not be able to provide customer support for this mode, as the communication protocols are not officially supported.
Seems this resolves the community concerns. Or am I missing something?
[1] https://blog.bambulab.com/firmware-update-introducing-new-au...
[2] https://blog.bambulab.com/updates-and-third-party-integratio...
Why haven't they implemented rudimentary access control with printer-side Basic Auth (or the equivalents auth for MQTT and FTP). Add optional SSL support to prevent tampering/MITM on a potentially hostile network, and the unauthenticated access concerns listed in [1] should disappear.
Any problems related to potentially damaging instructions should be best-effort mitigated by the firmware and otherwise indemnified by a "your own fault for using a third-party slicer" clause in the EULA.
Bambu Labs shouldn't need to be in the authentication/authorization path, unless we're actively using their cloud environment.
It also means that Connect could act as a farm / queueing system as well, more like a print driver vs. individual printer support within the app.
Getting info from the printer or AMS? MQTT still works. They specifically said they are not touching that.
Sadly the usual groups of people are screaming, and the open printer people are laughing. But at worst.. this is just friction.
Anyone pointing this out seems to get downvoted. But its all there in the bambu press statement and subsequent pages. Those that are upset seemed to have not read those, and instead just read or watched something inflammatory.
And yeah, I'm realizing that about the downvotes. It's sad the state of things, but SKY-IS-FALLING-GET-PITCHFORKS wins the day over technical analysis, even on purportedly technical forums. But alas, that's an aside.
I'm really looking forward to this rolling out, as I want to monitor my printer with Home Assistant but I /really/ don't like how much control the current (non-beta, non-future) state gives HA. I /want/ auth of some sort when submitting jobs, and it looks like I'll have that.
(I also really want the slicer decoupled from the print management stuff, because I tend to keep a few slicers open and experiment.)
Is there another brand that is idiot proof?
A recent review coming to a similar conclusion was Maker Muse' review of bedslingers.
It's a channel I respect a lot, because he has over the years relentlessly disclosed emails of companies trying to bribe or lean on him, or threaten him, and refused to play along.
Most other 3D printing content is essentially paid advertising -- including, I suspect, the carefully constructed brand narrative of Bambu as the first "fire and forget" printers, as if they somehow elevated the art form, when really the user experience is not substantially different.
You do not need to tinker or problem-solve with other modern well-reviewing printers, nor do they fail more prints. My MK4 hasn't failed a single print in a year (i.e. since I bought it), and I haven't had to do any sort of maintenance.
I agree with this
> and more reliable
I emphatically disagree with this.
> while generally achieving somewhat better results
I agree with this.
I'd also like to add that my Prusa Mk3s+ is significantly slower than my P1S. Also, without the MMU it still cost more than my P1S with AMS. Choosing a Prusa is making a philosophical choice, because it's certainly not about convenience, speed, versatility (considering you need to buy a separate enclosure and pricey MMU), bed size, or price. It's a choice you make because you're okay with spending a lot more to support an open platform where you can flash your own firmware without voiding your warranty, not because you want a better experience.
They also have no multimaterial support at launch, the MMU3 will not work with the Core One until they release an update, which they've not yet given a timeline for.
Prusa’s online documentation (and printed docs for that matter) are excellent.
Not to mention its just a messy product. Heck the new Core One doesn't even have support for it at launch which is pretty unforgivable.
Everyone complains about enshittification (YouTube ads, subscription models etc..), but then refuse to pay the real price premium goods and services cost. You get what you pay for.
If you think they care about security, let me remind you that this company used to connect to their cloud in plaintext. The only security they really care about is that of their revenue.
If they actually cared about security, they would let us disconnect these printers from the cloud completely and allow us to manage our own mTLS certificates.
But yeah, the enshitification economy has made people justifiably paranoid that if a product starts exhibiting new capabilities or features that would seem to support or enable a move towards subscriptions, it’s a good bet that that is in fact the trajectory of the platform.
But afaik Bambu has neither confirmed nor denied that this is in the works.
I had a little bit of trouble with it maybe six months ago (repeatedly tripped offline during prints from a thermal issue) but Prusa's online support talked me through recalibrating it and it's been trouble-free since then.
Eventually I'll get a used FormLabs setup. Once I have a shop space set up.
