Bambu Lab, the company behind my favorite 3D printer, has given themselves a tough week. Well, I have answers to some of my burning questions. Hopefully you will understand that too. Let's start with the inside story.
Since last Thursday, some creators have vowed not to buy Bambu printers anymore and have even removed some 3D models from its online repository. This comes after the company revealed it would be adding a new proprietary authentication mechanism that could prevent the use of third-party tools. Control your printer remotely.
While it's still possible to paste files onto an SD card and physically insert them into the printer, or use Bambu's own cloud, printing remotely from a third-party slicer is still possible, unless you download a new slicer. The method no longer works. The proprietary Windows and Mac “Bambu Connect” desktop app acts as an intermediary between the slicer and Bambu's hardware.
“Unauthorized third-party software is prohibited from performing critical operations.” — Bambu
Mr. Bamboo made it clear early on that this was going to happen. option It is an update that you can choose not to install, but the company says it is need One is to protect your printer from remote hacking. But some owners quickly thought this could be a bridge to encityization.
They noted that Bambu printers could detect whether they were already using an official filament roll, and envisioned a future where Bambu could avoid using third-party filament altogether. They note that Bambu already appears to be planning a subscription service for its print farm software, and that the service requires periodic cloud activation, and that if you don't pay, your Bambu printer will not work. I imagined a future in which it no longer works.
Bambu denied these concerns and many others like it in a subsequent “set the record straight” blog post, explaining that its new tool does not require internet access or a user account. They also went very far back and promised to provide AT. -your-own-risk “Developer mode” maintains local access to your printer without any new proprietary authentication. Unfortunately, this mode also means that you may not be able to access your printer via the cloud.
Meanwhile, Bambu forbids people from using the Wayback Machine to scrutinize its changing statements, censors criticism of the company on subreddits, and the developers of Orca Slicer collaborate with Bambu to They didn't do themselves any favors by claiming to be working on it. This is a seamless way to continue printing directly even if popular third-party slicers don't actually commit to support.
Additionally, Bambu's own security regarding the new Bambu Connect app is such that hackers have already extracted private keys and authentication certificates, and that Bambu has given itself the right to block new print jobs until the printer is working properly. The fact that users discovered that they were giving it didn't inspire confidence either. The automatic download of the firmware update described in the Terms of Use has been completed.
Anyway, I think the real question here is: teeth Will these turn into something more attractive, or at least a stepping stone to a more walled garden?
Below are the questions I sent to Bambu and the answers I received via spokesperson Nadia Yaakoubi.
1) Does Bambu publicly promise that you don't need a subscription to control your printer and print over your home network?
For the current product line, yes. You don't need a subscription to control or print to your printer over your home network. However, in the future there may be specific business scenarios (such as 3DP vending machines) that require exceptions, but these will apply to completely different applications and customer needs. If such a product line is introduced, we will clearly communicate this prior to launch.
1c) Will Bambu publicly commit to not subject existing printer functionality to subscriptions?
2) Does Bambu publicly commit to never restricting the use of third party filaments in any way, shape or form?
For the current product line, yes. We do not plan to limit the use of third party filaments in any way.
3) Does Bambu publicly commit to never monitoring files or prints sent between users and their printers over home networks?
Let's clarify how this works.
- LAN mode: Nothing is sent through our servers.
- Cloud mode: Users control their privacy through “secret printing”. When enabled, print history is not recorded and files are not saved to the cloud.
- Cloud features: Features such as reprint temporarily store files in the cloud and allow users to access their print history. Under no circumstances will we examine your print files/models without your express consent.
Bambu also agreed to add a new developer mode. Some users argue that this move is just temporary and that Bambu simply removing developer mode poses too great a security risk, or that they can justify keeping developer mode. I'm concerned that it could be argued that fewer users use it.
4) Bambu publicly commits to permanently maintaining developer mode on local MQTT, live streams, and FTP and never removing it in future updates or shipping batches for X1, P1, A1, and A1 Mini. Do you have it?
yes. However, if significant security issues arise in the future, adjustments may be necessary to address them. Users can choose whether to update their printer's firmware at any time.
5) Will Bambu publicly commit to providing and maintaining local developer mode on future printer releases?
You can't commit to future printer features that don't exist. However, we clearly communicate all relevant details to our customers before they make a purchase decision.
6) Will Bambu publicly commit to allowing current and future printers to be permanently controlled remotely over a LAN without a user account or Internet access?
For current models: Yes. While we aim to maintain this functionality for future products, we do not believe in committing to continuing with a particular technical approach indefinitely. However, we clearly communicate all relevant details to our customers before they make a purchase decision.
Bambu has announced that Bambu Connect will integrate with third-party slicers such as Orca, but some users are wondering why they need an app like Bambu Connect when they can add more secure authentication to the printer itself. I'm confused. The printer generates a secure token/API key instead of creating its own intermediary authentication app.
7) Has Bambu considered and rejected interoperable ways to secure token-like printers?
7b) Is Bambu committed to changing its authentication system to be interoperable? If Bambu rejects an interoperable secure authentication system, what are the reasons?
When software communicates and interacts with our cloud systems, we obviously have a say in how it works. As highlighted in our blog post, unauthorized third-party software has long created an ongoing challenge to the stability of cloud services and machines.
Although we believe that most developers act with good intentions, users are often unaware of the complexities and security requirements hidden in such software. Due to the lack of transparency in all software, interoperable and secure authentication systems are insufficient to completely solve these problems. Our goal is to protect the entire Bambu Lab product ecosystem and give all users confidence that our products are secure and easy to use, without the worry of complex network configurations. With the changes complete, we are one step closer to integrating third-party access in a secure manner.
8) Is it true that the developers of Orca Slicer did not actually work with Bambu on the integration and Bambu announced their involvement without approval?
Since January 14th, we have had ongoing discussions with SoftFever, the developer of the Orca Slicer, regarding firmware updates and possible integration into new releases. “Cooperating” may be ambiguous. Specifically, it indicated that messages were exchanged, files sent, receipt acknowledged, and reviewed.
9) Will panda touch and similar accessories will continue to work in developer mode?
It is guaranteed to keep ports/channels open, but implementation is left to third party developers.
9b) Does Bambu answer the company's questions?
Since its release, we have received many inquiries from third-party software developers, including BigTreeTech. devpartners@bambulab.com. We are currently considering the final response. It's worth noting that we warned third-party developers in a March 2024 blog post. “If you are developing a device that controls the entire printer, including heating elements and motion systems, do not expect long-term support without our prior approval. This is especially true for commercial organizations.”
10) Do you want users to be able to rollback to older firmware, such as if they accidentally upgraded without understanding the limitations?
yes. Firmware rollbacks have always been and continue to be available.
11) Will a leak of the private key change your plans?
No, this does not change our plans. We took immediate action.