The whole situation reminds me of drones. DJI is (maybe) questionable but their products are without competition when you look at price and quality. Bambu products are also fantastic.
On second thought TP-Link fits too. My TP-Link mesh network just works perfectly. So do their smart plugs.
it is running klipper internally and there are mods to run a completely open source stack (with blobs)
In general people are just scared of change and on top of that are playing telephone on the details of the change, assuming the worst intentions from Bambu like they're trying to be the next HP.
I have seen a lot of misinformation on this topic, and I think that in that sense it's a good idea to read the actual announcement details to get a better read on Bambu's intentions: https://blog.bambulab.com/firmware-update-introducing-new-au...
A voice in Bambu's defense on this issue would say:
1. The new firmware isn't out, it's still in beta, and the new connect software is also in beta. This stuff isn't done and nobody has been forced to use it or even had it presented as an OTA update yet. The problems highlighted in this wiki page are very possibly problems that Bambu is aware of and intends to fix before release.
2. Bambu in their blog article stated that they are working on integration code so that third party slicers like Orca Slicer can more directly interface with Bambu Connect (see the FAQ section)
3. There are multiple statements on this blog page where Bambu acknowledges the workflow disruption and emphasizes the things they intend to do and do not intend to do, such as "It’s important to note that this update is not intended to restrict third-party software use. In fact, we’ve actively collaborated with third-party print farm management software providers in the past and continue to support such partnerships. To further improve the user experience, we are introducing a new software solution that will address these limitations and enhance overall print farm management capabilities."
4. People who don't run huge print farms don't seem to be impacted by this. Remember that Bambu claims to be a consumer tech company, right there in the "About Us" section. They are trying to make printers that are easy to use and require minimal tinkering. For a normal person, sending a slice file from Orca Slicer to a separate app (adding literally one step) is not a big deal, you're doing that once per print in a world where typical prints take hours to complete. And with that in mind, Bambu is still saying they intend to provide an integration solution to Orca Slicer in the future to streamline that process.
Whether not the software design is a good architecture is an entirely different issue, and as a beta product I'm not sure we can judge that quite yet. Perhaps they should have hardened their network API more rather than introducing a new app? Perhaps they shouldn't have announced this so publicly before they had a solution for third-party integrations ready?
blocking printing from sdcard in Lan mode basically deny any claims that this change was poorly communicated improvement
LAN mode didn’t exist when this product was first sold, and it was never implemented through the SD card. It was meant to be used through Bambu Studio over your local network.
“Not implemented/not yet implemented” != “blocked”
Someone who bought a Bambu Lab printer early on actually has more ability to use it without a cloud service now than they did when the product was new. Just about everyone who owns a Bambu Lab printer already signed up for a cloud-connected printer.
https://wiki.bambulab.com/en/p1/manual/p1p-firmware-release-...
Their idea of "working with" the people impacted by this change is just give them a couple of days notice that they are about to be fucked over.
Also the whole "it's just a beta" is such a stupid point I don't even want to respond to it. Truly idiotic.
They are positioning themselves to build a proper walled garden.
That entire blog post could be sumed up as "We know we are doing a shit thing but We. Don't. Care. So it would be great if y'all could just shut up about it until it's more ready."
"Starting January 17th, users will have access to the beta firmware"
"Launching first for X Series printers, with P and A Series updates planned for future release"
Bambu is patching a security issue. Personally I don't want any device or application to send any old G-code to my printer. Like say command the printer to basically destroy itself.
Could this lead to completely locking it down in the future? Yes. But they could do that anyways.
I think this is a way to stop getting their pants sued off.
If they really wanted to lock it down they could just make it so everything has to go through their servers and require files to be signed before being read from SD cards.
But instead we really have a half ass attempt.
This is basically the equivalent to having passwords on a MySQL database or redis server.
Why on earth would they add a subscription? That makes absolutely no sense business wise. No one would buy their printers, and they don't have a captured market to strong arm anyone.
This isn't a security fix. As a security protocol, it wouldn't pass any kind of security audit. A security fix would be something based on a per user credential, not on obscurity.
> Personally I don't want any device or application to send any old G-code to my printer.
Username/password over TLS would do that better than what Bambu Lab is proposing, as an extremely simplistic example.
Why not implement some kind of open authentication? One that other slicers can implement.